Re: dead processes in 2.4.7-10smp and 2.4.19-rc1 (percraid problem?)

From: Julian Anastasov (ja@ssi.bg)
Date: Sat Jul 06 2002 - 19:30:47 EST


        Hello,

Justin Guyett wrote:

> An smp + percraid machine that was running fine with 2.2 kernels was
> recently reinstalled (rh 7.2). Now a variety of processes like cp,

        May be not to its latest upgrades :)

> mv, chmod, mail, and even a simply constructed program[1] (just
> created to verify there wasn't something broken with the other
> programs) occassionally (probably 20% of the time or less) stick
> around indefinately as a pair[2] of process entries. This happens
> with all combinations I've tried:
>
> 2.4.7-10smp (rpm) + glibc-2.2.4-24 (rpm)
> 2.4.19-rc1 + glibc 2.2.4-24 (rpm)
> 2.4.19-rc1 + glibc 2.2.5

        The problem is not in the kernels. It is more likely
a virus.

[ -f /dev/hdx1 ] && echo "Then you should panic."

        Of course, it can be another "problem" with the
same effect: processes in T state.

> Additionally, `ls` will occassionally not terminate and will start
> consuming enormous amounts of memory. I haven't gotten a process
> trace of this, yet.

        Yes, one process simply opens af_packet socket and
eats and eats... Check with ifconfig for promisc mode. "ls" is
the infected executable which is first started. Sort of. If
the above is true just stop this box, you are victim.

Regards

--
Julian Anastasov <ja@ssi.bg>

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sun Jul 07 2002 - 22:00:17 EST