Ubuntu
ocserv package

OpenConnect VPN (ocserv): general protection fault in ocserv-worker when a client tries to connect

Bug #1975550 reported by Hussein Abdallah
34
This bug affects 6 people
Affects Status Importance Assigned to Milestone
ocserv (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

ocserv 1.1.3-1 included in Ubuntu 22.04 with the latest updates does not work properly: when a VPN client tries to connect to the ocserv VPN server, this error message appears in the log:

May 23 23:28:31 my.vpn.server ocserv[15825]: The futex facility returned an unexpected error code.
May 23 23:28:31 my.vpn.server kernel: traps: ocserv-worker[15825] general protection fault ip:7fb8f835e898 sp:7ffeaaa84850 error:0 in libc.so.6[7fb8f835e000+195000]

Expected result: the OpenConnect client is successfully connected to the VPN.

It is possible to reproduce this bug since I see this error message every time a client tries to connect to the VPN.

Uninstalling the ocserv jammy package and compiling the latest ocsrv version 1.1.6 from source (https://www.infradead.org/ocserv/download/ocserv-1.1.6.tar.xz) solves this issue.

The ocserv changelog for version 1.1.6 says that "Added futex() to the accepted list of seccomp. It is required by Fedora 36’s libc." Maybe it is related to the futex error message seen in Ubuntu.

See original description
Hussein Abdallah (abdallah98)
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ocserv (Ubuntu):
status: New → Confirmed
Revision history for this message
ubnt0 (ubnt0) wrote :

I am able to reproduce this.

Revision history for this message
王万霖 (dgideas) wrote :

I have this problem too, I use the same method to configure ocserv in Ubuntu 20.04 and 22.04, 20.04 is okay, but I got these error message in 22.04:

Oct 15 23:14:34 {HOSTNAME} ocserv[1518]: The futex facility returned an unexpected error code.

Revision history for this message
dmitry volynkin (saturn-team) wrote :

I have the same problem on ocserv 1.1.3, but ocserv 0.12.6 works fine

Revision history for this message
Andreas Kemper (a-kemper) wrote :

I can confirm the error with ocserv 1.1.3 on Ubuntu 22.04. For me the easiest workaround was to use the 1.1.6 package from Ubuntu Kinetic / 22.10 release, but still would prefer to switch back to an updated LTS package.

Revision history for this message
houstonbofh (leesharp) wrote :

Almost a year later and no fix on an LTS? That is disturbing... And the prior fix is problematic. Only 1.1.6-3 is available and it had dependency issues. I had to go to a Japanese mirror to find 1.1.6-2 that would still work. Not good for the latest LTS and a server program.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.