Join Log in
Score:0
avatar Ubuntu

How to find cause of random shutdown, screen flickered

jp flag
badoolsw

Screen flickered, then shutdown on nov 24, afraid its a sign of computer being hacked, and i want to know cause of the shutdown.

What should i do to diagnose?

Heres last command:

user        :0           :0               Fri Nov 26 14:27   still logged in
reboot   system boot  5.8.0-63-generic Wed Nov 24 21:16   still running

ubuntu version 20.1 lts

apps that were running: command prompt, brave browser, opera browser, several browser extensions, crypto wallet, elecom wireless mouse usb connector, i also remember bumping into the computer a little bit, before it shut down. is there evidence to support this is what caused it?

content of /var/log/syslog3.gz (from day of shutdown) ⇢ https://filebin.net/51aenemh7hhfrsj9

too long to paste here, but shutdown happens at Nov 24 21:16:58

Here are some snippets from the file uploaded:

Nov 24 21:16:58 b-Inspiron-5547 systemd-modules-load[270]: Inserted module 'lp'
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] microcode: microcode updated early to revision 0x26, date = 2019-11-12
Nov 24 21:16:58 b-Inspiron-5547 systemd-modules-load[270]: Inserted module 'ppdev'
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] Linux version 5.8.0-63-generic (buildd@lcy01-amd64-028) (gcc (Ubuntu 10.3.0-1ubuntu1~20.10) 10.3.0, GNU ld (GNU Binutils for Ubuntu) 2.35.1) #71-Ubuntu SMP Tue Jul 13 15:59:12 UTC 2021 (Ubuntu 5.8.0-63.71-generic 5.8.18)
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-5.8.0-63-generic root=UUID=a0ab0c53-cbe3-4a60-b3bc-e08d44bd3f92 ro quiet splash vt.handoff=7
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] KERNEL supported cpus:
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000]   Intel GenuineIntel
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000]   AMD AuthenticAMD
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000]   Hygon HygonGenuine
Nov 24 21:16:58 b-Inspiron-5547 systemd-modules-load[270]: Inserted module 'parport_pc'
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000]   Centaur CentaurHauls
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000]   zhaoxin   Shanghai  
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
Nov 24 21:16:58 b-Inspiron-5547 systemd-sysctl[284]: Not setting net/ipv4/conf/all/promote_secondaries (explicit setting exists).
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] x86/fpu: xstate_offset[2]:  576, xstate_sizes[2]:  256
Nov 24 21:16:58 b-Inspiron-5547 systemd-sysctl[284]: Not setting net/ipv4/conf/default/promote_secondaries (explicit setting exists).
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'standard' format.
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] BIOS-provided physical RAM map:
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000006efff] usable
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] BIOS-e820: [mem 0x000000000006f000-0x000000000006ffff] reserved
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] BIOS-e820: [mem 0x0000000000070000-0x0000000000087fff] usable
Nov 24 21:16:58 b-Inspiron-5547 systemd[1]: Starting Flush Journal to Persistent Storage...
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] BIOS-e820: [mem 0x0000000000088000-0x00000000000bffff] reserved
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] BIOS-e820: [mem 0x0000000000100000-0x0000000094d5ffff] usable
Nov 24 21:16:58 b-Inspiron-5547 systemd[1]: Mounted Mount unit for bare, revision 5.
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] BIOS-e820: [mem 0x0000000094d60000-0x0000000095d5ffff] reserved
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] BIOS-e820: [mem 0x0000000095d60000-0x000000009a36efff] usable
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] BIOS-e820: [mem 0x000000009a36f000-0x000000009aebefff] reserved
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] BIOS-e820: [mem 0x000000009aebf000-0x000000009afbefff] ACPI NVS
Nov 24 21:16:58 b-Inspiron-5547 systemd[1]: Mounted Mount unit for core18, revision 2253.
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] BIOS-e820: [mem 0x000000009afbf000-0x000000009affefff] ACPI data
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] BIOS-e820: [mem 0x000000009afff000-0x000000009affffff] usable
Nov 24 21:16:58 b-Inspiron-5547 systemd[1]: Mounted Mount unit for gnome-3-34-1804, revision 72.
Nov 24 21:16:58 b-Inspiron-5547 systemd[1]: Finished Flush Journal to Persistent Storage.
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] BIOS-e820: [mem 0x000000009b000000-0x000000009f9fffff] reserved
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] BIOS-e820: [mem 0x00000000e0000000-0x00000000efffffff] reserved
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] BIOS-e820: [mem 0x00000000fe101000-0x00000000fe112fff] reserved
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] BIOS-e820: [mem 0x00000000feb00000-0x00000000feb0ffff] reserved
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] BIOS-e820: [mem 0x00000000fec00000-0x00000000fec00fff] reserved
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] BIOS-e820: [mem 0x00000000fed00000-0x00000000fee00fff] reserved
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] BIOS-e820: [mem 0x00000000ffc00000-0x00000000ffffffff] reserved
Nov 24 21:16:58 b-Inspiron-5547 systemd[1]: Finished Coldplug All udev Devices.
Nov 24 21:16:58 b-Inspiron-5547 systemd[1]: Mounted Mount unit for gtk-common-themes, revision 1515.
Nov 24 21:16:58 b-Inspiron-5547 systemd[1]: Mounted Mount unit for core18, revision 2246.
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] BIOS-e820: [mem 0x0000000100000000-0x000000045f5fffff] usable
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] NX (Execute Disable) protection: active
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] e820: update [mem 0x93b80018-0x93b90057] usable ==> usable
Nov 24 21:16:58 b-Inspiron-5547 systemd[1]: Mounted Mount unit for snapd, revision 13640.
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] e820: update [mem 0x93b80018-0x93b90057] usable ==> usable
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] e820: update [mem 0x93b73018-0x93b7f057] usable ==> usable
Nov 24 21:16:58 b-Inspiron-5547 systemd[1]: Mounted Mount unit for snap-store, revision 542.
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] e820: update [mem 0x93b73018-0x93b7f057] usable ==> usable
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] extended physical RAM map:
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] reserve setup_data: [mem 0x0000000000000000-0x000000000006efff] usable
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] reserve setup_data: [mem 0x000000000006f000-0x000000000006ffff] reserved
Nov 24 21:16:58 b-Inspiron-5547 kernel: [    0.000000] 
Nov 24 21:16:58 b-Inspiron-5547 systemd[1]: Starting Update UTMP about System Boot/Shutdown...
Nov 24 21:16:58 b-Inspiron-5547 apparmor.systemd[576]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
Nov 24 21:16:58 b-Inspiron-5547 systemd[1]: Finished Update UTMP about System Boot/Shutdown.

also something here, both this and previous logs didnt show on command above (last):

07:39:31 b-Inspiron-5547 systemd[1521]: Starting Notification regarding a crash report...
Nov 24 07:39:31 b-Inspiron-5547 update-notifier-crash[1941026]: /usr/bin/whoopsie
Nov 24 07:39:31 b-Inspiron-5547 cracklib: no dictionary update necessary.
Nov 24 07:39:31 b-Inspiron-5547 systemd[1521]: update-notifier-crash.service: Succeeded.
Nov 24 07:39:31 b-Inspiron-5547 systemd[1521]: Finished Notification regarding a crash report.
68
0 + 0
in flag
matigo
What makes you sure it’s a sign of hacking? The information here does not provide any actionable information. Could you [edit] your question to include: (0) the version of Ubuntu you’re running (1) the contents of `/var/log/syslog` from around the time of the shut down (2) any other evidence of hacking (including the applications that were running at the time of the shut down). With this, it may be possible to corroborate the claim or identify a more probable cause, such as a hardware or software fault
2
Reply
jp flag
badoolsw
@matigo could you take a look, i updated with the info you were asking
0
Reply
in flag
matigo
Nov 24 21:16:58 Appears to be when the system was booted, not when it shut down. The crash report is indicative of a software error. Whether that was the reason for the shutdown is not something I can determine based on the logs provided. However, based on what has been shared and how it was presented, it seems highly unlikely that your system was hacked
0
Reply
jp flag
badoolsw
i think you are correct, i mstve bumped into the mouse bluetooth usb connector. only thing before startup is Nov 24 21:12:38 b-Inspiron-5547 kernel: [4999980.775783] usb 1-1.3: USB disconnect, device number 13 Nov 24 21:12:38 b-Inspiron-5547 /usr/libexec/gdm-x-session[1612]: (II) event6 - ELECOM ELECOM Relacon: device removed Nov 24 21:12:38 b-Inspiron-5547 /usr/libexec/gdm-x-session[1612]: (II) UnloadModule: "libinput" ... Nov 24 21:12:39 b-Inspiron-5547 gnome-shell[1768]: Window manager warning: Overwriting existing binding of keysym 37 with keysym 37 (keycode 10).
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.