Mailing List Archive: Mystery Processes

These two problems may not be related, but they may, which is why I'm
asking about both of them in the same post.

I've got weird process behaviour.

1. Processes are not ending when they should; specifically mPlayer (but
I'm not certain it's the only one that acts like this, just the worst).

I'm trying to transcode a retail NTSC DVD to PAL (for the record, I was
born in the US and bought this DVD there, I moved to Holland 4 years
ago, and brought it with me, but can't play it in color on a very cheap
standalone DVD player which doesn't convert on-the-fly very well, if at
all). That's a whole 'nother issue, but I'm "following" the forum thread
on this subject, and using -x mplayer,mplayer to feed the file (ripped
to an avi) to transcode.

I'm not good at this, so when the file is transcoded to PAL, something
is usually wrong with it (it's out of sync, the heads are stretched,
whatever. Again, not the point). So I'm deleting the output files,
retranscoding the input file, blah blah blah. Eventually my system
stalls (insofar as I can't open gedit or some other program, although
everything already running keeps running normally), and I check my
system monitor and there's like 10 or more processes of mplayer
streaming the previous attempts. They can be killed, but it seems to me
that when each transcode is finished, the mplayer process should end.

Now I would think that this was just an mPlayer problem, except for

2. Nameless processes running.

When I open the system monitor, I've got a whole lot (16) of processes
running (sleeping, actually, with a nice value of -10), that display no
name, and no information as to what they are.

They seem to be daemon related; at least the first four are under
Metalog (MASTER)=>Metalog (KERNEL)=>udevd. Then the next one is a master
process, with the rest under it, and then there's init [3] as the last.
They all take up 0 bytes memory.

I've run chrootkit and rkhunter with no result, so I don't so much think
I've been hacked as I think it's hot/coldplug maybe reserving space for
devices that are not yet connected. Or something. I hope. But I'm just
guessing, and I'd rather not guess about root-owned daemon processes
that I don't have the first clue what they really are.

I also wonder if these processes (given their high priority) might be
interfering with other processes (like mPlayer), and since I don't know
whether these ghosts should even be running at all, it's certainly a
possibility.

Does anyone know what might be going on here, what might be causing
either of these issues, whether they are likely to be related, and how I
could solve whatever the problem actually is?

TIA,

Holly

--
gentoo-user@gentoo.org mailing list

Ajai Khattri wrote:
> On Mon, 25 Oct 2004, Holly Bostick wrote:
>
>
>>2. Nameless processes running.
>>
>>When I open the system monitor, I've got a whole lot (16) of processes
>>running (sleeping, actually, with a nice value of -10), that display no
>>name, and no information as to what they are.
>
>
> What does "ps -efl --forest" show?
>

Thanks for the new command!

[root@Gentoo] 12:18 PM #ps -efl --forest
F S UID PID PPID C PRI NI ADDR SZ WCHAN STIME TTY
TIME CMD
4 S root 1 0 0 80 0 - 306 - Oct25 ?
00:00:01 init [3]
1 S root 2 1 0 -40 - - 0 migrat Oct25 ?
00:00:00 [migration/0]
1 S root 3 1 0 99 19 - 0 ksofti Oct25 ?
00:00:00 [ksoftirqd/0]
1 S root 4 1 0 70 -10 - 0 worker Oct25 ?
00:00:01 [events/0]
1 S root 5 4 0 70 -10 - 0 worker Oct25 ?
00:00:00 \_ [khelper]
1 S root 6 4 0 70 -10 - 0 worker Oct25 ?
00:00:00 \_ [kacpid]
1 S root 20 4 0 70 -10 - 0 worker Oct25 ?
00:00:00 \_ [kblockd/0]
1 S root 37 4 0 70 -10 - 0 worker Oct25 ?
00:00:00 \_ [aio/0]
1 S root 290 4 0 70 -10 - 0 worker Oct25 ?
00:00:00 \_ [ata/0]
1 S root 320 4 0 70 -10 - 0 worker Oct25 ?
00:00:00 \_ [reiserfs/0]
1 S root 9000 4 0 80 0 - 0 pdflus Oct25 ?
00:00:20 \_ [pdflush]
1 S root 9178 4 0 80 0 - 0 pdflus Oct25 ?
00:00:09 \_ [pdflush]
1 S root 21 1 0 80 0 - 0 hub_th Oct25 ?
00:00:00 [khubd]
5 S root 31 1 0 87 -10 - 0 vesafb Oct25 ?
00:00:02 [vesafb]
1 S root 36 1 0 80 0 - 0 kswapd Oct25 ?
00:00:32 [kswapd0]
1 S root 291 1 0 80 0 - 0 - Oct25 ?
00:00:00 [khpsbpkt]
1 S root 304 1 0 80 0 - 0 serio_ Oct25 ?
00:00:00 [kseriod]
4 S root 390 1 0 70 -10 - 302 - Oct25 ?
00:00:00 udevd
5 S root 6138 1 0 80 0 - 454 - Oct25 ?
00:02:32 metalog [MASTER]
5 S root 6139 6138 0 80 0 - 321 syslog Oct25 ?
00:00:41 \_ metalog [KERNEL]
1 S root 6708 1 0 80 0 - 312 - Oct25 ?
00:00:00 /sbin/dhcpcd eth0
5 S root 6734 1 0 80 0 - 1186 - Oct25 ?
00:00:00 /usr/sbin/cupsd
5 S rpc 6898 1 0 80 0 - 356 - Oct25 ?
00:00:00 /sbin/portmap
5 S motub 7023 1 0 80 0 - 705 - Oct25 ?
00:01:45 /usr/sbin/famd -T 0 -c /etc/fam.conf
5 S 101 7045 1 0 80 0 - 737 - Oct25 ?
00:00:00 /usr/bin/dbus-daemon-1 --system
5 S root 7062 1 0 80 0 - 1170 - Oct25 ?
00:00:20 /usr/sbin/hald
5 S root 7873 1 0 80 0 - 364 - Oct25 ?
00:00:00 /usr/sbin/pwcheck
5 S root 7929 1 0 80 0 - 1634 - Oct25 ?
00:00:00 /usr/sbin/smbd -D
1 S root 7932 7929 0 80 0 - 1634 pause Oct25 ?
00:00:00 \_ /usr/sbin/smbd -D
5 S root 7933 1 0 80 0 - 1197 - Oct25 ?
00:00:01 /usr/sbin/nmbd -D
5 S root 7993 1 0 80 0 - 776 - Oct25 ?
00:00:00 /usr/sbin/sshd
5 S root 8044 1 0 80 0 - 365 - Oct25 ?
00:00:00 /usr/sbin/cron
4 S root 8153 1 0 80 0 - 541 - Oct25 tty1
00:00:03 /sbin/qingy tty1 linux
4 S motub 8389 8153 0 80 0 - 551 wait4 Oct25 tty1
00:00:00 \_ -bash -c /usr/X11R6/bin/xinit /etc/X11/Sessions/openbox_nl
-- /usr/X11R6/b0 S motub 8393 8389 0 80 0 - 510 wait4 Oct25
tty1 00:00:00 \_ /usr/X11R6/bin/xinit
/etc/X11/Sessions/openbox_nl -- /usr/X11R6/bin/Xo4 R root 8394
8393 2 80 0 - 23444 - Oct25 ? 00:27:54 \_
/usr/X11R6/bin/Xorg :1 vt8
0 S motub 8419 8393 0 80 0 - 441 wait4 Oct25 tty1
00:00:00 \_ /bin/sh /etc/X11/Sessions/openbox_nl
0 S motub 8420 8419 0 80 0 - 2157 - Oct25 tty1
00:00:05 \_ openbox
0 S motub 8421 8420 0 80 0 - 4517 - Oct25 tty1
00:00:01 \_ /usr/libexec/gnome-settings-daemon
0 S motub 8422 8420 0 80 0 - 2791 - Oct25 tty1
00:00:03 \_ devilspie
1 S motub 8425 8420 0 80 0 - 576 wait4 Oct25 tty1
00:00:00 \_ /bin/bash /home/motub/openboxstart_nl.sh
0 S motub 8495 8425 0 80 0 - 6146 - Oct25 tty1
00:00:06 | \_ gnome-panel
0 S motub 8426 8420 0 80 0 - 2947 - Oct25 tty1
00:01:05 \_ multi-gnome-terminal --use-factory
--start-factory-server
0 S motub 8441 8426 0 80 0 - 353 - Oct25 tty1
00:00:00 \_ mgt-pty-helper
0 S motub 8442 8426 0 80 0 - 686 - Oct25 pts/0
00:00:00 \_ -bash
0 S motub 8445 8426 0 80 0 - 2181 - Oct25 pts/1
00:00:00 \_ mc -x
0 S motub 8454 8445 0 80 0 - 658 - Oct25 pts/3
00:00:00 | \_ bash -rcfile .bashrc
4 S root 8446 8426 0 80 0 - 486 wait4 Oct25 pts/2
00:00:00 \_ su -
4 S root 8497 8446 0 80 0 - 489 wait4 Oct25 pts/2
00:00:00 \_ -bash
4 R root 29632 8497 0 80 0 - 549 - 12:18 pts/2
00:00:00 \_ ps -efl --forest
4 S root 8154 1 0 80 0 - 317 - Oct25 tty2
00:00:00 /sbin/agetty 38400 tty2 linux
4 S root 8155 1 0 80 0 - 317 - Oct25 tty3
00:00:00 /sbin/agetty 38400 tty3 linux
4 S root 8156 1 0 80 0 - 317 - Oct25 tty4
00:00:00 /sbin/agetty 38400 tty4 linux
4 S root 8157 1 0 80 0 - 317 - Oct25 tty5
00:00:00 /sbin/agetty 38400 tty5 linux
4 S root 8158 1 0 80 0 - 317 - Oct25 tty6
00:00:00 /sbin/agetty 38400 tty6 linux
5 S root 8383 1 0 80 0 - 355 - Oct25 ?
00:00:01 /usr/sbin/gpm -m /dev/input/mice -t imps2 -l
"a-zA-Z0-9_.:~/\300-\326\330-\3660 S motub 8434 1 0 80 0 -
1788 - Oct25 tty1 00:00:01 /usr/libexec/gconfd-2 14
0 S motub 8436 1 0 80 0 - 729 - Oct25 ?
00:00:00 gnome-name-service
0 S motub 8473 1 0 80 0 - 1162 - Oct25 ?
00:00:00 /usr/libexec/bonobo-activation-server --ac-activate
--ior-output-fd=21
0 S motub 8504 1 1 80 0 - 7641 - Oct25 ?
00:20:42 gnubiff --oaf-activate-iid=OAFIID:GNOME_gnubiffApplet_Factory
--oaf-ior-fd=27
0 S motub 8515 1 0 80 0 - 4833 - Oct25 ?
00:00:15 /usr/libexec/wnck-applet
--oaf-activate-iid=OAFIID:GNOME_Wncklet_Factory --oaf0 S motub 8529
1 0 80 0 - 3884 - Oct25 ? 00:00:00
/usr/libexec/notification-area-applet
--oaf-activate-iid=OAFIID:GNOME_Notifica0 S motub 8534 1 0 80
0 - 4088 - Oct25 ? 00:00:02 /usr/libexec/clock-applet
--oaf-activate-iid=OAFIID:GNOME_ClockApplet_Factory 0 S motub 8536
1 0 80 0 - 4399 - Oct25 ? 00:00:07
/usr/libexec/mixer_applet2
--oaf-activate-iid=OAFIID:GNOME_MixerApplet_Factory0 S motub 8539
1 0 80 0 - 4010 - Oct25 ? 00:00:49
/usr/libexec/glunarclock-applet-2
--oaf-activate-iid=OAFIID:GNOME_GLunarclockA0 S motub 8651 1 0
80 0 - 8309 - Oct25 tty1 00:01:27 gnome-commander
0 S motub 8655 1 0 80 0 - 6276 - Oct25 ?
00:00:10 gedit /home/motub/temp/convert/dvdauthor.xml
4 S root 10040 1 0 80 0 - 1062 - 01:04 tty1
00:00:00 /usr/libexec/gconfd-2 13
0 S motub 10281 1 0 80 0 - 577 wait4 02:47 tty1
00:00:00 /bin/bash /usr/bin/firefox
0 S motub 10291 10281 1 80 0 - 34604 - 02:47 tty1
00:06:37 \_ /usr/lib/MozillaFirefox/firefox-bin
0 S motub 29553 1 0 80 0 - 577 wait4 12:07 ?
00:00:00 /bin/bash /usr/bin/thunderbird-bin
0 S motub 29568 29553 3 80 0 - 35994 - 12:07 ?
00:00:21 \_ /opt/thunderbird/thunderbird-bin -mail

Comparing it to the output of gnome-system-monitor, the invisible
entries would seem to be

1 S root 2 1 0 -40 - - 0 migrat Oct25 ?
00:00:00 [migration/0]
1 S root 3 1 0 99 19 - 0 ksofti Oct25 ?
00:00:00 [ksoftirqd/0]
1 S root 4 1 0 70 -10 - 0 worker Oct25 ?
00:00:01 [events/0]
1 S root 5 4 0 70 -10 - 0 worker Oct25 ?
00:00:00 \_ [khelper]
1 S root 6 4 0 70 -10 - 0 worker Oct25 ?
00:00:00 \_ [kacpid]
1 S root 20 4 0 70 -10 - 0 worker Oct25 ?
00:00:00 \_ [kblockd/0]
1 S root 37 4 0 70 -10 - 0 worker Oct25 ?
00:00:00 \_ [aio/0]
1 S root 290 4 0 70 -10 - 0 worker Oct25 ?
00:00:00 \_ [ata/0]
1 S root 320 4 0 70 -10 - 0 worker Oct25 ?
00:00:00 \_ [reiserfs/0]
1 S root 9000 4 0 80 0 - 0 pdflus Oct25 ?
00:00:20 \_ [pdflush]
1 S root 9178 4 0 80 0 - 0 pdflus Oct25 ?
00:00:09 \_ [pdflush]
1 S root 21 1 0 80 0 - 0 hub_th Oct25 ?
00:00:00 [khubd]
5 S root 31 1 0 87 -10 - 0 vesafb Oct25 ?
00:00:02 [vesafb]
1 S root 36 1 0 80 0 - 0 kswapd Oct25 ?
00:00:32 [kswapd0]
1 S root 291 1 0 80 0 - 0 - Oct25 ?
00:00:00 [khpsbpkt]
1 S root 304 1 0 80 0 - 0 serio_ Oct25 ?
00:00:00 [kseriod]

They look like legitimate daemons/system processes to me (confirming my
theory to some extent), but if I'm wrong, please let me know.

I also notice that there's a lot of seeming KDE-related "underprocesses"
(which doesn't so much surprise me, given that I don't run KDE but do
run some KDE/QT programs, so have kdelibs installed)-- could that be why
gnome-system-monitor can't get the process information from them?
Doesn't so much explain anything about why reiserfs, or ata are
invisible, but maybe if g-s-m can't get some of the processes, it goes
weird for a while until it gets itself together again. That would be
fairly GNOME-like behaviour (I love GNOME, but that doesn't mean I don't
know some of its flaws ;-) ).

Thanks again (at least I now can relax about the hacking thing I think),
and in advance for any further information.

And thanks to Andy Herrman, too, it does now appear that the mplayer
issue is unrelated.

So that's two things down, the only thing left to know is: are any of
these processes illegitimate, and how can I get them to appear in g-s-m
normally?

Holly

--
gentoo-user@gentoo.org mailing list