system_freeze-segault-proc

20/09/2009 - 18:02 von Ronny Plattner | Report spam
Hallo,

leider habe ich hier ein Problem mit einem Server, welches mir
schleierhaft ist.
Also, System bootet durch - bis zu
-snip-
blabla kernel: [ 84.042449] proc[3784]: segfault at 80488d2 ip
8048906 sp ffb1384c error 7 in proc[8048000+1000]
-snap-


An dieser Stelle bleibt der Bootprozess immer hàngen - kein Ping etc.
möglich!?


Vor einigen Tagen ist folgendes aufgetreten, wobei ich mir nicht sicher
bin, wie ich das deuten soll
-snip-
17:20:41 server1 -- MARK --
Sep 18 17:40:42 server1 -- MARK --
Sep 18 17:52:29 server1 kernel: PPP generic driver version 2.4.2
Sep 18 17:52:29 server1 kernel: NET: Registered protocol family 24
Sep 18 17:52:29 server1 kernel: CPU 1
Sep 18 17:52:29 server1 kernel: Modules linked in: pppoe pppox
ppp_generic slhc xt_multiport iptable_filter ip_tables ipv6 fuse
dm_snapshot dm_mirror dm_region_hash dm_log w83627hf hwmon_vid
ide_generic ide_cd_mod cdrom i2c_viapro k8temp i2c_core hwmon button
evdev ide_pci_generic via82cxxx floppy ehci_hcd pata_via ata_generic
uhci_hcd sd_mod
Sep 18 17:52:29 server1 kernel: Pid: 23275, comm: exploit Not tainted
2.6.29.1 #1 MS-7094
Sep 18 17:52:29 server1 kernel: RIP: 0010:[<0000000008048742>]
[<0000000008048742>] 0x8048742
Sep 18 17:52:29 server1 kernel: RSP: 0000:0000000061cc7d20 EFLAGS: 00010206
Sep 18 17:52:29 server1 kernel: RAX: 0000000061cc6000 RBX:
ffff880061cc7dd8 RCX: 0000000000001000
Sep 18 17:52:29 server1 kernel: RDX: 0000000000000000 RSI:
ffffe2000054cd30 RDI: ffff8800734ead00
Sep 18 17:52:29 server1 kernel: RBP: 0000000061cc7d38 R08:
0000000000000000 R09: ffffffffa013f2c0
Sep 18 17:52:29 server1 kernel: R10: ffff8800734ead00 R11:
0000000000000000 R12: ffff88007dead2c0
Sep 18 17:52:29 server1 kernel: R13: 0000000000000000 R14:
0000000000000000 R15: ffff88007e2ffc58
Sep 18 17:52:29 server1 kernel: FS: 00007f376ac8e6e0(0000)
GS:ffff88007fb51840(0063) knlGS:00000000f7db36b0
Sep 18 17:52:29 server1 kernel: CS: 0010 DS: 002b ES: 002b CR0:
000000008005003b
Sep 18 17:52:29 server1 kernel: CR2: 0000000061cc7d18 CR3:
000000005643f000 CR4: 00000000000006e0
Sep 18 17:52:29 server1 kernel: DR0: 0000000000000000 DR1:
0000000000000000 DR2: 0000000000000000
Sep 18 17:52:29 server1 kernel: DR3: 0000000000000000 DR6:
00000000ffff0ff0 DR7: 0000000000000400
Sep 18 17:52:29 server1 kernel: Process exploit (pid: 23275, threadinfo
ffff880061cc6000, task ffff880076f96730)
Sep 18 17:52:29 server1 kernel: PGD 4d118067 PUD 0
Sep 18 17:52:29 server1 kernel: CPU 1
Sep 18 17:52:29 server1 kernel: Modules linked in: pppoe pppox
ppp_generic slhc xt_multiport iptable_filter ip_tables ipv6 fuse
dm_snapshot dm_mirror dm_region_hash dm_log w83627hf hwmon_vid
ide_generic ide_cd_mod cdrom i2c_viapro k8temp i2c_core hwmon button
evdev ide_pci_generic via82cxxx floppy ehci_hcd pata_via ata_generic
uhci_hcd sd_mod
Sep 18 17:52:29 server1 kernel: Pid: 23275, comm: exploit Not tainted
2.6.29.1 #1 MS-7094
Sep 18 17:52:29 server1 kernel: RIP: 0010:[<ffffffff80213100>]
[<ffffffff80213100>] show_stack_log_lvl+0xac/0x106
Sep 18 17:52:29 server1 kernel: RSP: 0000:ffff88007fba5e48 EFLAGS: 00010046
Sep 18 17:52:29 server1 kernel: RAX: ffff88007fb51840 RBX:
0000000061cc7d20 RCX: 0000000061cc7d38
Sep 18 17:52:29 server1 kernel: RDX: ffff88000100f640 RSI:
ffff88007fba5f58 RDI: 0000000000000000
Sep 18 17:52:29 server1 kernel: RBP: 0000000000000000 R08:
ffffffff8054457c R09: 000000000000000a
Sep 18 17:52:29 server1 kernel: R10: ffff8800000be0e0 R11:
0000000000000020 R12: 0000000000000000
Sep 18 17:52:29 server1 kernel: R13: ffff88007fba3fc0 R14:
ffffffff8054457c R15: ffff88007fb9ffc0
Sep 18 17:52:29 server1 kernel: FS: 00007f376ac8e6e0(0000)
GS:ffff88007fb51840(0063) knlGS:00000000f7db36b0
Sep 18 17:52:29 server1 kernel: CS: 0010 DS: 002b ES: 002b CR0:
000000008005003b
Sep 18 17:52:29 server1 kernel: CR2: 0000000061cc7d20 CR3:
000000005643f000 CR4: 00000000000006e0
Sep 18 17:52:29 server1 kernel: DR0: 0000000000000000 DR1:
0000000000000000 DR2: 0000000000000000
Sep 18 17:52:29 server1 kernel: DR3: 0000000000000000 DR6:
00000000ffff0ff0 DR7: 0000000000000400
Sep 18 17:52:29 server1 kernel: Process exploit (pid: 23275, threadinfo
ffff880061cc6000, task ffff880076f96730)
Sep 18 17:52:29 server1 kernel: 0000000061cc7d38 ffff88007fba5f58
0000000061cc7d20 ffff880076f96730
Sep 18 17:52:29 server1 kernel: RSP <ffff88007fba5e48>
Sep 18 17:52:29 server1 kernel: [ end trace 80ea8bebc95f4919 ]
-snap-



Hinweise?
rkhunter und chkrootkit finden nichts (über sauberes Bootsystem frisch
geholt).

Merci
Ronny
 

Lesen sie die antworten

#1 Willi Mann
21/09/2009 - 19:51 | Warnen spam
Ronny Plattner wrote:

leider habe ich hier ein Problem mit einem Server, welches mir
schleierhaft ist.



Welche Distribution? Schon mittels $PACKAGE_MANAGER versucht, verànderte
(System-)Dateien zu finden?

WM

Ähnliche fragen