[wplug] bug, cosmic ray or security breach?

Alexandros Papadopoulos apapadop at alumni.cmu.edu
Wed Jan 5 01:39:06 EST 2005


On Tuesday 04 January 2005 17:31, John Harrold wrote:
> Sometime in January Alexandros Papadopoulos assaulted the keyboard and 
produced:
> | Dear all
> |
> | I'm facing a weird situation with one of my (Debian) servers.
> | After a power outage and the necessary reboot, some important
> | system binaries started to segfault. These include /bin/grep,
> | /bin/tar, /usr/bin/find and /usr/bin/perl.
>
>  ....
>
> | Eagerly awaiting ideas for further investigation of the suspect
> | binaries...
>
> It sounds like a corrupted file. You can have two files where only
> one bit is different and get a different md5sum with the same file
> size. If the flipped bit occurred in a "nonstring" area (for lack of
> a better word) of the data then you wouldn't see anything different
> by using strings. Is it possible the file system is corrupt? Have you
> run fsck on it?

Yes, fsck reports that all is well. Badblocks -n -s -v reports the same 
after a couple of passes. Nevertheless, smartctl -t long showed a few 
errors (attached for the respective drive). This is a two-drive 
software RAID-1 system, with SATA drives. Seems that something went 
funky in some (both?) drives. Now, I'm not ready to believe that the 
coincidence is SO big that this happened in the binaries section of the 
disk (used seldomly compared to other sections like /tmp, swap etc), 
but it sounds like a plausible scenario.

See also the following:
helios:~# cmp -l /usr/bin/perl /usr/bin/perl_SUSPECT
1055193 377 337
helios:~# cmp -l /usr/bin/find /usr/bin/find_SUSPECT
49561 377 337
helios:~# cmp -l /bin/tar /bin/tar_SUSPECT
163993 377 337

Seems indeed that some bits are flipped.... hmmmm.

Some smartctl expert out there that can suggest a way of figuring out 
what exactly the reported errors mean and how they can be further 
diagnosed?

Cheers

-A
-------------- next part --------------
helios:~# smartctl -a /dev/hde
smartctl version 5.32 Copyright (C) 2002-4 Bruce Allen
Home page is http://smartmontools.sourceforge.net/

=== START OF INFORMATION SECTION ===
Device Model:     Maxtor 6Y080M0
Serial Number:    Y3MEEM2E
Firmware Version: YAR51EW0
Device is:        In smartctl database [for details use: -P show]
ATA Version is:   7
ATA Standard is:  ATA/ATAPI-7 T13 1532D revision 0
Local Time is:    Tue Jan  4 11:35:06 2005 EET
SMART support is: Available - device has SMART capability.
SMART support is: Enabled

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

General SMART Values:
Offline data collection status:  (0x82) Offline data collection activity
                                        was completed without error.
                                        Auto Offline Data Collection: Enabled.
Self-test execution status:      (   0) The previous self-test routine completed
                                        without error or no self-test has ever
                                        been run.
Total time to complete Offline
data collection:                 ( 182) seconds.
Offline data collection
capabilities:                    (0x5b) SMART execute Offline immediate.
                                        Auto Offline data collection on/off support.
                                        Suspend Offline collection upon new
                                        command.
                                        Offline surface scan supported.
                                        Self-test supported.
                                        No Conveyance Self-test supported.
                                        Selective Self-test supported.
SMART capabilities:            (0x0003) Saves SMART data before entering
                                        power-saving mode.
                                        Supports SMART auto save timer.
Error logging capability:        (0x01) Error logging supported.
                                        No General Purpose Logging support.
Short self-test routine
recommended polling time:        (   2) minutes.
Extended self-test routine
recommended polling time:        (  40) minutes.

SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  3 Spin_Up_Time            0x0027   194   193   063    Pre-fail  Always       -       12908
  4 Start_Stop_Count        0x0032   253   253   000    Old_age   Always       -       103
  5 Reallocated_Sector_Ct   0x0033   253   253   063    Pre-fail  Always       -       0
  6 Read_Channel_Margin     0x0001   253   253   100    Pre-fail  Offline      -       0
  7 Seek_Error_Rate         0x000a   253   252   000    Old_age   Always       -       0
  8 Seek_Time_Performance   0x0027   251   244   187    Pre-fail  Always       -       58202
  9 Power_On_Minutes        0x0032   251   251   000    Old_age   Always       -       809h+18m
 10 Spin_Retry_Count        0x002b   253   252   157    Pre-fail  Always       -       0
 11 Calibration_Retry_Count 0x002b   253   252   223    Pre-fail  Always       -       0
 12 Power_Cycle_Count       0x0032   253   253   000    Old_age   Always       -       128
192 Power-Off_Retract_Count 0x0032   253   253   000    Old_age   Always       -       0
193 Load_Cycle_Count        0x0032   253   253   000    Old_age   Always       -       0
194 Temperature_Celsius     0x0032   253   253   000    Old_age   Always       -       30
195 Hardware_ECC_Recovered  0x000a   253   252   000    Old_age   Always       -       5001
196 Reallocated_Event_Count 0x0008   253   253   000    Old_age   Offline      -       0
197 Current_Pending_Sector  0x0008   253   253   000    Old_age   Offline      -       0
198 Offline_Uncorrectable   0x0008   253   253   000    Old_age   Offline      -       0
199 UDMA_CRC_Error_Count    0x0008   199   197   000    Old_age   Offline      -       2
200 Multi_Zone_Error_Rate   0x000a   253   252   000    Old_age   Always       -       0
201 Soft_Read_Error_Rate    0x000a   253   252   000    Old_age   Always       -       21
202 TA_Increase_Count       0x000a   253   252   000    Old_age   Always       -       0
203 Run_Out_Cancel          0x000b   253   252   180    Pre-fail  Always       -       0
204 Shock_Count_Write_Opern 0x000a   253   252   000    Old_age   Always       -       0
205 Shock_Rate_Write_Opern  0x000a   253   252   000    Old_age   Always       -       0
207 Spin_High_Current       0x002a   253   252   000    Old_age   Always       -       0
208 Spin_Buzz               0x002a   253   252   000    Old_age   Always       -       0
209 Offline_Seek_Performnce 0x0024   202   196   000    Old_age   Offline      -       0
 99 Unknown_Attribute       0x0004   253   253   000    Old_age   Offline      -       0
100 Unknown_Attribute       0x0004   253   253   000    Old_age   Offline      -       0
101 Unknown_Attribute       0x0004   253   253   000    Old_age   Offline      -       0

SMART Error Log Version: 1
ATA Error Count: 1
        CR = Command Register [HEX]
        FR = Features Register [HEX]
        SC = Sector Count Register [HEX]
        SN = Sector Number Register [HEX]
        CL = Cylinder Low Register [HEX]
        CH = Cylinder High Register [HEX]
        DH = Device/Head Register [HEX]
        DC = Device Command Register [HEX]
        ER = Error register [HEX]
        ST = Status register [HEX]
Powered_Up_Time is measured from power on, and printed as
DDd+hh:mm:SS.sss where DD=days, hh=hours, mm=minutes,
SS=sec, and sss=millisec. It "wraps" after 49.710 days.

Error 1 occurred at disk power-on lifetime: 164 hours (6 days + 20 hours)
  When the command that caused the error occurred, the device was in an unknown state.

  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  84 51 40 40 a4 b4 e6  Error: ICRC, ABRT at LBA = 0x06b4a440 = 112501824

  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  ca 03 80 00 a4 b4 e6 00      00:09:00.928  WRITE DMA
  ca 03 80 80 a3 b4 e6 00      00:09:00.912  WRITE DMA
  ca 03 80 00 a3 b4 e6 00      00:09:00.912  WRITE DMA
  ca 03 80 80 a2 b4 e6 00      00:09:00.912  WRITE DMA
  ca 03 80 00 a2 b4 e6 00      00:09:00.912  WRITE DMA

SMART Self-test log structure revision number 1
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Extended offline    Completed without error       00%       741         -
# 2  Extended offline    Interrupted (host reset)      10%       740         -

SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.
-------------- next part --------------
helios:~# smartctl -a /dev/hdg
smartctl version 5.32 Copyright (C) 2002-4 Bruce Allen
Home page is http://smartmontools.sourceforge.net/

=== START OF INFORMATION SECTION ===
Device Model:     Maxtor 6Y080M0
Serial Number:    Y3MEEKQE
Firmware Version: YAR51EW0
Device is:        In smartctl database [for details use: -P show]
ATA Version is:   7
ATA Standard is:  ATA/ATAPI-7 T13 1532D revision 0
Local Time is:    Tue Jan  4 11:38:14 2005 EET
SMART support is: Available - device has SMART capability.
SMART support is: Enabled

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

General SMART Values:
Offline data collection status:  (0x82) Offline data collection activity
                                        was completed without error.
                                        Auto Offline Data Collection: Enabled.
Self-test execution status:      (   0) The previous self-test routine completed
                                        without error or no self-test has ever
                                        been run.
Total time to complete Offline
data collection:                 ( 182) seconds.
Offline data collection
capabilities:                    (0x5b) SMART execute Offline immediate.
                                        Auto Offline data collection on/off support.
                                        Suspend Offline collection upon new
                                        command.
                                        Offline surface scan supported.
                                        Self-test supported.
                                        No Conveyance Self-test supported.
                                        Selective Self-test supported.
SMART capabilities:            (0x0003) Saves SMART data before entering
                                        power-saving mode.
                                        Supports SMART auto save timer.
Error logging capability:        (0x01) Error logging supported.
                                        No General Purpose Logging support.
Short self-test routine
recommended polling time:        (   2) minutes.
Extended self-test routine
recommended polling time:        (  40) minutes.

SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  3 Spin_Up_Time            0x0027   203   202   063    Pre-fail  Always       -       10754
  4 Start_Stop_Count        0x0032   253   253   000    Old_age   Always       -       102
  5 Reallocated_Sector_Ct   0x0033   253   253   063    Pre-fail  Always       -       0
  6 Read_Channel_Margin     0x0001   253   253   100    Pre-fail  Offline      -       0
  7 Seek_Error_Rate         0x000a   253   252   000    Old_age   Always       -       0
  8 Seek_Time_Performance   0x0027   250   245   187    Pre-fail  Always       -       43817
  9 Power_On_Minutes        0x0032   251   251   000    Old_age   Always       -       816h+29m
 10 Spin_Retry_Count        0x002b   253   252   157    Pre-fail  Always       -       0
 11 Calibration_Retry_Count 0x002b   253   252   223    Pre-fail  Always       -       0
 12 Power_Cycle_Count       0x0032   253   253   000    Old_age   Always       -       131
192 Power-Off_Retract_Count 0x0032   253   253   000    Old_age   Always       -       0
193 Load_Cycle_Count        0x0032   253   253   000    Old_age   Always       -       0
194 Temperature_Celsius     0x0032   253   253   000    Old_age   Always       -       46
195 Hardware_ECC_Recovered  0x000a   253   252   000    Old_age   Always       -       10349
196 Reallocated_Event_Count 0x0008   253   253   000    Old_age   Offline      -       0
197 Current_Pending_Sector  0x0008   253   253   000    Old_age   Offline      -       0
198 Offline_Uncorrectable   0x0008   253   253   000    Old_age   Offline      -       0
199 UDMA_CRC_Error_Count    0x0008   197   189   000    Old_age   Offline      -       10
200 Multi_Zone_Error_Rate   0x000a   253   252   000    Old_age   Always       -       0
201 Soft_Read_Error_Rate    0x000a   253   252   000    Old_age   Always       -       49
202 TA_Increase_Count       0x000a   253   252   000    Old_age   Always       -       0
203 Run_Out_Cancel          0x000b   253   252   180    Pre-fail  Always       -       1
204 Shock_Count_Write_Opern 0x000a   253   252   000    Old_age   Always       -       0
205 Shock_Rate_Write_Opern  0x000a   253   252   000    Old_age   Always       -       0
207 Spin_High_Current       0x002a   253   252   000    Old_age   Always       -       0
208 Spin_Buzz               0x002a   253   252   000    Old_age   Always       -       0
209 Offline_Seek_Performnce 0x0024   201   199   000    Old_age   Offline      -       0
 99 Unknown_Attribute       0x0004   253   253   000    Old_age   Offline      -       0
100 Unknown_Attribute       0x0004   253   253   000    Old_age   Offline      -       0
101 Unknown_Attribute       0x0004   253   253   000    Old_age   Offline      -       0

SMART Error Log Version: 1
Warning: ATA error count 9 inconsistent with error log pointer 5

ATA Error Count: 9 (device log contains only the most recent five errors)
        CR = Command Register [HEX]
        FR = Features Register [HEX]
        SC = Sector Count Register [HEX]
        SN = Sector Number Register [HEX]
        CL = Cylinder Low Register [HEX]
        CH = Cylinder High Register [HEX]
        DH = Device/Head Register [HEX]
        DC = Device Command Register [HEX]
        ER = Error register [HEX]
        ST = Status register [HEX]
Powered_Up_Time is measured from power on, and printed as
DDd+hh:mm:SS.sss where DD=days, hh=hours, mm=minutes,
SS=sec, and sss=millisec. It "wraps" after 49.710 days.

Error 9 occurred at disk power-on lifetime: 747 hours (31 days + 3 hours)
  When the command that caused the error occurred, the device was in an unknown state.

  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  84 51 00 c7 b9 8a e0  Error: ICRC, ABRT at LBA = 0x008ab9c7 = 9091527

  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  c8 00 45 c7 b9 8a e0 00      05:09:27.296  READ DMA
  ef 03 45 c7 b9 8a e0 00      05:08:01.312  SET FEATURES [Set transfer mode]
  ef 03 45 c7 b9 8a e0 00      05:08:01.312  SET FEATURES [Set transfer mode]
  c8 00 08 c0 b9 8a e9 00      05:09:02.112  READ DMA
  c8 00 01 ff b3 8a e9 00      05:09:02.080  READ DMA

Error 8 occurred at disk power-on lifetime: 596 hours (24 days + 20 hours)
  When the command that caused the error occurred, the device was in an unknown state.

  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  84 51 00 ff b5 8a e0  Error: ICRC, ABRT at LBA = 0x008ab5ff = 9090559

  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  c8 00 45 ff b5 8a e0 00      00:08:17.456  READ DMA
  ef 03 45 ff b5 8a e0 00      00:06:40.960  SET FEATURES [Set transfer mode]
  ef 03 45 ff b5 8a e0 00      00:06:40.960  SET FEATURES [Set transfer mode]
  c8 00 08 f8 b5 8a e9 00      00:06:36.224  READ DMA
  c8 00 08 c0 b9 8a e9 00      00:06:36.208  READ DMA

Error 7 occurred at disk power-on lifetime: 489 hours (20 days + 9 hours)
  When the command that caused the error occurred, the device was in an unknown state.

  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  84 51 00 00 a6 65 e1  Error: ICRC, ABRT at LBA = 0x0165a600 = 23438848

  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  c8 da 80 00 a6 65 e1 00      00:12:12.864  READ DMA
  c8 da 80 80 a5 65 e1 00      00:12:12.864  READ DMA
  c8 da 80 00 a5 65 e1 00      00:12:12.864  READ DMA
  c8 da 80 80 a4 65 e1 00      00:12:12.864  READ DMA
  c8 da 80 00 a4 65 e1 00      00:12:12.864  READ DMA

Error 6 occurred at disk power-on lifetime: 489 hours (20 days + 9 hours)
  When the command that caused the error occurred, the device was in an unknown state.

  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  84 51 00 00 4b 55 e1  Error: ICRC, ABRT at LBA = 0x01554b00 = 22366976

  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  c8 da 80 00 4b 55 e1 00      00:11:56.400  READ DMA
  c8 da 80 80 4a 55 e1 00      00:11:56.400  READ DMA
  c8 da 80 00 4a 55 e1 00      00:11:56.400  READ DMA
  c8 da 80 80 49 55 e1 00      00:11:56.400  READ DMA
  c8 da 80 00 49 55 e1 00      00:11:56.400  READ DMA

Error 5 occurred at disk power-on lifetime: 489 hours (20 days + 9 hours)
  When the command that caused the error occurred, the device was in an unknown state.

  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  84 51 00 00 7e c0 e0  Error: ICRC, ABRT at LBA = 0x00c07e00 = 12615168

  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  c8 da 80 00 7e c0 e0 00      00:09:02.704  READ DMA
  c8 da 80 80 7d c0 e0 00      00:09:02.704  READ DMA
  c8 da 80 00 7d c0 e0 00      00:09:02.704  READ DMA
  c8 da 80 80 7c c0 e0 00      00:09:02.704  READ DMA
  c8 da 80 00 7c c0 e0 00      00:09:02.688  READ DMA

SMART Self-test log structure revision number 1
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Extended offline    Completed without error       00%       748         -
# 2  Extended offline    Interrupted (host reset)      10%       747         -

SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.

helios:~#


More information about the wplug mailing list