Bug#808374: linux-image-3.16.0-4-686-pae: FreeRADIUS EAP-TLS stopped working when kernel was updated
Package: src:linux
Version: 3.16.7-ckt20-1+deb8u1
Severity: important
Dear Maintainer,
After updating the kernel with the latest security release FreeRADIUS
seem to be unable to process the UDP packets it is receiving. As you
can see in this strace there's some error occuring with the recvfrom()
that is triggered by the incoming packet. Downgrading the kernel to
linux-image-3.16.0-4-686-pae:i386 3.16.7-ckt11-1+deb8u6 makes it work
again.
This is a i686 domU on a X86_64 XEN host if that matters.
When using current kernel:
execve("/usr/sbin/freeradius", ["freeradius", "-s"], [/* 21 vars */]) = 0
brk(0) = 0x9e47000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or
directory)
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xb77c5000
mmap2(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xb77c2000
[...]
select(10, [4 6 7 8 9], NULL, NULL, NULL) = 1 (in [6])
recvfrom(6, 0xbf9909c8, 4, 2, 0xbf990948, 0xbf990944) = -1 EAGAIN
(Resource temporarily unavailable)
select(10, [4 6 7 8 9], NULL, NULL, NULL) = 1 (in [6])
recvfrom(6, 0xbf9909c8, 4, 2, 0xbf990948, 0xbf990944) = -1 EAGAIN
(Resource temporarily unavailable)
select(10, [4 6 7 8 9], NULL, NULL, NULL) = 1 (in [6])
recvfrom(6, 0xbf9909c8, 4, 2, 0xbf990948, 0xbf990944) = -1 EAGAIN
(Resource temporarily unavailable)
select(10, [4 6 7 8 9], NULL, NULL, NULL) = ? ERESTARTNOHAND (To be
restarted if no handler)
--- SIGINT {si_signo=SIGINT, si_code=SI_KERNEL,
si_value={int=1851877730, ptr=0x6e616962}} ---
exit_group(2) = ?
+++ exited with 2 +++
When using the linux-image-3.16.0-4-686-pae:i386 3.16.7-ckt11-1+deb8u6
kernel - which is working:
select(10, [4 6 7 8 9], NULL, NULL, NULL) = 1 (in [6])
recvfrom(6, "\1\f\0\244", 4, MSG_PEEK, {sa_family=AF_INET,
sin_port=htons(39163), sin_addr=inet_addr("192.168.20.25")}, [16]) = 4
getsockname(6, {sa_family=AF_INET, sin_port=htons(1812),
sin_addr=inet_addr("0.0.0.0")}, [16]) = 0
recvfrom(6, "\1\f\0\244", 4, MSG_PEEK, {sa_family=AF_INET,
sin_port=htons(39163), sin_addr=inet_addr("192.168.20.25")}, [16]) = 4
getsockname(6, {sa_family=AF_INET, sin_port=htons(1812),
sin_addr=inet_addr("0.0.0.0")}, [16]) = 0
recvmsg(6, {msg_name(16)={sa_family=AF_INET, sin_port=htons(39163),
sin_addr=inet_addr("192.168.20.25")},
msg_iov(1)=[{"\1\f\0\244_\7\317Y\232\343U\306\6
\\\312\31\2775\315\1\10nobody\4\6\300\250"..., 164}], msg_controllen=24,
{cmsg_len=24, cmsg_level=SOL_IP, cmsg_type=, ...}, msg_flags=0}, 0) = 164
I don't have any clue as to what change has caused the problem though..
/Andreas Sundstrom
-- Package-specific info:
** Version:
Linux version 3.16.0-4-686-pae (debian-kernel@lists.debian.org) (gcc
version 4.8.4 (Debian 4.8.4-1) ) #1 SMP Debian 3.16.7-ckt20-1+deb8u1
(2015-12-14)
** Command line:
root=UUID=4692e988-b453-4884-bbf0-43c29565b821 ro quiet
** Not tainted
** Kernel log:
[ 1.558784] xenbus_probe_frontend: Device with no driver:
device/vbd/51760
[ 1.558785] xenbus_probe_frontend: Device with no driver:
device/vbd/51776
[ 1.558786] xenbus_probe_frontend: Device with no driver:
device/vbd/51792
[ 1.558787] xenbus_probe_frontend: Device with no driver:
device/vbd/51808
[ 1.558788] xenbus_probe_frontend: Device with no driver:
device/vbd/51824
[ 1.558789] xenbus_probe_frontend: Device with no driver:
device/vbd/51840
[ 1.558790] xenbus_probe_frontend: Device with no driver:
device/vbd/51856
[ 1.558791] xenbus_probe_frontend: Device with no driver: device/vif/0
[ 1.558871] rtc_hctosys: unable to open rtc device (rtc0)
[ 1.558896] PM: Hibernation image not present or could not be loaded.
[ 1.559264] Freeing unused kernel memory: 656K (c1671000 - c1715000)
[ 1.560167] Write protecting the kernel text: 4612k
[ 1.560455] Write protecting the kernel read-only data: 1456k
[ 1.560457] NX-protecting the kernel data: 3580k
[ 1.579136] systemd-udevd[63]: starting version 215
[ 1.579513] random: systemd-udevd urandom read with 16 bits of
entropy available
[ 1.591625] xen_netfront: Initialising Xen virtual ethernet driver
[ 1.615196] blkfront: xvda: barrier or flush: disabled; persistent
grants: enabled; indirect descriptors: enabled;
[ 1.617050] xvda: unknown partition table
[ 1.629571] blkfront: xvdc: barrier or flush: disabled; persistent
grants: enabled; indirect descriptors: enabled;
[ 1.678369] xvdc: unknown partition table
[ 1.696112] blkfront: xvdd: barrier or flush: disabled; persistent
grants: enabled; indirect descriptors: enabled;
[ 1.704598] xvdd: unknown partition table
[ 1.705035] Setting capacity to 2097152
[ 1.705039] xvdc: detected capacity change from 0 to 1073741824
[ 1.711299] blkfront: xvde: barrier or flush: disabled; persistent
grants: enabled; indirect descriptors: enabled;
[ 1.773927] xvde: unknown partition table
[ 1.781711] Setting capacity to 209715200
[ 1.781716] xvdd: detected capacity change from 0 to 107374182400
[ 1.783608] blkfront: xvdf: barrier or flush: disabled; persistent
grants: enabled; indirect descriptors: enabled;
[ 1.800883] xvdf: unknown partition table
[ 1.801931] blkfront: xvdg: barrier or flush: disabled; persistent
grants: enabled; indirect descriptors: enabled;
[ 1.814421] xvdg: unknown partition table
[ 1.815383] blkfront: xvdh: barrier or flush: disabled; persistent
grants: enabled; indirect descriptors: enabled;
[ 1.822520] xvdh: unknown partition table
[ 1.823455] blkfront: xvdi: barrier or flush: disabled; persistent
grants: enabled; indirect descriptors: enabled;
[ 1.830493] xvdi: unknown partition table
[ 1.831470] blkfront: xvdj: barrier or flush: disabled; persistent
grants: enabled; indirect descriptors: enabled;
[ 1.847090] xvdj: unknown partition table
[ 1.847326] Setting capacity to 83886080
[ 1.847330] xvde: detected capacity change from 0 to 42949672960
[ 1.847422] Setting capacity to 20971520
[ 1.847424] xvdf: detected capacity change from 0 to 10737418240
[ 1.847519] Setting capacity to 83886080
[ 1.847521] xvdg: detected capacity change from 0 to 42949672960
[ 1.847661] Setting capacity to 2097152
[ 1.847663] xvdh: detected capacity change from 0 to 1073741824
[ 1.847755] Setting capacity to 67108864
[ 1.847757] xvdi: detected capacity change from 0 to 34359738368
[ 1.847850] Setting capacity to 33554432
[ 1.847852] xvdj: detected capacity change from 0 to 17179869184
[ 1.949972] random: nonblocking pool is initialized
[ 2.649768] device-mapper: uevent: version 1.0.3
[ 2.649833] device-mapper: ioctl: 4.27.0-ioctl (2013-10-30)
initialised: dm-devel@redhat.com
[ 2.655922] PM: Starting manual resume from disk
[ 2.655926] PM: Hibernation image partition 202:112 present
[ 2.655927] PM: Looking for hibernation image.
[ 2.656098] PM: Image not found (code -22)
[ 2.656101] PM: Hibernation image not present or could not be loaded.
[ 2.759610] xvda: unknown partition table
[ 2.761420] EXT4-fs (xvda): mounting ext3 file system using the ext4
subsystem
[ 2.764077] EXT4-fs (xvda): mounted filesystem with ordered data
mode. Opts: (null)
[ 4.395050] lp: driver loaded but no devices found
[ 4.408825] ppdev: user-space parallel port driver
[ 4.515096] xen_wdt: Xen WatchDog Timer Driver v0.01
[ 4.515188] xen_wdt: initialized (timeout=60s, nowayout=0)
[ 4.606821] EXT4-fs (xvda): warning: checktime reached, running
e2fsck is recommended
[ 4.624542] EXT4-fs (xvda): re-mounted. Opts: acl
[ 4.652027] systemd-udevd[163]: starting version 215
[ 4.878829] input: PC Speaker as /devices/platform/pcspkr/input/input0
[ 5.639430] Adding 1048572k swap on /dev/xvdh. Priority:-1 extents:1
across:1048572k SSFS
[ 5.814478] xvdj: unknown partition table
[ 5.889622] EXT4-fs (xvdj): mounted filesystem with ordered data
mode. Opts: acl
[ 6.124016] xvdc: unknown partition table
[ 6.146621] EXT4-fs (xvdc): mounting ext3 file system using the ext4
subsystem
[ 6.218937] EXT4-fs (xvdc): mounted filesystem with ordered data
mode. Opts: acl
[ 6.518899] xvde: unknown partition table
[ 6.545333] EXT4-fs (xvde): mounting ext3 file system using the ext4
subsystem
[ 6.564088] xvdd: unknown partition table
[ 6.597660] xvdf: unknown partition table
[ 6.609644] EXT4-fs (xvde): mounted filesystem with ordered data
mode. Opts: acl
[ 6.642232] EXT4-fs (xvdd): mounting ext3 file system using the ext4
subsystem
[ 6.648713] EXT4-fs (xvdd): mounted filesystem with ordered data
mode. Opts: acl
[ 6.729441] EXT4-fs (xvdf): mounting ext3 file system using the ext4
subsystem
[ 6.789952] xvdg: unknown partition table
[ 6.812171] EXT4-fs (xvdf): mounted filesystem with ordered data
mode. Opts: acl
[ 6.836662] EXT4-fs (xvdg): mounting ext3 file system using the ext4
subsystem
[ 6.952555] EXT4-fs (xvdg): mounted filesystem with ordered data
mode. Opts: acl
[ 7.062239] EXT4-fs (dm-0): mounting ext3 file system using the ext4
subsystem
[ 7.089854] EXT4-fs (dm-0): mounted filesystem with ordered data
mode. Opts: acl
[ 7.145845] systemd-journald[146]: Received request to flush runtime
journal from PID 1
[ 10.766923] RPC: Registered named UNIX socket transport module.
[ 10.766927] RPC: Registered udp transport module.
[ 10.766928] RPC: Registered tcp transport module.
[ 10.766929] RPC: Registered tcp NFSv4.1 backchannel transport module.
[ 10.829170] FS-Cache: Loaded
[ 10.987715] FS-Cache: Netfs 'nfs' registered for caching
[ 11.226045] Installing knfsd (copyright (C) 1996 okir@monad.swb.de).
[ 18.399468] NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state
recovery directory
[ 18.441471] NFSD: starting 90-second grace period (net c1653fc0)
** Model information
not available
** Loaded modules:
hmac
cbc
cts
rpcsec_gss_krb5
nfsd
auth_rpcgss
oid_registry
nfs_acl
nfs
lockd
fscache
sunrpc
evdev
processor
pcspkr
thermal_sys
xen_wdt
dm_snapshot
dm_bufio
parport_pc
ppdev
lp
parport
autofs4
ext4
crc16
mbcache
jbd2
dm_mod
xen_netfront
xen_blkfront
*** Device statistics:
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed
multicast|bytes packets errs drop fifo colls carrier compressed
lo: 133720 1267 0 0 0 0 0 0
133720 1267 0 0 0 0 0 0
eth0: 53437306 41643 0 0 0 0 0 0
6487356 40361 0 0 0 0 0 0
*** Protocol statistics:
Ip:
27649 total packets received
5 with invalid addresses
0 forwarded
0 incoming packets discarded
27284 incoming packets delivered
21143 requests sent out
22 reassemblies required
11 packets reassembled ok
Icmp:
175 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
destination unreachable: 65
echo requests: 110
133 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 23
echo replies: 110
IcmpMsg:
InType3: 65
InType8: 110
OutType0: 110
OutType3: 23
Tcp:
248 active connections openings
340 passive connection openings
96 failed connection attempts
3 connection resets received
19 connections established
35139 segments received
35883 segments send out
10 segments retransmited
0 bad segments received.
130 resets sent
Udp:
4722 packets received
25 packets to unknown port received.
15 packet receive errors
4682 packets sent
InCsumErrors: 15
UdpLite:
TcpExt:
18 invalid SYN cookies received
1 resets received for embryonic SYN_RECV sockets
1 packets pruned from receive queue because of socket buffer overrun
132 TCP sockets finished time wait in fast timer
577 delayed acks sent
1 delayed acks further delayed because of locked socket
Quick ack mode was activated 11 times
10 packets directly queued to recvmsg prequeue.
638 bytes directly received in process context from prequeue
18976 packet headers predicted
2 packets header predicted and directly queued to user
1883 acknowledgments not containing data payload received
7153 predicted acknowledgments
1 times recovered from packet loss by selective acknowledgements
1 fast retransmits
1 other TCP timeouts
TCPLossProbes: 6
TCPLossProbeRecovery: 2
1 SACK retransmits failed
88 packets collapsed in receive queue due to low socket buffer
12 DSACKs sent for old packets
1 DSACKs received
2 connections reset due to early user close
TCPDSACKIgnoredNoUndo: 1
TCPSackShiftFallback: 1
TCPDeferAcceptDrop: 141
TCPRcvCoalesce: 2475
TCPOFOQueue: 2254
TCPAutoCorking: 7035
TCPWantZeroWindowAdv: 50
TCPSynRetrans: 4
TCPOrigDataSent: 18806
IpExt:
InMcastPkts: 70
OutMcastPkts: 36
InBcastPkts: 89
OutBcastPkts: 49
InOctets: 46444822
OutOctets: 2363491
InMcastOctets: 17740
OutMcastOctets: 11604
InBcastOctets: 9797
OutBcastOctets: 6917
InNoECTPkts: 29076
** PCI devices:
** USB devices:
not available
-- System Information:
Debian Release: 8.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 3.16.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages linux-image-3.16.0-4-686-pae depends on:
ii debconf [debconf-2.0] 1.5.56
ii initramfs-tools [linux-initramfs-tool] 0.120
ii kmod 18-3
ii linux-base 3.5
ii module-init-tools 18-3
Versions of packages linux-image-3.16.0-4-686-pae recommends:
ii firmware-linux-free 3.3
ii irqbalance 1.0.6-3
ii libc6-i686 2.19-18+deb8u1
Versions of packages linux-image-3.16.0-4-686-pae suggests:
pn debian-kernel-handbook <none>
ii grub-pc 2.02~beta2-22+deb8u1
pn linux-doc-3.16 <none>
Versions of packages linux-image-3.16.0-4-686-pae is related to:
pn firmware-atheros <none>
pn firmware-bnx2 <none>
pn firmware-bnx2x <none>
pn firmware-brcm80211 <none>
pn firmware-intelwimax <none>
pn firmware-ipw2x00 <none>
pn firmware-ivtv <none>
pn firmware-iwlwifi <none>
pn firmware-libertas <none>
pn firmware-linux <none>
pn firmware-linux-nonfree <none>
pn firmware-myricom <none>
pn firmware-netxen <none>
pn firmware-qlogic <none>
pn firmware-ralink <none>
pn firmware-realtek <none>
pn xen-hypervisor <none>
-- debconf information:
linux-image-3.16.0-4-686-pae/postinst/depmod-error-initrd-3.16.0-4-686-pae:
false
linux-image-3.16.0-4-686-pae/postinst/mips-initrd-3.16.0-4-686-pae:
linux-image-3.16.0-4-686-pae/prerm/removing-running-kernel-3.16.0-4-686-pae:
true
Reply to: