I'm sure you're all busy working on the latest kernel, but I was wondering
if you would spare a few minutes to look at my problem. I came to work
this morning and my server had crashed. I was still able to ping it and
type in a username at the text console, but no proccess seemed to be
running or want to start. I was forced to power-cycle the server. When it
came back up, I looked in the syslog file and noticed the following errors,
which were repeated maybe ten times before I power-cycled the server.
<< snip >>
Unable to handle kernel paging request at virtual address 0a707565
current->tss.cr3 = 0d8e5000, %%cr3 = 0d8e5000
*pde = 00000000
Oops: 0000
CPU: 0
EIP: 0010:[<c0123557>]
EFLAGS: 00010002
eax: cffaf620 ebx: cf113f80 ecx: 0a707565 edx: 746a88b8
esi: cffaf620 edi: c4ebe4a4 ebp: 00000282 esp: ccaabe9c
ds: 0018 es: 0018 ss: 0018
Process find (pid: 527, process nr: 48, stackpage=ccaab000)
Stack: c4ebe4a4 c182d2c0 c981c740 cf3312a0 00000000 c0136237 cffaf620 00000015
00000009 00000009 00000000 c4ebe4f4 c4ebe4a4 c182d2c0 cff75d18 cf53c000
746a88b8 0000000b cf53c000 cf53c000 cf53c000 c0130510 c182d2c0 ccaabf48
Call Trace: [<c0136237>] [<c0130510>] [<c01303ee>] [<c013076c>]
[<c013029b>] [<c0130865>] [<c0132c0c>]
[<c012e378>] [<c0109184>]
Code: 8b 01 89 03 85 c0 74 29 8b 53 04 85 d2 75 0e 89 19 89 c8 2b
<< snip >>
So from what I learned from more knowledgable people, I ran ksymoops and
pasted the above error into it. I listed the output below.
<< snip >>
>>EIP; c0123557 <swap_count+83/94> <=====
Trace; c0136237 <load_elf_binary+3b7/af4>
Trace; c0130510 <sys_getdents+34/ec>
Trace; c01303ee <old_readdir+52/b8>
Trace; c013076c <max_select_fd+38/a0>
Trace; c013029b <sys_ioctl+f7/188>
Trace; c0130865 <do_select+91/200>
Trace; c0132c0c <lock_get_status+8c/118>
Trace; c012e378 <open_namei+1a4/378>
Trace; c0109184 <system_call+34/40>
Code; c0123557 <swap_count+83/94>
00000000 <_EIP>:
Code; c0123557 <swap_count+83/94> <=====
0: 8b 01 mov (%ecx),%eax <=====
Code; c0123559 <swap_count+85/94>
2: 89 03 mov %eax,(%ebx)
Code; c012355b <swap_count+87/94>
4: 85 c0 test %eax,%eax
Code; c012355d <swap_count+89/94>
6: 74 29 je 31 <_EIP+0x31> c0123588
<delete_from_swap_cache+20/bc>
Code; c012355f <swap_count+8b/94>
8: 8b 53 04 mov 0x4(%ebx),%edx
Code; c0123562 <swap_count+8e/94>
b: 85 d2 test %edx,%edx
Code; c0123564 <swap_count+90/94>
d: 75 0e jne 1d <_EIP+0x1d> c0123574
<delete_from_swap_cache+c/bc>
Code; c0123566 <swap_count+92/94>
f: 89 19 mov %ebx,(%ecx)
Code; c0123568 <delete_from_swap_cache+0/bc>
11: 89 c8 mov %ecx,%eax
Code; c012356a <delete_from_swap_cache+2/bc>
13: 2b 00 sub (%eax),%eax
<< snip >>
From what I can determine, it appears that is a bug is my kernel, the swap
partition got corrupted, or the data in the swap partition was corrupt. My
server is back up now, but I still would like to determine the underlying
cause of this. Unfortuanatly, I am not very knowledgable is kernel / crash
debugging and I would like to learn more.
Do you think my server may have been comprimised? I have just upgraded to
2.2.19 from 2.2.16 with SuSEs kernel rpm upgrade. AFAIK, I am currently
up-to-date on my SuSE Linux patches for this box.
Thankyou,
Lee Leahu
RICIS, Inc.
Phone: (708) 444-2690
Fax: (708) 444-2697
Cell: (708) 363-6860
Pager: (708) 467-2044
lee@ricis.com
http://www.ricis.com/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/