From: "dxiri@xirihosting.com" <dxiri@xirihosting.com>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: "WireGuard mailing list" <wireguard@lists.zx2c4.com>,
"ElRepo" <contact@elrepo.org>
Subject: Re: Kernel Panic after updating Kernel
Date: Thu, 18 Jun 2020 00:31:30 -0400 (EDT) [thread overview]
Message-ID: <1592454690.22771558@webmail.emailsrvr.com> (raw)
In-Reply-To: <CAHmME9oz5tt9u5S3V6JikvB3oGihXR5rcZTLvcjxNu4qnvWCOw@mail.gmail.com>
-----Original Message-----
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Sent: Wednesday, June 17, 2020 4:32am
To: "dxiri@xirihosting.com" <dxiri@xirihosting.com>
Cc: "WireGuard mailing list" <wireguard@lists.zx2c4.com>, "ElRepo" <contact@elrepo.org>
Subject: Re: Kernel Panic after updating Kernel
Hi Diego,
On Wed, Jun 17, 2020 at 2:01 AM dxiri@xirihosting.com
<dxiri@xirihosting.com> wrote:
>
> Posted this on IRC but got no response, probably this will be a better place:
>
> I updated my Centos7 server yesterday and wireguard is causing a kernel panic, wanted to know if this is a known issue?
>
> Using kernel 3.10.0-1127.10.1.el7.x86_64
>
> I Tried with 2 different repos (elrepo and Copr repo for wireguard owned by jdoss) and I have the same issue.
>
> I took a screenshot of The kernel panic and uploaded at https://imgur.com/a/Ojxeor0
>
> Another interesting bit of info is that as long as I don't move traffic trough wg0 vnic, no panic happens. I can easily trigger the panic by just doing a ping to the other VPN endpoint and I am able to reproduce this every single time.
>
> # lsmod | grep -i wire
> wireguard 200896 0
> ip6_udp_tunnel 12755 1 wireguard
> udp_tunnel 14423 1 wireguard
>
> Thanks for the help!
> Diego
Huh, that's funny -- I'm unable to reproduce the bug at all.
Does running this script crash for you?
https://salsa.debian.org/debian/wireguard-linux-compat/-/raw/debian/master/debian/tests/netns-mini
If not, could you describe your setup more and maybe some repro steps for me?
Thanks,
Jason
--------------------
Hi Jason,
Tried your script, here is the result (spoiler...no crash):
root@box [4542 22:04:00 /etc/wireguard]# bash netns-mini-test.sh
[+] ip netns add wg-test-36633-0
[+] ip netns add wg-test-36633-1
[+] ip netns add wg-test-36633-2
[+] NS0: ip link set up dev lo
[+] NS0: ip link add dev wg0 type wireguard
[+] NS0: ip link set wg0 netns wg-test-36633-1
[+] NS0: ip link add dev wg0 type wireguard
[+] NS0: ip link set wg0 netns wg-test-36633-2
[+] NS1: ip addr add 192.168.241.1/24 dev wg0
[+] NS2: ip addr add 192.168.241.2/24 dev wg0
[+] wg genkey
[+] wg genkey
[+] wg pubkey
[+] wg pubkey
[+] NS1: wg set wg0 private-key /dev/fd/63 listen-port 1 peer 0zUBih0nFOHRDzl6mBxcHaCfwX+s9sE6rLgK4f8LdiU= allowed-ips 192.168.241.2/32
[+] NS2: wg set wg0 private-key /dev/fd/63 listen-port 2 peer jBLy+DQDc21/f5z9Yfz287FB/Z9PhaXvNdMw7WDoWFM= allowed-ips 192.168.241.1/32
[+] NS1: ip link set up dev wg0
[+] NS2: ip link set up dev wg0
[+] NS2: wg set wg0 peer jBLy+DQDc21/f5z9Yfz287FB/Z9PhaXvNdMw7WDoWFM= endpoint 127.0.0.1:1
[+] NS2: ping -c 10 -f -W 1 192.168.241.1
PING 192.168.241.1 (192.168.241.1) 56(84) bytes of data.
--- 192.168.241.1 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 1ms
rtt min/avg/max/mdev = 0.054/0.159/0.884/0.243 ms, ipg/ewma 0.209/0.316 ms
[+] NS0: ip link del dev wg0
[+] NS1: ip link del dev wg0
[+] NS2: ip link del dev wg0
[+] ip netns del wg-test-36633-1
[+] ip netns del wg-test-36633-2
[+] ip netns del wg-test-36633-0
About my setup:
1) KVM hosted VM
2) Using wg-quick, followed this tutorial: https://www.stavros.io/posts/how-to-configure-wireguard/
3) CPanel v88.0.10 (as far as I know, CPanel does NOT modify stock Centos 7 kernel)
4) root@box [4545 22:07:54 /etc/wireguard]# free -m
total used free shared buff/cache available
Mem: 2363 1373 174 12 815 793
Swap: 1999 1637 362
5) root@box [4547 22:10:37 /etc/wireguard]# cat wg0.conf
[Interface]
Address = 192.168.100.101/28
PrivateKey = 0000000xxxxxxxpjdlkkljkljalkjlkjl=
ListenPort = 11555
[Peer]
PublicKey = djkjadlkjlkjkldjlkjaslkjadlk=
AllowedIPs = 192.168.100.100/32
Endpoint = 1.1.1.1:11555
6) Yum operations trigger a lot of exclutions for elrepo, but nothing seems wireguard related:
Loaded plugins: changelog, elrepo, fastestmirror, priorities, tsflags, universal-hooks
Loading mirror speeds from cached hostfile
* EA4: 208.100.0.204
* cpanel-addons-production-feed: 208.100.0.204
* cpanel-plugins: 208.100.0.204
* elrepo: elrepo.0m3n.net
* epel: mirror.csis.ysu.edu
[elrepo]: excluding package: kmod-3c59x-0.0-3.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-8188eu-4.1.4_6773.20130222-4.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-8188eu-4.1.4_6773.20130222-5.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-8188eu-5.2.2.4-1.20190907git.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-a2818-1.20-1.el7.elrepo.x86_64
[elrepo]: excluding package: kmod-a3818-1.6.0-1.el7.elrepo.x86_64
[elrepo]: excluding package: kmod-a3818-1.6.2-1.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-aacraid-1.2.1-5.el7.elrepo.x86_64
[elrepo]: excluding package: kmod-aic7xxx-7.0-3.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-ar5523-0.0-8.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-ar5523-0.0-9.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-ath5k-0.0-12.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-cassini-1.6-2.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-cciss-3.6.26-5.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-cciss-3.6.26-6.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-cciss-3.6.26-7.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-drbd84-8.4.11-1.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-drbd84-8.4.11-1.1.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-drbd90-9.0.14-1.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-drbd90-9.0.16-1.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-drbd90-9.0.20-1.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-e100-3.5.24-3.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-ecryptfs-0.1-1.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-forcedeth-0.64-3.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-fpga-mgr-0.0-1.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-hfs-0.0-4.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-hfsplus-0.0-5.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-i2c-i801-0.0-4.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-i2c-i801-0.0-5.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-i2c-i801-0.0-6.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-ixgb-1.0.135-4.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-ixgbe-5.5.5-1.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-ixgbe-5.6.3-1.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-ixgbe-5.6.3-2.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-joydev-0.0-4.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-mt7601u-4.14.108-1.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-mt7601u-4.14.108-2.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-nct6775-0.0-4.20180327git.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-nct6775-0.0-5.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-ne2k-pci-1.03-4.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-netatop-0.3-4.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-netatop-2.0-1.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-niu-1.1-2.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-nvidia-440.44-1.el7_7.elrepo.x86_64
[elrepo]: excluding package: nvidia-x11-drv-libs-440.44-1.el7_7.elrepo.x86_64
[elrepo]: excluding package: nvidia-x11-drv-libs-440.44-1.el7_7.elrepo.i686
[elrepo]: excluding package: nvidia-x11-drv-440.44-1.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-nvidia-440.59-1.el7_7.elrepo.x86_64
[elrepo]: excluding package: nvidia-x11-drv-libs-440.59-1.el7_7.elrepo.x86_64
[elrepo]: excluding package: nvidia-x11-drv-440.59-1.el7_7.elrepo.x86_64
[elrepo]: excluding package: nvidia-x11-drv-libs-440.59-1.el7_7.elrepo.i686
[elrepo]: excluding package: kmod-nvidia-440.64-1.el7_7.elrepo.x86_64
[elrepo]: excluding package: nvidia-x11-drv-libs-440.64-1.el7_7.elrepo.x86_64
[elrepo]: excluding package: nvidia-x11-drv-libs-440.64-1.el7_7.elrepo.i686
[elrepo]: excluding package: nvidia-x11-drv-440.64-1.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-nvidia-340xx-340.107-2.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-nvidia-340xx-340.107-3.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-nvidia-390xx-390.116-1.el7_6.elrepo.x86_64
[elrepo]: excluding package: nvidia-x11-drv-390xx-390.116-1.el7_6.elrepo.x86_64
[elrepo]: excluding package: nvidia-x11-drv-390xx-libs-390.116-1.el7_6.elrepo.x86_64
[elrepo]: excluding package: nvidia-x11-drv-390xx-libs-390.116-1.el7_6.elrepo.i686
[elrepo]: excluding package: kmod-nvidia-390xx-390.116-2.el7_7.elrepo.x86_64
[elrepo]: excluding package: nvidia-x11-drv-390xx-libs-390.116-2.el7_7.elrepo.i686
[elrepo]: excluding package: nvidia-x11-drv-390xx-390.116-2.el7_7.elrepo.x86_64
[elrepo]: excluding package: nvidia-x11-drv-390xx-libs-390.116-2.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-r8168-8.046.00-1.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-r8168-8.047.04-1.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-r8168-8.047.05-1.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-r8168-8.048.00-1.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-r8169-6.020.00-3.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-r8822be-0.0-1.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-reiserfs-0.0-3.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-rr62x-1.2-3.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-rr64xl-1.4.0-1.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-rtl8812au-5.3.4-1.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-sis190-1.4-1.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-sis900-1.08.10-2.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-sym53c8xx-0.0-4.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-tpe-2.0.3-6.20170731git.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-tpe-2.0.4-1.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-typhoon-1.0-3.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-usbip-1.0.1-2.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-usbip-1.0.1-3.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-usbip-1.0.1-4.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-via-rhine-1.5.1-3.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-via-velocity-1.15-2.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-xpad-0.0.6-7.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-xpad-0.0.6-8.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-xpad-0.0.6-9.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-zd1211rw-1.0-6.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-zd1211rw-1.0-7.el7_7.elrepo.x86_64
178 packages excluded due to repository priority protections
7) I have another VM with another service provider and have the exact same issue after updating. This other VM has a free version of CPanel called DNSONLY, if you care to install to take a shot at reproducing: https://docs.cpanel.net/installation-guide/cpanel-dnsonly-installation/
Any other info you need feel free to ask :)
Thanks!
Diego
next prev parent reply other threads:[~2020-06-18 4:31 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-15 19:30 Kernel Panic after updating Kernel dxiri
2020-06-17 8:32 ` Jason A. Donenfeld
2020-06-18 4:31 ` dxiri [this message]
2020-06-18 5:53 ` Jason A. Donenfeld
2020-06-18 16:48 ` Jean-Denis Girard
2020-06-18 19:27 ` Jason A. Donenfeld
2020-06-18 19:48 ` Jason A. Donenfeld
2020-06-18 20:10 ` Jean-Denis Girard
2020-06-18 20:11 ` Jason A. Donenfeld
2020-06-19 6:58 ` Jean-Dens Girard
2020-06-19 7:38 ` Jason A. Donenfeld
2020-06-27 1:26 ` Jean-Denis Girard
[not found] ` <975a5f77-5c7e-dcfe-6bbe-d4b6e2c5e379@53c70r.de>
2020-06-21 12:57 ` Silvan Nagl
2020-06-18 11:02 ` Phil Perry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1592454690.22771558@webmail.emailsrvr.com \
--to=dxiri@xirihosting.com \
--cc=Jason@zx2c4.com \
--cc=contact@elrepo.org \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.