Re: wireguard-go on android crashes due seccomp enforcement of sys_inotify_init
Confirming the fix. Thanks again! On Mon, Dec 10, 2018 at 5:53 PM Berk D. Demir wrote: > > Thank you for this stellar stewardship. > > Will confirm fix in this thread once I get the latest build. > > On Mon, Dec 10, 2018 at 17:48 Jason A. Donenfeld wrote: >> >> Hi Berk, >> >> The fixed version should now be rolling out on the Play Store, >> probably available within an hour, and eventually in F-Droid too >> whenever their build infra kicks in. Thanks again for reporting the >> bug. >> >> Regards, >> Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: wireguard-go on android crashes due seccomp enforcement of sys_inotify_init
Thank you for this stellar stewardship. Will confirm fix in this thread once I get the latest build. On Mon, Dec 10, 2018 at 17:48 Jason A. Donenfeld wrote: > Hi Berk, > > The fixed version should now be rolling out on the Play Store, > probably available within an hour, and eventually in F-Droid too > whenever their build infra kicks in. Thanks again for reporting the > bug. > > Regards, > Jason > ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: wireguard-go on android crashes due seccomp enforcement of sys_inotify_init
Hi Berk, The fixed version should now be rolling out on the Play Store, probably available within an hour, and eventually in F-Droid too whenever their build infra kicks in. Thanks again for reporting the bug. Regards, Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: wireguard-go on android crashes due seccomp enforcement of sys_inotify_init
Locally fixed here: https://git.zx2c4.com/wireguard-go/commit/?id=ccd0be9e3e1ba002c57f9e8d789b0dca3ca58081 ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: wireguard-go on android crashes due seccomp enforcement of sys_inotify_init
Thanks. I filed a bug upstream with the Go people. https://go-review.googlesource.com/c/sys/+/153318 I can work around it locally in builds, but usually they patch these pretty quickly. ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
wireguard-go on android crashes due seccomp enforcement of sys_inotify_init
I'm running WireGuard Android on ChromeOS with its Android subsystem support. It was working without any significant issues up until Android runtime got updated to 9 (Pie) with a Dev Channel update. WireGuard started to crash right after starting a connection. Looking at the logs, I can see libwg-go.so's attempt to use `inotify_init` (x86_64 system call #253) is blocked by seccomp, crashing the process with SIGSYS. I'm guessing this is where libwg hits the seccomp filter: https://github.com/WireGuard/wireguard-go/blob/1c025570139f614f2083b935e2c58d5dbf199c2f/uapi_linux.go#L91 Is this a known new enforcement in Android 9? ...or I wonder if this is particular to Android runtime under (/along with?) ChromeOS. I'm running Chrome 72.0.3626.8 (Dev Channel) on a Google Pixelbook (CrOS code name: eve) with the latest WireGuard from Play Store. Relevant portion of the logs are below. I'd gladly collect more data if someone can instruct me to get more than wireguard logs or looking at /var/log/arc.log. == wireguard.log excerpt == 12-09 09:53:56.270 2254 2271 D WireGuard/GoBackend: Changing tunnel [[redact: peer host]] to state UP 12-09 09:53:56.270 2254 2271 I WireGuard/GoBackend: Bringing tunnel up 12-09 09:53:56.270 2254 2271 D WireGuard/GoBackend: Requesting to start VpnService 12-09 09:53:56.550 2254 2271 D WireGuard/GoBackend: Go backend v0.0.20181018 12-09 09:53:56.551 2254 2271 D WireGuard/GoBackend/[[redact: peer host]]: Debug log enabled 12-09 09:53:56.551 2254 2271 I WireGuard/GoBackend/[[redact: peer host]]: Attaching to interface tun0 12-09 09:53:56.578 2254 2277 D WireGuard/GoBackend/[[redact: peer host]]: Routine: event worker - started 12-09 09:53:56.578 2254 2277 D WireGuard/GoBackend/[[redact: peer host]]: Routine: encryption worker - started 12-09 09:53:56.578 2254 2277 D WireGuard/GoBackend/[[redact: peer host]]: Routine: decryption worker - started 12-09 09:53:56.578 2254 2277 D WireGuard/GoBackend/[[redact: peer host]]: Routine: handshake worker - started 12-09 09:53:56.578 2254 2277 D WireGuard/GoBackend/[[redact: peer host]]: Routine: encryption worker - started 12-09 09:53:56.578 2254 2277 D WireGuard/GoBackend/[[redact: peer host]]: Routine: decryption worker - started 12-09 09:53:56.578 2254 2277 D WireGuard/GoBackend/[[redact: peer host]]: Routine: handshake worker - started 12-09 09:53:56.578 2254 2277 D WireGuard/GoBackend/[[redact: peer host]]: Routine: encryption worker - started 12-09 09:53:56.578 2254 2277 D WireGuard/GoBackend/[[redact: peer host]]: Routine: decryption worker - started 12-09 09:53:56.578 2254 2277 D WireGuard/GoBackend/[[redact: peer host]]: Routine: handshake worker - started 12-09 09:53:56.578 2254 2277 D WireGuard/GoBackend/[[redact: peer host]]: Routine: encryption worker - started 12-09 09:53:56.578 2254 2277 D WireGuard/GoBackend/[[redact: peer host]]: Routine: decryption worker - started 12-09 09:53:56.578 2254 2277 D WireGuard/GoBackend/[[redact: peer host]]: Routine: handshake worker - started 12-09 09:53:56.578 2254 2277 D WireGuard/GoBackend/[[redact: peer host]]: Routine: TUN reader - started 12-09 09:53:56.578 2254 2271 D WireGuard/GoBackend/[[redact: peer host]]: Interface has MTU 1280 12-09 09:53:56.578 2254 2271 D WireGuard/GoBackend/[[redact: peer host]]: UAPI: Updating private key 12-09 09:53:56.578 2254 2271 D WireGuard/GoBackend/[[redact: peer host]]: UAPI: Removing all peers 12-09 09:53:56.578 2254 2271 D WireGuard/GoBackend/[[redact: peer host]]: UAPI: Transition to peer configuration 12-09 09:53:56.578 2254 2271 D WireGuard/GoBackend/[[redact: peer host]]: peer([[redact: peer PK]]) - UAPI: Created 12-09 09:53:56.578 2254 2271 D WireGuard/GoBackend/[[redact: peer host]]: peer([[redact: peer PK]]) - UAPI: Adding allowedip 12-09 09:53:56.578 2254 2271 D WireGuard/GoBackend/[[redact: peer host]]: peer([[redact: peer PK]]) - UAPI: Updating endpoint 12-09 09:53:56.578 2254 2271 D WireGuard/GoBackend/[[redact: peer host]]: peer([[redact: peer PK]]) - UAPI: Updating persistent keepalive interva 12-09 09:53:56.579 2254 2271 F libc: Fatal signal 31 (SIGSYS), code 1 (SYS_SECCOMP) in tid 2271 (AsyncTask #2), pid 2254 (reguard.android) 12-09 09:53:56.595 2346 2346 E cutils-trace: Error opening trace file: Permission denied (13) 12-09 09:53:56.625 2348 2348 I crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstone 12-09 09:53:56.625 2348 2348 I crash_dump64: performing dump of process 2254 (target tid = 2271) 12-09 09:53:56.631 2348 2348 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** 12-09 09:53:56.631 2348 2348 F DEBUG : Build fingerprint: 'google/eve/eve_cheets:9/R72-11316.6.0/5164505:user/release-keys' 12-09 09:53:56.631 2348 2348 F DEBUG : Revision: '0' 12-09 09:53:56.631 2348 2348 F DEBUG : ABI: 'x86_64' 12-09 09:53:56.631 2348 2348 F DEBUG : pid: 2254, tid: 2271, name: AsyncTask #2 >>> com.wireguard.android
