McAfee Linuxshield panics RHEL with "unable to handle kernel paging request"
Issue
1] The system panics after installing Linux shield/McAfee antivirus (linuxshield and lshook modules), with Oops: 0003
and BUG: unable to handle kernel paging request
. And prior to the crash we see messages indicating the lschook and linuxshield 'fixups' are being applied due to an old version of these modules.
lshook module is older than RHEL 6.2 ... applying fixups
linuxshield module is older than RHEL 6.2 ... applying fixups
...
Oops: 0003 [#1] SMP
BUG: unable to handle kernel paging request at ffffffffa0281bd4
...
Modules linked in: nfsd lockd nfs_acl auth_rpcgss sunrpc exportfs linuxshield(U) lshook(U) autofs4 ipv6 ppdev microcode vmware_balloon parport_pc parport sg i2c_piix4 i2c_core shpchp ext3 jbd mbcache sd_mod crc_t10dif sr_mod cdrom vmxnet3 vmw_pvscsi pata_acpi ata_generic ata_piix dm_mirror dm_region_hash dm_log dm_mod [last unloaded: speedstep_lib]
- Example1: nfsd thread crashes in
svc_tcp_recvfrom
called fromsvc_recv
Oops: 0003 [#1] SMP
...
Modules linked in: ... linuxshield(U) lshook(U) ...
Pid: 3873, comm: nfsd Not tainted 2.6.32-504.16.2.el6.x86_64 #1 VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform
RIP: 0010:[<ffffffffa024ce29>] [<ffffffffa024ce29>] svc_tcp_recvfrom+0x4e9/0x760 [sunrpc]
...
Call Trace:
[<ffffffff81087520>] ? process_timeout+0x0/0x10
[<ffffffffa0259928>] svc_recv+0x818/0x850 [sunrpc]
[<ffffffff81064bc0>] ? default_wake_function+0x0/0x20
[<ffffffffa02c2b35>] nfsd+0xa5/0x160 [nfsd]
- Example 2: nfsd thread crashes in
svc_tcp_accept
called fromsvc_recv
Oops: 0003 [#1] SMP
...
Modules linked in: ... linuxshield(U) lshook(U) ...
Pid: 7722, comm: nfsd Not tainted 2.6.32-504.el6.x86_64 #1 VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform
RIP: 0010:[<ffffffffa020eb07>] [<ffffffffa020eb07>] svc_tcp_accept+0x177/0x310 [sunrpc]
...
Call Trace:
[<ffffffff81088062>] ? del_timer_sync+0x22/0x30
[<ffffffff8152a84a>] ? schedule_timeout+0x19a/0x2e0
[<ffffffff810874f0>] ? process_timeout+0x0/0x10
[<ffffffffa021a598>] svc_recv+0x488/0x850 [sunrpc]
[<ffffffff81064b90>] ? default_wake_function+0x0/0x20
[<ffffffffa0252b35>] nfsd+0xa5/0x160 [nfsd]
2] Server panic due to list corruption after schook module is loaded.
Environment
- RHEL6
- seen on kernel 2.6.32-504.el6
- seen on kernel 2.6.32-431.el6
- seen on kernel 2.6.32-696.3.2.el6
- McAfee Antivirus / Linuxshield kernel modules (older than RHEL 6.2)
- modules: linuxshield(U) lshook(U) schook (U)
- often seen with nfsd (nfs server)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.