Crashes in wg_allowedips_insert_X

mikma.wg at lists.m7n.se mikma.wg at lists.m7n.se
Sun Mar 31 22:22:40 CEST 2019 

Hello list,

I'm experiencing crashes in wg_allowedips_insert_v4 and 
wg_allowedips_insert_v6 in the wireguard kernel module. It happens both 
with the current snapshot (0.0.20190227-wg1~bionic) and the current git 
master (65e1f283). It seems to be caused by commit 20a230b3 (allowedips: 
maintain per-peer list of allowedips), since I can't trigger the bug(s) 
after reverting that commit.

I have attached a dmesg dump of one general protection fault, and 
included two scripts below which triggers the bug(s). I am running 
Ubuntu 18.04 x86_64 with mainline linux 5.0.5 from 
https://kernel.ubuntu.com/~kernel-ppa/mainline.

/Mikma

#!/bin/sh

name=wgtest
key="pUZ1gXtFRRNeJFcBx2cGLELdeJTA00nTdQMuHjMYI2E="

ips="
0.0.0.0/0
10.0.0.0/8
100.64.0.0/10
172.16.0.0/12
192.168.0.0/16
"

allowed_ips=$(echo $ips | tr ' ' ',')

ip l add $name type wireguard
wg set $name peer $key allowed-ips $allowed_ips
wg set $name peer $key allowed-ips '0.0.0.0/0'


#!/bin/sh

name=wgtest
key="pUZ1gXtFRRNeJFcBx2cGLELdeJTA00nTdQMuHjMYI2E="

ips="
::/0
17e5:9cdb:34ce:1800::/111
5000::/4
eb3f:fbec:5000::/37
9730:9636:d403:e000::/75
"

allowed_ips=$(echo $ips | tr ' ' ',')

ip l add $name type wireguard
wg set $name peer $key allowed-ips $allowed_ips
wg set $name peer $key allowed-ips '::/0'

-------------- next part --------------
[   47.508485] wireguard: loading out-of-tree module taints kernel.
[   47.508591] wireguard: module verification failed: signature and/or required key missing - tainting kernel
[   47.511058] wireguard: WireGuard 0.0.20190227 loaded. See www.wireguard.com for information.
[   47.511059] wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld <Jason at zx2c4.com>. All Rights Reserved.
[   47.517456] general protection fault: 0000 [#1] SMP PTI
[   47.517545] CPU: 0 PID: 1278 Comm: wg Tainted: G           OE     5.0.5-050005-generic #201903271212
[   47.517639] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
[   47.517750] RIP: 0010:wg_allowedips_insert_v4+0x298/0x3c0 [wireguard]
[   47.517845] Code: 00 00 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d c3 48 89 d9 48 8b 41 38 48 8b 71 30 48 8d 51 30 4c 89 31 49 81 c6 20 06 00 00 <48> 89 46 08 48 89 30 49 8b 46 08 49 89 56 08 4c 89 71 30 48 89 41
[   47.518043] RSP: 0018:ffffa9acc08579f0 EFLAGS: 00010282
[   47.518131] RAX: dead000000000200 RBX: ffff8d949378a340 RCX: ffff8d949378a340
[   47.518190] RDX: ffff8d949378a370 RSI: dead000000000100 RDI: 00000000ffffffff
[   47.518283] RBP: ffffa9acc0857a30 R08: ffff8d9494f9ad08 R09: 0000000000000003
[   47.518376] R10: 3a2caa423744a024 R11: cea45abfb35c5be3 R12: 0000000000000000
[   47.518472] R13: 0000000000000000 R14: ffff8d9493eb7e20 R15: ffff8d9494f9acf0
[   47.518580] FS:  00007f44a28c7740(0000) GS:ffff8d949f200000(0000) knlGS:0000000000000000
[   47.518690] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   47.518780] CR2: 00007ffed57ee0a0 CR3: 00000000137ba004 CR4: 00000000003606f0
[   47.518907] Call Trace:
[   47.519055]  set_peer+0x3b7/0x4c0 [wireguard]
[   47.519148]  wg_set_device+0x2e9/0x4c0 [wireguard]
[   47.519243]  genl_family_rcv_msg+0x1d8/0x410
[   47.519334]  genl_rcv_msg+0x4c/0x93
[   47.519424]  ? _cond_resched+0x19/0x30
[   47.519511]  ? genl_family_rcv_msg+0x410/0x410
[   47.519598]  netlink_rcv_skb+0x4f/0x120
[   47.519699]  genl_rcv+0x28/0x40
[   47.519794]  netlink_unicast+0x1a1/0x260
[   47.519864]  netlink_sendmsg+0x20d/0x3c0
[   47.519881]  sock_sendmsg+0x3e/0x50
[   47.519931]  __sys_sendto+0x114/0x1a0
[   47.520019]  ? __sys_recvmsg+0x59/0xa0
[   47.520103]  __x64_sys_sendto+0x28/0x30
[   47.520193]  do_syscall_64+0x5a/0x110
[   47.520280]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   47.520371] RIP: 0033:0x7f44a21d7da7
[   47.520457] Code: 64 89 02 48 c7 c0 ff ff ff ff eb b6 0f 1f 80 00 00 00 00 48 8d 05 61 db 2c 00 41 89 ca 8b 00 85 c0 75 18 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 79 f3 c3 0f 1f 80 00 00 00 00 41 57 41 56 4d
[   47.520654] RSP: 002b:00007ffed5728f18 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   47.520787] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f44a21d7da7
[   47.520892] RDX: 0000000000000074 RSI: 000055c70f110450 RDI: 0000000000000003
[   47.520985] RBP: 000055c70f110450 R08: 00007f44a24a99e0 R09: 000000000000000c
[   47.521077] R10: 0000000000000000 R11: 0000000000000246 R12: 000055c70f1104a8
[   47.521170] R13: 0000000000000000 R14: 0000000000000000 R15: 000055c70f110260
[   47.521285] Modules linked in: wireguard(OE) ip6_udp_tunnel udp_tunnel binfmt_misc veth btrfs zstd_compress xor raid6_pq ebtable_filter ebtables ip6table_nat nf_nat_ipv6 ip6table_filter ip6_tables xt_CHECKSUM xt_comment xt_tcpudp iptable_nat nf_nat_ipv4 nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c iptable_mangle iptable_filter bpfilter bridge stp llc snd_hda_codec_generic ledtrig_audio crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 crypto_simd cryptd snd_hda_intel glue_helper snd_hda_codec snd_hda_core snd_hwdep joydev input_leds serio_raw snd_pcm snd_timer snd soundcore mac_hid qemu_fw_cfg sch_fq_codel ip_tables x_tables autofs4 hid_generic usbhid hid qxl ttm drm_kms_helper psmouse syscopyarea sysfillrect sysimgblt virtio_blk virtio_net net_failover failover i2c_piix4 fb_sys_fops drm ide_pci_generic piix ide_core pata_acpi floppy
[   47.525391] ---[ end trace 9401d15dc3071a94 ]---
[   47.526207] RIP: 0010:wg_allowedips_insert_v4+0x298/0x3c0 [wireguard]
[   47.526982] Code: 00 00 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d c3 48 89 d9 48 8b 41 38 48 8b 71 30 48 8d 51 30 4c 89 31 49 81 c6 20 06 00 00 <48> 89 46 08 48 89 30 49 8b 46 08 49 89 56 08 4c 89 71 30 48 89 41
[   47.528526] RSP: 0018:ffffa9acc08579f0 EFLAGS: 00010282
[   47.529268] RAX: dead000000000200 RBX: ffff8d949378a340 RCX: ffff8d949378a340
[   47.530015] RDX: ffff8d949378a370 RSI: dead000000000100 RDI: 00000000ffffffff
[   47.530759] RBP: ffffa9acc0857a30 R08: ffff8d9494f9ad08 R09: 0000000000000003
[   47.531568] R10: 3a2caa423744a024 R11: cea45abfb35c5be3 R12: 0000000000000000
[   47.532310] R13: 0000000000000000 R14: ffff8d9493eb7e20 R15: ffff8d9494f9acf0
[   47.533031] FS:  00007f44a28c7740(0000) GS:ffff8d949f200000(0000) knlGS:0000000000000000
[   47.533783] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   47.534529] CR2: 00007ffed57ee0a0 CR3: 00000000137ba004 CR4: 00000000003606f0

More information about the WireGuard mailing list