Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Deep Security Agent filter blocks the Zypper update in AWS SUSE 11 x64

    • Updated:
    • 10 Sep 2015
    • Product/Version:
    • Deep Security 9.5
    • Deep Security 9.6
    • Platform:
    • Amazon AMI 64-bit
Summary

After installing the Deep Security Agent (DSA), the Zypper fails to update.

Details
Public

The following kernel loops show in the /var/log/message when the Zypper update fails:

Mar 19 08:14:10 ip-10-128-143-145 kernel: [19696.333980] gsch_dev_release() done Mar 19 08:22:37 ip-10-128-143-145 kernel: [20204.147933] The following is only an harmless informational message. Mar 19 08:22:37 ip-10-128-143-145 kernel: [20204.147954] Unless you get a _continuous_flood_ of these messages it means Mar 19 08:22:37 ip-10-128-143-145 kernel: [20204.147956] everything is working fine. Allocations from irqs cannot be Mar 19 08:22:37 ip-10-128-143-145 kernel: [20204.147957] perfectly reliable and the kernel is designed to handle that. Mar 19 08:22:37 ip-10-128-143-145 kernel: [20204.147959] zypper: page allocation failure: order:4, mode:0x20 Mar 19 08:22:37 ip-10-128-143-145 kernel: [20204.147962] Pid: 18847, comm: zypper Tainted: P N 3.0.82-0.7-ec2 #1 Mar 19 08:22:37 ip-10-128-143-145 kernel: [20204.147964] Call Trace: Mar 19 08:22:37 ip-10-128-143-145 kernel: [20204.147981] [<ffffffff8000807e>] dump_trace+0x6e/0x1c0 Mar 19 08:22:37 ip-10-128-143-145 kernel: [20204.147987] [<ffffffff80327d7d>] dump_stack+0x69/0x6f Mar 19 08:22:37 ip-10-128-143-145 kernel: [20204.147994] [<ffffffff800cffe2>] warn_alloc_failed+0x102/0x190 Mar 19 08:22:37 ip-10-128-143-145 kernel: [20204.147998] [<ffffffff800d0db1>] __alloc_pages_slowpath+0x461/0x7b0 Mar 19 08:22:37 ip-10-128-143-145 kernel: [20204.148002] [<ffffffff800d12e9>] __alloc_pages_nodemask+0x1e9/0x200 Mar 19 08:22:37 ip-10-128-143-145 kernel: [20204.148007] [<ffffffff8010916c>] cache_grow+0x2fc/0x3f0 Mar 19 08:22:37 ip-10-128-143-145 kernel: [20204.148010] [<ffffffff80109571>] cache_alloc_refill+0x311/0x440 Mar 19 08:22:37 ip-10-128-143-145 kernel: [20204.148013] [<ffffffff80109d30>] __kmalloc+0x1c0/0x2a0 Mar 19 08:22:37 ip-10-128-143-145 kernel: [20204.148032] [<ffffffffa01b8370>] tb_alloc+0x110/0x370 [dsa_filter] Mar 19 08:22:37 ip-10-128-143-145 kernel: [20204.148119] [<ffffffffa019997b>] dsx_allocate_state+0x5b/0x150 [dsa_filter] Mar 19 08:22:37 ip-10-128-143-145 kernel: [20204.148163] [<ffffffffa019a50c>] dsx_process+0x11c/0xbf0 [dsa_filter] Mar 19 08:22:37 ip-10-128-143-145 kernel: [20204.148196] [<ffffffffa0179385>] ssl_dsx_process+0x345/0x350 [dsa_filter] Mar 19 08:22:37 ip-10-128-143-145 kernel: [20204.148218] [<ffffffffa01796d6>] dsx_process_payload_packet_gen+0x166/0x400 [dsa_filter] Mar 19 08:22:37 ip-10-128-143-145 kernel: [20204.148241] [<ffffffffa017bb3d>] dsa_slim_output+0xa3d/0xbc0 [dsa_filter] Mar 19 08:22:37 ip-10-128-143-145 kernel: [20204.148265] [<ffffffffa0180101>] stateful_tcp_filter+0x551/0x730 [dsa_filter] Mar 19 08:22:38 ip-10-128-143-145 kernel: [20204.148288] [<ffffffffa016c870>] core_pkt_filter+0x2d0/0x560 [dsa_filter] Mar 19 08:22:38 ip-10-128-143-145 kernel: [20204.148305] [<ffffffffa016cc11>] core_pkt_hook+0x111/0x490 [dsa_filter] Mar 19 08:22:38 ip-10-128-143-145 kernel: [20204.148321] [<ffffffffa01b67fc>] lin_nf_packet_wrapper+0x1bc/0x3a0 [dsa_filter] Mar 19 08:22:38 ip-10-128-143-145 kernel: [20204.148363] [<ffffffffa01b6bc7>] lin_nf_packet_wrapper_all+0x1e7/0x210 [dsa_filter] Mar 19 08:22:38 ip-10-128-143-145 kernel: [20204.148401] [<ffffffff802af744>] nf_iterate+0x84/0xb0 Mar 19 08:22:38 ip-10-128-143-145 kernel: [20204.148407] [<ffffffff802af8c9>] nf_hook_slow+0x79/0x120 Mar 19 08:22:38 ip-10-128-143-145 kernel: [20204.148411] [<ffffffff802bdbd8>] ip_output+0x98/0xc0 Mar 19 08:22:38 ip-10-128-143-145 kernel: [20204.148415] [<ffffffff802bca49>] ip_queue_xmit+0x1c9/0x410 Mar 19 08:22:38 ip-10-128-143-145 kernel: [20204.148419] [<ffffffff802d23d0>] tcp_transmit_skb+0x4f0/0x700 Mar 19 08:22:38 ip-10-128-143-145 kernel: [20204.148423] [<ffffffff802d4e28>] tcp_write_xmit+0x1e8/0x510 Mar 19 08:22:38 ip-10-128-143-145 kernel: [20204.148426] [<ffffffff802d51b5>] __tcp_push_pending_frames+0x25/0x60 Mar 19 08:22:38 ip-10-128-143-145 kernel: [20204.148431] [<ffffffff802c7a19>] tcp_sendmsg+0x7e9/0xa00 Mar 19 08:22:38 ip-10-128-143-145 kernel: [20204.148435] [<ffffffff80270a1b>] sock_sendmsg+0xdb/0x120 Mar 19 08:22:38 ip-10-128-143-145 kernel: [20204.148439] [<ffffffff80270be8>] sys_sendto+0x138/0x1a0 Mar 19 08:22:38 ip-10-128-143-145 kernel: [20204.148443] [<ffffffff80332bd3>] system_call_fastpath+0x16/0x1b Mar 19 08:22:38 ip-10-128-143-145 kernel: [20204.148452] [<00007f6e9cf48d45>] 0x7f6e9cf48d44

Linux tends to use too much memory for the file system cache to increase performance. In this case, the AWS SuSE 11 x64 micro instance spent too much memory for cache (file system), but the memory reclaim mechanism is not triggered properly. When Zypper tries to connect to the Internet, the dsa_filter encounters a memory allocation failure and dropped packets. This causes the Zypper to work incorrectly.

This issue is considered as a system configuration problem. Stopping the DSA service resolves this issue. For the system without swap, administrator can increase the vm.min_free_kbytes to fix this issue.

To increase the vm.min_free_kbytes, do one of the following options:

  • Run the following command:

    #sysctl -w vm.min_free_kbytes=20480

  • Add the following entry in /etc/sysctl.conf:

    vm.min_free_kbytes = 20480

Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1104397
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.