Thursday, April 4, 2013

Stact traces are fun ...

I turned off a Western digital external USB hard disk and BOOM!


Syslog threw this in every terminal window;



Message from syslogd@greyarea at Apr 5 09:38:37 ...
kernel:[845101.225977] Oops: 0011 [#1] SMP

Message from syslogd@greyarea at Apr 5 09:38:37 ...
kernel:[845101.225979] last sysfs file: /sys/devices/pci0000:00/0000:00:1d.0/class

Message from syslogd@greyarea at Apr 5 09:38:37 ...
kernel:[845101.226072] Stack:

Message from syslogd@greyarea at Apr 5 09:38:37 ...
kernel:[845101.226085] Call Trace:

Message from syslogd@greyarea at Apr 5 09:38:37 ...
kernel:[845101.226179] Code: 00 00 00 f0 26 4b 81 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 c0 37 4b 81 ff ff ff ff 01 00 00 00 00 00 00 00 d8 0e 2b 01 88 ff ff e0 d8 0e 2b 01 88 ff ff 00 00 00 00 00

Message from syslogd@greyarea at Apr 5 09:38:37 ...
kernel:[845101.226208] CR2: ffff88012b0ed8e0


I wonder what the hell happened there? Lets look at dmesg. Aaah huh...



[845101.160570] usb 2-1.8: USB disconnect, address 28
[845101.225961] kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
[845101.225964] BUG: unable to handle kernel paging request at ffff88012b0ed8e0
[845101.225966] IP: [] 0xffff88012b0ed8e0
[845101.225973] PGD 1002063 PUD a067 PMD 1dac40063 PTE 800000012b0ed163
[845101.225977] Oops: 0011 [#1] SMP
[845101.225979] last sysfs file: /sys/devices/pci0000:00/0000:00:1d.0/class
[845101.225982] CPU 6
[845101.225984] Modules linked in: ses enclosure hfsplus isofs udf crc_itu_t nls_utf8 nls_cp437 vfat fat usb_storage ip6table_filter ip6_tables iptable_filter ip_tables ebtable_nat ebtables x_tables sco bridge stp bnep acpi_cpufreq rfcomm parport_pc l2cap crc16 ppdev lp parport cpufreq_stats cpufreq_conservative cpufreq_powersave bluetooth rfkill cpufreq_userspace vboxnetadp vboxnetflt vboxdrv kvm_intel binfmt_misc kvm fuse loop snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device snd nvidia(P) soundcore psmouse snd_page_alloc i2c_i801 pcspkr i2c_core wmi evdev processor button serio_raw usbhid hid ext3 jbd mbcache dm_mod sg sd_mod sr_mod crc_t10dif cdrom ahci ehci_hcd libata usbcore nls_base scsi_mod thermal e1000e thermal_sys [last unloaded: scsi_wait_scan]
[845101.226037] Pid: 19273, comm: umount Tainted: P M 2.6.32-5-amd64 #1 5498PY9
[845101.226039] RIP: 0010:[] [] 0xffff88012b0ed8e0
[845101.226043] RSP: 0018:ffff8801daf35bc0 EFLAGS: 00010282
[845101.226046] RAX: ffff88012b0ed8e0 RBX: 0000000000000000 RCX: ffff88021a34f978
[845101.226048] RDX: 0000000000000010 RSI: ffff88021a34f8f0 RDI: ffff88013ce72340
[845101.226051] RBP: ffff88013ce72340 R08: ffff88013ce72340 R09: ffff88022e08b7e0
[845101.226053] R10: 0000000000000002 R11: ffff88012b0ed8e0 R12: ffff88021a34f8f0
[845101.226055] R13: 0000000001000000 R14: 0000000000000001 R15: 0000000000000001
[845101.226058] FS: 00007f39c88cf740(0000) GS:ffff880008b80000(0000) knlGS:0000000000000000
[845101.226061] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[845101.226063] CR2: ffff88012b0ed8e0 CR3: 000000019932c000 CR4: 00000000000026e0
[845101.226065] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[845101.226067] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[845101.226070] Process umount (pid: 19273, threadinfo ffff8801daf34000, task ffff88012b928e20)
[845101.226072] Stack:
[845101.226074] ffffffff811800ff 0000001000000002 0000000000000000 ffff88023c2fc901
[845101.226077] <0> ffffffff81300096 ffff88023c2fc9e0 ffff88022e08b7e0 ffff88013ce72340
[845101.226081] <0> 0000000000000000 0000000000000000 0000000000000000 ffff88022e08b7e0
[845101.226085] Call Trace:
[845101.226090] [] ? get_request+0x1f0/0x2ba
[845101.226094] [] ? do_page_fault+0x2e0/0x2fc
[845101.226097] [] ? get_request_wait+0x21/0x188
[845101.226105] [] ? scsi_execute+0x3b/0x12f [scsi_mod]
[845101.226112] [] ? scsi_execute_req+0x40/0xb9 [scsi_mod]
[845101.226119] [] ? scsi_execute_req+0x87/0xb9 [scsi_mod]
[845101.226126] [] ? ioctl_internal_command+0x64/0x16a [scsi_mod]
[845101.226131] [] ? pagevec_lookup+0x17/0x1e
[845101.226139] [] ? scsi_set_medium_removal+0x5a/0x98 [scsi_mod]
[845101.226144] [] ? cdrom_release+0x18f/0x1fe [cdrom]
[845101.226150] [] ? smp_call_function_many+0x1ce/0x1ec
[845101.226154] [] ? invalidate_bh_lru+0x0/0x42
[845101.226159] [] ? sr_block_release+0x11/0x1d [sr_mod]
[845101.226162] [] ? __blkdev_put+0x94/0x14c
[845101.226166] [] ? deactivate_super+0x60/0x77
[845101.226170] [] ? sys_umount+0x2dc/0x30b
[845101.226173] [] ? do_page_fault+0x2e0/0x2fc
[845101.226177] [] ? system_call_fastpath+0x16/0x1b
[845101.226179] Code: 00 00 00 f0 26 4b 81 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 c0 37 4b 81 ff ff ff ff 01 00 00 00 00 00 00 00 d8 0e 2b 01 88 ff ff e0 d8 0e 2b 01 88 ff ff 00 00 00 00 00
[845101.226201] RIP [] 0xffff88012b0ed8e0
[845101.226206] RSP
[845101.226208] CR2: ffff88012b0ed8e0
[845101.226210] ---[ end trace e40465e307868faf ]---


I might just reboot now to be on the safe side.