On 01/02/2026 17:23, Salvatore Bonaccorso wrote:
Control: forwarded -1
https://lore.kernel.org/netdev/[email protected]
Hi Antonio and all,
In Debian we got the following report from Jon Penn using ovpn,
reported at https://bugs.debian.org/1126499
Hi all,
Thanks a lot for the report!
We have a fix for this issue in our pipe already - I'll forward it to
net ASAP.
Best Regards,
On Tue, Jan 27, 2026 at 10:37:40AM -0600, Jon Penn wrote:
Package: src:linux
Version: 6.17.13-1
Severity: normal
Dear Maintainer,
This is an OpenVPN server serving primarially TCP clients (but also some UDP
clients). As I write this there are 1161 TCP clients and 74 UDP clients. It
is running debian testing in order to have ovpn-dco-offload functionality
for TCP connections. We observe that under hevy load (in terms of
connections count, not really under much load in terms of bandwidth) this
server will become locked up from time to time and the graphical console
will become completely non-responsive. When this happens we reset the VM and
things continue running normally. I attempted to monitor the system using
dmesg and notice that I am getting some interesting messages about "BUG:
kernel NULL pointer dereference" that mention the ovpn module, leading me to
believe that this is a kernel bug in that module. Unfortunatly this issue
only occours when the server has many connections, and that is only
happening because most of my users are working from home today due to
weather. This gives me a rather small window of reproducability but if there
is any additional information I can provide let me know.
-- Package-specific info:
** Version:
Linux version 6.17.13+deb14-amd64 ([email protected])
(x86_64-linux-gnu-gcc-15 (Debian 15.2.0-12) 15.2.0, GNU ld (GNU Binutils for
Debian) 2.45.50.20251209) #1 SMP PREEMPT_DYNAMIC Debian 6.17.13-1
(2025-12-20)
** Command line:
BOOT_IMAGE=/boot/vmlinuz-6.17.13+deb14-amd64
root=UUID=f00f1200-b8d8-4432-bb0b-593a5ab9075a ro quiet
** Tainted: D (128)
* kernel died recently, i.e. there was an OOPS or BUG
** Kernel log:
[ 709.018150] tun1: deleting peer with id 719, reason 1
[ 709.056997] tun1: deleting peer with id 1055, reason 1
[ 711.054524] tun1: deleting peer with id 201, reason 2
[ 711.055070] BUG: kernel NULL pointer dereference, address:
0000000000000020
[ 711.055096] #PF: supervisor write access in kernel mode
[ 711.055429] #PF: error_code(0x0002) - not-present page
[ 711.055656] PGD 0 P4D 0
[ 711.055824] Oops: Oops: 0002 [#1] SMP NOPTI
[ 711.055991] CPU: 12 UID: 0 PID: 527 Comm: kworker/12:2 Not tainted
6.17.13+deb14-amd64 #1 PREEMPT(lazy) Debian 6.17.13-1
[ 711.056154] Hardware name: Red Hat KVM, BIOS
edk2-20221207gitfff6d81270b5-9.el9_2 12/07/2022
[ 711.056333] Workqueue: events ovpn_peer_keepalive_work [ovpn]
[ 711.056524] RIP: 0010:ovpn_tcp_socket_detach+0x61/0x80 [ovpn]
[ 711.056695] Code: 01 00 00 48 8b 83 b8 01 00 00 48 89 85 c0 02 00 00 48 8b
83 c0 01 00 00 48 89 45 28 48 8b 85 20 01 00 00 48 8b 93 c8 01 00 00 <48> 89
50 20 48 c7 85 98 02 00 00 00 00 00 00 5b 5d c3 cc cc cc cc
[ 711.056986] RSP: 0018:ffffd3988153fdb8 EFLAGS: 00010246
[ 711.057136] RAX: 0000000000000000 RBX: ffff8e65873a5400 RCX:
0000000000000004
[ 711.057314] RDX: ffffffff92d6d660 RSI: 0000000000000068 RDI:
ffff8e65873a5568
[ 711.057475] RBP: ffff8e6590fb4280 R08: 0000000000000000 R09:
0000000000000101
[ 711.057644] R10: 0000000000000000 R11: ffffffff93a080e0 R12:
000000006978de32
[ 711.057794] R13: 0000000000000001 R14: ffff8e65839c1aa8 R15:
0000000000000000
[ 711.057940] FS: 0000000000000000(0000) GS:ffff8e695b708000(0000)
knlGS:0000000000000000
[ 711.058087] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 711.058246] CR2: 0000000000000020 CR3: 000000010862d001 CR4:
00000000007726f0
[ 711.058412] PKRU: 55555554
[ 711.058584] Call Trace:
[ 711.058739] <TASK>
[ 711.058892] ovpn_socket_release+0x165/0x1a0 [ovpn]
[ 711.059048] unlock_ovpn+0x48/0x80 [ovpn]
[ 711.059199] ovpn_peer_keepalive_work+0xf3/0x1b0 [ovpn]
[ 711.059360] ? __schedule+0x464/0xd20
[ 711.059557] process_one_work+0x18f/0x350
[ 711.059740] worker_thread+0x25a/0x3a0
[ 711.059889] ? __pfx_worker_thread+0x10/0x10
[ 711.060046] kthread+0xfc/0x240
[ 711.060203] ? __pfx_kthread+0x10/0x10
[ 711.060358] ? __pfx_kthread+0x10/0x10
[ 711.060559] ret_from_fork+0x194/0x1c0
[ 711.060801] ? __pfx_kthread+0x10/0x10
[ 711.061019] ret_from_fork_asm+0x1a/0x30
[ 711.061269] </TASK>
[ 711.061494] Modules linked in: intel_rapl_msr intel_rapl_common
intel_uncore_frequency_common isst_if_mbox_msr isst_if_common ovpn
ip6_udp_tunnel udp_tunnel skx_edac_common nfit libnvdimm kvm_intel kvm
binfmt_misc irqbypass ghash_clmulni_intel aesni_intel rapl nls_ascii
nls_cp437 vfat fat qxl drm_ttm_helper ttm drm_exec pcspkr drm_client_lib sg
drm_kms_helper button evdev joydev drm configfs efi_pstore nfnetlink
vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport
vsock vmw_vmci efivarfs qemu_fw_cfg autofs4 ext4 crc16 mbcache jbd2
crc32c_cryptoapi hid_generic usbhid hid sr_mod sd_mod cdrom ahci libahci
xhci_pci libata xhci_hcd iTCO_wdt intel_pmc_bxt iTCO_vendor_support watchdog
psmouse usbcore scsi_mod e1000 serio_raw i2c_i801 lpc_ich scsi_common
usb_common i2c_smbus
[ 711.062827] CR2: 0000000000000020
[ 711.063051] ---[ end trace 0000000000000000 ]---
[ 711.600092] RIP: 0010:ovpn_tcp_socket_detach+0x61/0x80 [ovpn]
[ 711.602044] Code: 01 00 00 48 8b 83 b8 01 00 00 48 89 85 c0 02 00 00 48 8b
83 c0 01 00 00 48 89 45 28 48 8b 85 20 01 00 00 48 8b 93 c8 01 00 00 <48> 89
50 20 48 c7 85 98 02 00 00 00 00 00 00 5b 5d c3 cc cc cc cc
[ 711.602680] RSP: 0018:ffffd3988153fdb8 EFLAGS: 00010246
[ 711.602951] RAX: 0000000000000000 RBX: ffff8e65873a5400 RCX:
0000000000000004
[ 711.603218] RDX: ffffffff92d6d660 RSI: 0000000000000068 RDI:
ffff8e65873a5568
[ 711.603487] RBP: ffff8e6590fb4280 R08: 0000000000000000 R09:
0000000000000101
[ 711.603739] R10: 0000000000000000 R11: ffffffff93a080e0 R12:
000000006978de32
[ 711.603990] R13: 0000000000000001 R14: ffff8e65839c1aa8 R15:
0000000000000000
[ 711.604231] FS: 0000000000000000(0000) GS:ffff8e695b708000(0000)
knlGS:0000000000000000
[ 711.604483] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 711.604723] CR2: 0000000000000020 CR3: 000000019ce2c006 CR4:
00000000007726f0
[ 711.604958] PKRU: 55555554
[ 711.605202] note: kworker/12:2[527] exited with irqs disabled
[ 711.967459] tun1: deleting peer with id 201, reason 1
[ 718.617453] tun1: deleting peer with id 1057, reason 1
[ 719.779198] tun1: deleting peer with id 176, reason 1
[ 733.398723] tun1: deleting peer with id 1059, reason 1
[ 733.926421] tun1: deleting peer with id 154, reason 1
Is there anything Jon can do providing more information help
indentifying the problem?
FWIW, I have not asked Jon yet to test mainline or 6.18.8-1 (but
afaics there were no relevant changes since to drivers/net/ovpn/).
John in Debian you should soon available 6.18.8-1 and please do test
as well 6.19~rc6-1~exp1 from experimental (or 6.19~rc7-1~exp1 once it
passes).
Regards,
Salvatore
--
Antonio Quartulli
OpenVPN Inc.
