Chapter 4 Known Issues

Table of Contents

This chapter describes known issues for the Oracle Linux 8 release.

4.1 Installation Issues

The following are known installation issues that are reported in Oracle Linux 8.

4.1.1 ULN Registration wizard not displayed on first boot after an Oracle Linux 8 installation

On new installations of Oracle Linux 8, the ULN Registration wizard that provides you with the option to register with ULN and use Oracle Ksplice is not displayed on first boot. This behavior differs from previous Oracle Linux releases, where you were presented with the option to register with ULN and use Ksplice on the first boot after an installation.

Because this functionality is not currently available in Oracle Linux 8, Oracle recommends that you register your system with ULN and opt to use Ksplice after completing the installation. For instructions on registering with ULN, visit https://linux.oracle.com/.

(Bug ID 29933974)

4.1.2 Syslog Error: Failed to insert module 'ip_tables': Operation not permitted

During an Oracle Linux 8 installation, the following message is observed in /var/log/messages:systemd log:

1]: Failed to insert module 'ip_tables': Operation not permitted

This error can be safely ignored, as the ip_tables kernel module subsequently loads successfully, as shown in the output of the following command:

# grep IPTABLES /boot/config*
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP6_NF_IPTABLES=m
#
# modinfo ip_tables
filename:      
/lib/modules/4.18.0-32.el8.x86_64/kernel/net/ipv4/netfilter/ip_tables.ko.xz
alias:          ipt_icmp
description:    IPv4 packet filter
author:         Netfilter Core Team <coreteam@netfilter.org>
license:        GPL
rhelversion:    8.0
srcversion:     3967C875058C2EE2475C9C2
depends:        
retpoline:      Y
intree:         Y
name:           ip_tables
vermagic:       4.18.0-32.el8.x86_64 SMP mod_unload modversions
sig_id:         PKCS#7
signer:        
sig_key:        
sig_hashalgo:   md4
signature:      30:82:02:59:06:09:2A:86:48:86:F7:0D:01:07:02:A0:82:02:4A:30:
82:02:46:02:01:01:31:0D:30:0B:06:09:60:86:48:01:65:03:04:02:
01:30:0B:06:09:2A:86:48:86:F7:0D:01:07:01:31:82:02:23:30:82:
02:1F:02:01:01:30:7A:30:62:31:22:30:20:06:03:55:04:0A:0C:19:
4F:72:61:63:6C:65:20:41:6D:65:72:69:63:61:2C:20:49:6E:63:2E:
2C:63:3D:55:53:31:19:30:17:06:03:55:04:03:0C:10:4F:72:61:63:
.
.
.

(Bug ID 29500599)

4.1.3 Graphics controller requirements for installation on an Oracle VM VirtualBox guest

A successful installation of Oracle Linux 8 on an Oracle VM VirtualBox guest, where the graphical installer is used and where the default install of the Server with GUI environment is set, requires that your Oracle VM VirtualBox guest uses the VMSVGA graphics controller and that it is configured with at least 64MB of memory. Failure to set the graphics controller correctly can result in an installation where the graphical display is unable to start correctly.

The VMSVGA graphics controller is the default controller when you create a new guest in Oracle VM VirtualBox 6.0 or later for Linux guest operating systems. This issue is more likely to appear if you attempt to install over an existing guest that was created on an earlier release of Oracle VM VirtualBox. Oracle recommends that you only attempt to install Oracle Linux 8 onto a newly created virtual machine in Oracle VM VirtualBox 6.0, or later.

(Bug ID 30004543)

4.1.4 Installation on KVM guest by using iPXE and iSCSI boot results in incorrect IQN name

After installing Oracle Linux 8 on a KVM guest by using iPXE and iSCSI boot, the SCSI Qualified Name (IQN) in the /etc/iscsi/initiatorname.iscsi file is not correct.

Note that this incorrect configuration could impact kdump functionality.

The workaround for this issue is to manually modify the /etc/iscsi/initiatorname.iscsi file with the correct IQN after the installation completes.

(Bug ID 29536715)

4.2 Oracle Linux 8 does not recognize SAS controllers on older Oracle Sun hardware

The Oracle Linux 8 installer does not recognize some Serial Attached SCSI (SAS) controllers that are found on older Oracle Sun server models. If you attempt to install Oracle Linux 8 on these server models, the installer does not recognize the local disk and the installation fails. Some examples of these older server models include but are not limited to the following: Oracle Sun Fire X4170 M2 Server, Oracle Sun Fire X4170 M3 Server, Oracle Sun OVCA X3-2 Server, and the Oracle Sun X4-2 Server.

The following SAS controllers have been removed from the mpt2sas driver in RHCK:

  • SAS2004, PCI ID 0x1000:0x0070

  • SAS2008, PCI ID 0x1000:0x0072

  • SAS2108_1, PCI ID 0x1000:0x0074

  • SAS2108_2, PCI ID 0x1000:0x0076

  • SAS2108_3, PCI ID 0x1000:0x0077

  • SAS2116_1, PCI ID 0x1000:0x0064

  • SAS2116_2, PCI ID 0x1000:0x0065

  • SSS6200, PCI ID 0x1000:0x007E

The following SAS controllers have been removed from the megaraid_sas driver in RHCK:

  • Dell PERC5, PCI ID 0x1028:0x15

  • SAS1078R, PCI ID 0x1000:0x60

  • SAS1078DE, PCI ID 0x1000:0x7C

  • SAS1064R, PCI ID 0x1000:0x411

  • VERDE_ZCR, PCI ID 0x1000:0x413

  • SAS1078GEN2, PCI ID 0x1000:0x78

  • SAS0079GEN2, PCI ID 0x1000:0x79

  • SAS0073SKINNY, PCI ID 0x1000:0x73

  • SAS0071SKINNY, PCI ID 0x1000:0x71

(Bug ID 29120478)

4.3 It is not possible to create a ULN Mirror on a local yum server on Oracle Linux 8

There is currently no tool to mirror ULN channels from ULN to a local yum server hosted on Oracle Linux 8. It is still possible to perform ULN mirroring on Oracle Linux 7 and you are capable of mirroring any Oracle Linux 8 ULN channels onto a yum server hosted on Oracle Linux 7.

If you use offline Ksplice functionality, where you require a ULN mirror to service Oracle Linux 8 hosts, Oracle recommends that you host the ULN mirror on an Oracle Linux 7 host by following the instructions in Creating and Using a Local ULN Mirror in Oracle® Linux: Unbreakable Linux Network User's Guide for Oracle Linux 6 and Oracle Linux 7 Once the system is configured as a yum server, you can subscribe it to any Oracle Linux 8 ULN channels that you wish to mirror.

More information about offline Ksplice is available in Oracle® Linux 8: Managing Software on Oracle Linux and Oracle® Linux: Ksplice User's Guide.

(Bug ID 30005125)

4.4 GPG key file location must be explicitly set when adding repositories

If you are using the dnf config-manager --add-repo command to add a repository, the command does not add the GPG key file location configuration for that repository. The result is a package installation failure; as by default, dnf enables gpgcheck, but it requires the GPG key to be set or imported.

One workaround for this issue is to run the following command to ensure that the GPG key file location is set and imported:

# rpm --import "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle"

Another workaround is to add/set the GPG key for all of the individual repository entries under /etc/yum.repos.d, for example:

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle

(Bug ID 29535274)

4.5 File System Issues

The following are known file systems issues that are reported in Oracle Linux 8.

4.5.1 ext4: File system corruption occurs when both quota and dioread_nolock options are enabled

An issue with ext4 in Oracle Linux 8 results in file system corruption if unwritten extents are converted in IO completion so that they can be merged with siblings and both the dioread_nolock and quota options are enabled. This is a corner-case issue that exists in upstream code. A proposed patch is currently under review.

(Bug ID 29688421)

4.5.2 ext4: Frequent or repeated system shutdowns can cause file system corruption

If a system that is using ext4 is repeatedly or frequently shut down, the file system might become corrupted. This issue is considered to be a corner-case due to the difficulty that is required to replicate it. The issue exists in upstream code and proposed patches are currently under review.

(Bug ID 27547113)

4.5.3 XFS: Existence of many unlinked tmp files causes file system corruption

An issue has been identified with XFS in Oracle Linux 8, where many unlinked tmp files are created, which causes file system corruption and results in the inability to recover after a system crash. This issue, the cause of which is currently unknown, has been observed when running a stress test.

(Bug ID 29682399)

4.5.4 XFS: xfs_repair interprets a slash (/) character in extended attribute name as corruption

An issue exists in Oracle Linux 8 that causes the xfs_repair utility to interpret a slash (/) character in an extended attribute name as file system corruption. The issue exists in upstream code and a proposed patch is currently under review.

(Bug ID 29680752)

4.5.5 XFS: Incorrect mkfs parameters cause file system corruption

If you run the mkfs utility and set invalid extent hints, the file system is created, but it becomes corrupted and cannot be mounted. The following error is displayed:

[18143.814821] XFS (sdb1): Failed to read root inode 0x80, error 117
mount: /mnt: mount(2) system call failed: Structure needs cleaning.

(Bug ID 29602175)

4.6 Kernel Issues

The following are known kernel issues that are reported in Oracle Linux 8.

4.6.1 KVM guests boot with "amd64_edac_mod: Unknown symbol" errors on AMD 64-bit platforms

The following repeated errors might be displayed when KVM guests are booting on AMD 64-bit systems:

[   12.474069] amd64_edac_mod: Unknown symbol amd_register_ecc_decoder (err
0)
[   12.474083] amd64_edac_mod: Unknown symbol amd_report_gart_errors (err 0)
[   12.852250] amd64_edac_mod: Unknown symbol amd_unregister_ecc_decoder (err
0)
[   12.852297] amd64_edac_mod: Unknown symbol amd_register_ecc_decoder (err
0)
.
.
.

These errors occur because the module code for the kernel erroneously returns -EEXIST for modules that failed to load and are in the process of being removed from the module list. The amd64_edac_mod module will not be loaded in a VM. These errors can be ignored, as they do not impact functionality in any way.

(Bug ID 29853602)

4.6.2 Output of modinfo does not show retpoline support

A bug in the Oracle Linux 8 code causes retropline support to not be displayed in the output of the modinfo command, even though the CONFIG_RETPOLINE flag is set to Y, for example:

# modinfo -F retpoline
/usr/lib/modules/4.18.0-80.el8.x86_64/kernel/sound/usb/usx2y/snd-usb-us122l.ko.xz
#

The CONFIG_RETPOLINE=Y flag is still required to add and display retpoline support. If the parameter is enabled, the kernel will built with a retpoline-capable compiler.

(Bug ID 29894295)

4.6.3 Kdump service fails to start on systems with Secure Boot enabled

In Oracle Linux 8, the Kdump service fails to start on systems that have Secure Boot enabled. This issue has been observed on both bare metal systems, as well as KVM guests. The following errors are reported by syslog:

Jun 24 03:12:18 vmx209-ps kdumpctl[930]: kexec_file_load failed: Required key
not available
Jun 24 03:12:18 vmx209-ps kdumpctl[930]: kexec: failed to load kdump kernel
Jun 24 03:12:18 vmx209-ps kdumpctl[930]: Starting kdump: [FAILED]
Jun 24 03:12:18 vmx209-ps systemd[1]: kdump.service: Failed with result
'exit-code'.
Jun 24 03:12:18 vmx209-ps systemd[1]: Failed to start Crash recovery kernel
arming.

If you want to use Kdump, the easiest workaround for this issue is to disable Secure Boot.

If you require Secure Boot and wish to continue to use Kdump, you can consider updating the UEFI key database for your system. The key database is used as a store for the key certificates issued by a vendor, so that signed EFI binaries can be validated when the system is operating in secure mode. To perform this update you may require physical access to the system to access the UEFI console and enroll the key there. You can use the Machine Owner Key (MOK) facility to update the UEFI Secure Boot key database and import the keys manually. The certificate keys that are used to sign each kernel are contained in the shim source packages that are used to verify the keys the kernels use.

Important

Using the MOK utility with your system may depend on server firmware implementation and configuration. Check that your server supports this before attempting to manually update signature keys used for UEFI Secure Boot. If you are unsure, do not follow the instructions provided here.

Adding certificates to the UEFI Secure Boot key database by using the MOK utility requires that you have physical access to the system so that you can complete the enrollment request at the UEFI console. If you do not have physical access to the system, do not follow the instructions that are provided here.

  1. Certificates used to sign each kernel, built by Oracle, are contained in the shim source package. You can download this package using the yumdownloader command available in the dnf-utils package:

    # dnf install -y dnf-utils
    # mkdir /tmp/shim
    # cd /tmp/shim
    # yumdownloader --source shim
  2. Extract the source package to access the Extended Validation certificate that is included as a secureboot.cer file. Use the rpm2cpio command to extract the package:

    # rpm2cpio ./shim*.rpm | cpio -idmv
  3. Use the mokutil command to request that the certificate that you have extracted from the shim package is included in the MOK list:

    # mokutil --import ./secureboot.cer

    The command prompts you to enter and confirm a password for the MOK enrollment request. You can use any password for this purpose, but you should note the password that you use, as you are prompted for it again when the system reboots.

  4. Reboot the system.

  5. The pending MOK key enrollment request is detected, and you must complete the enrollment from the UEFI console. You are prompted for the password that you set when you imported the certificate. When you have entered the correct password, the certificate is added to the MOK list and is automatically propagated to the system key ring on this boot, as well as subsequent boots.

(Bug ID 29954639)

4.6.4 Kdump runs out of memory when attempting to mount /sysroot on FC disks that use LVM

An issue in Oracle Linux 8 causes Kdump to run our of memory if you attempt to mount /sysroot on a Fibre Channel (FC) disk that uses the Logical Volume Manager (LVM). This issue is due to a lack of memory when the crashkernel loads.

To resolve the issue, you can do one of the following:

  • Override the crashkernel=auto boot option so that more memory is reserved for Kdump. For example, set the kernel boot parameter to crashkernel=512M.

  • Set the Kdump destination to a network location (NFS or SSH).

(Bug ID 29840266)

4.7 Networking Issues

The following are networking issues that might be encountered.

4.7.1 tracepath6 does not parse destination IPv6 address correctly

When running the tracepath6 command in Oracle Linux 8, the command fails to parse the destination IPv6 address correctly. As a result, the tool traces a route to the wrong host.

The workaround for this issue is to use another tool with similar capability to tracepath6.

(Bug ID 29540588)

4.7.2 Failure to insert ip_tables module

The ip_tables module fails to insert with an 'Operation not permitted' error. This issue, which is currently under investigation, can occur if SELinux is in enforcing mode. A workaround for this issue is to set SELinux to permissive mode, which can be done either temporarily by running setenforce 0, or permanently by editing the /etc/selinux/config file and then rebooting.

(Bug ID 29517166)

4.8 Restarting firewalld service results in SSH connection timeout

Restarting the firewalld service leads to an SSH connection timeout from the terminal on which the service was started, while other SSH terminals remain connected and are fine.

(Bug ID 29478124)

4.9 /var/run/rhnsd.pid file not readable after starting Spacewalk daemon

Oracle Linux 8 systems fail to read PID from /var/run/rhnsd.pid after the Spacewalk daemon starts.

The following error is reported in the /var/log/messages log:

systemd: Failed to read PID from file /var/run/rhnsd.pid: Invalid argument

This error can be safely ignored.

(Bug ID 2953130)

4.10 Error: "mcelog service does not support this processor"

An error indicating that the mcelog service does not support the processor can appear in the system log on systems with AMD processors, such as some Oracle Server hardware. The message might appear as follows:

mcelog: ERROR: AMD Processor family
23: mcelog does not support this processor.  Please use the edac_mce_amd
module instead.

The mcelog daemon is a service that is used on x86_64 platforms to log and handle hardware error messaging but is not required on AMD systems, where the edac_mce_amd kernel module handles machine exception logging. The error should be downgraded to a warning. (Bug ID 29501190)

4.11 Podman Issues

The following are known issues that are reported in Oracle Linux 8 for the Podman container management tool.

4.11.1 Executing podman attach --latest causes panic if no containers are available

If you execute podman attach --latest and no containers exist in your environment, a runtime error occurs:

# podman  attach --latest
panic: runtime error: index out of range
...

Note that as soon as there are containers in the environment, this error no longer occurs. Running the command when there are no containers is meaningless.

(Bug ID 29882537)

4.11.2 Default keystroke combination for podman detach does not work

The default keystroke combination that you use to detach a container (CTRL+Q, CTRL+P) does not work. This issue can be observed when creating a container, attaching it by using the podman attach -l command, and then attempting to quit or detach the container by using the default keystroke combination that is documented in the podman-detach manual page.

The workaround for this issue is to open a new terminal window and then kill the podman attach process.

(Bug ID 29882852)

4.11.3 Authentication error displayed when attempting to pull an image and not specifying its correct name

If you attempt to pull an image by running the podman pull image_name command, but do not specify the correct or full name of the image, an authentication error is displayed.

For example, the following error was displayed because oracle:latest was specified as the name of the image instead of oraclelinux:latest, which is the correct name for the image:

$ podman pull oracle:latest
Trying to pull registry.redhat.io/oracle:latest...Failed
Trying to pull quay.io/oracle:latest...Failed
Trying to pull docker.io/oracle:latest...Failed
error pulling image "oracle:latest": unable to pull oracle:latest: 3 errors
occurred:

* Error determining manifest MIME type for
docker://registry.redhat.io/oracle:latest: unable to retrieve auth token:
invalid username/password
* Error determining manifest MIME type for docker://quay.io/oracle:latest:
Error reading manifest latest in quay.io/oracle: error parsing HTTP 404
response body: invalid character '<' looking for beginning of value:
"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\n<title>404 Not
Found</title>\n<h1>Not Found</h1>\n<p>The requested URL was not found on the
server.  If you entered the URL manually please check your spelling and try
again.</p>\n"
* Error determining manifest MIME type for docker://oracle:latest: Error
reading manifest latest in docker.io/library/oracle: errors:
denied: requested access to the resource is denied
unauthorized: authentication required

To prevent this error from occurring, always specify the correct image name with the podman pull command.

(Bug ID 29894231)

4.11.4 Non-root user cannot export a running container as a tar archive when container is created by same non-root user

Although a non-root user can create a privileged running container, running the podman export -o tar_name.tar container_name command to export the container as a tar archive fails if it is run by the same non-root user.

If you have root access, the workaround for this issue is to create the privileged running container as the root user and also export it as the root user.

(Bug ID 29890374)

4.11.5 Oracle Container Registry is unable to service requests to search the catalog

Attempts to search for an image in the Oracle Container Registry by using the podman search command fail with an authorization error, even if you are logged into the registry:

# podman search oraclelinux
ERRO[0001] error getting search results from v2 endpoint
"container-registry.oracle.com", status code 401 (Unauthorized)
...

The issue is related to how Oracle Container Registry handles token requests for access to "/v2/_catalog". The podman search command only requests a token for ping-level access and not for catalog access.

There is currently no workaround for this issue.

(Bug ID 29942671)

4.12 SELinux: "Class bpf not defined in policy" and "Class xdp_socket not defined in policy" errors occur during a boot

Rebooting an Oracle Linux 8 system in either SELinux permissive mode or enforcing mode produces the following messages in the /var/log/messages file:

SELinux:  Class bpf not defined in policy.
SELinux:  Class xdp_socket not defined in policy.
SELinux: the above unknown classes and permissions will be allowed

These messages are displayed because no definitions currently exist for these classes in SELinux policy. Per the last line of the message, classes and permissions will be allowed by default; and therefore, the messages can be safely ignored.

(Bug ID 29502976)