Re: Bug#1126499: linux-image-6.17.13+deb14-amd64: ovpn NULL pointer dereference and lockup under heavy load

Re: Bug#1126499: linux-image-6.17.13+deb14-amd64: ovpn NULL pointer dereference and lockup under heavy load

[Salvatore Bonaccorso]

Control: forwarded -1 https://lore.kernel.org/netdev/176996279620.3109699.15382994681575380467@eldamar.lan

Hi Antonio and all,

In Debian we got the following report from Jon Penn using ovpn,
reported at https://bugs.debian.org/1126499

On Tue, Jan 27, 2026 at 10:37:40AM -0600, Jon Penn wrote:
> Package: src:linux
> Version: 6.17.13-1
> Severity: normal
> 
> Dear Maintainer,
> 
> This is an OpenVPN server serving primarially TCP clients (but also some UDP
> clients). As I write this there are 1161 TCP clients and 74 UDP clients. It
> is running debian testing in order to have ovpn-dco-offload functionality
> for TCP connections. We observe that under hevy load (in terms of
> connections count, not really under much load in terms of bandwidth) this
> server will become locked up from time to time and the graphical console
> will become completely non-responsive. When this happens we reset the VM and
> things continue running normally. I attempted to monitor the system using
> dmesg and notice that I am getting some interesting messages about "BUG:
> kernel NULL pointer dereference" that mention the ovpn module, leading me to
> believe that this is a kernel bug in that module. Unfortunatly this issue
> only occours when the server has many connections, and that is only
> happening because most of my users are working from home today due to
> weather. This gives me a rather small window of reproducability but if there
> is any additional information I can provide let me know.
> -- Package-specific info:
> ** Version:
> Linux version 6.17.13+deb14-amd64 (debian-kernel@lists.debian.org)
> (x86_64-linux-gnu-gcc-15 (Debian 15.2.0-12) 15.2.0, GNU ld (GNU Binutils for
> Debian) 2.45.50.20251209) #1 SMP PREEMPT_DYNAMIC Debian 6.17.13-1
> (2025-12-20)
> 
> ** Command line:
> BOOT_IMAGE=/boot/vmlinuz-6.17.13+deb14-amd64
> root=UUID=f00f1200-b8d8-4432-bb0b-593a5ab9075a ro quiet
> 
> ** Tainted: D (128)
> * kernel died recently, i.e. there was an OOPS or BUG
> 
> ** Kernel log:
> [ 709.018150] tun1: deleting peer with id 719, reason 1
> [ 709.056997] tun1: deleting peer with id 1055, reason 1
> [ 711.054524] tun1: deleting peer with id 201, reason 2
> [ 711.055070] BUG: kernel NULL pointer dereference, address:
> 0000000000000020
> [ 711.055096] #PF: supervisor write access in kernel mode
> [ 711.055429] #PF: error_code(0x0002) - not-present page
> [ 711.055656] PGD 0 P4D 0
> [ 711.055824] Oops: Oops: 0002 [#1] SMP NOPTI
> [ 711.055991] CPU: 12 UID: 0 PID: 527 Comm: kworker/12:2 Not tainted
> 6.17.13+deb14-amd64 #1 PREEMPT(lazy) Debian 6.17.13-1
> [ 711.056154] Hardware name: Red Hat KVM, BIOS
> edk2-20221207gitfff6d81270b5-9.el9_2 12/07/2022
> [ 711.056333] Workqueue: events ovpn_peer_keepalive_work [ovpn]
> [ 711.056524] RIP: 0010:ovpn_tcp_socket_detach+0x61/0x80 [ovpn]
> [ 711.056695] Code: 01 00 00 48 8b 83 b8 01 00 00 48 89 85 c0 02 00 00 48 8b
> 83 c0 01 00 00 48 89 45 28 48 8b 85 20 01 00 00 48 8b 93 c8 01 00 00 <48> 89
> 50 20 48 c7 85 98 02 00 00 00 00 00 00 5b 5d c3 cc cc cc cc
> [ 711.056986] RSP: 0018:ffffd3988153fdb8 EFLAGS: 00010246
> [ 711.057136] RAX: 0000000000000000 RBX: ffff8e65873a5400 RCX:
> 0000000000000004
> [ 711.057314] RDX: ffffffff92d6d660 RSI: 0000000000000068 RDI:
> ffff8e65873a5568
> [ 711.057475] RBP: ffff8e6590fb4280 R08: 0000000000000000 R09:
> 0000000000000101
> [ 711.057644] R10: 0000000000000000 R11: ffffffff93a080e0 R12:
> 000000006978de32
> [ 711.057794] R13: 0000000000000001 R14: ffff8e65839c1aa8 R15:
> 0000000000000000
> [ 711.057940] FS: 0000000000000000(0000) GS:ffff8e695b708000(0000)
> knlGS:0000000000000000
> [ 711.058087] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 711.058246] CR2: 0000000000000020 CR3: 000000010862d001 CR4:
> 00000000007726f0
> [ 711.058412] PKRU: 55555554
> [ 711.058584] Call Trace:
> [ 711.058739] <TASK>
> [ 711.058892] ovpn_socket_release+0x165/0x1a0 [ovpn]
> [ 711.059048] unlock_ovpn+0x48/0x80 [ovpn]
> [ 711.059199] ovpn_peer_keepalive_work+0xf3/0x1b0 [ovpn]
> [ 711.059360] ? __schedule+0x464/0xd20
> [ 711.059557] process_one_work+0x18f/0x350
> [ 711.059740] worker_thread+0x25a/0x3a0
> [ 711.059889] ? __pfx_worker_thread+0x10/0x10
> [ 711.060046] kthread+0xfc/0x240
> [ 711.060203] ? __pfx_kthread+0x10/0x10
> [ 711.060358] ? __pfx_kthread+0x10/0x10
> [ 711.060559] ret_from_fork+0x194/0x1c0
> [ 711.060801] ? __pfx_kthread+0x10/0x10
> [ 711.061019] ret_from_fork_asm+0x1a/0x30
> [ 711.061269] </TASK>
> [ 711.061494] Modules linked in: intel_rapl_msr intel_rapl_common
> intel_uncore_frequency_common isst_if_mbox_msr isst_if_common ovpn
> ip6_udp_tunnel udp_tunnel skx_edac_common nfit libnvdimm kvm_intel kvm
> binfmt_misc irqbypass ghash_clmulni_intel aesni_intel rapl nls_ascii
> nls_cp437 vfat fat qxl drm_ttm_helper ttm drm_exec pcspkr drm_client_lib sg
> drm_kms_helper button evdev joydev drm configfs efi_pstore nfnetlink
> vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport
> vsock vmw_vmci efivarfs qemu_fw_cfg autofs4 ext4 crc16 mbcache jbd2
> crc32c_cryptoapi hid_generic usbhid hid sr_mod sd_mod cdrom ahci libahci
> xhci_pci libata xhci_hcd iTCO_wdt intel_pmc_bxt iTCO_vendor_support watchdog
> psmouse usbcore scsi_mod e1000 serio_raw i2c_i801 lpc_ich scsi_common
> usb_common i2c_smbus
> [ 711.062827] CR2: 0000000000000020
> [ 711.063051] ---[ end trace 0000000000000000 ]---
> [ 711.600092] RIP: 0010:ovpn_tcp_socket_detach+0x61/0x80 [ovpn]
> [ 711.602044] Code: 01 00 00 48 8b 83 b8 01 00 00 48 89 85 c0 02 00 00 48 8b
> 83 c0 01 00 00 48 89 45 28 48 8b 85 20 01 00 00 48 8b 93 c8 01 00 00 <48> 89
> 50 20 48 c7 85 98 02 00 00 00 00 00 00 5b 5d c3 cc cc cc cc
> [ 711.602680] RSP: 0018:ffffd3988153fdb8 EFLAGS: 00010246
> [ 711.602951] RAX: 0000000000000000 RBX: ffff8e65873a5400 RCX:
> 0000000000000004
> [ 711.603218] RDX: ffffffff92d6d660 RSI: 0000000000000068 RDI:
> ffff8e65873a5568
> [ 711.603487] RBP: ffff8e6590fb4280 R08: 0000000000000000 R09:
> 0000000000000101
> [ 711.603739] R10: 0000000000000000 R11: ffffffff93a080e0 R12:
> 000000006978de32
> [ 711.603990] R13: 0000000000000001 R14: ffff8e65839c1aa8 R15:
> 0000000000000000
> [ 711.604231] FS: 0000000000000000(0000) GS:ffff8e695b708000(0000)
> knlGS:0000000000000000
> [ 711.604483] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 711.604723] CR2: 0000000000000020 CR3: 000000019ce2c006 CR4:
> 00000000007726f0
> [ 711.604958] PKRU: 55555554
> [ 711.605202] note: kworker/12:2[527] exited with irqs disabled
> [ 711.967459] tun1: deleting peer with id 201, reason 1
> [ 718.617453] tun1: deleting peer with id 1057, reason 1
> [ 719.779198] tun1: deleting peer with id 176, reason 1
> [ 733.398723] tun1: deleting peer with id 1059, reason 1
> [ 733.926421] tun1: deleting peer with id 154, reason 1

Is there anything Jon can do providing more information help
indentifying the problem?

FWIW, I have not asked Jon yet to test mainline or 6.18.8-1 (but
afaics there were no relevant changes since to drivers/net/ovpn/).
John in Debian you should soon available 6.18.8-1 and please do test
as well 6.19~rc6-1~exp1 from experimental (or 6.19~rc7-1~exp1 once it
passes).

Regards,
Salvatore

Re: Bug#1126499: linux-image-6.17.13+deb14-amd64: ovpn NULL pointer dereference and lockup under heavy load

[Antonio Quartulli]

On 01/02/2026 17:23, Salvatore Bonaccorso wrote:
> Control: forwarded -1 https://lore.kernel.org/netdev/176996279620.3109699.15382994681575380467@eldamar.lan
> 
> Hi Antonio and all,
> 
> In Debian we got the following report from Jon Penn using ovpn,
> reported at https://bugs.debian.org/1126499

Hi all,

Thanks a lot for the report!
We have a fix for this issue in our pipe already - I'll forward it to 
net ASAP.

Best Regards,

> 
> On Tue, Jan 27, 2026 at 10:37:40AM -0600, Jon Penn wrote:
>> Package: src:linux
>> Version: 6.17.13-1
>> Severity: normal
>>
>> Dear Maintainer,
>>
>> This is an OpenVPN server serving primarially TCP clients (but also some UDP
>> clients). As I write this there are 1161 TCP clients and 74 UDP clients. It
>> is running debian testing in order to have ovpn-dco-offload functionality
>> for TCP connections. We observe that under hevy load (in terms of
>> connections count, not really under much load in terms of bandwidth) this
>> server will become locked up from time to time and the graphical console
>> will become completely non-responsive. When this happens we reset the VM and
>> things continue running normally. I attempted to monitor the system using
>> dmesg and notice that I am getting some interesting messages about "BUG:
>> kernel NULL pointer dereference" that mention the ovpn module, leading me to
>> believe that this is a kernel bug in that module. Unfortunatly this issue
>> only occours when the server has many connections, and that is only
>> happening because most of my users are working from home today due to
>> weather. This gives me a rather small window of reproducability but if there
>> is any additional information I can provide let me know.
>> -- Package-specific info:
>> ** Version:
>> Linux version 6.17.13+deb14-amd64 (debian-kernel@lists.debian.org)
>> (x86_64-linux-gnu-gcc-15 (Debian 15.2.0-12) 15.2.0, GNU ld (GNU Binutils for
>> Debian) 2.45.50.20251209) #1 SMP PREEMPT_DYNAMIC Debian 6.17.13-1
>> (2025-12-20)
>>
>> ** Command line:
>> BOOT_IMAGE=/boot/vmlinuz-6.17.13+deb14-amd64
>> root=UUID=f00f1200-b8d8-4432-bb0b-593a5ab9075a ro quiet
>>
>> ** Tainted: D (128)
>> * kernel died recently, i.e. there was an OOPS or BUG
>>
>> ** Kernel log:
>> [ 709.018150] tun1: deleting peer with id 719, reason 1
>> [ 709.056997] tun1: deleting peer with id 1055, reason 1
>> [ 711.054524] tun1: deleting peer with id 201, reason 2
>> [ 711.055070] BUG: kernel NULL pointer dereference, address:
>> 0000000000000020
>> [ 711.055096] #PF: supervisor write access in kernel mode
>> [ 711.055429] #PF: error_code(0x0002) - not-present page
>> [ 711.055656] PGD 0 P4D 0
>> [ 711.055824] Oops: Oops: 0002 [#1] SMP NOPTI
>> [ 711.055991] CPU: 12 UID: 0 PID: 527 Comm: kworker/12:2 Not tainted
>> 6.17.13+deb14-amd64 #1 PREEMPT(lazy) Debian 6.17.13-1
>> [ 711.056154] Hardware name: Red Hat KVM, BIOS
>> edk2-20221207gitfff6d81270b5-9.el9_2 12/07/2022
>> [ 711.056333] Workqueue: events ovpn_peer_keepalive_work [ovpn]
>> [ 711.056524] RIP: 0010:ovpn_tcp_socket_detach+0x61/0x80 [ovpn]
>> [ 711.056695] Code: 01 00 00 48 8b 83 b8 01 00 00 48 89 85 c0 02 00 00 48 8b
>> 83 c0 01 00 00 48 89 45 28 48 8b 85 20 01 00 00 48 8b 93 c8 01 00 00 <48> 89
>> 50 20 48 c7 85 98 02 00 00 00 00 00 00 5b 5d c3 cc cc cc cc
>> [ 711.056986] RSP: 0018:ffffd3988153fdb8 EFLAGS: 00010246
>> [ 711.057136] RAX: 0000000000000000 RBX: ffff8e65873a5400 RCX:
>> 0000000000000004
>> [ 711.057314] RDX: ffffffff92d6d660 RSI: 0000000000000068 RDI:
>> ffff8e65873a5568
>> [ 711.057475] RBP: ffff8e6590fb4280 R08: 0000000000000000 R09:
>> 0000000000000101
>> [ 711.057644] R10: 0000000000000000 R11: ffffffff93a080e0 R12:
>> 000000006978de32
>> [ 711.057794] R13: 0000000000000001 R14: ffff8e65839c1aa8 R15:
>> 0000000000000000
>> [ 711.057940] FS: 0000000000000000(0000) GS:ffff8e695b708000(0000)
>> knlGS:0000000000000000
>> [ 711.058087] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> [ 711.058246] CR2: 0000000000000020 CR3: 000000010862d001 CR4:
>> 00000000007726f0
>> [ 711.058412] PKRU: 55555554
>> [ 711.058584] Call Trace:
>> [ 711.058739] <TASK>
>> [ 711.058892] ovpn_socket_release+0x165/0x1a0 [ovpn]
>> [ 711.059048] unlock_ovpn+0x48/0x80 [ovpn]
>> [ 711.059199] ovpn_peer_keepalive_work+0xf3/0x1b0 [ovpn]
>> [ 711.059360] ? __schedule+0x464/0xd20
>> [ 711.059557] process_one_work+0x18f/0x350
>> [ 711.059740] worker_thread+0x25a/0x3a0
>> [ 711.059889] ? __pfx_worker_thread+0x10/0x10
>> [ 711.060046] kthread+0xfc/0x240
>> [ 711.060203] ? __pfx_kthread+0x10/0x10
>> [ 711.060358] ? __pfx_kthread+0x10/0x10
>> [ 711.060559] ret_from_fork+0x194/0x1c0
>> [ 711.060801] ? __pfx_kthread+0x10/0x10
>> [ 711.061019] ret_from_fork_asm+0x1a/0x30
>> [ 711.061269] </TASK>
>> [ 711.061494] Modules linked in: intel_rapl_msr intel_rapl_common
>> intel_uncore_frequency_common isst_if_mbox_msr isst_if_common ovpn
>> ip6_udp_tunnel udp_tunnel skx_edac_common nfit libnvdimm kvm_intel kvm
>> binfmt_misc irqbypass ghash_clmulni_intel aesni_intel rapl nls_ascii
>> nls_cp437 vfat fat qxl drm_ttm_helper ttm drm_exec pcspkr drm_client_lib sg
>> drm_kms_helper button evdev joydev drm configfs efi_pstore nfnetlink
>> vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport
>> vsock vmw_vmci efivarfs qemu_fw_cfg autofs4 ext4 crc16 mbcache jbd2
>> crc32c_cryptoapi hid_generic usbhid hid sr_mod sd_mod cdrom ahci libahci
>> xhci_pci libata xhci_hcd iTCO_wdt intel_pmc_bxt iTCO_vendor_support watchdog
>> psmouse usbcore scsi_mod e1000 serio_raw i2c_i801 lpc_ich scsi_common
>> usb_common i2c_smbus
>> [ 711.062827] CR2: 0000000000000020
>> [ 711.063051] ---[ end trace 0000000000000000 ]---
>> [ 711.600092] RIP: 0010:ovpn_tcp_socket_detach+0x61/0x80 [ovpn]
>> [ 711.602044] Code: 01 00 00 48 8b 83 b8 01 00 00 48 89 85 c0 02 00 00 48 8b
>> 83 c0 01 00 00 48 89 45 28 48 8b 85 20 01 00 00 48 8b 93 c8 01 00 00 <48> 89
>> 50 20 48 c7 85 98 02 00 00 00 00 00 00 5b 5d c3 cc cc cc cc
>> [ 711.602680] RSP: 0018:ffffd3988153fdb8 EFLAGS: 00010246
>> [ 711.602951] RAX: 0000000000000000 RBX: ffff8e65873a5400 RCX:
>> 0000000000000004
>> [ 711.603218] RDX: ffffffff92d6d660 RSI: 0000000000000068 RDI:
>> ffff8e65873a5568
>> [ 711.603487] RBP: ffff8e6590fb4280 R08: 0000000000000000 R09:
>> 0000000000000101
>> [ 711.603739] R10: 0000000000000000 R11: ffffffff93a080e0 R12:
>> 000000006978de32
>> [ 711.603990] R13: 0000000000000001 R14: ffff8e65839c1aa8 R15:
>> 0000000000000000
>> [ 711.604231] FS: 0000000000000000(0000) GS:ffff8e695b708000(0000)
>> knlGS:0000000000000000
>> [ 711.604483] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> [ 711.604723] CR2: 0000000000000020 CR3: 000000019ce2c006 CR4:
>> 00000000007726f0
>> [ 711.604958] PKRU: 55555554
>> [ 711.605202] note: kworker/12:2[527] exited with irqs disabled
>> [ 711.967459] tun1: deleting peer with id 201, reason 1
>> [ 718.617453] tun1: deleting peer with id 1057, reason 1
>> [ 719.779198] tun1: deleting peer with id 176, reason 1
>> [ 733.398723] tun1: deleting peer with id 1059, reason 1
>> [ 733.926421] tun1: deleting peer with id 154, reason 1
> 
> Is there anything Jon can do providing more information help
> indentifying the problem?
> 
> FWIW, I have not asked Jon yet to test mainline or 6.18.8-1 (but
> afaics there were no relevant changes since to drivers/net/ovpn/).
> John in Debian you should soon available 6.18.8-1 and please do test
> as well 6.19~rc6-1~exp1 from experimental (or 6.19~rc7-1~exp1 once it
> passes).
> 
> Regards,
> Salvatore

-- 
Antonio Quartulli
OpenVPN Inc.

Re: Bug#1126499: linux-image-6.17.13+deb14-amd64: ovpn NULL pointer dereference and lockup under heavy load

[Salvatore Bonaccorso]

Hi Antonio,

On Mon, Feb 02, 2026 at 09:26:16AM +0100, Antonio Quartulli wrote:
> On 01/02/2026 17:23, Salvatore Bonaccorso wrote:
> > Control: forwarded -1 https://lore.kernel.org/netdev/176996279620.3109699.15382994681575380467@eldamar.lan
> > 
> > Hi Antonio and all,
> > 
> > In Debian we got the following report from Jon Penn using ovpn,
> > reported at https://bugs.debian.org/1126499
> 
> Hi all,
> 
> Thanks a lot for the report!
> We have a fix for this issue in our pipe already - I'll forward it to net
> ASAP.

Do you have patch already which you would appreciate if Jon Penn could
test and maybe add a Tested-by or is that not needed at this point as
things setting already?

Regards,
Salvatore

Re: Bug#1126499: linux-image-6.17.13+deb14-amd64: ovpn NULL pointer dereference and lockup under heavy load

[Antonio Quartulli]

Hi Salvatore,

On 06/02/2026 19:19, Salvatore Bonaccorso wrote:
> Hi Antonio,
> 
> On Mon, Feb 02, 2026 at 09:26:16AM +0100, Antonio Quartulli wrote:
>> On 01/02/2026 17:23, Salvatore Bonaccorso wrote:
>>> Control: forwarded -1 https://lore.kernel.org/netdev/176996279620.3109699.15382994681575380467@eldamar.lan
>>>
>>> Hi Antonio and all,
>>>
>>> In Debian we got the following report from Jon Penn using ovpn,
>>> reported at https://bugs.debian.org/1126499
>>
>> Hi all,
>>
>> Thanks a lot for the report!
>> We have a fix for this issue in our pipe already - I'll forward it to net
>> ASAP.
> 
> Do you have patch already which you would appreciate if Jon Penn could
> test and maybe add a Tested-by or is that not needed at this point as
> things setting already?

This is the patch:

https://patchwork.openvpn.net/project/openvpn2/patch/20260202132309.567382-1-ralf@mandelbit.com/

Jon can definitely test the patch and give us his feedback.

However, being this part of the code very critical for socket handling, 
I am still spending some time with Ralf and Sabrina to make sure we are 
not introducing any subtle bug/side effect.

In any case, please feel free to test so we can confirm that the problem 
you reported is truly the same as the one we were already investigating.

Thanks a lot.

Regards,

-- 
Antonio Quartulli
OpenVPN Inc.

Re: Bug#1126499: linux-image-6.17.13+deb14-amd64: ovpn NULL pointer dereference and lockup under heavy load

[Salvatore Bonaccorso]

Hi Jon,

On Fri, Feb 06, 2026 at 09:06:35PM +0100, Antonio Quartulli wrote:
> Hi Salvatore,
> 
> On 06/02/2026 19:19, Salvatore Bonaccorso wrote:
> > Hi Antonio,
> > 
> > On Mon, Feb 02, 2026 at 09:26:16AM +0100, Antonio Quartulli wrote:
> > > On 01/02/2026 17:23, Salvatore Bonaccorso wrote:
> > > > Control: forwarded -1 https://lore.kernel.org/netdev/176996279620.3109699.15382994681575380467@eldamar.lan
> > > > 
> > > > Hi Antonio and all,
> > > > 
> > > > In Debian we got the following report from Jon Penn using ovpn,
> > > > reported at https://bugs.debian.org/1126499
> > > 
> > > Hi all,
> > > 
> > > Thanks a lot for the report!
> > > We have a fix for this issue in our pipe already - I'll forward it to net
> > > ASAP.
> > 
> > Do you have patch already which you would appreciate if Jon Penn could
> > test and maybe add a Tested-by or is that not needed at this point as
> > things setting already?
> 
> This is the patch:
> 
> https://patchwork.openvpn.net/project/openvpn2/patch/20260202132309.567382-1-ralf@mandelbit.com/
> 
> Jon can definitely test the patch and give us his feedback.
> 
> However, being this part of the code very critical for socket handling, I am
> still spending some time with Ralf and Sabrina to make sure we are not
> introducing any subtle bug/side effect.
> 
> In any case, please feel free to test so we can confirm that the problem you
> reported is truly the same as the one we were already investigating.

Jon, were you able to test the patch referenced above by Antonio and
can you so confirm it fixes the issue for you as well?

Regards,
Salvatore

Re: Bug#1126499: linux-image-6.17.13+deb14-amd64: ovpn NULL pointer dereference and lockup under heavy load

[Antonio Quartulli]

Hi all,

On 12/02/2026 21:27, Salvatore Bonaccorso wrote:
[...]
>> This is the patch:
>>
>> https://patchwork.openvpn.net/project/openvpn2/patch/20260202132309.567382-1-ralf@mandelbit.com/
>>
>> Jon can definitely test the patch and give us his feedback.
>>
>> However, being this part of the code very critical for socket handling, I am
>> still spending some time with Ralf and Sabrina to make sure we are not
>> introducing any subtle bug/side effect.
>>
>> In any case, please feel free to test so we can confirm that the problem you
>> reported is truly the same as the one we were already investigating.
> 
> Jon, were you able to test the patch referenced above by Antonio and
> can you so confirm it fixes the issue for you as well?

Unfortunately further review highlighted risk for a critical race condition.

Hence this patch, despite fixing the reported NULL derefs, cannot be 
submitted as is.

I am working on a new patch which I should be able to send to netdev for 
review in one or two days.

Will report it here as soon as it's submitted.

Thank you.

Regards,


-- 
Antonio Quartulli
OpenVPN Inc.

Re: Bug#1126499: linux-image-6.17.13+deb14-amd64: ovpn NULL pointer dereference and lockup under heavy load

[Antonio Quartulli]

On 12/02/2026 21:38, Antonio Quartulli wrote:
> Will report it here as soon as it's submitted.

https://patchwork.kernel.org/project/netdevbpf/patch/20260212213130.11497-1-antonio@openvpn.net/

Feel free to reply with a Tested-by.
Thanks.


Regards,


-- 
Antonio Quartulli
OpenVPN Inc.