Bug#1108430: marked as done (Kernel Regression between 6.1.0-35 and 6.1.0-37: IPv6 link-local multicast over GRE tunnel is silently dropped)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Tue, 22 Jul 2025 18:00:11 +0000
with message-id <E1ueHHf-00Bhjh-08@fasolo.debian.org>
and subject line Bug#1108430: fixed in linux 6.16~rc7-1~exp1
has caused the Debian Bug report #1108430,
regarding Kernel Regression between 6.1.0-35 and 6.1.0-37: IPv6 link-local multicast over GRE tunnel is silently dropped
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1108430: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108430
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Cc: MoeDove NOC <noc@moedove.com>
• Subject: Kernel Regression between 6.1.0-35 and 6.1.0-37: IPv6 link-local multicast over GRE tunnel is silently dropped
• From: Aiden Yang <ling@moedove.com>
• Date: Sat, 28 Jun 2025 20:49:17 +0800
• Message-id: <CANR=AhR0CrmHT=MBAenyvirFGzR2fL-_r3ceycFepNtgTDDn1g@mail.gmail.com>

PACKAGE: linux SUBJECT: Kernel Regression between 6.1.0-35 and
6.1.0-37: IPv6 link-local multicast over GRE tunnel is silently
dropped SEVERITY: normal

===================================================================

Summary:
This report details a regression in the Linux kernel that prevents
IPv6 link-local all-nodes multicast packets (ff02::1) from being
transmitted over a GRE tunnel. The issue is confirmed to have been
introduced between kernel versions 6.1.0-35-cloud-amd64 (working) and
6.1.0-37-cloud-amd64 (failing) on Debian 12 (Bookworm).
On affected kernels, the ping utility reports 100% packet loss, and a
tcpdump on the underlying physical interface confirms that the kernel
is silently dropping the encapsulated GRE packets instead of sending
them. The sendto() system call does not return an error to the
userspace application in the default namespace.

===================================================================

Regression Point:
Last Known Good Version: 6.1.0-35-cloud-amd64
First Failing Version: 6.1.0-37-cloud-amd64
The regression is also present in later kernels tested, including
6.12.33 and 6.15.x on Debian 13 (Trixie).

===================================================================

Steps to Reproduce:
Use a Debian system with an affected kernel (e.g., >= 6.1.0-37).
Establish a GRE tunnel. Replace [PEER_IP] and [LOCAL_IP] with actual
endpoint addresses.
ip tunnel add tun_gre mode gre remote [PEER_IP] local [LOCAL_IP] ttl
255 ip link set tun_gre up
In one terminal, start a tcpdump on the physical interface that
provides the local IP, to monitor for outgoing GRE packets (GRE is IP
protocol 47).
tcpdump -i [PHYSICAL_IFACE] -n 'proto gre'
In a second terminal, attempt to ping the link-local all-nodes
multicast address via the GRE tunnel interface.
ping ff02::1%tun_gre -c 4

===================================================================

Observed Behavior (The Bug):
The ping command runs and reports "4 packets transmitted, 0 received,
100% packet loss".
The tcpdump window on the physical interface shows NO outgoing GRE
packets. This proves the kernel is silently dropping the packets.

===================================================================

Expected Behavior (as observed on kernel 6.1.0-35):
The ping command runs.
The tcpdump window shows outgoing GRE packets being sent from
[LOCAL_IP] to [PEER_IP] for each ICMPv6 echo request. (Receiving a
reply is dependent on the peer configuration, but the packets should
be transmitted).

===================================================================

Additional Diagnostic Information:
VRF Context: When the failing GRE interface (tun_gre) is placed within
a VRF, the failure mode changes. The ping or sendto() system call
fails immediately with an ENETUNREACH (Network is unreachable) error.
This is likely because the VRF routing table does not have a route to
the tunnel's physical peer address, and the kernel correctly
identifies this dependency issue.
veth Control Test: The issue is specific to the gre tunnel interface
type. A control test using a veth pair inside a VRF works perfectly
for link-local multicast, proving the core VRF and multicast logic is
sound.
This detailed bracketing of the regression should provide a strong
starting point for identifying the specific commit that introduced
this behavior.

-- 

WARNING: *This email (including its attachments) may contain confidential 
information protected by confidentiality agreements or other rights, and is 
intended only for the designated recipient or individuals who need to know 
it for the stated purpose. The recipient is prohibited from disclosing this 
information to unauthorized parties without prior permission from MoeDove 
LLC. If you have received this email in error, please notify the sender 
immediately and delete this email and its attachments from your system. Any 
use, dissemination, transmission, or copying of this email by someone other 
than the intended recipient is prohibited and may be unlawful.*

--- End Message ---

--- Begin Message ---

• To: 1108430-close@bugs.debian.org
• Subject: Bug#1108430: fixed in linux 6.16~rc7-1~exp1
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Tue, 22 Jul 2025 18:00:11 +0000
• Message-id: <E1ueHHf-00Bhjh-08@fasolo.debian.org>
• Reply-to: Ben Hutchings <benh@debian.org>

Source: linux
Source-Version: 6.16~rc7-1~exp1
Done: Ben Hutchings <benh@debian.org>

We believe that the bug you reported is fixed in the latest version of
linux, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1108430@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ben Hutchings <benh@debian.org> (supplier of updated linux package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 21 Jul 2025 23:49:25 +0200
Source: linux
Architecture: source
Version: 6.16~rc7-1~exp1
Distribution: experimental
Urgency: medium
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Ben Hutchings <benh@debian.org>
Closes: 763547 1108430
Changes:
 linux (6.16~rc7-1~exp1) experimental; urgency=medium
 .
   * New upstream release candidate
     - gre: Fix IPv6 multicast route creation. (Closes: #1108430)
 .
   [ Ben Hutchings ]
   * Add linux-misc-tools package for bootconfig, ihex2fw, thermometer, and tmon
     (Closes: #763547)
   * d/patches: Clean up the Android binder patches
   * Update to 6.16-rc5:
     - Drop obsolete patches:
       - "Revert "mmc: sdhci: Disable SD card clock before changing parameters""
         (applied upstream)
       - "dccp: Disable auto-loading as mitigation against local exploits"
         (protocol was removed)
     - Refresh patches:
       - "add sysctl to disallow unprivileged CLONE_NEWUSER by default"
       - "Export symbols needed by binder"
       - "Include package version along with kernel release in stack traces"
   * d/config: Update with the help of kconfigeditor2:
     - crypto: Enable CRYPTO_BENCHMARK instead of CRYPTO_TEST
     - crypto: Enable CRYPTO_SELFTESTS (except on hppa, m68k, sh4) instead of
       disabling CRYPTO_MANAGER_DISABLE_TESTS
     - drivers/net/mdio: Enable MDIO_BUS as module (except on cloud) instead of
       MDIO_DEVICE
     - [armhf] drivers/mfd: Enable MFD_SEC_I2C as built-in instead of
       MFD_SEC_CORE
     - [arm64] drivers/phy: Enable PHY_SNPS_EUSB2 as module instead of
       PHY_QCOM_SNPS_EUSB2
     - crypto: Remove CRYPTO_CHACHA_RISCV64, CRYPTO_MANAGER,
       CRYPTO_SHA256_{ARM,OCTEON,RISCV64,S390,SPARC64,SSSE3},
       CRYPTO_SHA2_ARM{,64}_CE which are now automatic symbols
     - crypto: Remove CRYPTO_POLY1305
     - net: Remove IP_DCCP etc.
     - [alpha,m68k,x86] Remove USELIB
   * linux-kbuild: Update for rewrite of kernel-doc in Python
   * d/rules.d: Delete unused clean targets
   * d/rules.d: Introduce and use srcdir variable for upstream source directory
   * d/rules.d/tools/thermal: Split library and tools builds into subdirs
   * d/rules.d: Introduce and use variables for invoking upstream makefiles
   * d/rules.d, d/rules.real: Build user-space tools with Kbuild where possible
   * [x86] d/rules.d/tools/power/x86: Use upstream makefiles to build programs
   * udeb: Put cros-ec-proto library module in kernel-image
 .
   [ Uwe Kleine-König ]
   * Fix udeb module lists for v6.15 -> v6.16
 .
   [ Aurelien Jarno ]
   * [riscv64] Enable SPACEMIT_CCU, SPACEMIT_K1_CCU and GPIO_SPACEMIT_K1,
     enable I2C_K1, MMC_SDHCI_OF_K1 and PWM_PXA as modules
   * [riscv64] Enable CLK_SOPHGO_SG2044, SOPHGO_CV1800_RTCSYS and
     SOPHGO_SG2044_TOPSYS, enable CLK_SOPHGO_SG2044_PLL as a module
   * [riscv64] Enable TH1520_AON_PROTOCOL, TH1520_PM_DOMAINS and RESET_TH1520
     as modules
Checksums-Sha1:
 fe93b7183d2b66cc6f746d314342e39624712faf 200549 linux_6.16~rc7-1~exp1.dsc
 39c2bdbab4be0fafec0229500014feab42393410 155591772 linux_6.16~rc7.orig.tar.xz
 89dc512473d4ba6acb8b2074a430d026c821b9da 1530700 linux_6.16~rc7-1~exp1.debian.tar.xz
 618fd6e77f936126b4595e5ebfec610f7d72cde6 7990 linux_6.16~rc7-1~exp1_source.buildinfo
Checksums-Sha256:
 a018d5a1e3aeca03a18dd621e9309a0b8040af5f7f217f3caa312f2ea55bb114 200549 linux_6.16~rc7-1~exp1.dsc
 af65e6f7cfa23ae056f2c23f437380a7a99384dd5f7eb67b1105c322a87148d7 155591772 linux_6.16~rc7.orig.tar.xz
 f1f180c7a4017d0c2119f8370e86eb0a7e27ccc751e4c854cbbf206136368ba6 1530700 linux_6.16~rc7-1~exp1.debian.tar.xz
 4ee05d32c615959276e06c4408340738857093443dc28022ffd835b74c587e60 7990 linux_6.16~rc7-1~exp1_source.buildinfo
Files:
 9a55999c9b9cfbebbdc16bc4beabbc42 200549 kernel optional linux_6.16~rc7-1~exp1.dsc
 de45cec64fecd00fd6c9463520c51233 155591772 kernel optional linux_6.16~rc7.orig.tar.xz
 c1eaa633f33c01834cac45475db31e4f 1530700 kernel optional linux_6.16~rc7-1~exp1.debian.tar.xz
 7090e60827f9a93b6c77e5cdb7c87d9f 7990 kernel optional linux_6.16~rc7-1~exp1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAmh/iRYACgkQ57/I7JWG
EQkutA//aUPO0cz5qXzUp/CiVXnFZuW/8g6PpnWcrhRhW0/WSzcFLIDtv0s8OdYR
ob1wG68VXwuQIAe9XS4PuGsUqbtOAX5kRSxysdlvwtTF1vtC9k7lTx05nmLGfl9F
UtkvEYHChLMRa7+1rHKZ8ulf4i4PN3w79VKBRHBFkP5skTR/VEADw8mPiZpNHIJ1
nGx6Btbqc+Tj5jcay/RGI5/p+cZIAwxfESwkPtSEfu5kTiuBZ56BvKwNAoHcJkra
eEdIzk0fDILECb6DjBAERiW3ZC6wg7IOz5uS1n4scTPqn6oAw4KpjZ6lGTSe5B8O
6ZMhUBShvYXBCR0eArIcAhm20c885bOe8CLcvM4LILCcy6XL0WEReJ25cGkjPuKC
VwLhC1uZThqVxwaqPbN9vSehoJiHDRgr7wgZBlWfJqpcFoGqxidkJsoM0TPoR43C
ZZtfS2TN3hTEwNrIm8S7NFmDmTeBEinq6r9xDRamCUf+KSqjjxEOtl6i5FJAWqnx
eyUJ2kL7VlKtdJgvpP4EbgtWlcfEORjXoJ8mwSTHs14SbLmszi48D5MZWJ37H1ek
PXdrW5NYnCPoHmxWivPv2woUnSKC/BEFNRQYL5NRx/FaAKU9ZzMKuD5DirE8sEiX
Nyd4VnCbhUx+dzeg0FsitS6NhHvZyQLhqRrUIRtErwvjeGlHl2g=
=7oeA
-----END PGP SIGNATURE-----

Attachment: pgpRjjOUNexEa.pgp
Description: PGP signature

--- End Message ---