[FoRK] Skype == Malware?

Joseph S. Barrera III joe at barrera.org
Mon Aug 26 09:27:35 PDT 2013


P.S. Sorry that wasn't very helpful. Is there anything more to 
"Backtrace suspected of leaking"? Well... probably just leads to some 
semaphore allocation syscall.

It appears that someone or something is leaking semaphores (which 
require kernel memory).

Start a cron job that kills skype every night at 2AM?

Not very familiar with Apple's variant of Mach, but is there some way of 
listing who owns how many semaphores or other kernel resources?

obplot: Apple doesn't want you running Microsoft's video software.

- Joe

On 8/26/2013 9:21 AM, Joseph S. Barrera III wrote:
> Ha ha ha... I wrote the code that prints out the kalloc pools (powers 
> of two) on kernel crash. My legacy lives on!
>
> On 8/26/2013 9:13 AM, Stephen Williams wrote:
>> Skype == Malware now.
>>
>> My always reliable MacPro Desktop, now several years old, has been 
>> locking up after 1-3 days.  At first, I assumed that the fans or RAM 
>> were going bad.
>>
>> Then I noticed a consistent system crash report analysis association 
>> with zalloc failures apparently caused by Skype.  Is this some kind 
>> of plot?
>>
>> Interval Since Last Panic Report:  2874210 sec
>> Panics Since Last Report:          4
>> Anonymous UUID: AA86548F-2E22-48A6-9C4F-76D40064E3A5
>>
>> Mon Aug 26 09:00:16 2013
>> panic(cpu 0 caller 0xffffff80002447d9): "zalloc: \"semaphores\" 
>> (20684682 elements) retry fail 3, kfree_nop_count: 
>> 16"@/SourceCache/xnu/xnu-1699.32.7/osfmk/kern/zalloc.c:1766
>> Backtrace (CPU 0), Frame : Return Address
>> 0xffffff81d25f3c50 : 0xffffff8000220792
>> 0xffffff81d25f3cd0 : 0xffffff80002447d9
>> 0xffffff81d25f3db0 : 0xffffff800023557e
>> 0xffffff81d25f3df0 : 0xffffff800025cd6e
>> 0xffffff81d25f3e20 : 0xffffff8000223096
>> 0xffffff81d25f3e50 : 0xffffff80002148a9
>> 0xffffff81d25f3eb0 : 0xffffff800021bbd8
>> 0xffffff81d25f3f10 : 0xffffff80002af140
>> 0xffffff81d25f3fb0 : 0xffffff80002dab5e
>>
>> BSD process name corresponding to current thread: Skype
>> Boot args: serverperfmode=1
>>
>> Mac OS version:
>> 11G63
>>
>> Kernel version:
>> Darwin Kernel Version 11.4.2: Thu Aug 23 16:25:48 PDT 2012; 
>> root:xnu-1699.32.7~1/RELEASE_X86_64
>> Kernel UUID: FF3BB088-60A4-349C-92EA-CA649C698CE5
>> System model name: MacPro3,1 (Mac-F42C88C8)
>>
>> System uptime in nanoseconds: 39536870674476
>> vm objects:58475648
>> vm object hash entri:7911120
>> VM map entries:8499200
>> pv_list:12201984
>> kalloc.16:11198464
>> kalloc.32:2011136
>> kalloc.64:184782848
>> kalloc.128:13258752
>> kalloc.256:192999424
>> kalloc.512:5181440
>> kalloc.1024:2772992
>> kalloc.2048:11649024
>> kalloc.4096:6688768
>> kalloc.8192:3072000
>> vm pages:296086608
>> mem_obj_control:3166208
>> ipc ports:3929306384
>> semaphores:1654774560
>> threads:1888320
>> uthreads:1073088
>> vnodes:74400744
>> namecache:31220160
>> HFS node:98344896
>> HFS fork:25272320
>> buf.4096:1515520
>> buf.8192:15769600
>> buf headers:34467840
>> ubc_info zone:14216400
>> vnode pager structur:7898880
>> Kernel Stacks:3031040
>> PageTables:107802624
>> Kalloc.Large:40551516
>>
>> Backtrace suspected of leaking: (outstanding bytes: 714104)
>> 0xffffff8000217739
>> 0xffffff80002355e1
>> 0xffffff800025cd6e
>> 0xffffff8000223096
>> 0xffffff80002148a9
>> 0xffffff800021bbd8
>> 0xffffff80002af140
>>
>> _______________________________________________
>> FoRK mailing list
>> http://xent.com/mailman/listinfo/fork
>
>


-- 
I hear you telephone thing listening in



More information about the FoRK mailing list