netlink: 'systemd-network': attribute type 5 has an invalid length.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
systemd (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Low
|
Dan Streetman | ||
Eoan |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[impact]
systemd-networkd uses incorrect netlink attribute length for wireguard's persistent keepalive interval, which logs error messages from the kernel, and may incorrectly set the parameter.
[test case]
Only 1 Bionic VM is required to reproduce the problem:
$ lxc launch images:
$ sleep 10 # allow booting
$ lxc exec foo -- apt install -y software-
$ lxc exec foo -- add-apt-repository -y ppa:wireguard/
$ lxc exec foo -- apt install -y wireguard-tools
$ cat << EOF | lxc exec foo -- tee /etc/systemd/
# foo
[NetDev]
Name=wg0
Kind=wireguard
[WireGuard]
ListenPort=5555
PrivateKey=
[WireGuardPeer]
PublicKey=
AllowedIPs=
Endpoint=
EOF
$ cat << EOF | lxc exec foo -- tee /etc/systemd/
# foo
[Match]
Name=wg0
[Network]
Address=
EOF
$ lxc exec foo -- systemctl restart systemd-networkd
# notice the invalid length in dmesg
$ lxc exec foo -- journalctl -kn 8
-- Logs begin at Mon 2020-05-11 16:56:40 UTC, end at Mon 2020-05-11 17:03:46 UTC. --
May 11 16:58:25 foo kernel: nf_tables: (c) 2007-2009 Patrick McHardy <email address hidden>
May 11 17:01:57 foo kernel: PKCS#7 signature not signed with a trusted key
May 11 17:01:57 foo kernel: wireguard: module verification failed: signature and/or required key missing - tainting kernel
May 11 17:01:57 foo kernel: wireguard: WireGuard 1.0.20200429 loaded. See www.wireguard.com for information.
May 11 17:01:57 foo kernel: wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld <email address hidden>. All Rights Reserved.
May 11 17:01:57 foo kernel: netlink: 'systemd-network': attribute type 5 has an invalid length.
May 11 17:01:57 foo kernel: netlink: 'systemd-network': attribute type 5 has an invalid length.
May 11 17:02:23 foo kernel: netlink: 'systemd-network': attribute type 5 has an invalid length.
[regression potential]
this adjusts the length of the specific netlink parameter, so any regression would likely relate to incorrectly setting the persistent keepalive interval parameter, or failure to set the parameter.
[scope]
this is needed only for Bionic.
this was fixed upstream in commit 7d0b26a027118ca
[original description]
This morning, our 2 Bionic machine configured with the wireguard's PPA and using systemd-networkd to configure the wireguard tunnel started misbehaving. Why this started just now is unclear ATM but their dmesg was filled with this:
validate_nla: 100 callbacks suppressed
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
Folks in #systemd mentioned https:/
https:/
https:/
Focal's systemd have the above commits. Would it be possible to backport those 2 commits to Bionic?
Additional information:
# uname -a
Linux noc-eu1 4.15.0-99-generic #100-Ubuntu SMP Wed Apr 22 20:32:56 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
# apt-cache policy systemd wireguard{
systemd:
Installed: 237-3ubuntu10.39
Candidate: 237-3ubuntu10.39
Version table:
*** 237-3ubuntu10.39 500
500 http://
100 /var/lib/
237-
500 http://
237-3ubuntu10 500
500 http://
wireguard:
Installed: 1.0.20200319-
Candidate: 1.0.20200319-
Version table:
*** 1.0.20200319-
500 http://
500 http://
100 /var/lib/
wireguard-tools:
Installed: 1.0.20200319-
Candidate: 1.0.20200319-
Version table:
*** 1.0.20200319-
500 http://
100 /var/lib/
wireguard-dkms:
Installed: 1.0.20200429-
Candidate: 1.0.20200429-
Version table:
*** 1.0.20200429-
500 http://
500 http://
100 /var/lib/
Changed in systemd (Ubuntu): | |
status: | New → Fix Released |
Changed in systemd (Ubuntu Eoan): | |
status: | New → Fix Released |
Changed in systemd (Ubuntu Focal): | |
status: | New → Fix Released |
description: | updated |
Changed in systemd (Ubuntu Bionic): | |
assignee: | nobody → Dan Streetman (ddstreet) |
importance: | Undecided → Low |
status: | New → In Progress |
Here is a strace of systemd-networkd when it was consuming 100% CPU: https:/ /paste. ubuntu. com/p/2XwxWwW99 q/