Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
cPanelResources

Tutorial [KVM/XEN] HW_AES Detection Issues - (yum update - Illegal instruction)

Troubleshooting "Illegal instruction" error with YUM on KVM/XEN

  1. cPanelResources
    cPanel Support has received several inquiries over the past month regarding a particular issue. This issue occurs on CentOS 6.8 XEN servers when you perform a system update via 'yum update', or when you attempt a cURL request. These commands typically result in an 'Illegal instruction (core dumped)' error.

    The issue is due to Python attempting to execute a CPU opcode that is advertised as available by the server's host node virtualization system (XEN), but is not actually supported by the host node's hardware. With this in mind, please note and understand the issue being experienced is not a cPanel related error. The core of this issue is due to the host node's virtualization system (XEN) and the Network Security Services (nss*) packages.

    A few examples of errors being reported as result of this issue:
    Code:
    root@server [/]# yum update
    Loaded plugins: fastestmirror, security
    Setting up Update Process
    Loading mirror speeds from cached hostfile
    Illegal instruction (core dumped)
    
    Code:
    Freeing read locks for locker 0x4670: 12281/139963921401600
    Freeing read locks for locker 0x4672: 12281/139963921401600
    
    Code:
    Program received signal SIGILL, Illegal instruction.
    0x00007fffed8c4d60 in ?? () from /usr/lib64/libfreeblpriv3.so
    (gdb) quit
    
    There have also been reports of Softaculous and RVSiteBuilder not functioning properly, resulting with a 500 error similar to the following:
    Code:
    No response from subprocess (php): The subprocess ended prematurely because it received the “ILL” (4) signal.
    
    Similar to cPanel's Feature Request and Bug Reporting processes, you are highly recommended to provide feedback on the official upstream bug reports regarding this issue.

    For reference, please see these available upstream bug reports regarding this issue:

    Temporary Workarounds

    [ /!\ WARNING /!\ ] - cPanel can not be held liable for the results of the temporary work around provided.

    Throughout the span of the this reported issue, cPanel Support has discovered a temporary workaround. To enable this temporary workaround, execute the following as the root user:
    Code:
    echo 'export NSS_DISABLE_HW_AES=1' > /etc/profile.d/temporary-aes-fix.sh; \
    source /etc/profile.d/temporary-aes-fix.sh
    [ (!) NOTE (!) ] - The 'NSS_DISABLE_HW_AES' environment variable, disables AES hardware support. More information on AES can be found here: Intel Data Protection (AES)

    As a temporary workaround to resolve the errors reported with Softaculous and RVSiteBuilder, the following steps have been used successfully:
    1. Copy and paste all of the following code as the root user:
      • Code:
        cat <<EOF > /usr/local/cpanel/3rdparty/etc/temporary-aes-fix.php
        <?php
        putenv("NSS_DISABLE_HW_AES=1");
        \$_ENV["NSS_DISABLE_HW_AES"]="1";
        EOF
      • NOTE: The command provided will create the file with the necessary content. The final '/usr/local/cpanel/3rdparty/etc/temporary-aes-fix.php' should only contain the following content:
      • Code:
        <?php
        putenv("NSS_DISABLE_HW_AES=1");
        $_ENV["NSS_DISABLE_HW_AES"]="1";
    2. Create a backup of your server's existing cPanel PHP configuration file (/usr/local/cpanel/3rdparty/etc/php.ini) and add the following entry:
      • Code:
        cp -av /usr/local/cpanel/3rdparty/etc/php.ini{,.before_aes_fix}; \
        echo 'auto_prepend_file = "/usr/local/cpanel/3rdparty/etc/temporary-aes-fix.php"' >> /usr/local/cpanel/3rdparty/etc/php.ini
    eva2000 likes this.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice