Bug#1108430: Kernel Regression between 6.1.0-35 and 6.1.0-37: IPv6 link-local multicast over GRE tunnel is silently dropped

To: 1108430@bugs.debian.org
Cc: carnil@debian.org
Subject: Bug#1108430: Kernel Regression between 6.1.0-35 and 6.1.0-37: IPv6 link-local multicast over GRE tunnel is silently dropped
From: Aiden Yang <ling@moedove.com>
Date: Sat, 12 Jul 2025 22:10:34 +0800
Message-id: <[🔎] CANR=AhTrQORNo6PCq79dUcvgbBdLrg8GfH4b=POsZH9X764NtQ@mail.gmail.com>
Reply-to: Aiden Yang <ling@moedove.com>, 1108430@bugs.debian.org
In-reply-to: <aGA_usC5rvkLn6Va@eldamar.lan>
References: <CANR=AhR0CrmHT=MBAenyvirFGzR2fL-_r3ceycFepNtgTDDn1g@mail.gmail.com> <aGA_usC5rvkLn6Va@eldamar.lan> <CANR=AhR0CrmHT=MBAenyvirFGzR2fL-_r3ceycFepNtgTDDn1g@mail.gmail.com>

Hello,
Just a follow-up to report that the upstream kernel developers have
now merged a fix for this issue into the 'net' tree.
The official commit is:
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=4e914ef063de40397e25a025c70d9737a9e45a8c
The patch submission cover letter on the mailing list can be found
here, providing additional context:
https://lore.kernel.org/netdev/cover.1752070620.git.gnault@redhat.com/T/
I will be looking forward to seeing this fix in a future Debian kernel update.
Best regards,
Aiden Yang

Salvatore Bonaccorso <carnil@debian.org> 于2025年6月29日周日 03:17写道：
>
> Control: tags -1 + moreinfo
>
> On Sat, Jun 28, 2025 at 08:49:17PM +0800, Aiden Yang wrote:
> > PACKAGE: linux SUBJECT: Kernel Regression between 6.1.0-35 and
> > 6.1.0-37: IPv6 link-local multicast over GRE tunnel is silently
> > dropped SEVERITY: normal
> >
> > ===================================================================
> >
> > Summary:
> > This report details a regression in the Linux kernel that prevents
> > IPv6 link-local all-nodes multicast packets (ff02::1) from being
> > transmitted over a GRE tunnel. The issue is confirmed to have been
> > introduced between kernel versions 6.1.0-35-cloud-amd64 (working) and
> > 6.1.0-37-cloud-amd64 (failing) on Debian 12 (Bookworm).
> > On affected kernels, the ping utility reports 100% packet loss, and a
> > tcpdump on the underlying physical interface confirms that the kernel
> > is silently dropping the encapsulated GRE packets instead of sending
> > them. The sendto() system call does not return an error to the
> > userspace application in the default namespace.
> >
> > ===================================================================
> >
> > Regression Point:
> > Last Known Good Version: 6.1.0-35-cloud-amd64
> > First Failing Version: 6.1.0-37-cloud-amd64
> > The regression is also present in later kernels tested, including
> > 6.12.33 and 6.15.x on Debian 13 (Trixie).
> >
> > ===================================================================
> >
> > Steps to Reproduce:
> > Use a Debian system with an affected kernel (e.g., >= 6.1.0-37).
> > Establish a GRE tunnel. Replace [PEER_IP] and [LOCAL_IP] with actual
> > endpoint addresses.
> > ip tunnel add tun_gre mode gre remote [PEER_IP] local [LOCAL_IP] ttl
> > 255 ip link set tun_gre up
> > In one terminal, start a tcpdump on the physical interface that
> > provides the local IP, to monitor for outgoing GRE packets (GRE is IP
> > protocol 47).
> > tcpdump -i [PHYSICAL_IFACE] -n 'proto gre'
> > In a second terminal, attempt to ping the link-local all-nodes
> > multicast address via the GRE tunnel interface.
> > ping ff02::1%tun_gre -c 4
> >
> > ===================================================================
> >
> > Observed Behavior (The Bug):
> > The ping command runs and reports "4 packets transmitted, 0 received,
> > 100% packet loss".
> > The tcpdump window on the physical interface shows NO outgoing GRE
> > packets. This proves the kernel is silently dropping the packets.
> >
> > ===================================================================
> >
> > Expected Behavior (as observed on kernel 6.1.0-35):
> > The ping command runs.
> > The tcpdump window shows outgoing GRE packets being sent from
> > [LOCAL_IP] to [PEER_IP] for each ICMPv6 echo request. (Receiving a
> > reply is dependent on the peer configuration, but the packets should
> > be transmitted).
> >
> > ===================================================================
> >
> > Additional Diagnostic Information:
> > VRF Context: When the failing GRE interface (tun_gre) is placed within
> > a VRF, the failure mode changes. The ping or sendto() system call
> > fails immediately with an ENETUNREACH (Network is unreachable) error.
> > This is likely because the VRF routing table does not have a route to
> > the tunnel's physical peer address, and the kernel correctly
> > identifies this dependency issue.
> > veth Control Test: The issue is specific to the gre tunnel interface
> > type. A control test using a veth pair inside a VRF works perfectly
> > for link-local multicast, proving the core VRF and multicast logic is
> > sound.
> > This detailed bracketing of the regression should provide a strong
> > starting point for identifying the specific commit that introduced
> > this behavior.
>
> since you can reproduce the regression on all newer upstream versions
> as well, can you please report in to upstream and report back here the
> upstream report so we can follow its status.
>
> Thanks already.
>
> Regards,
> Salvatore
>
> > WARNING: *This email (including its attachments) may contain confidential
> > information protected by confidentiality agreements or other rights, and is
> > intended only for the designated recipient or individuals who need to know
> > it for the stated purpose. The recipient is prohibited from disclosing this
> > information to unauthorized parties without prior permission from MoeDove
> > LLC. If you have received this email in error, please notify the sender
> > immediately and delete this email and its attachments from your system. Any
> > use, dissemination, transmission, or copying of this email by someone other
> > than the intended recipient is prohibited and may be unlawful.*
>
> Drop this when you send public bugreports, thanks.

-- 

WARNING: *This email (including its attachments) may contain confidential 
information protected by confidentiality agreements or other rights, and is 
intended only for the designated recipient or individuals who need to know 
it for the stated purpose. The recipient is prohibited from disclosing this 
information to unauthorized parties without prior permission from MoeDove 
LLC. If you have received this email in error, please notify the sender 
immediately and delete this email and its attachments from your system. Any 
use, dissemination, transmission, or copying of this email by someone other 
than the intended recipient is prohibited and may be unlawful.*

Reply to:

Follow-Ups:
- Bug#1108430: Kernel Regression between 6.1.0-35 and 6.1.0-37: IPv6 link-local multicast over GRE tunnel is silently dropped
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Bug#1108430: Acknowledgement (Kernel Regression between 6.1.0-35 and 6.1.0-37: IPv6 link-local multicast over GRE tunnel is silently dropped)
Next by Date: Processed: Re: Bug#1086638: linux-image-6.11.5: usbguard-daemon invalid opcode: 0000, usb's not usable
Previous by thread: Bug#1108430: Acknowledgement (Kernel Regression between 6.1.0-35 and 6.1.0-37: IPv6 link-local multicast over GRE tunnel is silently dropped)
Next by thread: Bug#1108430: Kernel Regression between 6.1.0-35 and 6.1.0-37: IPv6 link-local multicast over GRE tunnel is silently dropped
Index(es):
- Date
- Thread