Date: Wed, 20 Aug 2014 05:05:16 +0000 From: "Dautenhahn, Nathan Daniel" <dautenh1@illinois.edu> To: Tim Kientzle <tim@kientzle.com> Cc: "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org>, Allan Jude <allanjude@freebsd.org> Subject: Re: stopped processes using cpu? Message-ID: <118A3B64-21C0-4FB9-84AD-837C037AAFD3@illinois.edu> In-Reply-To: <10AEB4BC-B1B3-4312-A36C-ECE33EC56805@kientzle.com> References: <CAA3ZYrAzpxpFNST5ZT-zHvk4Gg38w-yH1dTQj53Fp_rM-hohaA@mail.gmail.com> <53F3A564.8070202@freebsd.org>, <10AEB4BC-B1B3-4312-A36C-ECE33EC56805@kientzle.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Aug 19, 2014, at 9:15 PM, "Tim Kientzle" <tim@kientzle.com> wrote: >=20 >=20 >> On Aug 19, 2014, at 12:28 PM, Allan Jude <allanjude@freebsd.org> wrote: >>=20 >>> On 2014-08-19 15:21, Dieter BSD wrote: >>> 8.2 on amd64 >>> Top(1) with no arguments reports that some firefox processes are using = cpu >>> dispite being stopped (via kill -stop pid) for at least several hours. >>> Adding -C doesn't change the numbers. Ps(1) reports the same. >>> Interestingly, a firefox that isn't stopped is (correctly?) reported as >>> using 0 cpu. The 100% idle should be correct, but who knows. >>>=20 >>> last pid: 51932; load averages: 0.07, 0.99, 1.42 up 14+19:02:56 08:4= 8:28 >>> 267 processes: 1 running, 138 sleeping, 128 stopped >>> CPU: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle >>> Mem: 1665M Active, 653M Inact, 240M Wired, 95M Cache, 372M Buf, 815M Fr= ee >>> Swap: 8965M Total, 560K Used, 8965M Free >>>=20 >>> PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND >>> 44188 a 9 44 0 303M 187M STOP 113:19 13.43% firefox= -bin >>> 92986 b 11 44 0 164M 62848K STOP 0:18 5.03% firefox= -bin >>> 16507 c 11 44 0 189M 88976K STOP 0:13 0.24% firefox= -bin >>> 2265 root 1 44 0 248M 193M select 625:38 0.00% Xorg >>> 51271 d 10 44 0 233M 128M ucond 12:12 0.00% firefox= -bin >>> _______________________________________________ >>> freebsd-hackers@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers >>> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.o= rg" >>=20 >> I wonder if jhb@'s new top code solves this. He adjusted the way CPU >> usage is tracked to be more responsive, and not based on averages >=20 > I wonder if jhb@=92s new top code fixes the whacky WCPU values we=92ve be= en seeing on FreeBSD/ARM. (1713% CPU is a little hard to believe on a sing= le-core board ;-). It could be a bit of an odd suggestion, and I really have no experience on = whether or not the existing code is good or bad, but I wonder of there migh= t be some type of rootkit running on the system? Possibly lying about perfo= rmance to hide processes? In the Firefox case, a rootkit could be labeling a malicious process with F= irefox to hide the processes existence.=20 How long has the system been operating? Is it possible for that to be happe= ning in this case?=20 ::Nathan:: >=20 > Tim >=20 > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org= "
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?118A3B64-21C0-4FB9-84AD-837C037AAFD3>