[tor-relays] tor died with "invalid opcode", should I be worried?
Andy Isaacson
adi at hexapodia.org
Fri Jan 13 01:00:42 UTC 2012
On Fri, Jan 13, 2012 at 01:07:36AM +0100, Marinos Yannikos wrote:
> Using Tor 0.2.2.35 (git-4f42b0a93422f70e), OpenSSL 0.9.8o:
>
> Jan 12 21:17:25 XXXXXXX kernel: [ 4257.857564] tor[1909] trap invalid
> opcode ip:7fa7dd61f8f7 sp:7fa7daf80400 error:0 in
> libcrypto.so.0.9.8[7fa7dd574000+175000]
>
> I don't have a core dump unfortunately. This box has had some stability
> issues lately (still unknown if hardware or DoS attacks are to blame),
That looks more like hardware errors than an exploit attempt. The ip
and sp are plausible, and the IP points to a reasonable offset in your
library. I don't think you have enough information in that log message
to find out what bad thing happened (you'd want to see what bytes were
in the icache), but you could at least take a look at the disassembly of
that region of libcrypto.so for more enlightenment.
objdump -D /usr/lib/libcrypto.so.0.9.8 and look around offset
175000=0x2ab98. That's in .dynstr in my libcrypto.so.0.9.8 but we have
different versions.
-andy
More information about the tor-relays
mailing list