Oracle Linux 8 — Error: ” mcelog service does not support this processor “

📖 ~4 min read  •  Source: Oracle Bug 29501190

Table of contents

1. Symptom & Impact
2. Environment & Reproduction
3. Root Cause Analysis
4. Quick Triage
5. Step-by-Step Diagnosis
6. Solution – Primary Fix
7. Solution – Alternative Approaches
8. Verification & Acceptance Criteria
9. Rollback Plan
10. Prevention & Hardening
11. Related Errors & Cross-Refs
12. References & Further Reading

Symptom & Impact

On Oracle Linux 8 systems, Oracle Bug 29501190 documents the behaviour described in the title: Error: " mcelog service does not support this processor ". The condition surfaces during install, boot, or normal operation depending on the affected subsystem. Operators see failed systemctl --failed output, abnormal entries in journalctl -xe, and — where the package is part of the serving path — degraded availability. On Oracle Linux 8 the impact ranges from a single service-restart loop to wider production incidents depending on host role and the criticality of Error:.

Environment & Reproduction

Reproduction targets Oracle Linux 8 running either the Red Hat Compatible Kernel (RHCK) or the Unbreakable Enterprise Kernel (UEK). Confirm release, kernel, and installed package:

cat /etc/oracle-release
uname -r
rpm -q Error:
dnf list installed Error:
dnf history list --reverse | head -20

Trigger the workflow that exposes Error: " mcelog service does not support this processor " while collecting:

journalctl -u Error: -b --no-pager | tail -200
journalctl -xe --no-pager | tail -200
tail -200 /var/log/dnf.log
tail -200 /var/log/audit/audit.log

Root Cause Analysis

Root cause is tracked in the Oracle Linux release notes (Oracle Bug 29501190). The defect lives in a specific kernel, firmware, or userspace component shipped with the GA channel; Oracle has either shipped a fix in a later errata or documented a supported workaround. Correlate transaction history with system logs and SELinux audit entries to isolate the originating change:

dnf history list --reverse | head -30
dnf history info $(dnf history list | awk '/Error:/ {print $1; exit}')
ausearch -m AVC,USER_AVC -ts today | tail -100
cat /proc/sys/kernel/tainted   # non-zero = kernel modules / out-of-tree drivers loaded

Quick Triage

Run these checks on Oracle Linux 8 to confirm the failure mode and current state of Error::

rpm -q Error:                              # installed version
rpm -V Error:                              # verify file integrity
dnf updateinfo info --security Error:     # any security advisories outstanding
systemctl --failed --no-pager
firewall-cmd --list-all 2>/dev/null || echo 'firewalld not running'
getenforce                                 # SELinux mode
# If Error: ships a systemd unit (unit name may differ from the pkg name,
# e.g. httpd pkg/unit match, but bind→named, postgresql-server→postgresql):
systemctl list-unit-files | grep -i Error: | head -5

Step-by-Step Diagnosis

1. List failed units.

   systemctl --failed --no-pager

2. Follow the journal for Error: and the system bus.

   journalctl -u Error: -f --no-pager
   journalctl -xe -f --no-pager

3. Check firewall posture (skip if firewalld is masked).

   firewall-cmd --list-all-zones --permanent
   nft list ruleset 2>/dev/null | head -50

4. Surface SELinux denials and translate them to a policy module if needed.

   ausearch -m AVC,USER_AVC -ts today
   ausearch -m AVC -ts today | audit2allow -a -M /tmp/local-fix
   # Inspect /tmp/local-fix.te before applying:
   sudo semodule -i /tmp/local-fix.pp

5. Verify Error: integrity and dependency closure.

   dnf check
   rpm -V Error:
   rpm -q --requires Error: | xargs -r rpm -q --whatprovides | head

6. Correlate findings with /var/log/dnf.log, dnf history and Oracle Bug 29501190 to pin the change that introduced Error: " mcelog service does not support this processor ".

Solution – Primary Fix

Apply the corrective dnf transaction referenced by Oracle Bug 29501190, reload affected systemd units, and reconcile firewalld / SELinux state:

sudo dnf clean expire-cache
sudo dnf -y update Error:
sudo systemctl daemon-reload
# If Error: ships a systemd unit (unit name may differ from pkg name):
sudo systemctl restart Error:
rpm -q Error:                       # confirm new NVR
systemctl is-active Error:          # confirm running (if a unit exists)

If the advisory says a reboot is required (kernel, glibc, systemd, openssl):

sudo needs-restarting -r           # reports kernel/init/glibc need
sudo systemctl reboot              # or: sudo shutdown -r now

Solution – Alternative Approaches

If the primary fix is not viable, choose from these alternatives:

• Roll back the offending dnf transaction:

  sudo dnf history list --reverse
  sudo dnf history undo <id>

• Pin Error: with the versionlock plugin:

  sudo dnf install -y python3-dnf-plugin-versionlock
  sudo dnf versionlock add Error:
  sudo dnf versionlock list | grep Error:

• Downgrade to a known-good NVR from the repo cache or vault:

  sudo dnf --showduplicates list Error:
  sudo dnf -y downgrade Error:-<older-NVR>

• Switch firewalld backend (nftables ↔ iptables) for compatibility:

  sudo sed -i 's/^FirewallBackend=.*/FirewallBackend=iptables/' /etc/firewalld/firewalld.conf
  sudo systemctl restart firewalld

• If SELinux is suspected, switch to permissive briefly, capture denials, and author a custom module before re-enforcing:

  sudo setenforce 0                                    # do NOT leave permissive
  # reproduce the failure
  sudo ausearch -m AVC -ts recent | audit2allow -a -M mylocal
  sudo semodule -i mylocal.pp
  sudo setenforce 1

• Where the advisory has Ksplice coverage, live-patch without reboot (Oracle Linux Premier Support):

  sudo uptrack-show                # current live patches
  sudo uptrack-upgrade -y          # apply all available
  uptrack-uname -r                 # effective kernel after live patching

Verification & Acceptance Criteria

All of these should pass after the fix:

rpm -q Error:                                       # shows the expected fixed NVR
dnf updateinfo list --security installed | head    # no security advisories pending for us
systemctl is-active Error: 2>/dev/null              # active (if a unit exists)
journalctl -u Error: --since "5 minutes ago" --no-pager  # no new errors
firewall-cmd --list-services                        # required services present
getenforce                                          # intended mode (Enforcing/Permissive)

The original reproduction for Error: " mcelog service does not support this processor " must not trigger across two consecutive runs.

Rollback Plan

Capture state before any change:

rpm -qa > /root/rpm-pre.txt
dnf history list --reverse > /root/dnf-history-pre.txt
# LVM snapshot of the root LV (size to ~10% of root):
sudo lvcreate -L 4G -s -n root_pre_patch /dev/mapper/$(lvs --noheadings -o lv_path | grep -m1 root | xargs basename)

To revert if the patch is bad:

sudo dnf history undo <id>
# Or downgrade just Error: to the previous NVR:
sudo dnf -y downgrade Error:
sudo systemctl daemon-reload
# For SELinux module additions:
sudo semodule -r mylocal
# Reboot only if kernel/initramfs/glibc were rolled back:
sudo systemctl reboot

For kernel rollbacks, select the previous entry from the GRUB menu or set it as default with grubby --set-default /boot/vmlinuz-<older>.

Prevention & Hardening

Prevent recurrence on Oracle Linux 8 hosts running Error::

• Enable scheduled security updates via dnf-automatic:

  sudo dnf install -y dnf-automatic
  # Edit /etc/dnf/automatic.conf:
  # upgrade_type = security
  # apply_updates = yes
  sudo systemctl enable --now dnf-automatic.timer

• Subscribe to the Oracle Linux Errata RSS / mailing list at linux.oracle.com/security.

• Mirror through a local yum/dnf repository:

  sudo dnf install -y dnf-utils createrepo_c
  sudo reposync --download-metadata --downloadcomps -p /srv/repos -m --repo=ol8_baseos_latest
  sudo createrepo_c /srv/repos/ol-baseos

• Pin sensitive packages so they cannot be auto-upgraded:

  sudo dnf install -y python3-dnf-plugin-versionlock
  sudo dnf versionlock add Error:

• Snapshot the root LV before every upgrade window:

  sudo lvcreate -L 4G -s -n root_pre_$(date +%Y%m%d) /dev/<vg>/<root-lv>

• Monitor file integrity with AIDE:

  sudo dnf install -y aide
  sudo aide --init && sudo mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
  sudo aide --check

• Lock down with SELinux audit rules in /etc/audit/rules.d/:

  # /etc/audit/rules.d/90-cp.rules
  -w /etc/passwd  -p wa -k identity
  -w /etc/shadow  -p wa -k identity
  -w /etc/sudoers -p wa -k privilege
  -a always,exit -F arch=b64 -S execve -k exec

• Where licensed, enable Oracle Ksplice for live kernel and userspace patching:

  sudo dnf install -y uptrack ksplice-tools
  sudo uptrack-upgrade -y
  sudo systemctl enable --now uptrack

Related Errors & Cross-Refs

Issues that commonly surface alongside Error: " mcelog service does not support this processor ": dnf transaction lock contention, systemd unit ordering cycles, SELinux AVC bursts, firewalld zone drift, and kernel taint flags. Triage with:

cat /proc/sys/kernel/tainted
systemd-analyze critical-chain
ausearch -m AVC -ts today | tail
firewall-cmd --get-active-zones
dnf history list --reverse | head

View all oracle-linux-8 tutorials on the Tutorials Hub →

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

Primary reference: Oracle Bug 29501190. Useful manual pages on Oracle Linux 8:

man dnf
man dnf.conf
man systemctl
man journalctl
man firewall-cmd
man semanage
man audit2allow
man grubby

Other resources: Oracle Linux 8 Administrator’s Guide at docs.oracle.com, the upstream Red Hat CVE database at access.redhat.com/security/cve, the Oracle Ksplice known-fixes feed, and /usr/share/doc/Error:/ for component-specific notes implicated in Error: " mcelog service does not support this processor ".