Red Hat Enterprise Linux 7 server reboots when Trend Micro DS agent is updated

Solution Verified - Updated -

Issue

  • What is the Red Hat Enterprise Linux 7 server rebooting after applying Trend Micro DS agent updates ?
  • While applying Trend Micro DS agent update, server reboots with the following messages
[726704.698199] gsch_dev_release() doing
[726704.698208] gsch_dev_release() done
[726705.902410] unhooking open NR=2 ... ffffffffa02bc930 <- ffffffff811fd550
[726705.902418] could not restore 'close' system call
[726705.902421] unhooking close NR=3 ... ffffffffa08dc8e0 <- ffffffff811fd5b0
[726705.902423] could not restore 'exit' system call
[726705.902426] unhooking exit NR=60 ... ffffffffa08de010 <- ffffffff8108c4b0
[726705.902428] unhooking getpgid NR=121 ... ffffffffa02ba800 <- ffffffff810a29e0
[726705.902431] unhooking unlink NR=87 ... ffffffffa02bae50 <- ffffffff81210470
[726705.902433] unhooking unlinkat NR=263 ... ffffffffa02bb0f0 <- ffffffff81210430
[726705.902435] could not restore 'write' system call
[726705.902438] unhooking write NR=1 ... ffffffffa08d9920 <- ffffffff811fed30
[726705.902440] unhooking pwrite64 NR=18 ... ffffffffa02bac80 <- ffffffff811feed0
[726705.902442] could not restore 'writev' system call
[726705.902444] unhooking writev NR=20 ... ffffffffa08d9b60 <- ffffffff811ff4e0
[726705.902446] unhooking dup2 NR=33 ... ffffffffa02bb930 <- ffffffff8121d210
[726705.902448] unhooking mount NR=165 ... ffffffffa02bcba0 <- ffffffff81220f60
[726705.902450] unhooking umount NR=166 ... ffffffffa02bc090 <- ffffffff8121fa60
[726705.902452] could not restore 'exit_group' system call
[726705.902454] unhooking exit_group NR=231 ... ffffffffa08de060 <- ffffffff8108c570
[726705.902455] Failed to remove all hooked system calls.
[726705.904328] System may be left in an unstable state.
[726705.905890] Failed to remove hooked execve().
[726705.907429] System may be left in an unstable state.
[726705.908974] gsch_remove_hooks(&gsch_hooks, &orig_hooks) done: -5
[726705.909322] gsch_flt: unloading
[726706.384259] gsch_flt: unloaded
[726706.396213] Failed to remove hooked execve().
[726706.398083] System may be left in an unstable state.
[726706.399650] unregister_chrdev(242) done
[726706.400160] vfree(gsch_cache=ffffc900612d3000)
[726706.400166] gsch: unloading vfs-filter 9.6.2.7976: OK
[726706.403572] BUG: unable to handle kernel paging request at ffffffffa02bc7a0
[726706.405166] IP: [<ffffffffa02bc7a0>] 0xffffffffa02bc79f
[726706.406745] PGD 19bd067 PUD 19be063 PMD 7e78fb7067 PTE 0
[726706.408436] Oops: 0010 [#1] SMP
[726706.410301] Modules linked in: ip6table_filter ip6_tables iptable_filter krg_11_5_0_5030_imRH7K1smp64(POE) binfmt_misc redirfs(OE) dsa_filter(POE) bonding iTCO_wdt iTCO_vendor_support dcdbas intel_powerclamp coretemp intel_rapl iosf_mbi kvm_intel kvm irqbypass crc32_pclmul ghash_clmulni_intel aesni_intel lrw gf128mul glue_helper ablk_helper cryptd pcspkr dm_round_robin i2c_i801 lpc_ich mei_me sb_edac mei edac_core ipmi_devintf sg ipmi_si ipmi_msghandler wmi shpchp acpi_power_meter tpm_crb dm_multipath ip_tables xfs sr_mod cdrom sd_mod crc_t10dif crct10dif_generic crct10dif_pclmul crct10dif_common crc32c_intel mgag200 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm ahci bnx2x drm libahci qla2xxx libata i2c_core mdio ptp scsi_transport_fc megaraid_sas pps_core scsi_tgt
[726706.420892]  libcrc32c fjes dm_mirror dm_region_hash dm_log dm_mod [last unloaded: gsch]
[726706.422997] CPU: 41 PID: 136635 Comm: ds_am.init Tainted: P           OE  ------------   3.10.0-514.2.2.el7.x86_64 #1
[726706.424896] Hardware name: Dell Inc. PowerEdge R930/01FH6X, BIOS 2.3.1 01/09/2017
[726706.426797] task: ffff88fe50b03ec0 ti: ffff88f7d8770000 task.ti: ffff88f7d8770000
[726706.428722] RIP: 0010:[<ffffffffa02bc7a0>]  [<ffffffffa02bc7a0>] 0xffffffffa02bc79f
[726706.430766] RSP: 0018:ffff88f7d8773d58  EFLAGS: 00010286
[726706.432922] RAX: ffffffffa02bc7a0 RBX: ffff88f7d8773e98 RCX: 0000000000000001
[726706.434848] RDX: 000000000140e260 RSI: 0000000001419ad0 RDI: 000000000140f240
[726706.436760] RBP: ffff88f7d8773d60 R08: 0000000000000001 R09: ffff887e68e2a0c0
[726706.438689] R10: 0000000000000000 R11: ffffea01f9b7cac0 R12: ffffffffa09e19f8
[726706.440721] R13: 00000000000001d8 R14: ffffffffa08ddab0 R15: 000000000000005b
[726706.442863] FS:  00007f7fe0e0d740(0000) GS:ffff88fe7e300000(0000) knlGS:0000000000000000
[726706.444819] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[726706.446759] CR2: ffffffffa02bc7a0 CR3: 000000f772e06000 CR4: 00000000003407e0
[726706.448709] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[726706.450728] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[726706.452847] Stack:
[726706.454739]  ffffffffa0972ed7 ffff88f7d8773db8 ffffffffa08d2fc5 ffff887e000215ba
[726706.456690]  ffff88f7d8773f00 0000000100000000 000000007009b2f2 00000000000215ba
[726706.458632]  0000000000000001 ffffffffa08ca380 00000000000215bb ffffffffa08ddab0
[726706.460724] Call Trace:
[726706.462886]  [<ffffffffa0972ed7>] ? SYS_execve_auxiliary64+0x27/0xc0 [krg_11_5_0_5030_imRH7K1smp64]
[726706.464915]  [<ffffffffa08d2fc5>] _execve_origcode+0x125/0x310 [krg_11_5_0_5030_imRH7K1smp64]
[726706.466917]  [<ffffffffa08ca380>] ? _fork_postcode+0x360/0x360 [krg_11_5_0_5030_imRH7K1smp64]
[726706.468918]  [<ffffffffa08ddab0>] ? _syscall_wrappers_actions_before_calling_orig_execve+0xe20/0xe20 [krg_11_5_0_5030_imRH7K1smp64]
[726706.473217]  [<ffffffffa08d838a>] syscall_wrappers_generic_flow_with_param+0x39a/0x7d0 [krg_11_5_0_5030_imRH7K1smp64]
[726706.475329]  [<ffffffff811ac834>] ? do_read_fault.isra.42+0xe4/0x130
[726706.477441]  [<ffffffffa08d8b12>] syscall_wrappers_generic_flow+0x12/0x60 [krg_11_5_0_5030_imRH7K1smp64]
[726706.480088]  [<ffffffffa08ddecd>] SYS_execve_common_wrap+0x6d/0xe0 [krg_11_5_0_5030_imRH7K1smp64]
[726706.482604]  [<ffffffffa09730de>] SYS_execve_helper64+0xae/0xd0 [krg_11_5_0_5030_imRH7K1smp64]
[726706.484983]  [<ffffffff81696c69>] stub_execve+0x69/0xa0
[726706.487127] Code:  Bad RIP value.
[726706.489269] RIP  [<ffffffffa02bc7a0>] 0xffffffffa02bc79f
[726706.491510]  RSP <ffff88f7d8773d58>
[726706.493805] CR2: ffffffffa02bc7a0

Environment

  • Red Hat Enterprise Linux 7
  • Trend Micro Deep Security Agent 9.6.2-7888.el7 (Kernel modules gsch and redirfs)
  • Imperva Agent 11.5.0.5030 (kernel module krg_11_5_0_5030_imRH7K1smp64)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In