0 Replies Latest reply on Nov 4, 2013 4:05 PM by saurabhsaxena85

    McAfee VSEL 1.7.1.28698 causing kernel panic on RHEL 6.3

    saurabhsaxena85

      Has anybody seen kernel panic while starting NAILS on RHEL 2.6.x kernel in Amazon EC2 environment? It just complains about loading modules and panics during lshook()/

       

      McAfee site states 1.9 is compatible wth EC2 instance running RHEL 2.6.x kernel but it seem its now.

       

        • The last message before the system crashed was
        • Checking for module reusability
        • Re-using modules  /opt/NAI/LinuxShield/lib/modules/2.6.32-71.18.2.el6-lshook./opt/NAI/LinuxShield/lib/modules/2.6.32-71.18.2.el6-linuxshield.o
        • AWS002NVA1106 login: BUG: unable to handle kernel paging request at ffffffff81815230
        • IP: [<ffffffffa0060ca8>] atomicPatchFnPtr+0x68/0x170 [lshook]
        • PGD 1a87067 PUD 1a8b067 PMD 5191067 PTE 8010000001815025
        • Oops: 0003 [#1] SMP
        • last sysfs file: /sys/module/ipv6/initstate
        • CPU 0
        • Modules linked in: lshook(+)(U) autofs4 sunrpc ipv6 microcode xen_netfront ext4 mbcache jbd2 xen_blkfront dm_mirror dm_region_hash dm_log dm_mod [last unloaded: scsi_wait_scan]
        • Pid: 5891, comm: insmod Not tainted 2.6.32-279.el6.x86_64 #1 
          • RIP: e030:[<ffffffffa0060ca8>]  [<ffffffffa0060ca8>] atomicPatchFnPtr+0x68/0x170 [lshook]
          • RSP: e02b:ffff8800c07b1ec8  EFLAGS: 00010246
          • RAX: ffffffff81198710 RBX: ffffffff81815230 RCX: 0000000000000000
            • RDX: ffffffff81198710 RSI: 0000000000000001 RDI: 000000008005023b
            • RBP: ffff8800c07b1ee8 R08: 0000000000000008 R09: 0000000000000010
            • R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
            • R13: ffffffffa0061370 R14: 000000008005003b R15: 0000000000000003
            • FS:  00007f6e18f8f700(0000) GS:ffff8800051e5000(0000) knlGS:0000000000000000
            • CS:  e033 DS: 0000 ES: 0000 CR0: 000000008004003b
            • CR2: ffffffff81815230 CR3: 0000000096052000 CR4: 0000000000002660
            • DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
            • DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
            • Process insmod (pid: 5891, threadinfo ffff8800c07b0000, task ffff8800961d5540)
            • Stack:
            • ffffffff81815230 ffffffffa002e000 0000000000da5010 00007f6e18dcb010
            • <d> ffff8800c07b1f18 ffffffffa002e11f ffff8800c07b1f78 0000000000000000
            • <d> 0000000000000000 ffffffffa002e000 ffff8800c07b1f48 ffffffff8100204c
            • Call Trace:
            • [<ffffffffa002e000>] ? initHook+0x0/0x326 [lshook]
            • [<ffffffffa002e11f>] initHook+0x11f/0x326 [lshook]
            • [<ffffffffa002e000>] ? initHook+0x0/0x326 [lshook]
            • [<ffffffff8100204c>] do_one_initcall+0x3c/0x1d0
            • [<ffffffff810b0d71>] sys_init_module+0xe1/0x250
            • [<ffffffff8100b0f2>] system_call_fastpath+0x16/0x1b
            • Code: 48 89 c7 49 89 c6 81 e7 ff ff fe ff e8 a2 37 fa e0 66 90 31 c9 4c 89 35 7f 37 00 00 4d 85 e4 48 8b 13 74 04 49 89 14 24 48 89 d0 <3e> 4c 0f b1 2b 48 39 c2 74 1e 83 c1 01 83 f9 04 75 df 48 89 de
            • RIP  [<ffffffffa0060ca8>] atomicPatchFnPtr+0x68/0x170 [lshook]
            • RSP <ffff8800c07b1ec8>
            • CR2: ffffffff81815230
            • ---[ end trace 155a70e438c807ca ]---
            • Kernel panic - not syncing: Fatal exception
            • Pid: 5891, comm: insmod Tainted: G      D    ---------------    2.6.32-279.el6.x86_64 #1
            • Call Trace:
            • [<ffffffff814fd11a>] ? panic+0xa0/0x168
            • [<ffffffff81007c8f>] ? xen_restore_fl_direct_end+0x0/0x1
            • [<ffffffff8150016c>] ? _spin_unlock_irqrestore+0x1c/0x20
            • [<ffffffff815012b4>] ? oops_end+0xe4/0x100
            • [<ffffffff81043bab>] ? no_context+0xfb/0x260
            • [<ffffffff810074fd>] ? xen_force_evtchn_callback+0xd/0x10
            • [<ffffffff81043e35>] ? __bad_area_nosemaphore+0x125/0x1e0
            • [<ffffffff81004a49>] ? __raw_callee_save_xen_pmd_val+0x11/0x1e
            • [<ffffffff81043f03>] ? bad_area_nosemaphore+0x13/0x20
            • [<ffffffff81044661>] ? __do_page_fault+0x321/0x480
            • [<ffffffff810074fd>] ? xen_force_evtchn_callback+0xd/0x10
            • [<ffffffff81007c8f>] ? xen_restore_fl_direct_end+0x0/0x1
            • [<ffffffff81163b94>] ? kmem_cache_free+0xc4/0x2b0
            • [<ffffffff81007c8f>] ? xen_restore_fl_direct_end+0x0/0x1
            • [<ffffffff8150016c>] ? _spin_unlock_irqrestore+0x1c/0x20
            • [<ffffffff81272fd1>] ? ida_get_new_above+0x151/0x210
            • [<ffffffff8150326e>] ? do_page_fault+0x3e/0xa0
            • [<ffffffffa0061370>] ? registerFilesystemHook+0x0/0x130 [lshook]
            • [<ffffffff81500625>] ? page_fault+0x25/0x30
            • [<ffffffffa0061370>] ? registerFilesystemHook+0x0/0x130 [lshook]
            • [<ffffffff81198710>] ? register_filesystem+0x0/0xb0
            • [<ffffffff81198710>] ? register_filesystem+0x0/0xb0
            • [<ffffffffa0060ca8>] ? atomicPatchFnPtr+0x68/0x170 [lshook]
            • [<ffffffffa0060c8e>] ? atomicPatchFnPtr+0x4e/0x170 [lshook]
            • [<ffffffffa002e000>] ? initHook+0x0/0x326 [lshook]
            • [<ffffffffa002e11f>] ? initHook+0x11f/0x326 [lshook]
            • [<ffffffffa002e000>] ? initHook+0x0/0x326 [lshook]
            • [<ffffffff8100204c>] ? do_one_initcall+0x3c/0x1d0
            • [<ffffffff810b0d71>] ? sys_init_module+0xe1/0x250
            • [<ffffffff8100b0f2>] ? system_call_fastpath+0x16/0x1