public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed
From: "Peter Müller" <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: Core Update 140/141 (testing) report
Date: Sun, 09 Feb 2020 17:54:00 +0000	[thread overview]
Message-ID: <206cc60b-491b-16e0-b17a-6795f7640004@ipfire.org> (raw)

[-- Attachment #1: Type: text/plain, Size: 12407 bytes --]

Hello development folks,

upcoming Core Update 140/141 (testing, see: https://blog.ipfire.org/post/ipfire-2-25-core-update-141-is-available-for-testing)
is running here for about 24 hours by now without any unexpected behaviour so far.

Due to some connectivity issues, updating Add-Ons after installing Core Update 141
required manual interaction, but should not be a problem for people in general.

I noticed these log entries during the upgrade procedure (and am not sure what they mean
and/or if we should worry about them):
> Feb  8 15:56:58 maverick kernel: <27>udevd[536]: specified group 'input' unknown
> Feb  8 15:56:58 maverick kernel: <27>udevd[536]: specified group 'render' unknown
> Feb  8 15:56:58 maverick kernel: <27>udevd[536]: specified group 'kvm' unknown

Updating Suricata seemed to delay the kernel messages we observed for a while by
about two hours, but eventually, this kind of thing continues to happen:
> Feb  8 17:20:23 maverick kernel: refcount_t: increment on 0; use-after-free.
> Feb  8 17:20:23 maverick kernel: ------------[ cut here ]------------
> Feb  8 17:20:23 maverick kernel: WARNING: CPU: 0 PID: 16125 at lib/refcount.c:153 refcount_inc.cold.12+0x13/0x16
> Feb  8 17:20:23 maverick kernel: Modules linked in: chacha20_x86_64 chacha20_generic poly1305_x86_64 poly1305_generic chacha20poly1305 esp4 xfrm6_mode_tunnel xfrm4_mode_tunnel tun xt_owner xt_connmark act_mirred act_connmark cls_u32 ifb sch_ingress xt_layer7 xt_length cls_fw sch_htb nfnetlink_queue xt_NFQUEUE ipt_MASQUERADE nf_nat_masquerade_ipv4 pppoe pppox ppp_generic slhc 8021q garp cpufreq_conservative cpufreq_ondemand xt_geoip(O) xt_connlimit xt_multiport xt_hashlimit xt_mark xt_policy xt_TCPMSS nf_nat_irc nf_conntrack_irc nf_nat_tftp nf_conntrack_tftp xt_CT xt_helper nf_nat_ftp nf_conntrack_ftp xt_conntrack xt_comment ipt_REJECT nf_reject_ipv4 nf_log_ipv4 nf_log_common xt_LOG xt_limit iptable_raw iptable_mangle iptable_filter vfat fat sch_fq_codel snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic intel_powerclamp
> Feb  8 17:20:23 maverick kernel:  coretemp i2c_algo_bit fb_sys_fops syscopyarea sysfillrect kvm_intel sysimgblt snd_hda_intel snd_hda_codec iTCO_wdt kvm iTCO_vendor_support snd_hda_core snd_hwdep snd_pcm irqbypass crct10dif_pclmul crc32_pclmul snd_timer mcs7830 lpc_ich pcspkr snd i2c_i801 r8169 mfd_core ghash_clmulni_intel usbnet mii soundcore i2c_hid rfkill_gpio i2c_core rfkill pcc_cpufreq intel_int0002_vgpio lp parport_pc parport video
> Feb  8 17:20:23 maverick kernel: CPU: 0 PID: 16125 Comm: W-Q0 Tainted: G           O    4.14.154-ipfire #1
> Feb  8 17:20:23 maverick kernel: Hardware name: Gigabyte Technology Co., Ltd. Default string/N3150ND3V, BIOS F5a 01/19/2018
> Feb  8 17:20:23 maverick kernel: task: ffff9f73b92c4b00 task.stack: ffffa5cdc0508000
> Feb  8 17:20:23 maverick kernel: RIP: 0010:refcount_inc.cold.12+0x13/0x16
> Feb  8 17:20:23 maverick kernel: RSP: 0018:ffffa5cdc050b798 EFLAGS: 00010246
> Feb  8 17:20:23 maverick kernel: RAX: 000000000000002b RBX: ffff9f73b9f08b00 RCX: 0000000000000000
> Feb  8 17:20:23 maverick kernel: RDX: 0000000000000000 RSI: ffff9f73bfc163f8 RDI: ffff9f73bfc163f8
> Feb  8 17:20:23 maverick kernel: RBP: ffffffffad29f250 R08: 000000000000003c R09: 000000000000040c
> Feb  8 17:20:23 maverick kernel: R10: 0000000000000000 R11: 0000000000000001 R12: ffff9f73b7fa1500
> Feb  8 17:20:23 maverick kernel: R13: ffffffffad8c3c80 R14: ffffffffc061a3e0 R15: 0000000000008003
> Feb  8 17:20:23 maverick kernel: FS:  0000720182012700(0000) GS:ffff9f73bfc00000(0000) knlGS:0000000000000000
> Feb  8 17:20:23 maverick kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> Feb  8 17:20:23 maverick kernel: CR2: 000073681f301180 CR3: 0000000179c3c000 CR4: 00000000001006f0
> Feb  8 17:20:23 maverick kernel: Call Trace:
> Feb  8 17:20:23 maverick kernel:  nf_queue_entry_get_refs+0x41/0x90
> Feb  8 17:20:23 maverick kernel:  nf_queue+0xef/0x1e0
> Feb  8 17:20:23 maverick kernel:  nf_hook_slow+0x69/0xc0
> Feb  8 17:20:23 maverick kernel:  __ip_local_out+0xe4/0x150
> Feb  8 17:20:23 maverick kernel:  ? ip_forward_options.cold.7+0x27/0x27
> Feb  8 17:20:23 maverick kernel:  xfrm_output_resume+0x21e/0x540
> Feb  8 17:20:23 maverick kernel:  ? ipv4_confirm+0x3f/0xd0
> Feb  8 17:20:23 maverick kernel:  xfrm4_output+0x3a/0xe0
> Feb  8 17:20:23 maverick kernel:  ? xfrm4_udp_encap_rcv+0x1a0/0x1a0
> Feb  8 17:20:23 maverick kernel:  nf_reinject+0x153/0x190
> Feb  8 17:20:23 maverick kernel:  nfqnl_recv_verdict+0x293/0x4a0 [nfnetlink_queue]
> Feb  8 17:20:23 maverick kernel:  ? nla_parse+0xb5/0xe0
> Feb  8 17:20:23 maverick kernel:  nfnetlink_rcv_msg+0x14e/0x260
> Feb  8 17:20:23 maverick kernel:  ? nfnetlink_net_exit_batch+0x60/0x60
> Feb  8 17:20:23 maverick kernel:  netlink_rcv_skb+0x78/0x150
> Feb  8 17:20:23 maverick kernel:  nfnetlink_rcv+0x70/0x760
> Feb  8 17:20:23 maverick kernel:  ? __slab_free+0x138/0x2d0
> Feb  8 17:20:23 maverick kernel:  ? __netlink_lookup+0xe1/0x140
> Feb  8 17:20:23 maverick kernel:  netlink_unicast+0x183/0x230
> Feb  8 17:20:23 maverick kernel:  netlink_sendmsg+0x204/0x3d0
> Feb  8 17:20:23 maverick kernel:  sock_sendmsg+0x36/0x40
> Feb  8 17:20:23 maverick kernel:  ___sys_sendmsg+0x2a7/0x300
> Feb  8 17:20:23 maverick kernel:  ? netlink_recvmsg+0x398/0x460
> Feb  8 17:20:23 maverick kernel:  __sys_sendmsg+0x67/0xb0
> Feb  8 17:20:23 maverick kernel:  do_syscall_64+0x67/0x100
> Feb  8 17:20:23 maverick kernel:  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
> Feb  8 17:20:23 maverick kernel: RIP: 0033:0x720183fc25fd
> Feb  8 17:20:23 maverick kernel: RSP: 002b:000072018200ff90 EFLAGS: 00000293 ORIG_RAX: 000000000000002e
> Feb  8 17:20:23 maverick kernel: RAX: ffffffffffffffda RBX: 0000720182010060 RCX: 0000720183fc25fd
> Feb  8 17:20:23 maverick kernel: RDX: 0000000000000000 RSI: 000072018200ffd0 RDI: 0000000000000005
> Feb  8 17:20:23 maverick kernel: RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000301
> Feb  8 17:20:23 maverick kernel: R10: 0000000000000001 R11: 0000000000000293 R12: 0000000000000000
> Feb  8 17:20:23 maverick kernel: R13: 000072017c26cd98 R14: 0000000000000070 R15: 0000000000000001
> Feb  8 17:20:23 maverick kernel: Code: c0 9c a7 ad c6 05 ee be d8 00 01 e8 d7 de d7 ff 0f 0b b8 01 00 00 00 c3 48 c7 c7 18 9d a7 ad c6 05 d2 be d8 00 01 e8 bc de d7 ff <0f> 0b c3 48 c7 c7 48 9d a7 ad c6 05 bb be d8 00 01 e8 a6 de d7 
> Feb  8 17:20:23 maverick kernel: ---[ end trace 3b943d85354038f6 ]---
> Feb  8 17:20:23 maverick kernel: refcount_t: underflow; use-after-free.
> Feb  8 17:20:23 maverick kernel: ------------[ cut here ]------------
> Feb  8 17:20:23 maverick kernel: WARNING: CPU: 0 PID: 16125 at lib/refcount.c:187 refcount_sub_and_test.cold.13+0x13/0x1a
> Feb  8 17:20:23 maverick kernel: Modules linked in: chacha20_x86_64 chacha20_generic poly1305_x86_64 poly1305_generic chacha20poly1305 esp4 xfrm6_mode_tunnel xfrm4_mode_tunnel tun xt_owner xt_connmark act_mirred act_connmark cls_u32 ifb sch_ingress xt_layer7 xt_length cls_fw sch_htb nfnetlink_queue xt_NFQUEUE ipt_MASQUERADE nf_nat_masquerade_ipv4 pppoe pppox ppp_generic slhc 8021q garp cpufreq_conservative cpufreq_ondemand xt_geoip(O) xt_connlimit xt_multiport xt_hashlimit xt_mark xt_policy xt_TCPMSS nf_nat_irc nf_conntrack_irc nf_nat_tftp nf_conntrack_tftp xt_CT xt_helper nf_nat_ftp nf_conntrack_ftp xt_conntrack xt_comment ipt_REJECT nf_reject_ipv4 nf_log_ipv4 nf_log_common xt_LOG xt_limit iptable_raw iptable_mangle iptable_filter vfat fat sch_fq_codel snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic intel_powerclamp
> Feb  8 17:20:23 maverick kernel:  coretemp i2c_algo_bit fb_sys_fops syscopyarea sysfillrect kvm_intel sysimgblt snd_hda_intel snd_hda_codec iTCO_wdt kvm iTCO_vendor_support snd_hda_core snd_hwdep snd_pcm irqbypass crct10dif_pclmul crc32_pclmul snd_timer mcs7830 lpc_ich pcspkr snd i2c_i801 r8169 mfd_core ghash_clmulni_intel usbnet mii soundcore i2c_hid rfkill_gpio i2c_core rfkill pcc_cpufreq intel_int0002_vgpio lp parport_pc parport video
> Feb  8 17:20:23 maverick kernel: CPU: 0 PID: 16125 Comm: W-Q0 Tainted: G        W  O    4.14.154-ipfire #1
> Feb  8 17:20:23 maverick kernel: Hardware name: Gigabyte Technology Co., Ltd. Default string/N3150ND3V, BIOS F5a 01/19/2018
> Feb  8 17:20:23 maverick kernel: task: ffff9f73b92c4b00 task.stack: ffffa5cdc0508000
> Feb  8 17:20:23 maverick kernel: RIP: 0010:refcount_sub_and_test.cold.13+0x13/0x1a
> Feb  8 17:20:23 maverick kernel: RSP: 0018:ffffa5cdc050b928 EFLAGS: 00010246
> Feb  8 17:20:23 maverick kernel: RAX: 0000000000000026 RBX: 0000000000000000 RCX: 0000000000000006
> Feb  8 17:20:23 maverick kernel: RDX: 0000000000000000 RSI: 0000000000000082 RDI: ffff9f73bfc163f0
> Feb  8 17:20:23 maverick kernel: RBP: ffff9f738c4d4800 R08: 0000000000000038 R09: 0000000000000442
> Feb  8 17:20:23 maverick kernel: R10: 0000000000000000 R11: 0000000000000001 R12: ffff9f73b8b9dc80
> Feb  8 17:20:23 maverick kernel: R13: ffff9f73b961c800 R14: ffff9f73babec6c0 R15: 0000000000000000
> Feb  8 17:20:23 maverick kernel: FS:  0000720182012700(0000) GS:ffff9f73bfc00000(0000) knlGS:0000000000000000
> Feb  8 17:20:23 maverick kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> Feb  8 17:20:23 maverick kernel: CR2: 000073681f301180 CR3: 0000000179c3c000 CR4: 00000000001006f0
> Feb  8 17:20:23 maverick kernel: Call Trace:
> Feb  8 17:20:23 maverick kernel:  nf_queue_entry_release_refs+0x45/0xa0
> Feb  8 17:20:23 maverick kernel:  nf_reinject+0x3d/0x190
> Feb  8 17:20:23 maverick kernel:  nfqnl_recv_verdict+0x293/0x4a0 [nfnetlink_queue]
> Feb  8 17:20:23 maverick kernel:  ? nla_parse+0xb5/0xe0
> Feb  8 17:20:23 maverick kernel:  nfnetlink_rcv_msg+0x14e/0x260
> Feb  8 17:20:23 maverick kernel:  ? nfnetlink_net_exit_batch+0x60/0x60
> Feb  8 17:20:23 maverick kernel:  netlink_rcv_skb+0x78/0x150
> Feb  8 17:20:23 maverick kernel:  nfnetlink_rcv+0x70/0x760
> Feb  8 17:20:23 maverick kernel:  ? __slab_free+0x138/0x2d0
> Feb  8 17:20:23 maverick kernel:  ? __netlink_lookup+0xe1/0x140
> Feb  8 17:20:23 maverick kernel:  netlink_unicast+0x183/0x230
> Feb  8 17:20:23 maverick kernel:  netlink_sendmsg+0x204/0x3d0
> Feb  8 17:20:23 maverick kernel:  sock_sendmsg+0x36/0x40
> Feb  8 17:20:23 maverick kernel:  ___sys_sendmsg+0x2a7/0x300
> Feb  8 17:20:23 maverick kernel:  ? netlink_recvmsg+0x398/0x460
> Feb  8 17:20:23 maverick kernel:  __sys_sendmsg+0x67/0xb0
> Feb  8 17:20:23 maverick kernel:  do_syscall_64+0x67/0x100
> Feb  8 17:20:23 maverick kernel:  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
> Feb  8 17:20:23 maverick kernel: RIP: 0033:0x720183fc25fd
> Feb  8 17:20:23 maverick kernel: RSP: 002b:000072018200ff90 EFLAGS: 00000293 ORIG_RAX: 000000000000002e
> Feb  8 17:20:23 maverick kernel: RAX: ffffffffffffffda RBX: 0000720182010060 RCX: 0000720183fc25fd
> Feb  8 17:20:23 maverick kernel: RDX: 0000000000000000 RSI: 000072018200ffd0 RDI: 0000000000000005
> Feb  8 17:20:23 maverick kernel: RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000301
> Feb  8 17:20:23 maverick kernel: R10: 000072017c26cdf4 R11: 0000000000000293 R12: 0000000000000000
> Feb  8 17:20:23 maverick kernel: R13: 000072017c26cd98 R14: 0000000065000070 R15: 0000000000000001
> Feb  8 17:20:23 maverick kernel: Code: 00 c3 48 c7 c7 18 9d a7 ad c6 05 d2 be d8 00 01 e8 bc de d7 ff 0f 0b c3 48 c7 c7 48 9d a7 ad c6 05 bb be d8 00 01 e8 a6 de d7 ff <0f> 0b e9 86 fe ff ff 48 c7 c7 70 9d a7 ad c6 05 a0 be d8 00 01 
> Feb  8 17:20:23 maverick kernel: ---[ end trace 3b943d85354038f7 ]---

The machine boots up a little bit faster, as pledged by the release note (I love
it when a plan comes together... ;-) ) and seems to be under less but not significantly
lower IRQ load during operation. Newly introduced DNS CGI works fine with and
without DNS over TLS - let's hope the Unbound development team will improve
response times on the first mode soon.

Tested IPFire functionalities in detail:
- IPsec (N2N connections only)
- Squid (authentication enabled, using an upstream proxy)
- OpenVPN (RW connections only)
- IPS/Suricata (with Emerging Threats ruleset enabled)
- Quality of Service
- DNS (with and without DNS over TLS)

I look forward to the release of Core Update 140/141.

Thanks, and best regards,
Peter Müller

             reply	other threads:[~2020-02-09 17:54 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-02-09 17:54 Peter Müller [this message]
2020-02-09 18:36 ` Tom Rymes

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=206cc60b-491b-16e0-b17a-6795f7640004@ipfire.org \
    --to=peter.mueller@ipfire.org \
    --cc=development@lists.ipfire.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox