Date: Fri, 8 Sep 2000 10:40:22 -0400 (EDT) From: Igor Roshchin <str@giganda.komkon.org> To: stable@freebsd.org Subject: "high load" on a almost idle system. Message-ID: <200009081440.KAA34920@giganda.komkon.org>
next in thread | raw e-mail | index | archive | help
Hello!
I have a host running 4.0-RELEASE
I've noticed that suddenly the load became more than 1,
and it is sustained at that level for long time.
I killed and restarted all processes that could've been producing the load.
Now, I don't see any processes that could be the reason for such a load,
(I am using "top" and "ps"),
nor I see any unaccounted processes in /proc.
host: [10:16] [140] ~#w
10:17AM up 63 days, 16:16, 1 user, load averages: 1.24, 1.34, 1.16
USER TTY FROM LOGIN@ IDLE WHAT
str p0 anotherhost Thu09AM - w
There are just one or two connections to sendmail or/and pop3 server
as shown by netstat, but those are short-term connections.
Q.:
1. Is there any bug in 4.0 that could be responsible for indicating
such relatively high load (in the absense of "active" processes") ?
The ps and systat -vmstat outputs are below.
systat -vmstat does not show much activity.
Also:
2. Although it doesn't look like the host is compromized, but if it
was, how can I check for "hidden" processes (assuming that the kernel
was not changed (if hiding is possible in this case), and otherwise) ?
Thanks,
Igor
PS. Please, Cc: to me your responses.
systat -vmstat output:
1 users Load 1.18 1.11 1.09 Fri Sep 8 10:29
Mem:KB REAL VIRTUAL VN PAGER SWAP PAGER
Tot Share Tot Share Free in out in out
Act 4892 992 7012 1144 35560 count
All 90384 1360 2488568 1672 pages
zfod Interrupts
Proc:r p d s w Csw Trp Sys Int Sof Flt cow 231 total
6 10 1 26 231 5 1 15804 wire ata0 irq14
14792 act ahc0 irq9
0.3%Sys 3.0%Intr 0.0%User 0.0%Nice 96.7%Idl 59788 inact 3 xl0 irq11
| | | | | | | | | | cache fdc0 irq6
++ 35560 free atkbd0 irq
daefr sio0 irq4
Namei Name-cache Dir-cache prcfr sio1 irq3
Calls hits % hits % react 100 clk irq0
pdwak 128 rtc irq8
pdpgs
Disks ad0 da0 da1 fd0 pass0 pass1 md0 intrn
KB/t 0.00 0.00 0.00 0.00 0.00 0.00 0.00 6430 buf
tps 0 0 0 0 0 0 0 9 dirtybuf
MB/s 0.00 0.00 0.00 0.00 0.00 0.00 0.00 8403 desiredvnodes
% busy 0 0 0 0 0 0 0 5483 numvnodes
host: [10:13] [131] ~#ps -ajxww
USER PID PPID PGID SESS JOBC STAT TT TIME COMMAND
root 0 0 0 340a00 0 DLs ?? 0:09.61 (swapper)
root 1 0 1 a18740 0 ILs ?? 0:08.85 /sbin/init --
root 2 0 0 340a00 0 DL ?? 0:22.66 (pagedaemon)
root 3 0 0 340a00 0 DL ?? 0:00.00 (vmdaemon)
root 4 0 0 340a00 0 DL ?? 0:18.40 (bufdaemon)
root 5 0 0 340a00 0 DL ?? 53:58.13 (syncer)
root 33 1 33 a57e40 0 Is ?? 0:00.00 adjkerntz -i
daemon 127 1 127 a75d00 0 Is ?? 0:00.05 /usr/sbin/portmap
root 147 1 147 a75240 0 Ss ?? 6:06.07 inetd -wW
root 149 1 149 a75640 0 Is ?? 1:15.27 cron
root 152 1 152 a75540 0 Is ?? 0:00.01 /usr/sbin/lpd -l
root 2055 1 2055 a874c0 0 Is ?? 0:24.49 /usr/sbin/sshd
root 10158 2055 2055 a874c0 0 S ?? 0:03.94 sshd: str@ttyp0 (sshd)
root 15400 1 15400 c2dd40 0 Ss ?? 4:24.74 sendmail: accepting connections on port 25 (sendmail)
root 19697 1 19697 c2dc80 0 Ss ?? 0:03.57 /usr/sbin/named
root 19715 1 19715 a70040 0 S<s ?? 0:00.18 ntpd -p /var/run/ntpd.pid
root 19723 1 19723 a18340 0 Ss ?? 0:00.46 syslogd -vv
root 20025 15400 15400 c2dd40 0 I ?? 0:00.04 sendmail: server [XXX.XXX.XXX.XX] child wait (sendmail)
root 20026 20025 15400 c2dd40 0 S ?? 0:00.97 sendmail: KAA20026 [XXX.XXX.XXX.XX]: DATA (sendmail)
str 10159 10158 10159 b9ee00 0 Is p0 0:00.47 -tcsh (tcsh)
root 19800 10159 19800 b9ee00 1 S p0 0:00.56 _su -m (tcsh)
root 20035 19800 20035 b9ee00 1 R+ p0 0:00.00 ps -ajxww
root 449 1 449 a75ac0 0 Is+ v0 0:00.04 /usr/libexec/getty Pc ttyv0
root 197 1 197 a8eb00 0 Is+ v1 0:00.02 /usr/libexec/getty Pc ttyv1
root 307 1 307 a75b00 0 Is+ v2 0:00.05 /usr/libexec/getty Pc ttyv2
root 199 1 199 a8e700 0 Is+ v3 0:00.02 /usr/libexec/getty Pc ttyv3
root 200 1 200 a8e800 0 Is+ v4 0:00.02 /usr/libexec/getty Pc ttyv4
root 201 1 201 a8ea40 0 Is+ v5 0:00.02 /usr/libexec/getty Pc ttyv5
root 202 1 202 a8e980 0 Is+ v6 0:00.02 /usr/libexec/getty Pc ttyv6
root 203 1 203 a8e8c0 0 Is+ v7 0:00.02 /usr/libexec/getty Pc ttyv7
host: [10:13] [132] ~#ps -auxww
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 20037 0.0 0.2 416 224 p0 R+ 10:13AM 0:00.00 ps -auxww
root 1 0.0 0.2 512 204 ?? ILs 6Jul00 0:08.85 /sbin/init --
root 2 0.0 0.0 0 0 ?? DL 6Jul00 0:22.66 (pagedaemon)
root 3 0.0 0.0 0 0 ?? DL 6Jul00 0:00.00 (vmdaemon)
root 4 0.0 0.0 0 0 ?? DL 6Jul00 0:18.40 (bufdaemon)
root 5 0.0 0.0 0 0 ?? DL 6Jul00 53:58.14 (syncer)
root 33 0.0 0.1 208 64 ?? Is 6Jul00 0:00.00 adjkerntz -i
daemon 127 0.0 0.4 892 540 ?? Is 6Jul00 0:00.05 /usr/sbin/portmap
root 147 0.0 0.5 1012 604 ?? Ss 6Jul00 6:06.08 inetd -wW
root 149 0.0 0.5 928 608 ?? Is 6Jul00 1:15.27 cron
root 152 0.0 0.4 888 500 ?? Is 6Jul00 0:00.01 /usr/sbin/lpd -l
root 197 0.0 0.4 892 496 v1 Is+ 6Jul00 0:00.02 /usr/libexec/getty Pc ttyv1
root 199 0.0 0.4 892 496 v3 Is+ 6Jul00 0:00.02 /usr/libexec/getty Pc ttyv3
root 200 0.0 0.4 892 496 v4 Is+ 6Jul00 0:00.02 /usr/libexec/getty Pc ttyv4
root 201 0.0 0.4 892 496 v5 Is+ 6Jul00 0:00.02 /usr/libexec/getty Pc ttyv5
root 202 0.0 0.4 892 496 v6 Is+ 6Jul00 0:00.02 /usr/libexec/getty Pc ttyv6
root 203 0.0 0.4 892 496 v7 Is+ 6Jul00 0:00.02 /usr/libexec/getty Pc ttyv7
root 307 0.0 0.4 896 520 v2 Is+ 6Jul00 0:00.05 /usr/libexec/getty Pc ttyv2
root 449 0.0 0.4 896 524 v0 Is+ 6Jul00 0:00.04 /usr/libexec/getty Pc ttyv0
root 2055 0.0 0.8 1812 1000 ?? Is 7Jul00 0:24.49 /usr/sbin/sshd
root 15400 0.0 0.9 1396 1104 ?? Ss 10Jul00 4:24.74 sendmail: accepting connections on port 25 (sendmail)
root 10158 0.0 1.0 1876 1232 ?? S Thu09AM 0:03.97 sshd: str@ttyp0 (sshd)
str 10159 0.0 1.0 1652 1316 p0 Is Thu09AM 0:00.47 -tcsh (tcsh)
root 19697 0.0 1.8 2752 2232 ?? Ss 9:55AM 0:03.59 /usr/sbin/named
root 19715 0.0 0.6 1220 816 ?? S<s 9:57AM 0:00.18 ntpd -p /var/run/ntpd.pid
root 19723 0.0 0.5 884 592 ?? Ss 9:57AM 0:00.46 syslogd -vv
root 19800 0.0 1.0 1648 1300 p0 S 10:00AM 0:00.57 _su -m (tcsh)
root 20025 0.0 0.9 1452 1184 ?? I 10:12AM 0:00.04 sendmail: server [XXX.XXX.XXX.XX] child wait (sendmail)
root 20026 0.2 1.0 1492 1256 ?? S 10:12AM 0:01.03 sendmail: KAA20026 [XXX.XXX.XXX.XX]: DATA (sendmail)
root 0 0.0 0.0 0 0 ?? DLs 6Jul00 0:09.61 (swapper)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009081440.KAA34920>