2020-05-06 17:08:33 |
Simon Déziel |
bug |
|
|
added bug |
2020-05-06 18:22:57 |
Balint Reczey |
nominated for series |
|
Ubuntu Eoan |
|
2020-05-06 18:22:57 |
Balint Reczey |
bug task added |
|
systemd (Ubuntu Eoan) |
|
2020-05-06 18:22:57 |
Balint Reczey |
nominated for series |
|
Ubuntu Focal |
|
2020-05-06 18:22:57 |
Balint Reczey |
bug task added |
|
systemd (Ubuntu Focal) |
|
2020-05-06 18:22:57 |
Balint Reczey |
nominated for series |
|
Ubuntu Bionic |
|
2020-05-06 18:22:57 |
Balint Reczey |
bug task added |
|
systemd (Ubuntu Bionic) |
|
2020-05-06 18:23:12 |
Balint Reczey |
systemd (Ubuntu): status |
New |
Fix Released |
|
2020-05-06 18:23:17 |
Balint Reczey |
systemd (Ubuntu Eoan): status |
New |
Fix Released |
|
2020-05-06 18:23:21 |
Balint Reczey |
systemd (Ubuntu Focal): status |
New |
Fix Released |
|
2020-05-07 18:31:16 |
Dan Streetman |
bug |
|
|
added subscriber Dan Streetman |
2020-05-09 13:03:03 |
Dan Streetman |
description |
This morning, our 2 Bionic machine configured with the wireguard's PPA and using systemd-networkd to configure the wireguard tunnel started misbehaving. Why this started just now is unclear ATM but their dmesg was filled with this:
validate_nla: 100 callbacks suppressed
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
Folks in #systemd mentioned https://github.com/systemd/systemd/issues/11575 which points to 2 commits missing from Bionic's systemd version:
https://github.com/systemd/systemd/commit/7d0b26a027118ca063780421cb31c74e9d2664ee
https://github.com/systemd/systemd/commit/624a47694cad4c87b2e807c32db656f3e9d679c5
Focal's systemd have the above commits. Would it be possible to backport those 2 commits to Bionic?
Additional information:
# uname -a
Linux noc-eu1 4.15.0-99-generic #100-Ubuntu SMP Wed Apr 22 20:32:56 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
# apt-cache policy systemd wireguard{,-tools,-dkms}
systemd:
Installed: 237-3ubuntu10.39
Candidate: 237-3ubuntu10.39
Version table:
*** 237-3ubuntu10.39 500
500 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
100 /var/lib/dpkg/status
237-3ubuntu10.38 500
500 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages
237-3ubuntu10 500
500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages
wireguard:
Installed: 1.0.20200319-1ubuntu1~18.04
Candidate: 1.0.20200319-1ubuntu1~18.04
Version table:
*** 1.0.20200319-1ubuntu1~18.04 500
500 http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic/main amd64 Packages
500 http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic/main i386 Packages
100 /var/lib/dpkg/status
wireguard-tools:
Installed: 1.0.20200319-1ubuntu1~18.04
Candidate: 1.0.20200319-1ubuntu1~18.04
Version table:
*** 1.0.20200319-1ubuntu1~18.04 500
500 http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic/main amd64 Packages
100 /var/lib/dpkg/status
wireguard-dkms:
Installed: 1.0.20200429-2~18.04
Candidate: 1.0.20200429-2~18.04
Version table:
*** 1.0.20200429-2~18.04 500
500 http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic/main amd64 Packages
500 http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic/main i386 Packages
100 /var/lib/dpkg/status |
[impact]
systemd-networkd uses incorrect netlink attribute length for wireguard's persistent keepalive interval, which logs error messages from the kernel, and may incorrectly set the parameter.
[test case]
TBD
[regression potential]
this adjusts the length of the specific netlink parameter, so any regression would likely relate to incorrectly setting the persistent keepalive interval parameter, or failure to set the parameter.
[scope]
this is needed only for Bionic.
this was fixed upstream in commit 7d0b26a027118ca063780421cb31c74e9d2664ee which was first included in v240, so this is fixed in Eoan and later. Xenial does not include support for wireguard, so this does not apply there.
[original description]
This morning, our 2 Bionic machine configured with the wireguard's PPA and using systemd-networkd to configure the wireguard tunnel started misbehaving. Why this started just now is unclear ATM but their dmesg was filled with this:
validate_nla: 100 callbacks suppressed
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
Folks in #systemd mentioned https://github.com/systemd/systemd/issues/11575 which points to 2 commits missing from Bionic's systemd version:
https://github.com/systemd/systemd/commit/7d0b26a027118ca063780421cb31c74e9d2664ee
https://github.com/systemd/systemd/commit/624a47694cad4c87b2e807c32db656f3e9d679c5
Focal's systemd have the above commits. Would it be possible to backport those 2 commits to Bionic?
Additional information:
# uname -a
Linux noc-eu1 4.15.0-99-generic #100-Ubuntu SMP Wed Apr 22 20:32:56 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
# apt-cache policy systemd wireguard{,-tools,-dkms}
systemd:
Installed: 237-3ubuntu10.39
Candidate: 237-3ubuntu10.39
Version table:
*** 237-3ubuntu10.39 500
500 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
100 /var/lib/dpkg/status
237-3ubuntu10.38 500
500 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages
237-3ubuntu10 500
500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages
wireguard:
Installed: 1.0.20200319-1ubuntu1~18.04
Candidate: 1.0.20200319-1ubuntu1~18.04
Version table:
*** 1.0.20200319-1ubuntu1~18.04 500
500 http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic/main amd64 Packages
500 http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic/main i386 Packages
100 /var/lib/dpkg/status
wireguard-tools:
Installed: 1.0.20200319-1ubuntu1~18.04
Candidate: 1.0.20200319-1ubuntu1~18.04
Version table:
*** 1.0.20200319-1ubuntu1~18.04 500
500 http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic/main amd64 Packages
100 /var/lib/dpkg/status
wireguard-dkms:
Installed: 1.0.20200429-2~18.04
Candidate: 1.0.20200429-2~18.04
Version table:
*** 1.0.20200429-2~18.04 500
500 http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic/main amd64 Packages
500 http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic/main i386 Packages
100 /var/lib/dpkg/status |
|
2020-05-09 13:03:09 |
Dan Streetman |
systemd (Ubuntu Bionic): assignee |
|
Dan Streetman (ddstreet) |
|
2020-05-09 13:03:11 |
Dan Streetman |
systemd (Ubuntu Bionic): importance |
Undecided |
Low |
|
2020-05-09 13:03:13 |
Dan Streetman |
systemd (Ubuntu Bionic): status |
New |
In Progress |
|
2020-05-11 17:10:12 |
Simon Déziel |
description |
[impact]
systemd-networkd uses incorrect netlink attribute length for wireguard's persistent keepalive interval, which logs error messages from the kernel, and may incorrectly set the parameter.
[test case]
TBD
[regression potential]
this adjusts the length of the specific netlink parameter, so any regression would likely relate to incorrectly setting the persistent keepalive interval parameter, or failure to set the parameter.
[scope]
this is needed only for Bionic.
this was fixed upstream in commit 7d0b26a027118ca063780421cb31c74e9d2664ee which was first included in v240, so this is fixed in Eoan and later. Xenial does not include support for wireguard, so this does not apply there.
[original description]
This morning, our 2 Bionic machine configured with the wireguard's PPA and using systemd-networkd to configure the wireguard tunnel started misbehaving. Why this started just now is unclear ATM but their dmesg was filled with this:
validate_nla: 100 callbacks suppressed
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
Folks in #systemd mentioned https://github.com/systemd/systemd/issues/11575 which points to 2 commits missing from Bionic's systemd version:
https://github.com/systemd/systemd/commit/7d0b26a027118ca063780421cb31c74e9d2664ee
https://github.com/systemd/systemd/commit/624a47694cad4c87b2e807c32db656f3e9d679c5
Focal's systemd have the above commits. Would it be possible to backport those 2 commits to Bionic?
Additional information:
# uname -a
Linux noc-eu1 4.15.0-99-generic #100-Ubuntu SMP Wed Apr 22 20:32:56 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
# apt-cache policy systemd wireguard{,-tools,-dkms}
systemd:
Installed: 237-3ubuntu10.39
Candidate: 237-3ubuntu10.39
Version table:
*** 237-3ubuntu10.39 500
500 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
100 /var/lib/dpkg/status
237-3ubuntu10.38 500
500 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages
237-3ubuntu10 500
500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages
wireguard:
Installed: 1.0.20200319-1ubuntu1~18.04
Candidate: 1.0.20200319-1ubuntu1~18.04
Version table:
*** 1.0.20200319-1ubuntu1~18.04 500
500 http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic/main amd64 Packages
500 http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic/main i386 Packages
100 /var/lib/dpkg/status
wireguard-tools:
Installed: 1.0.20200319-1ubuntu1~18.04
Candidate: 1.0.20200319-1ubuntu1~18.04
Version table:
*** 1.0.20200319-1ubuntu1~18.04 500
500 http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic/main amd64 Packages
100 /var/lib/dpkg/status
wireguard-dkms:
Installed: 1.0.20200429-2~18.04
Candidate: 1.0.20200429-2~18.04
Version table:
*** 1.0.20200429-2~18.04 500
500 http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic/main amd64 Packages
500 http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic/main i386 Packages
100 /var/lib/dpkg/status |
[impact]
systemd-networkd uses incorrect netlink attribute length for wireguard's persistent keepalive interval, which logs error messages from the kernel, and may incorrectly set the parameter.
[test case]
Only 1 Bionic VM is required to reproduce the problem:
$ lxc launch images:ubuntu/bionic --vm -c security.secureboot=false foo
$ sleep 10 # allow booting
$ lxc exec foo -- apt install -y software-properties-common
$ lxc exec foo -- add-apt-repository -y ppa:wireguard/wireguard
$ lxc exec foo -- apt install -y wireguard-tools
$ cat << EOF | lxc exec foo -- tee /etc/systemd/network/wg0.netdev
# foo
[NetDev]
Name=wg0
Kind=wireguard
[WireGuard]
ListenPort=5555
PrivateKey=cBkljQSKhtEe/U8GZmCAk2MBbKWL4TLC9PVtbMFyCVQ=
[WireGuardPeer]
PublicKey=emfIuZ3hZ+AnWIrKex/EqCp2mfzip8AxJu6RuweyRGc=
AllowedIPs=192.168.255.2
Endpoint=bar.lxd:5555
EOF
$ cat << EOF | lxc exec foo -- tee /etc/systemd/network/wg0.network
# foo
[Match]
Name=wg0
[Network]
Address=192.168.255.1/24
EOF
$ lxc exec foo -- systemctl restart systemd-networkd
# notice the invalid length in dmesg
$ lxc exec foo -- journalctl -kn 8
-- Logs begin at Mon 2020-05-11 16:56:40 UTC, end at Mon 2020-05-11 17:03:46 UTC. --
May 11 16:58:25 foo kernel: nf_tables: (c) 2007-2009 Patrick McHardy <kaber@trash.net>
May 11 17:01:57 foo kernel: PKCS#7 signature not signed with a trusted key
May 11 17:01:57 foo kernel: wireguard: module verification failed: signature and/or required key missing - tainting kernel
May 11 17:01:57 foo kernel: wireguard: WireGuard 1.0.20200429 loaded. See www.wireguard.com for information.
May 11 17:01:57 foo kernel: wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
May 11 17:01:57 foo kernel: netlink: 'systemd-network': attribute type 5 has an invalid length.
May 11 17:01:57 foo kernel: netlink: 'systemd-network': attribute type 5 has an invalid length.
May 11 17:02:23 foo kernel: netlink: 'systemd-network': attribute type 5 has an invalid length.
[regression potential]
this adjusts the length of the specific netlink parameter, so any regression would likely relate to incorrectly setting the persistent keepalive interval parameter, or failure to set the parameter.
[scope]
this is needed only for Bionic.
this was fixed upstream in commit 7d0b26a027118ca063780421cb31c74e9d2664ee which was first included in v240, so this is fixed in Eoan and later. Xenial does not include support for wireguard, so this does not apply there.
[original description]
This morning, our 2 Bionic machine configured with the wireguard's PPA and using systemd-networkd to configure the wireguard tunnel started misbehaving. Why this started just now is unclear ATM but their dmesg was filled with this:
validate_nla: 100 callbacks suppressed
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
netlink: 'systemd-network': attribute type 5 has an invalid length.
Folks in #systemd mentioned https://github.com/systemd/systemd/issues/11575 which points to 2 commits missing from Bionic's systemd version:
https://github.com/systemd/systemd/commit/7d0b26a027118ca063780421cb31c74e9d2664ee
https://github.com/systemd/systemd/commit/624a47694cad4c87b2e807c32db656f3e9d679c5
Focal's systemd have the above commits. Would it be possible to backport those 2 commits to Bionic?
Additional information:
# uname -a
Linux noc-eu1 4.15.0-99-generic #100-Ubuntu SMP Wed Apr 22 20:32:56 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
# apt-cache policy systemd wireguard{,-tools,-dkms}
systemd:
Installed: 237-3ubuntu10.39
Candidate: 237-3ubuntu10.39
Version table:
*** 237-3ubuntu10.39 500
500 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
100 /var/lib/dpkg/status
237-3ubuntu10.38 500
500 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages
237-3ubuntu10 500
500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages
wireguard:
Installed: 1.0.20200319-1ubuntu1~18.04
Candidate: 1.0.20200319-1ubuntu1~18.04
Version table:
*** 1.0.20200319-1ubuntu1~18.04 500
500 http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic/main amd64 Packages
500 http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic/main i386 Packages
100 /var/lib/dpkg/status
wireguard-tools:
Installed: 1.0.20200319-1ubuntu1~18.04
Candidate: 1.0.20200319-1ubuntu1~18.04
Version table:
*** 1.0.20200319-1ubuntu1~18.04 500
500 http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic/main amd64 Packages
100 /var/lib/dpkg/status
wireguard-dkms:
Installed: 1.0.20200429-2~18.04
Candidate: 1.0.20200429-2~18.04
Version table:
*** 1.0.20200429-2~18.04 500
500 http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic/main amd64 Packages
500 http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic/main i386 Packages
100 /var/lib/dpkg/status |
|
2020-05-14 20:36:44 |
Brian Murray |
systemd (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
2020-05-14 20:36:47 |
Brian Murray |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2020-05-14 20:36:49 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
2020-05-14 20:36:54 |
Brian Murray |
tags |
|
verification-needed verification-needed-bionic |
|
2020-05-19 18:43:33 |
Simon Déziel |
tags |
verification-needed verification-needed-bionic |
verification-done verification-done-bionic |
|
2020-05-25 08:17:27 |
Launchpad Janitor |
systemd (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
2020-05-25 08:17:48 |
Łukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|