Since I did the Mac OS X Lion update on my MBP 15″ mid-2009, several Kernel Panic happened, too much for my taste. For those who do not know it, on Mac OS, a Kernel Panic looks like this:
The “equivalent” of a BSoD on Mac OS X
Those Kernel Panic occurred randomly, regardless of my current activity. It occurred as often as 1 per day, which can be very disturbing. The problem remained (if not worsened) after the 10.7.2 update a few days ago.
After investigation, I discovered that those Kernel Panic were caused by a kernel extension of Mac OS X whose signature was com.cisco.nke.ipsec (2.0.1). How to know if it is your case? It is quite simple: after the Kernel Panic, you reboot your computer. Once up and running, you have a message telling you that the computer has been shut down because of an issue and you will be able to send an error report to Apple: ask to see the details and examine the error report. If this kernel extension is responsible for the problem, you should see something like this:
Interval Since Last Panic Report: 26005 sec Panics Since Last Report: 1 Anonymous UUID: 8C7D8BB2-0000-0000-0000-3409CFA30000 Thu Oct 6 12:58:34 2011 panic(cpu 0 caller 0x2bc59c): Preemption level underflow, possible cause unlocking an unlocked mutex or spinlock Backtrace (CPU 0), Frame : Return Address (4 potential args on stack) 0x585db2f8 : 0x22032e (0x6ac0fc 0x585db318 0x229ef0 0x0) 0x585db328 : 0x2bc59c (0x801146 0x86a3eb0 0x0 0x8587300) ... 0x585dbf88 : 0x354132 (0x0 0x53ef6d00 0x0 0x8d8ef58) 0x585dbfc8 : 0x2c5d0c (0x8d8ef2c 0x0 0x2c5d1b 0x841d000) Kernel Extensions in backtrace: com.cisco.nke.ipsec(2.0.1)[00000000-0000-0000-0000-000000000000]@0x81f36000->0x81faafff BSD process name corresponding to current thread: kernel_task Boot args: arch=i386 Mac OS version: 11B26 Kernel version: Darwin Kernel Version 11.1.0: Tue Jul 26 16:09:02 PDT 2011; root:xnu-1699.22.81~1/RELEASE_I386 Kernel UUID: D5E41653-0000-0000-0000-4C2E20020000 System model name: MacBookPro5,3 (Mac-F22587C8) System uptime in nanoseconds: 13333138736372 last loaded kext at 13240839389556: com.apple.iokit.IOAVBFamily 1.0.0d22 (addr 0x59a1f000, size 32768) last unloaded kext at 13205522356367: com.apple.iokit.IOEthernetAVBController 1.0.0d5 (addr 0x1fcb000, size 20480) loaded kexts: com.cisco.nke.ipsec 2.0.1 org.virtualbox.kext.VBoxNetAdp 4.0.12 org.virtualbox.kext.VBoxNetFlt 4.0.12 org.virtualbox.kext.VBoxUSB 4.0.12 ... USB Device: Apple Internal Keyboard / Trackpad, apple_vendor_id, 0x0237, 0x04600000 / 3 USB Device: IR Receiver, apple_vendor_id, 0x8242, 0x04500000 / 2
The part that matters here is the line 16: it tells you that, as presumed, com.cisco.nke.ipsec (2.0.1) is responsible for the Kernel Panic. Take into consideration that those reports are also available through the Console application (/Application/Utilities/Console): you can also check that your formers Kernel Panics were caused by this extension.
What is this extension used for? Its main purpose is to allow you to connect to Cisco VPN systems. I needed it for my former university’s VPN1. It is an issue if you still need it. Be aware that this extension is used not only by the official Cisco client but also by non-Cisco softwares such as Shimo. It is the reason why the resolution method I give does not delete the extension, it enables you to activate it when you need it.
First, you need to check if the extension is loaded in your system. For this, open a terminal (/Applications/Utilities/Terminal or use the iTerm application that I prefer) and type the following command:
$ sudo kextstat
Then enter your admin password. If you see in the list com.cisco.nke.ipsec (2.0.1) then it is OK, you can go on. Deactivate the extension thanks to the command:
$ sudo kextunload /System/Library/Extensions/CiscoVPN.kext
You can already check that the extension is not loaded anymore thanks to the kextstat command.
You now have to deactivate the automatic loading of the extension when the computer boots up. For this, you need to move two elements. Store them in a place you will remember2. Personally, I chose ~/Documents/Informatique but this is up to you. Execute the following commands:
$ sudo mv /System/Library/Extensions/CiscoVPN.kext ~/Documents/Informatique/ $ sudo mv /System/Library/StartupItems/CiscoVPN ~/Documents/Informatique/
Be careful to keep the right permissions on those two elements: if you do not, you will not be able to reactivate it in the future.
Voilà! The extension is deactivated and will not be loaded when the computer boots up!
Reactivation of the extension
If you need to connect to a Cisco VPN, you will need to reactivate this extension. For this, one command:
$ sudo kextload /path/to/kext/CiscoVPN.kext
If you do not have the right permissions on those elements, you will get this error:
/path/to/kext/CiscoVPN.kext failed to load - (libkern/kext) not privileged; ... ... check the system/kernel logs for errors or try kextutil(8).
The right permissions are those ones:
$ ls -l total 10159200 drwxr-xr-x 5 root wheel 170 23 aoû 2010 CiscoVPN drwxr-xr-x 3 root wheel 102 23 aoû 2010 CiscoVPN.kext
From now on, you can see the com.cisco.nke.ipsec (2.0.1) extension in the list given by the kextstat command. Do not forget to deactivate it once you have finished your work on your Cisco VPN:
$ sudo kextunload /path/to/kext/CiscoVPN.kext