Package: linux-image-6.1.0-34-amd64 Severity: important Dear Maintainer,
What led up to the situation? We run a production environment using Debian 12 VMs, with a network topology involving VXLAN tunnels encapsulated inside Wireguard interfaces. This setup has worked reliably for over a year, with MTU set to 1500 on all interfaces except the Wireguard interface (set to 1420). Wireguard kernel fragmentation allowed this configuration to function without issues, even though the effective path MTU is lower than 1500. What exactly did you do (or not do) that was effective (or ineffective)? We performed a routine system upgrade, updating all packages include the kernel. After the upgrade, we observed severe network issues (timeouts, very slow HTTP/HTTPS, and apt update failures) on all VMs behind the router. SSH and small-packet traffic continued to work. To diagnose, we: * Restored a backup (with the previous kernel): the problem disappeared. * Repeated the upgrade, confirming the issue reappeared. * Systematically tested each kernel version from 6.1.124-1 up to 6.1.140-1. The problem first appears with kernel 6.1.135-1; all earlier versions work as expected. * Kernel version from the backports (6.12.32-1) did not resolve the problem. What was the outcome of this action? * With kernel 6.1.135-1 or later, network timeouts occur for large-packet protocols (HTTP, apt, etc.), while SSH and small-packet protocols work. * With kernel 6.1.133-1 or earlier, everything works as expected. What outcome did you expect instead? We expected the network to function as before, with Wireguard handling fragmentation transparently and no application-level timeouts, regardless of the kernel version. -- System Information: Debian Release: 12.9 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-29-amd64 (SMP w/1 CPU thread; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages linux-image-6.1.0-34-amd64 depends on: ii initramfs-tools [linux-initramfs-tool] 0.142+deb12u1 ii kmod 30+20221128-1 ii linux-base 4.9 Versions of packages linux-image-6.1.0-34-amd64 recommends: pn apparmor <none> pn firmware-linux-free <none> Versions of packages linux-image-6.1.0-34-amd64 suggests: pn debian-kernel-handbook <none> ii grub-efi-amd64 2.06-13+deb12u1 pn linux-doc-6.1 <none>
