* Core Update 140/141 (testing) report
@ 2020-02-09 17:54 Peter Müller
2020-02-09 18:36 ` Tom Rymes
0 siblings, 1 reply; 2+ messages in thread
From: Peter Müller @ 2020-02-09 17:54 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 12407 bytes --]
Hello development folks,
upcoming Core Update 140/141 (testing, see: https://blog.ipfire.org/post/ipfire-2-25-core-update-141-is-available-for-testing)
is running here for about 24 hours by now without any unexpected behaviour so far.
Due to some connectivity issues, updating Add-Ons after installing Core Update 141
required manual interaction, but should not be a problem for people in general.
I noticed these log entries during the upgrade procedure (and am not sure what they mean
and/or if we should worry about them):
> Feb 8 15:56:58 maverick kernel: <27>udevd[536]: specified group 'input' unknown
> Feb 8 15:56:58 maverick kernel: <27>udevd[536]: specified group 'render' unknown
> Feb 8 15:56:58 maverick kernel: <27>udevd[536]: specified group 'kvm' unknown
Updating Suricata seemed to delay the kernel messages we observed for a while by
about two hours, but eventually, this kind of thing continues to happen:
> Feb 8 17:20:23 maverick kernel: refcount_t: increment on 0; use-after-free.
> Feb 8 17:20:23 maverick kernel: ------------[ cut here ]------------
> Feb 8 17:20:23 maverick kernel: WARNING: CPU: 0 PID: 16125 at lib/refcount.c:153 refcount_inc.cold.12+0x13/0x16
> Feb 8 17:20:23 maverick kernel: Modules linked in: chacha20_x86_64 chacha20_generic poly1305_x86_64 poly1305_generic chacha20poly1305 esp4 xfrm6_mode_tunnel xfrm4_mode_tunnel tun xt_owner xt_connmark act_mirred act_connmark cls_u32 ifb sch_ingress xt_layer7 xt_length cls_fw sch_htb nfnetlink_queue xt_NFQUEUE ipt_MASQUERADE nf_nat_masquerade_ipv4 pppoe pppox ppp_generic slhc 8021q garp cpufreq_conservative cpufreq_ondemand xt_geoip(O) xt_connlimit xt_multiport xt_hashlimit xt_mark xt_policy xt_TCPMSS nf_nat_irc nf_conntrack_irc nf_nat_tftp nf_conntrack_tftp xt_CT xt_helper nf_nat_ftp nf_conntrack_ftp xt_conntrack xt_comment ipt_REJECT nf_reject_ipv4 nf_log_ipv4 nf_log_common xt_LOG xt_limit iptable_raw iptable_mangle iptable_filter vfat fat sch_fq_codel snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic intel_powerclamp
> Feb 8 17:20:23 maverick kernel: coretemp i2c_algo_bit fb_sys_fops syscopyarea sysfillrect kvm_intel sysimgblt snd_hda_intel snd_hda_codec iTCO_wdt kvm iTCO_vendor_support snd_hda_core snd_hwdep snd_pcm irqbypass crct10dif_pclmul crc32_pclmul snd_timer mcs7830 lpc_ich pcspkr snd i2c_i801 r8169 mfd_core ghash_clmulni_intel usbnet mii soundcore i2c_hid rfkill_gpio i2c_core rfkill pcc_cpufreq intel_int0002_vgpio lp parport_pc parport video
> Feb 8 17:20:23 maverick kernel: CPU: 0 PID: 16125 Comm: W-Q0 Tainted: G O 4.14.154-ipfire #1
> Feb 8 17:20:23 maverick kernel: Hardware name: Gigabyte Technology Co., Ltd. Default string/N3150ND3V, BIOS F5a 01/19/2018
> Feb 8 17:20:23 maverick kernel: task: ffff9f73b92c4b00 task.stack: ffffa5cdc0508000
> Feb 8 17:20:23 maverick kernel: RIP: 0010:refcount_inc.cold.12+0x13/0x16
> Feb 8 17:20:23 maverick kernel: RSP: 0018:ffffa5cdc050b798 EFLAGS: 00010246
> Feb 8 17:20:23 maverick kernel: RAX: 000000000000002b RBX: ffff9f73b9f08b00 RCX: 0000000000000000
> Feb 8 17:20:23 maverick kernel: RDX: 0000000000000000 RSI: ffff9f73bfc163f8 RDI: ffff9f73bfc163f8
> Feb 8 17:20:23 maverick kernel: RBP: ffffffffad29f250 R08: 000000000000003c R09: 000000000000040c
> Feb 8 17:20:23 maverick kernel: R10: 0000000000000000 R11: 0000000000000001 R12: ffff9f73b7fa1500
> Feb 8 17:20:23 maverick kernel: R13: ffffffffad8c3c80 R14: ffffffffc061a3e0 R15: 0000000000008003
> Feb 8 17:20:23 maverick kernel: FS: 0000720182012700(0000) GS:ffff9f73bfc00000(0000) knlGS:0000000000000000
> Feb 8 17:20:23 maverick kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> Feb 8 17:20:23 maverick kernel: CR2: 000073681f301180 CR3: 0000000179c3c000 CR4: 00000000001006f0
> Feb 8 17:20:23 maverick kernel: Call Trace:
> Feb 8 17:20:23 maverick kernel: nf_queue_entry_get_refs+0x41/0x90
> Feb 8 17:20:23 maverick kernel: nf_queue+0xef/0x1e0
> Feb 8 17:20:23 maverick kernel: nf_hook_slow+0x69/0xc0
> Feb 8 17:20:23 maverick kernel: __ip_local_out+0xe4/0x150
> Feb 8 17:20:23 maverick kernel: ? ip_forward_options.cold.7+0x27/0x27
> Feb 8 17:20:23 maverick kernel: xfrm_output_resume+0x21e/0x540
> Feb 8 17:20:23 maverick kernel: ? ipv4_confirm+0x3f/0xd0
> Feb 8 17:20:23 maverick kernel: xfrm4_output+0x3a/0xe0
> Feb 8 17:20:23 maverick kernel: ? xfrm4_udp_encap_rcv+0x1a0/0x1a0
> Feb 8 17:20:23 maverick kernel: nf_reinject+0x153/0x190
> Feb 8 17:20:23 maverick kernel: nfqnl_recv_verdict+0x293/0x4a0 [nfnetlink_queue]
> Feb 8 17:20:23 maverick kernel: ? nla_parse+0xb5/0xe0
> Feb 8 17:20:23 maverick kernel: nfnetlink_rcv_msg+0x14e/0x260
> Feb 8 17:20:23 maverick kernel: ? nfnetlink_net_exit_batch+0x60/0x60
> Feb 8 17:20:23 maverick kernel: netlink_rcv_skb+0x78/0x150
> Feb 8 17:20:23 maverick kernel: nfnetlink_rcv+0x70/0x760
> Feb 8 17:20:23 maverick kernel: ? __slab_free+0x138/0x2d0
> Feb 8 17:20:23 maverick kernel: ? __netlink_lookup+0xe1/0x140
> Feb 8 17:20:23 maverick kernel: netlink_unicast+0x183/0x230
> Feb 8 17:20:23 maverick kernel: netlink_sendmsg+0x204/0x3d0
> Feb 8 17:20:23 maverick kernel: sock_sendmsg+0x36/0x40
> Feb 8 17:20:23 maverick kernel: ___sys_sendmsg+0x2a7/0x300
> Feb 8 17:20:23 maverick kernel: ? netlink_recvmsg+0x398/0x460
> Feb 8 17:20:23 maverick kernel: __sys_sendmsg+0x67/0xb0
> Feb 8 17:20:23 maverick kernel: do_syscall_64+0x67/0x100
> Feb 8 17:20:23 maverick kernel: entry_SYSCALL_64_after_hwframe+0x3d/0xa2
> Feb 8 17:20:23 maverick kernel: RIP: 0033:0x720183fc25fd
> Feb 8 17:20:23 maverick kernel: RSP: 002b:000072018200ff90 EFLAGS: 00000293 ORIG_RAX: 000000000000002e
> Feb 8 17:20:23 maverick kernel: RAX: ffffffffffffffda RBX: 0000720182010060 RCX: 0000720183fc25fd
> Feb 8 17:20:23 maverick kernel: RDX: 0000000000000000 RSI: 000072018200ffd0 RDI: 0000000000000005
> Feb 8 17:20:23 maverick kernel: RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000301
> Feb 8 17:20:23 maverick kernel: R10: 0000000000000001 R11: 0000000000000293 R12: 0000000000000000
> Feb 8 17:20:23 maverick kernel: R13: 000072017c26cd98 R14: 0000000000000070 R15: 0000000000000001
> Feb 8 17:20:23 maverick kernel: Code: c0 9c a7 ad c6 05 ee be d8 00 01 e8 d7 de d7 ff 0f 0b b8 01 00 00 00 c3 48 c7 c7 18 9d a7 ad c6 05 d2 be d8 00 01 e8 bc de d7 ff <0f> 0b c3 48 c7 c7 48 9d a7 ad c6 05 bb be d8 00 01 e8 a6 de d7
> Feb 8 17:20:23 maverick kernel: ---[ end trace 3b943d85354038f6 ]---
> Feb 8 17:20:23 maverick kernel: refcount_t: underflow; use-after-free.
> Feb 8 17:20:23 maverick kernel: ------------[ cut here ]------------
> Feb 8 17:20:23 maverick kernel: WARNING: CPU: 0 PID: 16125 at lib/refcount.c:187 refcount_sub_and_test.cold.13+0x13/0x1a
> Feb 8 17:20:23 maverick kernel: Modules linked in: chacha20_x86_64 chacha20_generic poly1305_x86_64 poly1305_generic chacha20poly1305 esp4 xfrm6_mode_tunnel xfrm4_mode_tunnel tun xt_owner xt_connmark act_mirred act_connmark cls_u32 ifb sch_ingress xt_layer7 xt_length cls_fw sch_htb nfnetlink_queue xt_NFQUEUE ipt_MASQUERADE nf_nat_masquerade_ipv4 pppoe pppox ppp_generic slhc 8021q garp cpufreq_conservative cpufreq_ondemand xt_geoip(O) xt_connlimit xt_multiport xt_hashlimit xt_mark xt_policy xt_TCPMSS nf_nat_irc nf_conntrack_irc nf_nat_tftp nf_conntrack_tftp xt_CT xt_helper nf_nat_ftp nf_conntrack_ftp xt_conntrack xt_comment ipt_REJECT nf_reject_ipv4 nf_log_ipv4 nf_log_common xt_LOG xt_limit iptable_raw iptable_mangle iptable_filter vfat fat sch_fq_codel snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic intel_powerclamp
> Feb 8 17:20:23 maverick kernel: coretemp i2c_algo_bit fb_sys_fops syscopyarea sysfillrect kvm_intel sysimgblt snd_hda_intel snd_hda_codec iTCO_wdt kvm iTCO_vendor_support snd_hda_core snd_hwdep snd_pcm irqbypass crct10dif_pclmul crc32_pclmul snd_timer mcs7830 lpc_ich pcspkr snd i2c_i801 r8169 mfd_core ghash_clmulni_intel usbnet mii soundcore i2c_hid rfkill_gpio i2c_core rfkill pcc_cpufreq intel_int0002_vgpio lp parport_pc parport video
> Feb 8 17:20:23 maverick kernel: CPU: 0 PID: 16125 Comm: W-Q0 Tainted: G W O 4.14.154-ipfire #1
> Feb 8 17:20:23 maverick kernel: Hardware name: Gigabyte Technology Co., Ltd. Default string/N3150ND3V, BIOS F5a 01/19/2018
> Feb 8 17:20:23 maverick kernel: task: ffff9f73b92c4b00 task.stack: ffffa5cdc0508000
> Feb 8 17:20:23 maverick kernel: RIP: 0010:refcount_sub_and_test.cold.13+0x13/0x1a
> Feb 8 17:20:23 maverick kernel: RSP: 0018:ffffa5cdc050b928 EFLAGS: 00010246
> Feb 8 17:20:23 maverick kernel: RAX: 0000000000000026 RBX: 0000000000000000 RCX: 0000000000000006
> Feb 8 17:20:23 maverick kernel: RDX: 0000000000000000 RSI: 0000000000000082 RDI: ffff9f73bfc163f0
> Feb 8 17:20:23 maverick kernel: RBP: ffff9f738c4d4800 R08: 0000000000000038 R09: 0000000000000442
> Feb 8 17:20:23 maverick kernel: R10: 0000000000000000 R11: 0000000000000001 R12: ffff9f73b8b9dc80
> Feb 8 17:20:23 maverick kernel: R13: ffff9f73b961c800 R14: ffff9f73babec6c0 R15: 0000000000000000
> Feb 8 17:20:23 maverick kernel: FS: 0000720182012700(0000) GS:ffff9f73bfc00000(0000) knlGS:0000000000000000
> Feb 8 17:20:23 maverick kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> Feb 8 17:20:23 maverick kernel: CR2: 000073681f301180 CR3: 0000000179c3c000 CR4: 00000000001006f0
> Feb 8 17:20:23 maverick kernel: Call Trace:
> Feb 8 17:20:23 maverick kernel: nf_queue_entry_release_refs+0x45/0xa0
> Feb 8 17:20:23 maverick kernel: nf_reinject+0x3d/0x190
> Feb 8 17:20:23 maverick kernel: nfqnl_recv_verdict+0x293/0x4a0 [nfnetlink_queue]
> Feb 8 17:20:23 maverick kernel: ? nla_parse+0xb5/0xe0
> Feb 8 17:20:23 maverick kernel: nfnetlink_rcv_msg+0x14e/0x260
> Feb 8 17:20:23 maverick kernel: ? nfnetlink_net_exit_batch+0x60/0x60
> Feb 8 17:20:23 maverick kernel: netlink_rcv_skb+0x78/0x150
> Feb 8 17:20:23 maverick kernel: nfnetlink_rcv+0x70/0x760
> Feb 8 17:20:23 maverick kernel: ? __slab_free+0x138/0x2d0
> Feb 8 17:20:23 maverick kernel: ? __netlink_lookup+0xe1/0x140
> Feb 8 17:20:23 maverick kernel: netlink_unicast+0x183/0x230
> Feb 8 17:20:23 maverick kernel: netlink_sendmsg+0x204/0x3d0
> Feb 8 17:20:23 maverick kernel: sock_sendmsg+0x36/0x40
> Feb 8 17:20:23 maverick kernel: ___sys_sendmsg+0x2a7/0x300
> Feb 8 17:20:23 maverick kernel: ? netlink_recvmsg+0x398/0x460
> Feb 8 17:20:23 maverick kernel: __sys_sendmsg+0x67/0xb0
> Feb 8 17:20:23 maverick kernel: do_syscall_64+0x67/0x100
> Feb 8 17:20:23 maverick kernel: entry_SYSCALL_64_after_hwframe+0x3d/0xa2
> Feb 8 17:20:23 maverick kernel: RIP: 0033:0x720183fc25fd
> Feb 8 17:20:23 maverick kernel: RSP: 002b:000072018200ff90 EFLAGS: 00000293 ORIG_RAX: 000000000000002e
> Feb 8 17:20:23 maverick kernel: RAX: ffffffffffffffda RBX: 0000720182010060 RCX: 0000720183fc25fd
> Feb 8 17:20:23 maverick kernel: RDX: 0000000000000000 RSI: 000072018200ffd0 RDI: 0000000000000005
> Feb 8 17:20:23 maverick kernel: RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000301
> Feb 8 17:20:23 maverick kernel: R10: 000072017c26cdf4 R11: 0000000000000293 R12: 0000000000000000
> Feb 8 17:20:23 maverick kernel: R13: 000072017c26cd98 R14: 0000000065000070 R15: 0000000000000001
> Feb 8 17:20:23 maverick kernel: Code: 00 c3 48 c7 c7 18 9d a7 ad c6 05 d2 be d8 00 01 e8 bc de d7 ff 0f 0b c3 48 c7 c7 48 9d a7 ad c6 05 bb be d8 00 01 e8 a6 de d7 ff <0f> 0b e9 86 fe ff ff 48 c7 c7 70 9d a7 ad c6 05 a0 be d8 00 01
> Feb 8 17:20:23 maverick kernel: ---[ end trace 3b943d85354038f7 ]---
The machine boots up a little bit faster, as pledged by the release note (I love
it when a plan comes together... ;-) ) and seems to be under less but not significantly
lower IRQ load during operation. Newly introduced DNS CGI works fine with and
without DNS over TLS - let's hope the Unbound development team will improve
response times on the first mode soon.
Tested IPFire functionalities in detail:
- IPsec (N2N connections only)
- Squid (authentication enabled, using an upstream proxy)
- OpenVPN (RW connections only)
- IPS/Suricata (with Emerging Threats ruleset enabled)
- Quality of Service
- DNS (with and without DNS over TLS)
I look forward to the release of Core Update 140/141.
Thanks, and best regards,
Peter Müller
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Core Update 140/141 (testing) report
2020-02-09 17:54 Core Update 140/141 (testing) report Peter Müller
@ 2020-02-09 18:36 ` Tom Rymes
0 siblings, 0 replies; 2+ messages in thread
From: Tom Rymes @ 2020-02-09 18:36 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 539 bytes --]
I just downloaded Core 141, and all seems to have gone well. DNS was
migrated to the new setup page, and all seems to be working after some
basic testing.
However, I do not see rfkill. There is a new file /dev/rfkill, but I
receive a "Permission Denied" error when I try to execute it. Adding
execute privileges does not help.
Also, I wonder if we should add a note "DNS is configured in the Web
Interface" or similar to the setup program for anyone who is used to
configuring that in Setup and who did not get the message.
Tom
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-02-09 18:36 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-09 17:54 Core Update 140/141 (testing) report Peter Müller
2020-02-09 18:36 ` Tom Rymes
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox