Actions
Bug #11285
closed
Kernel crash on ALTQ-enabled wg interfaces
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
WireGuard
Target version:
-
Start date:
01/22/2021
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Force Exclusion
Affected Version:
2.5.0
Affected Architecture:
Description
If you create a traffic shaper queue on the assigned wg* interface,
any WireGuard manipulation (add peer / delete instance etc.) crashes the kernel:
Fatal trap 18: integer divide fault while in kernel mode
cpuid = 0; apic id = 00
instruction pointer = 0x20:0xffffffff80e9b445
stack pointer = 0x28:0xfffffe001d0f46f0
frame pointer = 0x28:0xfffffe001d0f4730
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 83075 (ifconfig)
trap number = 18
panic: integer divide fault
cpuid = 0
time = 1611313941
KDB: enter: panic
panic.txt0600002414002531425 7130 ustarrootwheelinteger divide faultversion.txt0600006214002531425 7525 ustarrootwheelFreeBSD 12.2-STABLE 738c68d5bed(devel-12) pfSense
Shaper:
<shaper>
<queue>
<interface>opt1</interface>
<name>opt1</name>
<scheduler>CODELQ</scheduler>
<bandwidth>10</bandwidth>
<bandwidthtype>Mb</bandwidthtype>
<enabled>on</enabled>
</queue>
<queue>
<interface>opt3</interface>
<name>opt3</name>
<scheduler>CBQ</scheduler>
<bandwidth>10</bandwidth>
<bandwidthtype>Mb</bandwidthtype>
<enabled>on</enabled>
<queue>
<interface>opt3</interface>
<priority>1</priority>
<name>q1</name>
<bandwidth>5</bandwidth>
<bandwidthtype>Mb</bandwidthtype>
<enabled>on</enabled>
<default>default</default>
</queue>
</queue>
</shaper>
pf rules:
# grep wg /tmp/rules.debug
WG0 = "{ wg0 }"
WireGuard = "{ wg }"
GWWG0_WGV4 = " route-to ( wg0 10.2.2.2 ) "
altq on wg0 cbq bandwidth 10Mb queue { q1 }
queue q1 on wg0 bandwidth 5Mb priority 1 cbq ( default )
nat on $WG0 inet6 from <tonatsubnets> to any port 500 -> (wg0) static-port
nat on $WG0 inet6 from <tonatsubnets> to any -> (wg0) port 1024:65535
pass out route-to ( wg0 10.2.2.2 ) from 10.2.2.2 to !10.2.2.0/24 tracker 1000008012 keep state allow-opts label "let out anything from firewall host itself"
pass on { vtnet1 vtnet0 vtnet2 wg0 enc0 openvpn } inet proto tcp from any to any tracker 1608041165 flags S/SA keep state label "USER_RULE"
pass in quick on $WG0 reply-to ( wg0 10.2.2.2 ) inet proto tcp from any to any tracker 1611315819 flags S/SA keep state queue (q1) label "USER_RULE"
Files
Related issues
Updated by Viktor Gurov almost 4 years ago
- Subject changed from Kerne crashl on ALTQ-enabled wg interfaces to Kernel crash on ALTQ-enabled wg interfaces
Updated by Jim Pingle almost 4 years ago
- Related to Todo #11280: Add WireGuard to ALTQ list added
Updated by Jim Pingle almost 4 years ago
- Assignee set to Peter Grehan
- Priority changed from High to Low
- Target version set to CE-Next
Moving ahead, no time to address this one for now. Reverted the change allowing ALTQ to be used with WireGuard for now.
Updated by Jim Pingle almost 4 years ago
That doesn't look like the same issue, the backtrace is a quite a bit different despite both mentioning CBQ. They could be related, but they aren't close enough that I'd call them the same yet.
Updated by Jim Pingle over 3 years ago
- Target version changed from CE-Next to Future
Updated by Christian McDonald almost 3 years ago
- Status changed from New to Closed
- Assignee deleted (
Peter Grehan) - Priority changed from Low to Normal
- Target version deleted (
Future) - Release Notes changed from Default to Force Exclusion
The current validation logic in traffic shaper prevents enabling traffic shaping on tun_wgN interfaces built by the WireGuard package, so this isn't directly an issue users can even hit now (if it is even still an issue anyways).
Actions