I'm running WireGuard Android on ChromeOS with its Android subsystem support. It was working without any significant issues up until Android runtime got updated to 9 (Pie) with a Dev Channel update. WireGuard started to crash right after starting a connection.
Looking at the logs, I can see libwg-go.so's attempt to use `inotify_init` (x86_64 system call #253) is blocked by seccomp, crashing the process with SIGSYS. I'm guessing this is where libwg hits the seccomp filter: https://github.com/WireGuard/wireguard-go/blob/1c025570139f614f2083b935e2c58d5dbf199c2f/uapi_linux.go#L91 Is this a known new enforcement in Android 9? ...or I wonder if this is particular to Android runtime under (/along with?) ChromeOS. I'm running Chrome 72.0.3626.8 (Dev Channel) on a Google Pixelbook (CrOS code name: eve) with the latest WireGuard from Play Store. Relevant portion of the logs are below. I'd gladly collect more data if someone can instruct me to get more than wireguard logs or looking at /var/log/arc.log. == wireguard.log excerpt == 12-09 09:53:56.270 2254 2271 D WireGuard/GoBackend: Changing tunnel [[redact: peer host]] to state UP 12-09 09:53:56.270 2254 2271 I WireGuard/GoBackend: Bringing tunnel up 12-09 09:53:56.270 2254 2271 D WireGuard/GoBackend: Requesting to start VpnService 12-09 09:53:56.550 2254 2271 D WireGuard/GoBackend: Go backend v0.0.20181018 12-09 09:53:56.551 2254 2271 D WireGuard/GoBackend/[[redact: peer host]]: Debug log enabled 12-09 09:53:56.551 2254 2271 I WireGuard/GoBackend/[[redact: peer host]]: Attaching to interface tun0 12-09 09:53:56.578 2254 2277 D WireGuard/GoBackend/[[redact: peer host]]: Routine: event worker - started 12-09 09:53:56.578 2254 2277 D WireGuard/GoBackend/[[redact: peer host]]: Routine: encryption worker - started 12-09 09:53:56.578 2254 2277 D WireGuard/GoBackend/[[redact: peer host]]: Routine: decryption worker - started 12-09 09:53:56.578 2254 2277 D WireGuard/GoBackend/[[redact: peer host]]: Routine: handshake worker - started 12-09 09:53:56.578 2254 2277 D WireGuard/GoBackend/[[redact: peer host]]: Routine: encryption worker - started 12-09 09:53:56.578 2254 2277 D WireGuard/GoBackend/[[redact: peer host]]: Routine: decryption worker - started 12-09 09:53:56.578 2254 2277 D WireGuard/GoBackend/[[redact: peer host]]: Routine: handshake worker - started 12-09 09:53:56.578 2254 2277 D WireGuard/GoBackend/[[redact: peer host]]: Routine: encryption worker - started 12-09 09:53:56.578 2254 2277 D WireGuard/GoBackend/[[redact: peer host]]: Routine: decryption worker - started 12-09 09:53:56.578 2254 2277 D WireGuard/GoBackend/[[redact: peer host]]: Routine: handshake worker - started 12-09 09:53:56.578 2254 2277 D WireGuard/GoBackend/[[redact: peer host]]: Routine: encryption worker - started 12-09 09:53:56.578 2254 2277 D WireGuard/GoBackend/[[redact: peer host]]: Routine: decryption worker - started 12-09 09:53:56.578 2254 2277 D WireGuard/GoBackend/[[redact: peer host]]: Routine: handshake worker - started 12-09 09:53:56.578 2254 2277 D WireGuard/GoBackend/[[redact: peer host]]: Routine: TUN reader - started 12-09 09:53:56.578 2254 2271 D WireGuard/GoBackend/[[redact: peer host]]: Interface has MTU 1280 12-09 09:53:56.578 2254 2271 D WireGuard/GoBackend/[[redact: peer host]]: UAPI: Updating private key 12-09 09:53:56.578 2254 2271 D WireGuard/GoBackend/[[redact: peer host]]: UAPI: Removing all peers 12-09 09:53:56.578 2254 2271 D WireGuard/GoBackend/[[redact: peer host]]: UAPI: Transition to peer configuration 12-09 09:53:56.578 2254 2271 D WireGuard/GoBackend/[[redact: peer host]]: peer([[redact: peer PK]]) - UAPI: Created 12-09 09:53:56.578 2254 2271 D WireGuard/GoBackend/[[redact: peer host]]: peer([[redact: peer PK]]) - UAPI: Adding allowedip 12-09 09:53:56.578 2254 2271 D WireGuard/GoBackend/[[redact: peer host]]: peer([[redact: peer PK]]) - UAPI: Updating endpoint 12-09 09:53:56.578 2254 2271 D WireGuard/GoBackend/[[redact: peer host]]: peer([[redact: peer PK]]) - UAPI: Updating persistent keepalive interva 12-09 09:53:56.579 2254 2271 F libc : Fatal signal 31 (SIGSYS), code 1 (SYS_SECCOMP) in tid 2271 (AsyncTask #2), pid 2254 (reguard.android) 12-09 09:53:56.595 2346 2346 E cutils-trace: Error opening trace file: Permission denied (13) 12-09 09:53:56.625 2348 2348 I crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstone 12-09 09:53:56.625 2348 2348 I crash_dump64: performing dump of process 2254 (target tid = 2271) 12-09 09:53:56.631 2348 2348 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** 12-09 09:53:56.631 2348 2348 F DEBUG : Build fingerprint: 'google/eve/eve_cheets:9/R72-11316.6.0/5164505:user/release-keys' 12-09 09:53:56.631 2348 2348 F DEBUG : Revision: '0' 12-09 09:53:56.631 2348 2348 F DEBUG : ABI: 'x86_64' 12-09 09:53:56.631 2348 2348 F DEBUG : pid: 2254, tid: 2271, name: AsyncTask #2 >>> com.wireguard.android <<< 12-09 09:53:56.631 2348 2348 F DEBUG : signal 31 (SIGSYS), code 1 (SYS_SECCOMP), fault addr -------- 12-09 09:53:56.631 2348 2348 F DEBUG : Cause: seccomp prevented call to disallowed x86_64 system call 253 12-09 09:53:56.631 2348 2348 F DEBUG : rax 00000000000000fd rbx 000000000000003a rcx 000079379735049b rdx 0000000000000000 12-09 09:53:56.631 2348 2348 F DEBUG : r8 0000000000000000 r9 0000000000000000 r10 0000000000000000 r11 0000000000000202 12-09 09:53:56.631 2348 2348 F DEBUG : r12 0000000000000000 r13 000000000000000c r14 000000000000000b r15 0000000000000080 12-09 09:53:56.631 2348 2348 F DEBUG : rdi 0000000000000000 rsi 0000000000000000 12-09 09:53:56.631 2348 2348 F DEBUG : rbp 000000c000ae7b20 rsp 000000c000ae7ad8 rip 000079379735049b 12-09 09:53:56.631 2348 2348 F DEBUG : 12-09 09:53:56.631 2348 2348 F DEBUG : backtrace: 12-09 09:53:56.631 2348 2348 F DEBUG : #00 pc 000000000014649b /data/app/com.wireguard.android-EkzFeozwwuPX-vLJCT75-Q==/lib/x86_64/libwg-go.so 12-09 09:53:56.887 2348 2348 E crash_dump64: unable to connect to activity manager: Permission denied _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
