From owner-freebsd-hackers@FreeBSD.ORG Wed Aug 20 05:12:42 2014 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EF54EDE2; Wed, 20 Aug 2014 05:12:41 +0000 (UTC) Received: from pps05.cites.illinois.edu (pps05.cites.illinois.edu [192.17.82.72]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id ABF853A91; Wed, 20 Aug 2014 05:12:41 +0000 (UTC) Received: from citesht3.cites.illinois.edu (citesht3.cites.illinois.edu [128.174.34.208]) by pps05.cites.illinois.edu (8.14.5/8.14.5) with ESMTP id s7K55ISw004780 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Wed, 20 Aug 2014 00:05:18 -0500 Received: from CHIMBX1.ad.uillinois.edu ([169.254.6.58]) by CITESHT3.ad.uillinois.edu ([128.174.34.208]) with mapi id 14.03.0195.001; Wed, 20 Aug 2014 00:05:17 -0500 From: "Dautenhahn, Nathan Daniel" To: Tim Kientzle Subject: Re: stopped processes using cpu? Thread-Topic: stopped processes using cpu? Thread-Index: AQHPu+Lb9wz5zxFPpUS8b4mine3BSpvYo5YAgABpQ4D//+QLWg== Date: Wed, 20 Aug 2014 05:05:16 +0000 Message-ID: <118A3B64-21C0-4FB9-84AD-837C037AAFD3@illinois.edu> References: <53F3A564.8070202@freebsd.org>, <10AEB4BC-B1B3-4312-A36C-ECE33EC56805@kientzle.com> In-Reply-To: <10AEB4BC-B1B3-4312-A36C-ECE33EC56805@kientzle.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Spam-Score: 0 X-Spam-Details: rule=cautious_plus_nq_notspam policy=cautious_plus_nq score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1402240000 definitions=main-1408200044 X-Spam-OrigSender: dautenh1@illinois.edu X-Spam-Bar: Cc: "freebsd-hackers@freebsd.org" , Allan Jude X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Aug 2014 05:12:42 -0000 > On Aug 19, 2014, at 9:15 PM, "Tim Kientzle" wrote: >=20 >=20 >> On Aug 19, 2014, at 12:28 PM, Allan Jude wrote: >>=20 >>> On 2014-08-19 15:21, Dieter BSD wrote: >>> 8.2 on amd64 >>> Top(1) with no arguments reports that some firefox processes are using = cpu >>> dispite being stopped (via kill -stop pid) for at least several hours. >>> Adding -C doesn't change the numbers. Ps(1) reports the same. >>> Interestingly, a firefox that isn't stopped is (correctly?) reported as >>> using 0 cpu. The 100% idle should be correct, but who knows. >>>=20 >>> last pid: 51932; load averages: 0.07, 0.99, 1.42 up 14+19:02:56 08:4= 8:28 >>> 267 processes: 1 running, 138 sleeping, 128 stopped >>> CPU: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle >>> Mem: 1665M Active, 653M Inact, 240M Wired, 95M Cache, 372M Buf, 815M Fr= ee >>> Swap: 8965M Total, 560K Used, 8965M Free >>>=20 >>> PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND >>> 44188 a 9 44 0 303M 187M STOP 113:19 13.43% firefox= -bin >>> 92986 b 11 44 0 164M 62848K STOP 0:18 5.03% firefox= -bin >>> 16507 c 11 44 0 189M 88976K STOP 0:13 0.24% firefox= -bin >>> 2265 root 1 44 0 248M 193M select 625:38 0.00% Xorg >>> 51271 d 10 44 0 233M 128M ucond 12:12 0.00% firefox= -bin >>> _______________________________________________ >>> freebsd-hackers@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers >>> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.o= rg" >>=20 >> I wonder if jhb@'s new top code solves this. He adjusted the way CPU >> usage is tracked to be more responsive, and not based on averages >=20 > I wonder if jhb@=92s new top code fixes the whacky WCPU values we=92ve be= en seeing on FreeBSD/ARM. (1713% CPU is a little hard to believe on a sing= le-core board ;-). It could be a bit of an odd suggestion, and I really have no experience on = whether or not the existing code is good or bad, but I wonder of there migh= t be some type of rootkit running on the system? Possibly lying about perfo= rmance to hide processes? In the Firefox case, a rootkit could be labeling a malicious process with F= irefox to hide the processes existence.=20 How long has the system been operating? Is it possible for that to be happe= ning in this case?=20 ::Nathan:: >=20 > Tim >=20 > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org= "