[Bug Report] CPU 100% loop/crash on Tailscale interface flap (Emulated Netmap)
Hi Zenarmor Team,
I am running OPNsense on Proxmox (Intel N100 CPU). I have experienced repeated CPU spikes (100% usage on one core) followed by the Zenarmor engine restarting via Watchdog.
Configuration:
-
Deployment Mode: Routed Mode (L3) with Native Netmap Driver.
-
Protected Interfaces: vtnet0 (LAN) and tailscale0 (VPN).
-
Hardware: Intel N100 (Alder Lake-N).
The Issue: When the Tailscale interface (tailscale0) restarts or flaps (Link Down -> Link Up), the eastpect process gets stuck in a loop consuming 100% CPU until the watchdog kills it.
Logs Evidence: My logs show that tailscale0 is using the "Emulated adapter" mode via generic netmap, which seems to fail during the interface restart sequence.
From system.log: Zenarmor Watchdog: eastpect CPU usage is 100% - restarting... generic_netmap_unregister Emulated adapter for tailscale0 deactivated
From worker1.log: INFO [EastpectInstance::initialize_interface] lan:tailscale0[tailscale0] Queue: 0, #Queues: 1, Packet Device: Netmap INFO [EastpectInstance::initialize_interface] wan:tailscale0^[tailscale0] Queue: 0, #Queues: 1, Packet Device: Netmap-Host-Bridge
Workaround: Disabling protection on the tailscale0 interface immediately resolved the stability issues.
Please investigate the stability of the emulated netmap driver on tun/tap interfaces when link state changes occur.
-
Hi Marcin,
Thanks for reaching out and bringing this to our attention.
Netmap has not tailscale interface, and we haven’t received an ETA for its support yet.
Please keep it unprotected until the netmap support is provided for it. Zenarmor has SASE features as well. Would you like to get more information for SASE?
Please sign in to leave a comment.
Comments
2 comments