Upgrading has not solved the problem. Still appears to be some form of port / bind issue based on the backtrace. To obfuscate things, this was my ossec master (wazuh docker image), so it was running in a docker container, on a virtual machine under VMWare.
Nothing complicated there, right? I'd love to hear any suggestions on where to look next to track down this problem. I can (apparently) get around it by disabling rootcheck, but since that's one of the key features of ossec I really want for security, it's not a very good solution. ------------------------------------------------ NMI watchdog: BUG: soft lockup - CPU#2 stuck for 23s! [ossec-syscheckd:16223] Modules linked in: xt_nat veth binfmt_misc ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtyp e xt_conntrack nf_nat nf_conntrack br_netfilter bridge stp llc iptable_filter vmw_vsock_vmci_transport vsock btrfs zlib_deflate raid6_pq xor intel_p owerclamp coretemp iosf_mbi crc32_pclmul ghash_clmulni_intel ppdev aesni_intel lrw gf128mul glue_helper vmw_balloon ablk_helper cryptd pcspkr sg vmw _vmci i2c_piix4 shpchp parport_pc parport nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables ext4 mbcache jbd2 sr_mod cdrom ata_generic pata_acpi sd_mod crc_t10dif crct10dif_generic crct10dif_pclmul crct10dif_common crc32c_intel vmwgfx drm_kms_helper ata_piix syscopyarea serio_raw sysfillrect sysimgblt fb_sys_fops ttm vmxnet3 drm libata vmw_pvscsi i2c_core floppy fjes dm_mirror dm_region_hash dm_log dm_mod CPU: 2 PID: 16223 Comm: ossec-syscheckd Not tainted 3.10.0-514.10.2.el7.x86_64 #1 Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 09/21/2015 task: ffff88000593ce70 ti: ffff8800130ec000 task.ti: ffff8800130ec000 RIP: 0010:[<ffffffff8168dd52>] [<ffffffff8168dd52>] _raw_spin_lock+0x32/0x50 RSP: 0018:ffff8800130efde0 EFLAGS: 00000203 RAX: 000000000000411c RBX: 0000000000000020 RCX: 000000000000bb00 RDX: 000000000000384c RSI: 000000000000384c RDI: ffffc900016fe4f0 RBP: ffff8800130efde0 R08: ffff8800b7aa9380 R09: ffffc900016fe4f0 R10: 0000000000000008 R11: 0000000000000206 R12: ffffc900016fe3e0 R13: ffff88013ae99a80 R14: 0000000000000246 R15: ffff8800130efd78 FS: 00007efe439a5740(0000) GS:ffff88013ae80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 000000000063e000 CR3: 0000000013e8c000 CR4: 00000000000407e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Stack: ffff8800130efe68 ffffffff815bc2b5 00000005811de175 ffff8800b8993640 0000000000000000 0000000000000000 0000000000000000 ffffffff81f96140 0000000000000000 ffffc900016fe4f0 ffffffff00000c01 ffffffff00000000 Call Trace: [<ffffffff815bc2b5>] inet_csk_get_port+0x385/0x5c0 [<ffffffff815eb71c>] inet_bind+0x14c/0x200 [<ffffffff81555330>] SYSC_bind+0xe0/0x120 [<ffffffff81136bf3>] ? __secure_computing+0x73/0x240 [<ffffffff8111efe6>] ? __audit_syscall_exit+0x1e6/0x280 [<ffffffff8111eda4>] ? __audit_syscall_entry+0xb4/0x110 [<ffffffff810392e3>] ? syscall_trace_enter+0x173/0x220 [<ffffffff8155616e>] SyS_bind+0xe/0x10 [<ffffffff81696c12>] tracesys+0xdd/0xe2 Code: 00 02 00 f0 0f c1 07 89 c2 c1 ea 10 66 39 c2 75 01 c3 55 83 e2 fe 0f b7 f2 48 89 e5 b8 00 80 00 00 eb 0d 66 0f 1f 44 00 00 f3 90 <83> e8 01 74 0a 0f b7 0f 66 39 ca 75 f1 5d c3 66 66 66 90 66 66 -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
