search cancel

Linux agents are rebooting after a few day while running a SCSP / DCS agent.

book

Article ID: 163626

calendar_today

Updated On:

Products

Data Center Security Server Advanced

Issue/Introduction

We have improper error checking during initialization of the buffer used for the command line arguments GetProcessCommandLine() in LinuxInterface.c, whereby the buffer may point to un initialized data. Thereby causing the crash in tokenizeArguments.
 

<1>[ 5076.971902] BUG: unable to handle kernel NULL pointer dereference at           (null)
<1>[ 5076.971915] IP: [<ffffffffa0368ed5>] _ZN13PathAttribute17tokenizeArgumentsEPc+0x65/0x120 
[sisips]
<4>[ 5076.971950] PGD 1ec10e067 PUD 1f5f0a067 PMD 0 
<0>[ 5076.971958] Oops: 0000 [#1] SMP 
<4>[ 5076.971965] CPU 6 
<4>[ 5076.971968] Modules linked in: nfs lockd fscache auth_rpcgss nfs_acl sunrpc edd sisfim(PFN) mperf 
ipv6_lib sisips(PFN) fuse loop pciehp pci_hotplug dm_mod i7core_edac edac_core rtc_cmos joydev 
serio_raw bn
x2 iTCO_wdt iTCO_vendor_support usbhid hid acpi_power_meter ses sr_mod dcdbas(X) sg enclosure 
cdrom button pcspkr ext3 jbd mbcache ttm drm_kms_helper drm i2c_algo_bit sysimgblt sysfillrect i2c_core 
syscopyarea u
hci_hcd ehci_hcd usbcore usb_common sd_mod crc_t10dif processor thermal_sys hwmon scsi_dh_rdac 
scsi_dh_alua scsi_dh_emc scsi_dh_hp_sw scsi_dh ata_generic ata_piix libata megaraid_sas scsi_mod
<4>[ 5076.972055] Supported: No, Proprietary and Unsupported modules are loaded
<4>[ 5076.972060] 
<4>[ 5076.972063] Pid: 8083, comm: ipsstress64 Tainted: PF          NX 3.0.76-0.11-default #1 Dell Inc. 
PowerEdge R710/0MD99X
<4>[ 5076.972071] RIP: 0010:[<ffffffffa0368ed5>]  [<ffffffffa0368ed5>] 
_ZN13PathAttribute17tokenizeArgumentsEPc+0x65/0x120 [sisips]
<4>[ 5076.972094] RSP: 0018:ffff8801e3279de0  EFLAGS: 00010246
<4>[ 5076.972098] RAX: 0000000000000001 RBX: ffff8801e3279e08 RCX: 0000000000000000
<4>[ 5076.972107] RDX: ffff8801ef6926c0 RSI: ffff8801ef692880 RDI: 0000000000000000
<4>[ 5076.972114] RBP: ffff8801d2746c00 R08: 0000000000000420 R09: 000000000000001b
<4>[ 5076.972120] R10: 0000000000000007 R11: ffff8801e3279db0 R12: ffff8801d2746c00
<4>[ 5076.972126] R13: 0000000000000001 R14: 0000000000605a90 R15: 0000000000800000
<4>[ 5076.972133] FS:  00007f4117a39700(0000) GS:ffff88022f2c0000(0000) 
knlGS:0000000000000000
<4>[ 5076.972140] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
<4>[ 5076.972145] CR2: 0000000000000000 CR3: 00000001f139e000 CR4: 00000000000007e0
<4>[ 5076.972151] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
<4>[ 5076.972158] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
<4>[ 5076.972164] Process ipsstress64 (pid: 8083, threadinfo ffff8801e3278000, task ffff8801e863a0c0)
<0>[ 5076.972170] Stack:
<4>[ 5076.972174]  ffffffffa036cc70 ffff880100120011 ffff8801d2746c00 ffff8801e9aaf900
<4>[ 5076.972184]  ffffffffa036cca4 ffff880100120011 ffff8801ef692880 0000000000000001
<4>[ 5076.972194]  ffff8801d2746c00 ffffffffa034f2c0 ffffffffa034e783 0000000000800000
<0>[ 5076.972205] Call Trace:
<4>[ 5076.972306]  [<ffffffffa036cc70>] 
_ZN7Process14setCommandLineER19UnicodeStringBuffer+0x90/0xa0 [sisips]
<4>[ 5076.972425]  [<ffffffffa036cca4>] _ZN7Process14setCommandLineEPKc+0x24/0x40 [sisips]
<4>[ 5076.972539]  [<ffffffffa034e783>] _Z21SetProcessCommandLineP7Process+0x53/0x70 [sisips]
<4>[ 5076.972590]  [<ffffffffa034f35d>] _Z12SetUpProcessP7Process+0x9d/0xd0 [sisips]
<4>[ 5076.972644]  [<ffffffffa037084b>] 
_ZN13ProcessCommon22ExecuteProcFuncForListEP15LIST_ENTRY_LINKPFvP7ProcessE+0x3b/0x60 [sisips]
<4>[ 5076.972772]  [<ffffffffa03711f9>] _ZN13ProcessCommon14CreateChildrenEP7Process+0xa9/0xd0 
[sisips]
<4>[ 5076.972898]  [<ffffffffa034f02b>] AppfireDestroyProcess+0x1b/0x70 [sisips]
<4>[ 5076.972947]  [<ffffffffa0342b9a>] hook_exit_group+0x8b/0xa1 [sisips]
<4>[ 5076.972967]  [<ffffffff81464592>] system_call_fastpath+0x16/0x1b
<4>[ 5076.972988]  [<00007f411c2eb2a8>] 0x7f411c2eb2a7
<0>[ 5076.972997] Code: 66 66 90 66 66 90 0f b6 0a 83 c0 01 80 f9 20 75 11 66 66 90 66 90 48 83 c2 
01 0f b6 0a 80 f9 20 74 f4 84 c9 48 89 f9 48 0f 45 ca <0f> b6 31 40 80 fe 22 74 7a 40 80 fe 27 74 74 40 
80 fe 20
 74 08 
<1>[ 5076.973071] RIP  [<ffffffffa0368ed5>] _ZN13PathAttribute17tokenizeArgumentsEPc+0x65/0x120 
[sisips]
<4>[ 5076.973104]  RSP <ffff8801e3279de0>
<0>[ 5076.973112] CR2: 0000000000000000

Resolution

Use the DCS 6.7 builds for Linux, for frozen builds of RHEL 5 please use the DCS 6.7 release legace release for RHEL 5 in the legacy folder available here:

https://symantec.flexnetoperations.com