Kernel module sends infinite netlink messages on v0.0.20180802

Matt Layher mdlayher at
Thu Aug 9 05:54:36 CEST 2018

I can confirm that this is fixed for me as of latest master:

$ dmesg | grep wireguard
[   50.396241] wireguard: module verification failed: signature and/or 
required key missing - tainting kernel
[   50.396675] wireguard: WireGuard 0.0.20180802-11-gc6505ee loaded. See for information.
[   50.396675] wireguard: Copyright (C) 2015-2018 Jason A. Donenfeld 
<Jason at>. All Rights Reserved.

$ sudo ip link add dev wg0 type wireguard

$ sudo ./wgnlbug -n 2
before: wg0
  after: wg0
- peer: ZoJIpwr1iel/9emt2bNlnHhvasjZdmUD6v92Ry8z1Ro=: 0 IPs
- peer: y84s8m/91ryGV8tTQbycauYcukCjrAG1B8vx44BsxWM=: 511 IPs

$ sudo wg show
interface: wg0

peer: ZoJIpwr1iel/9emt2bNlnHhvasjZdmUD6v92Ry8z1Ro=
   allowed ips: (none)

peer: y84s8m/91ryGV8tTQbycauYcukCjrAG1B8vx44BsxWM=
   allowed ips: 2001:db8::1ff/128, 2001:db8::1fe/128, ...

Thanks for the quick patch.  I started with a pretty naive approach on 
my netlink message chunking implementation, but I'm glad I was able to 
help find a problem that way.

I'll be sure to report anything else I find, but at this point, I think 
I'm feature-complete for both userspace and kernel APIs.

- Matt

On 08/08/2018 10:20 PM, Jason A. Donenfeld wrote:
> On Wed, Aug 8, 2018 at 5:30 PM Matt Layher <mdlayher at> wrote:
>> Excellent! That's much more concise.
> Let me know if this fixes it for you, and please do keep messing with
> weird cases to see if you can find more bugs. I really appreciate you
> finding this.

More information about the WireGuard mailing list