Why are my Macs crashing?

[giza]

Okay, so I currently have two Macs. A 1.5 year old 15" Powerbook, running OS/X 10.3, and a 6 month old 20" iMac, running OS/X 10.4. Both OSes are up to date.

Over the course of the last few days, both machines have started crashing on a regular basis. At least, I guess "crashing" is the right word to use. What happens is that all of my currently running applications get killed in some manner or another (including the dock), leaving me as though I had just logged in. Sometimes FireFox and Adium display their crash dialogs, but sometimes they just silently "disappear".

In the way of troubleshooting, I've tried the following:

- Run Preferential Treatment to make sure my preferences weren't whacked. They were fine.

- Booted from the install DVD and ran the extended diagnostics. Everything looked fine.

- Checked the system logs. Nothing of interest gets written. It's as though the processes were killed normally.

- I reset the PRAM on both machines.

I'm hesitant to call AppleCare just yet, because I can't reproduce this problem reliably, and part of my wonders if it's something that I might have done on both machines.

As an act of desperation, I created new accounts on each machine without admin access, and have been using them, just on the off chance that the problem is due to a bad setting in each account.

The whole thing has me really confused, seeing that it's happening to both machines at the same time. I'm on a UPS, so I've ruled out power-related issues. It's also odd that only my processes are being affected, and all of them at once. It's not like init or sshd is crashing at all or I have a single app (like.. Firefox!) crashing.

Does anyone have any ideas? Because I'm running out of them...

Comments

[nius.livejournal.com]

Hm, the dock is disappearing? Are you getting a new login prompt?

If

/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow console

dies for some reason OTHER than clicking "Logout", all child processes die and you'll be thrown back to a login prompt.. I haven't been able to replicate the death of all children without a logout though.

[giza.livejournal.com]

Er, it's not disappearing, it's just restarted.

As tosdragon and I were discussing, purrhaps loginwindow is taking a dump for some reason, which would cause these symptoms. For example, my screen sessions are unaffected, which would make sense seeing that they are detached from the parent process.

[coyoteden.livejournal.com]

Well, if both of your Macs are crashy, that rules out hardware. IF your OS versions are different, that rules out software.... unless there was an update to OS X that applied the same unstable patch to both systems. That seems like the most likely scenario. Haunt the apple forums and see if anyone else is having this problem.

Also, as much as I hate to mention it, if you have accounts with identical usernames and passwords on both systems, or matching root passwords, both systems may have been compromised. If you suspect it, set up a sniffer or an IDS.

[giza.livejournal.com]

How does identical usernames and passwords increase the chance for a comprimise?

I'm not too worried about this scenario though, since I haven't seen any other signs of an intrusion, I hide behind a NAT, and I have never used that password outside of the network.

Outgoing connections.

[coyoteden.livejournal.com]

How does identical usernames and passwords increase the chance for a comprimise?

Easy. If they get in on one machine (and a reverse shell will traverse a NAT by phoning home) they have credentials that let them hop to the other and put a rootkit or backdoor on there too.

NATs are old news to crackers and even script kiddies. That's why most automated attacks (scans, worms, etc..) will make a compromised machine throw a shell back to a listening port on the exploiter, or join the IRC channel for a botnet.

[atpaw.livejournal.com]

Maybe they got infected by Windows? O:)

[furahi.livejournal.com]

Maybe an atomic bomb was detonated not too far frmo your house and corrupted the memory on both your computers =P

I've no experience with MacOS (well, used MacOS 9 for a bit), but I'd guess some faulty setting that you set manually on both systems, or a virulent or simlar program

[kellic.livejournal.com]

Have you tried Repairing Permissions
Sometimes an update or other app does some funky things to the perms.

[giza.livejournal.com]

Oh yeah. I only found like 3 permissions that were off. Didn't solve the problem, though.

[fc-greyfox.livejournal.com]

Sounds to me like there's a potential exploit going on there. I doubt it's a superuser exploit, thanks to Apple's wisdom in disabling the account completely.. but it sounds like there's definitely something faulty in there that's being abused. I'd run a packet sniffer between the machine and the 'net for a bit, see if you can catch a culprit packet or two coming in just as the machine crashes...

[giza.livejournal.com]

One thing I haven't ruled out is the contents of Library/Cache. Things have been stable since I switched to a new user account on each machine, and I'm wondering if something unstable got into the cache that was causing problems. There is a non-zero chance of this, since I do regularly move application data between the two machines.

[fc-greyfox.livejournal.com]

Good thinking there. It's well worth archiving the whole contents and then clearing the cache to see if that solves things. If so, it's just a matter of narrowing down which item caused it so the glitch can be reported for resolution.

[giza.livejournal.com]

I think I figured it out. Contact me on the MUCK if you wanna know the details.

Update..

[lionman.livejournal.com]

Alright, I had to stop by a client site today because one of the new G5's had crashed and they couldn't get it back up. They ran Tech Tools, and afterwords, the HD wouldn't mount, they couldn't get past the grey screen.

I ran Hardware Test, which came out okay. I then I ran the Disk Utility from the start DVD and discovered that I couldn't do a repair, I couldn't even mount the partition. All I could do was erase the HD and then reinstall all the software.

During this, I discover that several other of the users have had issues lately similar to what you're talking about. There could well be something in 10.4 that's wonky and potentially data-killing.

Re: Update..

[giza.livejournal.com]

That doesn't match my symptoms, because I have had zero data problems. In fact, when I switched user accounts, I had no problems copying data over.

I think I discovered the culprit on BOTH machines last night, but I'm going to wait until I get back from my Christmas trip before testing it. IM me if you wanna know the details.

Re: your situation, did you run Smarttools? I'd be interestted in what the SMART data from the hard drives has to say.