Ubuntu Linux Kernel Bug

Gamingphreek

Lifer
Mar 31, 2003
11,679
0
81
For those who have experienced this problem (Message logs flooding)
1. 'sudo rm -rf' the log files in question.
2. Do a hard shut down - the log file is still writing so a reboot command will not work
3. Login and enable the Intrepid-Proposed repository
4. Update to -11 kernel
5. Reboot and remove previous kernel


I woke up this morning and tried to check my E-Mail via Thunderbird and it said I was low on disk space. I have Ubuntu 8.10 installed with almost nothing else on its own happy little 30GB partition.

Well, I ran the disk usage analyzer and 19GB have been taken up in my /var folder. 18.4 GB of that is in my /var/log. There are 3 files in there that are so large that gedit simply cannot open them. Here is my copy and past of an ls -al command inside my /var/log directory.

drwxr-xr-x 13 root root 4096 2009-01-12 01:02 .
drwxr-xr-x 15 root root 4096 2008-10-29 17:28 ..
drwxr-xr-x 2 root root 4096 2008-10-08 20:28 apparmor
drwxr-xr-x 2 root root 4096 2009-01-01 00:49 apt
-rw-r----- 1 syslog adm 102400 2009-01-12 11:17 auth.log
-rw-r----- 1 syslog adm 127054 2009-01-06 01:37 auth.log.0
-rw-r----- 1 syslog adm 982 2008-12-30 14:10 auth.log.1.gz
-rw-r----- 1 root adm 31 2008-10-29 17:05 boot
-rw-r--r-- 1 root root 36637 2008-10-29 17:06 bootstrap.log
-rw-rw---- 1 root utmp 768 2009-01-08 19:30 btmp
-rw-rw-r-- 1 root utmp 0 2008-10-29 17:04 btmp.1
drwxr-xr-x 2 root root 4096 2008-12-30 07:34 ConsoleKit
drwxr-xr-x 2 root root 4096 2009-01-12 01:01 cups
-rw-r----- 1 syslog adm 167936 2009-01-12 11:35 daemon.log
-rw-r----- 1 syslog adm 231794 2009-01-06 01:50 daemon.log.0
-rw-r----- 1 syslog adm 4758 2008-12-30 13:13 daemon.log.1.gz
-rw-r----- 1 syslog adm 204800 2009-01-12 12:01 debug
-rw-r----- 1 syslog adm 229610 2009-01-06 01:17 debug.0
-rw-r----- 1 syslog adm 5925 2008-12-30 13:28 debug.1.gz
drwxr-xr-x 2 root root 4096 2008-10-24 18:44 dist-upgrade
-rw-r----- 1 root adm 51068 2009-01-11 21:16 dmesg
-rw-r----- 1 root adm 51069 2009-01-11 20:38 dmesg.0
-rw-r----- 1 root adm 13725 2009-01-10 18:51 dmesg.1.gz
-rw-r----- 1 root adm 13482 2009-01-09 16:27 dmesg.2.gz
-rw-r----- 1 root adm 13512 2009-01-08 22:20 dmesg.3.gz
-rw-r----- 1 root adm 13648 2009-01-08 19:29 dmesg.4.gz
-rw-r----- 1 root adm 73902 2009-01-10 10:43 dpkg.log
-rw-r----- 1 root adm 1118067 2008-12-31 14:17 dpkg.log.1
-rw-r--r-- 1 root root 32032 2009-01-07 01:36 faillog
-rw-r--r-- 1 root root 2675 2008-12-30 15:09 fontconfig.log
drwxr-xr-x 2 root root 4096 2008-10-29 17:05 fsck
drwxr-xr-x 2 root root 4096 2009-01-11 21:16 gdm
drwxr-xr-x 2 root root 4096 2008-12-30 07:31 installer
<-rw-r----- 1 syslog adm 6790516736 2009-01-12 12:01 kern.log
-rw-r----- 1 syslog adm 867452 2009-01-06 01:17 kern.log.0
-rw-r----- 1 syslog adm 46254 2008-12-30 13:28 kern.log.1.gz
-rw-rw-r-- 1 root utmp 292292 2009-01-07 01:36 lastlog
-rw-r----- 1 syslog adm 0 2008-10-29 17:05 lpr.log
-rw-r----- 1 syslog adm 0 2008-10-29 17:05 mail.err
-rw-r----- 1 syslog adm 0 2008-10-29 17:05 mail.info
-rw-r----- 1 syslog adm 0 2008-10-29 17:05 mail.log
-rw-r----- 1 syslog adm 0 2008-10-29 17:05 mail.warn
<-rw-r----- 1 syslog adm 6189326336 2009-01-12 12:01 messages
-rw-r----- 1 syslog adm 653756 2009-01-06 01:53 messages.0
-rw-r----- 1 syslog adm 38551 2008-12-30 14:10 messages.1.gz
drwxr-sr-x 2 news news 4096 2008-12-30 07:34 news
-rw-r--r-- 1 root root 1747 2009-01-03 17:17 pm-suspend.log
-rw-r--r-- 1 root root 0 2008-10-29 17:10 pycentral.log
drwxr-x--- 2 root adm 4096 2008-10-10 10:13 samba
<-rw-r----- 1 syslog adm 6789783552 2009-01-12 12:01 syslog
-rw-r----- 1 syslog adm 221947 2009-01-12 00:56 syslog.0
-rw-r----- 1 syslog adm 21642 2009-01-11 02:51 syslog.1.gz
-rw-r----- 1 syslog adm 22771 2009-01-10 07:47 syslog.2.gz
-rw-r----- 1 syslog adm 38977 2009-01-09 01:57 syslog.3.gz
-rw-r----- 1 syslog adm 20495 2009-01-08 08:05 syslog.4.gz
-rw-r----- 1 syslog adm 21140 2009-01-07 01:59 syslog.5.gz
-rw-r----- 1 syslog adm 20590 2009-01-06 01:50 syslog.6.gz
-rw-r--r-- 1 root root 429450 2009-01-11 21:16 udev
drwxr-xr-x 2 root root 4096 2008-10-13 07:52 unattended-upgrades
-rw-r----- 1 syslog adm 5539 2009-01-11 21:17 user.log
-rw-r----- 1 syslog adm 6109 2009-01-05 16:19 user.log.0
-rw-r----- 1 syslog adm 357 2008-12-30 13:03 user.log.1.gz
-rw-r--r-- 1 root root 8954 2009-01-12 12:00 wpa_supplicant.log
-rw-r--r-- 1 root root 367 2009-01-12 01:00 wpa_supplicant.log.1.gz
-rw-r--r-- 1 root root 352 2009-01-11 02:57 wpa_supplicant.log.2.gz
-rw-r--r-- 1 root root 557 2009-01-10 07:47 wpa_supplicant.log.3.gz
-rw-r--r-- 1 root root 410 2009-01-09 02:13 wpa_supplicant.log.4.gz
-rw-r--r-- 1 root root 428 2009-01-08 08:13 wpa_supplicant.log.5.gz
-rw-rw-r-- 1 root utmp 52992 2009-01-12 12:00 wtmp
-rw-rw-r-- 1 root utmp 48384 2008-12-31 22:09 wtmp.1
-rw-r--r-- 1 root root 308 2008-10-29 17:25 wvdialconf.log
-rw-r--r-- 1 root root 27945 2009-01-11 21:17 Xorg.0.log
-rw-r--r-- 1 root root 28704 2009-01-11 21:15 Xorg.0.log.old

OS is almost unusable right now - anyone have any ideas what is going on?

Edit: As I tried to open kern.log it claims that it changed - so perhaps something is continually writing to it?

Edit 2: I am sorry that is horribly unreadable with HTML spacing. I highlighted the logs that are taking up the massive amounts of disk space.
 

ViRGE

Elite Member, Moderator Emeritus
Oct 9, 1999
31,516
167
106
I doubt it's a virus, rather there's something running that's accumulating errors at a massive rate. You should be able to run "tail -f <name of log file>" to see the last few lines of the file. Hopefully that will show you what the erroneous component is.
 

Crusty

Lifer
Sep 30, 2001
12,684
2
81
Originally posted by: ViRGE
I doubt it's a virus, rather there's something running that's accumulating errors at a massive rate. You should be able to run "tail -f <name of log file>" to see the last few lines of the file. Hopefully that will show you what the erroneous component is.

tail -f will open the log and continually show new additions to the file so you might not be able to see the output if it's scrolling by too fast.

without -f you'll see the bottom few lines, and to see more you can do tail -n 15 filename
 

Gamingphreek

Lifer
Mar 31, 2003
11,679
0
81
I KNEW there was no way I got a virus. I have never had a virus on a computer I operate before and certainly never in Linux. I don't go to any sites even remotely questionable - but I didn't know what to type so I thought virus.

I actually did a 'cat /var/log/kern.log' and like you said it was scrolling to fast, so I merely did a force break (CTRL+C) and I managed to (Barely) get Firefox running to find this lovely little bug:
link

I did a force recursive remove on those 3 log files and rebooted. Then, I enabled the Intrepid Proposed Repository and updated to -11 kernel and so far everything is fine. I'm slightly aggravated with canonical. By the dates on that bug report, it looks like it has been going on for quite some time. This is a very serious bug (I have reloaded 2x already for what I now know is this bug) - Why has it not been placed into the Intrepid-Updates repository yet?!?

Thanks for the help guys,
-Kevin