segv pri pristupu ke konkretnimu souboru
Vlada Macek
tuttle na sandbox.cz
Úterý Květen 16 10:19:11 CEST 2006
Narazil jsem na serveru (PC Intel, Debian Sarge, kernel 2.4 z baliku,
ext3, IDE disky) na zda se vaznejsi problem.
Jakykoli proces snazici se stat()nout nebo cist jeden konkretni malicky
obycejny soubor (ve kterem se nachazelo jen jedno cislo) dostane SEGV a
kernel vypise neco takoveho:
May 15 15:01:33 sandbox kernel: Unable to handle kernel paging request
at virtual address e0a8c548
May 15 15:01:33 sandbox kernel: printing eip:
May 15 15:01:33 sandbox kernel: c014907a
May 15 15:01:33 sandbox kernel: *pde = 01617067
May 15 15:01:33 sandbox kernel: *pte = 00000000
May 15 15:01:33 sandbox kernel: Oops: 0000
May 15 15:01:33 sandbox kernel: CPU: 0
May 15 15:01:33 sandbox kernel: EIP:
0010:[link_path_walk+1354/2224] Tainted: P
May 15 15:01:33 sandbox kernel: EFLAGS: 00010282
May 15 15:01:33 sandbox kernel: eax: e0a8c520 ebx: d3835440 ecx:
cd310a40 edx: 00000000
May 15 15:01:33 sandbox kernel: esi: c1e60008 edi: 00000000 ebp:
d6743f84 esp: d6743ef8
May 15 15:01:33 sandbox kernel: ds: 0018 es: 0018 ss: 0018
May 15 15:01:33 sandbox kernel: Process cat (pid: 29969, stackpage=d6743000)
May 15 15:01:33 sandbox kernel: Stack: ccc78a20 d6743f10 00000001
00000001 cd310a40 d3835440 c1e60000 00000008
May 15 15:01:33 sandbox kernel: 6506b3e3 d6743f24 d6743f84
c1e60000 00000000 d6743f84 c01495a9 00008000
May 15 15:01:33 sandbox kernel: 00008001 4014c880 c0149a1e
00000009 00002190 00000001 000003e8 00000000
May 15 15:01:33 sandbox kernel: Call Trace: [path_lookup+57/64]
[open_namei+110/1488] [filp_open+62/112] [sys_open+83/160] [tracesys+31/35]
May 15 15:01:33 sandbox kernel:
May 15 15:01:33 sandbox kernel: Code: 8b 40 28 85 c0 0f 84 fe 00 00 00
be 00 e0 ff ff 21 e6 8b 8e
Obavam se, ze je to hw problem. Jine soubory v tom adresari to nedelaji.
fsck jsem jeste nepoustel, bojim se, co by provedl. Smazat jsem to
nezkousel ze stejneho duvodu.
Nejdriv se ptam, jestli to nekdo z vas nezna. Treba se dozvim, co by
nasledovalo po rm/fsck. :-)
Zkuseni poradte, dik.
--
\//\/\
(Sometimes credited as 1494 F8DD 6379 4CD7 E7E3 1FC9 D750 4243 1F05 9424.)
[ When you find a virus in mail from me, then I intended to infect you, ]
[ since I use SW that is not distributing malware w/o my knowledge. ]
Další informace o konferenci Linux