Red Hat Enterprise Linux 7 server reboots when Trend Micro DS agent is updated

最新推荐文章于 2023-02-14 14:21:07 发布
最新推荐文章于 2023-02-14 14:21:07 发布
阅读量864 收藏
点赞数
分类专栏: Linux KB
原文链接:https://access.redhat.com/solutions/3100321
版权

环境

  • Red Hat Enterprise Linux 7
  • Trend Micro Deep Security Agent 9.6.2-7888.el7 (Kernel modules gsch and redirfs)
  • Imperva Agent 11.5.0.5030 (kernel module krg_11_5_0_5030_imRH7K1smp64)

问题

  • What is the Red Hat Enterprise Linux 7 server rebooting after applying Trend Micro DS agent updates ?
  • While applying Trend Micro DS agent update, server reboots with the following messages

Raw

[726704.698199] gsch_dev_release() doing
[726704.698208] gsch_dev_release() done
[726705.902410] unhooking open NR=2 ... ffffffffa02bc930 <- ffffffff811fd550
[726705.902418] could not restore 'close' system call
[726705.902421] unhooking close NR=3 ... ffffffffa08dc8e0 <- ffffffff811fd5b0
[726705.902423] could not restore 'exit' system call
[726705.902426] unhooking exit NR=60 ... ffffffffa08de010 <- ffffffff8108c4b0
[726705.902428] unhooking getpgid NR=121 ... ffffffffa02ba800 <- ffffffff810a29e0
[726705.902431] unhooking unlink NR=87 ... ffffffffa02bae50 <- ffffffff81210470
[726705.902433] unhooking unlinkat NR=263 ... ffffffffa02bb0f0 <- ffffffff81210430
[726705.902435] could not restore 'write' system call
[726705.902438] unhooking write NR=1 ... ffffffffa08d9920 <- ffffffff811fed30
[726705.902440] unhooking pwrite64 NR=18 ... ffffffffa02bac80 <- ffffffff811feed0
[726705.902442] could not restore 'writev' system call
[726705.902444] unhooking writev NR=20 ... ffffffffa08d9b60 <- ffffffff811ff4e0
[726705.902446] unhooking dup2 NR=33 ... ffffffffa02bb930 <- ffffffff8121d210
[726705.902448] unhooking mount NR=165 ... ffffffffa02bcba0 <- ffffffff81220f60
[726705.902450] unhooking umount NR=166 ... ffffffffa02bc090 <- ffffffff8121fa60
[726705.902452] could not restore 'exit_group' system call
[726705.902454] unhooking exit_group NR=231 ... ffffffffa08de060 <- ffffffff8108c570
[726705.902455] Failed to remove all hooked system calls.
[726705.904328] System may be left in an unstable state.
[726705.905890] Failed to remove hooked execve().
[726705.907429] System may be left in an unstable state.
[726705.908974] gsch_remove_hooks(&gsch_hooks, &orig_hooks) done: -5
[726705.909322] gsch_flt: unloading
[726706.384259] gsch_flt: unloaded
[726706.396213] Failed to remove hooked execve().
[726706.398083] System may be left in an unstable state.
[726706.399650] unregister_chrdev(242) done
[726706.400160] vfree(gsch_cache=ffffc900612d3000)
[726706.400166] gsch: unloading vfs-filter 9.6.2.7976: OK
[374052.252532] BUG: unable to handle kernel paging request at ffffffffa03607a0
[374052.254292] IP: [] 0xffffffffa036079f
[374052.255879] PGD 19bd067 PUD 19be063 PMD fe7744f067 PTE 0
[374052.257454] Oops: 0010 [#1] SMP 
[374052.259005] Modules linked in: ip6table_filter ip6_tables iptable_filter krg_11_5_0_5030_imRH7K1smp64(POE) binfmt_misc redirfs(OE) dsa_filter(POE) bonding iTCO_wdt iTCO_vendor_support dcdbas intel_powerclamp coretemp intel_rapl iosf_mbi kvm_intel kvm irqbypass crc32_pclmul ghash_clmulni_intel aesni_intel lrw gf128mul glue_helper ablk_helper cryptd pcspkr i2c_i801 sb_edac edac_core ipmi_devintf mei_me mei lpc_ich ipmi_si ipmi_msghandler dm_round_robin wmi shpchp acpi_power_meter tpm_crb sg dm_multipath ip_tables xfs sr_mod cdrom sd_mod crc_t10dif crct10dif_generic crct10dif_pclmul crct10dif_common crc32c_intel mgag200 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm ahci drm libahci qla2xxx bnx2x libata i2c_core mdio scsi_transport_fc ptp megaraid_sas pps_core scsi_tgt
[374052.269563]  libcrc32c fjes dm_mirror dm_region_hash dm_log dm_mod [last unloaded: gsch]
[374052.271540] CPU: 30 PID: 176181 Comm: ds_am.init Tainted: P           OE  ------------   3.10.0-514.2.2.el7.x86_64 #1
[374052.273427] Hardware name: Dell Inc. PowerEdge R930/01FH6X, BIOS 2.3.1 01/09/2017
[374052.275326] task: ffff88a401fd0fb0 ti: ffff88c64e264000 task.ti: ffff88c64e264000
[374052.277291] RIP: 0010:[]  [] 0xffffffffa036079f
[374052.279211] RSP: 0018:ffff88c64e267d58  EFLAGS: 00010286
[374052.281099] RAX: ffffffffa03607a0 RBX: ffff88c64e267e98 RCX: 0000000000000001
[374052.283017] RDX: 0000000000e63260 RSI: 0000000000e6eae0 RDI: 0000000000e640d0
[374052.285054] RBP: ffff88c64e267d60 R08: 0000000000000001 R09: ffff884f69fd8840
[374052.287042] R10: 0000000000000000 R11: ffffea03f646e840 R12: ffffffffa0ca39f8
[374052.288966] R13: 00000000000001d8 R14: ffffffffa0b9fab0 R15: 0000000000000055
[374052.290924] FS:  00007fc9abedc740(0000) GS:ffff887e7e9c0000(0000) knlGS:0000000000000000
[374052.292866] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[374052.294860] CR2: ffffffffa03607a0 CR3: 000000c66c666000 CR4: 00000000003407e0
[374052.296812] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[374052.298727] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[374052.300631] Stack:
[374052.302512]  ffffffffa0c34ed7 ffff88c64e267db8 ffffffffa0b94fc5 ffff88fe0002b034
[374052.304491]  ffff88c64e267f00 0000000100000000 000000005a631119 000000000002b034
[374052.306437]  0000000000000001 ffffffffa0b8c380 000000000002b035 ffffffffa0b9fab0
[374052.308393] Call Trace:
[374052.310370]  [] ? SYS_execve_auxiliary64+0x27/0xc0 [krg_11_5_0_5030_imRH7K1smp64]
[374052.312385]  [] _execve_origcode+0x125/0x310 [krg_11_5_0_5030_imRH7K1smp64]
[374052.314466]  [] ? _fork_postcode+0x360/0x360 [krg_11_5_0_5030_imRH7K1smp64]
[374052.316547]  [] ? _syscall_wrappers_actions_before_calling_orig_execve+0xe20/0xe20 [krg_11_5_0_5030_imRH7K1smp64]
[374052.320575]  [] syscall_wrappers_generic_flow_with_param+0x39a/0x7d0 [krg_11_5_0_5030_imRH7K1smp64]
[374052.322672]  [] ? do_read_fault.isra.42+0xe4/0x130
[374052.324779]  [] syscall_wrappers_generic_flow+0x12/0x60 [krg_11_5_0_5030_imRH7K1smp64]
[374052.326929]  [] SYS_execve_common_wrap+0x6d/0xe0 [krg_11_5_0_5030_imRH7K1smp64]
[374052.329186]  [] SYS_execve_helper64+0xae/0xd0 [krg_11_5_0_5030_imRH7K1smp64]
[374052.331349]  [] stub_execve+0x69/0xa0
[374052.333482] Code:  Bad RIP value.
[374052.335617] RIP  [] 0xffffffffa036079f
[374052.337767]  RSP 
[374052.339980] CR2: ffffffffa03607a0

决议

Contact Trend Micro and Imperva for a workaround or a fix.

根源

During DS agent updates, ds agent service is reloaded. This results in the unloading of gsch kernel driver. gsch kernel drivers seems to set hooks on certain syscall especially on stub. When the module is unloaded, it does not cleanly remove the hooks which causes Imperva kernel module to fail and result in the crash.

victoruu
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
reboots_硬件重启压力测试脚本_
09-29
这个"reboots_硬件重启压力测试脚本_"是针对这一需求而设计的工具,它能自动化执行硬件重启过程,并在每次重启后进行必要的检查以确保系统的正常运行。 首先,我们来详细了解这个测试脚本的核心功能。`reboots.py`...
【昇腾故障案例-安装部署】Atlas 800-3010 SUSE15 fio压测过程中进行 power cycle 操作,系统启动过程挂死
最新发布
Ascend的博客
06-19 404
下载内核patch:kernel-default-4.12.14-150.14.2.x86_64.rpm,升级解决问题。fio性能测试非系统分区,进行 power cycle 时,SLES 15系统启动过程挂死。内核 efi 模块已知问题,4.12.14-150.14.2.x86_64 内核版本已修复。经验总结、预防措施和规范建议。关键过程、根本原因分析。结论、解决方案及效果。
Linux 常用命令
kaishihaohaozuoshi的博客
03-13 475
在ubuntu 上面在线安装使用 apt-get install;CentOS上面安装使用yum install 在 ubuntu 上面的 安装包 为 dpkg ,安装/卸载/查询 分别为:dpkg -i /dpkg -p/dpkg -l ,也可以使用dpkg --purge 进行卸载,进行彻底卸载 包括注册表中的信息 CentOS 和Rhel 上面安装包为 rpm,安装/卸载/查询 :rpm ...
notifier_chain 内核通知链的学习与使用
龙瑜的博客
07-25 1394
static int call_netdevice_notifier(struct notifier_block *nb, unsigned long val, struct net_device *dev) { struct netdev_notifier_info info = { .dev = dev, }; return nb->notifie
modules "gsch and redirfs" causing frequent kernel panic --Trend Deep Security Agent(TrendMicro)
Vic的博客
08-20 4065
gsch和redirfs模块导致系统hang或者重启 。crash 、kernel panic 报错信息: 1、 Jun 19 09:44:34 7eb106 kernel: redirfs: loading out-of-tree module taints kernel. Jun 19 09:44:34 7eb106 kernel: redirfs: module verificati...
Linux设备模型(1)_基本概念
Linux内核研究
03-26 1787
1. 前言 在“Linux内核的整体架构”中,蜗蜗有提到,由于Linux支持世界上几乎所有的、不同功能的硬件设备(这是Linux的优点),导致Linux内核中有一半的代码是设备驱动,而且随着硬件的快速升级换代,设备驱动的代码量也在快速增长。个人意见,这种现象打破了“简洁就是美”的理念,是丑陋的。它导致Linux内核看上去非常臃肿、杂乱、不易维护。但蜗蜗也知道,这不是Linux的错,Linux
EJTAG Linux32/64和Windows版本
12-13
这是一个包含支持linux-32和linux-64以及window的全功能包。非常好用。  通过简易JTAG线,或者wiggler线。可以支持多种CPU和FLASH。以下是支持列表: ============================================== EJTAG ...
platform-tools-r34.0.0-windows.zip.7z
04-24
Improved flashing: flashall will now skip reboots to userspace if it can. Fixed zero length packet sends for macOS (issuetracker: 208675141). Fixed flashing recovery.img resulting in wrong AVB footer.
pstools(psexe psfile...)
06-24
PsExec - execute processes remotely PsFile - shows files opened remotely PsGetSid - display the ...PsShutdown - shuts down and optionally reboots a computer PsSuspend - suspend and resume processes
BURNINTEST--硬件检测工具
05-12
- Changes to trace logging to reduce activity when trace logging is not turned on. - Note: We have seen a report of the Video Playback failing (crash) due to a faulty video codec, ffdshow.ax. If ...
DS 9.6DSM+Agent简单安装指导手册V1
09-08
一直没有比较好的简易指导手册,所以就自己整理了一份,如果没有资源分数,可以直接找我拿哦。
hung_task_timeout_secs 导致测试panic
mmliuyiding的博客
03-08 1223
测试时遇到的kernel panic kern :err : [ 616.222229] INFO: task mdadm:3234 blocked for more than 120 seconds. kern :err : [ 616.228548] Not tainted 5.0.0 #1 kern :err : [ 616.229854] "echo...
SLUB: Unable to allocate memory on node -1
Vic的博客
06-19 8186
kernel: redirfs: loading out-of-tree module taints kernel. kernel: redirfs: module verification failed: signature and/or required key missing - tainting kernel kernel: Redirecting File System Framewor...
Linux日志中TTM,Linux dmesg命令使用示例
weixin_28874917的博客
05-01 590
原标题:Linux dmesg命令使用示例dmesg命令对于设备故障的诊断是非常重要的。在dmesg命令的帮助下进行硬件的连接或断开连接操作时,我们可以看到硬件的检测或者断开连接的信息。dmesg命令在多数基于Linux和Unix的操作系统中都可以使用。下面我们展示一些最负盛名的dmesg命令工具以及其实际使用举例。dmesg命令的使用语法如下。# dmesg [options...]1. 列出加...
Linux内核转储---空指针触发kdump
qq_41782149的博客
02-14 965
Linux内核转储---空指针触发kdump
Ansible自动化运维工具学习-第二天
Yvresse的博客
10-24 1067
Ansible入门学-第二天 前言 亲爱的小伙伴,如果你已经阅读了博主的Ansible-第一天相信你应该对Ansible有了一定的了解. 不知道关于如何利用Ansible实现集群归档备份你有没有学会呢??? 今天暂且不谈Ansible的各个模块,因为博主又被提需求啦!!!!!(模块知识只能穿插着讲解了????) 如何利用Ansible部署agent 需求前言 博主工作的地方有一套亚信安全平台(亚...
Linux 各个文件夹的作用
beckdon的专栏
09-02 578
/vmlinuz    我们已经知道,每一个linux都有一个内核(vmlinuz),我们在这个内核上添加上可以完成各种特定功能的模块, 每个模块就体现在 linux中各种不同的目录上。当然,各种不同的发行套件,其目录有细小的差别,但主要结构都是一 样的。我们还要将linux的功能模块和各种应用程序结合起来,这样,才能使你的 linux系统为你服务。在/vmlinuz目录
Abnormal kernel logs and reboot occur in Deep Security Virtual Appliance with Anti-Malware feature
Vic的博客
08-20 660
SUMMARY Machines that are using the Anti-Malware feature may encounter issues in kernel logs. In addition, the machine frequently reboots. The reboot occurs due to failure in processing kernel paging...
基于PyTorch的联邦学习开源框架FedLab:加速FL算法验证
DS_agent的博客
08-19 2803
FL框架调研 近两年来联邦学习federated learning(FL)非常火热,也有很多开源的联邦学习框架。 微众银行的FATE FATE文档 覆盖横向、纵向、迁移联邦学习;实现了样本安全匹配,样本切分、特征处理和筛选、LR/XGB/DNN等常用算法,模型评估与评分卡,模型预测(serving),联邦推荐等;文档丰富 工业级框架,比较繁重,上手比较困难,不易于实验室环境部署 OpenMind的PySyft: 由openmind大力推广,PySyft 在主要深度学习框架(如 PyTorch 和 .
linux ramdisk
03-29
A ramfs is a filesystem that is stored in memory and is created dynamically when the system boots up. It does not have a fixed size and can consume all available memory, which can cause the system to ...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值