Kernel Panic after updating Kernel

dxiri at dxiri at
Thu Jun 18 06:31:30 CEST 2020

-----Original Message-----
From: "Jason A. Donenfeld" <Jason at>
Sent: Wednesday, June 17, 2020 4:32am
To: "dxiri at" <dxiri at>
Cc: "WireGuard mailing list" <wireguard at>, "ElRepo" <contact at>
Subject: Re: Kernel Panic after updating Kernel

Hi Diego,

On Wed, Jun 17, 2020 at 2:01 AM dxiri at
<dxiri at> wrote:
> Posted this on IRC but got no response, probably this will be a better place:
> I updated my Centos7 server yesterday and wireguard is causing a kernel panic, wanted to know if this is a known issue?
> Using kernel 3.10.0-1127.10.1.el7.x86_64
> I Tried with 2 different repos (elrepo and Copr repo for wireguard owned by jdoss) and I have the same issue.
> I took a screenshot of The kernel panic and uploaded at
> Another interesting bit of info is that as long as I don't move traffic trough wg0 vnic, no panic happens. I can easily trigger the panic by just doing a ping to the other VPN endpoint and I am able to reproduce this every single time.
> # lsmod | grep -i wire
> wireguard             200896  0
> ip6_udp_tunnel         12755  1 wireguard
> udp_tunnel             14423  1 wireguard
> Thanks for the help!
> Diego

Huh, that's funny -- I'm unable to reproduce the bug at all.

Does running this script crash for you?

If not, could you describe your setup more and maybe some repro steps for me?



Hi Jason, 

Tried your script, here is the result ( crash):

root at box [4542 22:04:00 /etc/wireguard]# bash
[+] ip netns add wg-test-36633-0
[+] ip netns add wg-test-36633-1
[+] ip netns add wg-test-36633-2
[+] NS0: ip link set up dev lo
[+] NS0: ip link add dev wg0 type wireguard
[+] NS0: ip link set wg0 netns wg-test-36633-1
[+] NS0: ip link add dev wg0 type wireguard
[+] NS0: ip link set wg0 netns wg-test-36633-2
[+] NS1: ip addr add dev wg0
[+] NS2: ip addr add dev wg0
[+] wg genkey
[+] wg genkey
[+] wg pubkey
[+] wg pubkey
[+] NS1: wg set wg0 private-key /dev/fd/63 listen-port 1 peer 0zUBih0nFOHRDzl6mBxcHaCfwX+s9sE6rLgK4f8LdiU= allowed-ips
[+] NS2: wg set wg0 private-key /dev/fd/63 listen-port 2 peer jBLy+DQDc21/f5z9Yfz287FB/Z9PhaXvNdMw7WDoWFM= allowed-ips
[+] NS1: ip link set up dev wg0
[+] NS2: ip link set up dev wg0
[+] NS2: wg set wg0 peer jBLy+DQDc21/f5z9Yfz287FB/Z9PhaXvNdMw7WDoWFM= endpoint
[+] NS2: ping -c 10 -f -W 1
PING ( 56(84) bytes of data.

--- ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 1ms
rtt min/avg/max/mdev = 0.054/0.159/0.884/0.243 ms, ipg/ewma 0.209/0.316 ms
[+] NS0: ip link del dev wg0
[+] NS1: ip link del dev wg0
[+] NS2: ip link del dev wg0
[+] ip netns del wg-test-36633-1
[+] ip netns del wg-test-36633-2
[+] ip netns del wg-test-36633-0

About my setup:

1) KVM hosted VM
2) Using wg-quick, followed this tutorial:
3) CPanel v88.0.10 (as far as I know, CPanel does NOT modify stock Centos 7 kernel)

4) root at box [4545 22:07:54 /etc/wireguard]# free -m
              total        used        free      shared  buff/cache   available
Mem:           2363        1373         174          12         815         793
Swap:          1999        1637         362

5) root at box [4547 22:10:37 /etc/wireguard]# cat wg0.conf
Address =
PrivateKey = 0000000xxxxxxxpjdlkkljkljalkjlkjl=
ListenPort = 11555

PublicKey = djkjadlkjlkjkldjlkjaslkjadlk=
AllowedIPs =
Endpoint =

6) Yum operations trigger a lot of exclutions for elrepo, but nothing seems wireguard related:

Loaded plugins: changelog, elrepo, fastestmirror, priorities, tsflags, universal-hooks
Loading mirror speeds from cached hostfile
 * EA4:
 * cpanel-addons-production-feed:
 * cpanel-plugins:
 * elrepo:
 * epel:
[elrepo]: excluding package: kmod-3c59x-0.0-3.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-8188eu-4.1.4_6773.20130222-4.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-8188eu-4.1.4_6773.20130222-5.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-8188eu-
[elrepo]: excluding package: kmod-a2818-1.20-1.el7.elrepo.x86_64
[elrepo]: excluding package: kmod-a3818-1.6.0-1.el7.elrepo.x86_64
[elrepo]: excluding package: kmod-a3818-1.6.2-1.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-aacraid-1.2.1-5.el7.elrepo.x86_64
[elrepo]: excluding package: kmod-aic7xxx-7.0-3.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-ar5523-0.0-8.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-ar5523-0.0-9.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-ath5k-0.0-12.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-cassini-1.6-2.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-cciss-3.6.26-5.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-cciss-3.6.26-6.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-cciss-3.6.26-7.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-drbd84-8.4.11-1.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-drbd84-8.4.11-1.1.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-drbd90-9.0.14-1.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-drbd90-9.0.16-1.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-drbd90-9.0.20-1.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-e100-3.5.24-3.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-ecryptfs-0.1-1.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-forcedeth-0.64-3.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-fpga-mgr-0.0-1.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-hfs-0.0-4.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-hfsplus-0.0-5.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-i2c-i801-0.0-4.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-i2c-i801-0.0-5.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-i2c-i801-0.0-6.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-ixgb-1.0.135-4.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-ixgbe-5.5.5-1.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-ixgbe-5.6.3-1.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-ixgbe-5.6.3-2.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-joydev-0.0-4.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-mt7601u-4.14.108-1.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-mt7601u-4.14.108-2.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-nct6775-0.0-4.20180327git.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-nct6775-0.0-5.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-ne2k-pci-1.03-4.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-netatop-0.3-4.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-netatop-2.0-1.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-niu-1.1-2.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-nvidia-440.44-1.el7_7.elrepo.x86_64
[elrepo]: excluding package: nvidia-x11-drv-libs-440.44-1.el7_7.elrepo.x86_64
[elrepo]: excluding package: nvidia-x11-drv-libs-440.44-1.el7_7.elrepo.i686
[elrepo]: excluding package: nvidia-x11-drv-440.44-1.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-nvidia-440.59-1.el7_7.elrepo.x86_64
[elrepo]: excluding package: nvidia-x11-drv-libs-440.59-1.el7_7.elrepo.x86_64
[elrepo]: excluding package: nvidia-x11-drv-440.59-1.el7_7.elrepo.x86_64
[elrepo]: excluding package: nvidia-x11-drv-libs-440.59-1.el7_7.elrepo.i686
[elrepo]: excluding package: kmod-nvidia-440.64-1.el7_7.elrepo.x86_64
[elrepo]: excluding package: nvidia-x11-drv-libs-440.64-1.el7_7.elrepo.x86_64
[elrepo]: excluding package: nvidia-x11-drv-libs-440.64-1.el7_7.elrepo.i686
[elrepo]: excluding package: nvidia-x11-drv-440.64-1.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-nvidia-340xx-340.107-2.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-nvidia-340xx-340.107-3.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-nvidia-390xx-390.116-1.el7_6.elrepo.x86_64
[elrepo]: excluding package: nvidia-x11-drv-390xx-390.116-1.el7_6.elrepo.x86_64
[elrepo]: excluding package: nvidia-x11-drv-390xx-libs-390.116-1.el7_6.elrepo.x86_64
[elrepo]: excluding package: nvidia-x11-drv-390xx-libs-390.116-1.el7_6.elrepo.i686
[elrepo]: excluding package: kmod-nvidia-390xx-390.116-2.el7_7.elrepo.x86_64
[elrepo]: excluding package: nvidia-x11-drv-390xx-libs-390.116-2.el7_7.elrepo.i686
[elrepo]: excluding package: nvidia-x11-drv-390xx-390.116-2.el7_7.elrepo.x86_64
[elrepo]: excluding package: nvidia-x11-drv-390xx-libs-390.116-2.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-r8168-8.046.00-1.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-r8168-8.047.04-1.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-r8168-8.047.05-1.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-r8168-8.048.00-1.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-r8169-6.020.00-3.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-r8822be-0.0-1.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-reiserfs-0.0-3.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-rr62x-1.2-3.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-rr64xl-1.4.0-1.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-rtl8812au-5.3.4-1.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-sis190-1.4-1.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-sis900-1.08.10-2.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-sym53c8xx-0.0-4.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-tpe-2.0.3-6.20170731git.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-tpe-2.0.4-1.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-typhoon-1.0-3.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-usbip-1.0.1-2.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-usbip-1.0.1-3.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-usbip-1.0.1-4.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-via-rhine-1.5.1-3.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-via-velocity-1.15-2.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-xpad-0.0.6-7.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-xpad-0.0.6-8.el7_6.elrepo.x86_64
[elrepo]: excluding package: kmod-xpad-0.0.6-9.el7_7.elrepo.x86_64
[elrepo]: excluding package: kmod-zd1211rw-1.0-6.el7_5.elrepo.x86_64
[elrepo]: excluding package: kmod-zd1211rw-1.0-7.el7_7.elrepo.x86_64
178 packages excluded due to repository priority protections

7) I have another VM with another service provider and have the exact same issue after updating. This other VM has a free version of CPanel called DNSONLY, if you care to install to take a shot at reproducing:

Any other info you need feel free to ask :)


More information about the WireGuard mailing list