# find: 100% CPU usage, can't 'kill -9'



## jwdevel (Apr 27, 2013)

While upgrading ports, I noticed the following command in `top`, which has been spinning for a long time, now:


```
PID USERNAME       THR PRI NICE   SIZE    RES STATE   C   TIME   WCPU COMMAND
50840 root             1 103    0 10052K  2888K CPU0    0  33.4H 100.00% find
```

I cannot kill the process with `kill -KILL` - it just sits there using 100% CPU.

Does anyone have ideas about what is going on?

I looked in `ps` for some more info:


```
# ps -auxwww | grep find
root       50840 100.0  0.0  10052   2888  ??  R    Fri03AM   2005:05.51 find -sx / /tmp /usr /var /fish /whale /dev/null -type f ( -perm -u+x -or -perm -g+x -or -perm -o+x ) ( -perm -u+s -or -perm -g+s ) -exec ls -liTd {} +
root        8192   0.0  0.0  10052   3024  ??  D     3:01AM      0:08.35 find -sx / /tmp /usr /var /fish /whale /dev/null -type f ( -perm -u+x -or -perm -g+x -or -perm -o+x ) ( -perm -u+s -or -perm -g+s ) -exec ls -liTd {} +
nobody     84650   0.0  0.0  10052   3528  ??  DN    4:15AM      0:23.75 find -s / ! ( -fstype ufs -or -fstype ntfs ) -prune -or -path /tmp -prune -or -path /usr/tmp -prune -or -path /var/tmp -prune -or -path /var/db/portsnap -prune -or -name .zfs -type d -prune -or -print
```

From this, it does seem these processes were launched during my (still continuing) ports upgrade endeavor.

My ports continue to build - I can see the compiler output scrolling by right now.

Anybody have any thoughts on this?

Here's my `uname`:

```
# uname -a
FreeBSD lumpy.fake_fake.net 9.0-RELEASE-p4 FreeBSD 9.0-RELEASE-p4 #1: Fri Nov  9 21:46:56 PST 2012     root@lumpy.fake_fake.net:/usr/obj/usr/src/sys/GENERIC  amd64
```

Thanks for any insight.


----------



## DutchDaemon (Apr 27, 2013)

```
[/etc/periodic] # grep -r "liTd" *
security/100.chksetuid:	    \( -perm -u+s -or -perm -g+s \) -exec ls -liTd \{\} \+ |
security/110.neggrpperm:	    -exec ls -liTd \{\} \+ | tee /dev/stderr | wc -l)
```

Also note the timestamp of those jobs in your output. These are the periodic(8) jobs.


----------



## jwdevel (Apr 28, 2013)

Thanks for that info - yes, that does seem to be true. I tracked it down to /usr/sbin/periodic security, looking at PPIDs as well. So this is normal? find has been running for 30+ hours, is using 100% CPU, and cannot be killed by `kill -9`?


----------



## DutchDaemon (Apr 28, 2013)

There may be hints in the aforementioned manual, and this topic.


----------

