Hi,
I've just noticed a machine lockup on kernel 2.0.30 (unpatched, apart from
pc-speaker driver). No logins were possible, and the machine didn't
respond to keystrokes. However it could still be pinged, and telnet got as
far as the "Connected to solar30" output. The syslog reported:
Jun 29 10:20:06 solar30 kernel: NFS server bison not responding, still trying.
<Repeated loads of times until>
Jun 29 14:20:25 solar30 kernel: NFS server bison OK.
Jun 29 14:20:25 solar30 last message repeated 21 times
Jun 29 14:20:25 solar30 kernel: RPC: rpc_doio sending evil packet:
Jun 29 14:20:25 solar30 kernel: 7e3cc852 01000000 00000000 00000000
00000000 00000000 00000000 72032531
Jun 29 14:20:25 solar30 kernel: RPC: rpc_send sending evil packet:
Jun 29 14:20:25 solar30 kernel: 7e3cc852 01000000 00000000 00000000
00000000 00000000 00000000 72032531
Jun 29 14:20:25 solar30 kernel: NFS server bison OK.
Jun 29 14:20:25 solar30 last message repeated 17 times
Jun 29 14:20:27 solar30 ntpdate[8660]: the NTP socket is in use, exiting
Jun 29 14:20:27 solar30 ntpdate[8659]: step time server 147.188.128.12
offset -0.135072 sec
Jun 29 14:20:33 solar30 ntpdate[8664]: the NTP socket is in use, exiting
Jun 29 14:20:33 solar30 ntpdate[8663]: the NTP socket is in use, exiting
Jun 29 14:20:33 solar30 ntpdate[8670]: step time server 147.188.128.12
offset -0.000000 sec
Jun 29 14:20:33 solar30 ntpdate[8666]: the NTP socket is in use, exiting
Jun 29 14:20:33 solar30 ntpdate[8667]: the NTP socket is in use, exiting
Jun 29 14:20:33 solar30 ntpdate[8668]: the NTP socket is in use, exiting
Jun 29 14:20:33 solar30 ntpdate[8671]: the NTP socket is in use, exiting
Jun 29 14:20:33 solar30 ntpdate[8665]: the NTP socket is in use, exiting
Jun 29 14:20:33 solar30 ntpdate[8669]: the NTP socket is in use, exiting
Jun 29 14:20:33 solar30 ntpdate[8677]: the NTP socket is in use, exiting
Jun 29 14:20:33 solar30 ntpdate[8678]: the NTP socket is in use, exiting
Jun 29 14:20:33 solar30 ntpdate[8674]: the NTP socket is in use, exiting
Jun 29 14:20:33 solar30 ntpdate[8676]: the NTP socket is in use, exiting
Jun 29 14:20:34 solar30 ntpdate[8675]: step time server 147.188.128.12
offset -0.000003 sec
Jun 29 14:21:25 solar30 kernel: RPC: rpc_send sending evil packet:
Jun 29 14:21:25 solar30 kernel: 7e3cc852 01000000 00000000 00000000
00000000 00000000 00000000 72032531
Jun 29 14:22:25 solar30 kernel: RPC: rpc_send sending evil packet:
Jun 29 14:22:25 solar30 kernel: 7e3cc852 01000000 00000000 00000000
00000000 00000000 00000000 72032531
Jun 29 14:23:25 solar30 kernel: RPC: rpc_doio sending evil packet:
Jun 29 14:23:25 solar30 kernel: 7e3cc852 01000000 00000000 00000000
00000000 00000000 00000000 72032531
Jun 29 14:23:25 solar30 kernel: RPC: rpc_send sending evil packet:
Jun 29 14:23:25 solar30 kernel: 7e3cc852 01000000 00000000 00000000
00000000 00000000 00000000 72032531
Jun 29 14:24:25 solar30 kernel: RPC: rpc_send sending evil packet:
Jun 29 14:24:25 solar30 kernel: 7e3cc852 01000000 00000000 00000000
00000000 00000000 00000000 72032531
Jun 29 14:25:06 solar30 kernel: NFS server bison not responding, still trying.
and so on until the machine was rebooted.
This machine has been plagued with these NFS errors, but usually it
recovers with no damage - probably caused by use of a s***ty NE2K clone.
The NTP references seem are due to a huge backlog of attempts to run
/usr/sbin/ntpdate, and of course /usr is mounted over NFS. The version of
NFS I'm using is (according to rpc.mountd -v) 2.2beta25.
Any suggestions on how this arose? ...and what the nature and purpose of
the "evil packets" was?
Chris.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: PGP Signed with PineSign 2.0
iQCVAwUBM7aV6WZVEN0KDxVBAQH74AP9HMYK2bbMwW2bIBBfT0ejEik3dC5sY9sb
7DohHU/1zBZkXVYzL1I3+uot4qtWVB1WJCy68xPQNUYB9Bb/tdvKuuN3kTJDvHqz
1c3Y8CgKvZhcMi7e+72bPHuvghJNzF/mcOiUmPN4aNXBQ4UprJDzyBkXQvyPh63i
qDc+cT10WXM=
=ZYQg
-----END PGP SIGNATURE-----