Groups | Search | Server Info | Keyboard shortcuts | Login | Register
Groups > linux.debian.kernel > #92227
| Path | csiph.com!weretis.net!feeder8.news.weretis.net!fu-berlin.de!bofh.it!news.nic.it!robomod |
|---|---|
| From | Brad Barnett <debian-bugs5@L8R.net> |
| Newsgroups | linux.debian.bugs.dist, linux.debian.kernel |
| Subject | Bug#1135527: linux-image-6.1.0-45-amd64: probable borked netfilter patch / log spamming in bookworm release 6.1.170-1 |
| Date | Sat, 02 May 2026 10:20:01 +0200 |
| Message-ID | <MQdJT-1Zd7-17@gated-at.bofh.it> (permalink) |
| X-Original-To | submit@bugs.debian.org |
| X-Mailbox-Line | From debian-bugs-dist-request@lists.debian.org Sat May 2 08:19:09 2026 |
| Old-Return-Path | <debbugs@buxtehude.debian.org> |
| X-Spam-Flag | NO |
| X-Spam-Score | -1.45 |
| Reply-To | Brad Barnett <debian-bugs5@L8R.net>, 1135527@bugs.debian.org |
| Resent-To | debian-bugs-dist@lists.debian.org |
| Resent-Cc | debian-kernel@lists.debian.org |
| X-Debian-Pr-Message | report 1135527 |
| X-Debian-Pr-Package | src:linux |
| X-Debian-Pr-Source | linux |
| MIME-Version | 1.0 |
| Content-Type | text/plain; charset=US-ASCII |
| Content-Transfer-Encoding | 7bit |
| X-Greylist | Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2 (mail.L8R.net [10.0.5.5]); Sat, 02 May 2026 04:07:43 -0400 (EDT) |
| X-Scanned-By | MIMEDefang 2.84 |
| X-Greylist | delayed 542 seconds by postgrey-1.37 at buxtehude; Sat, 02 May 2026 08:16:48 UTC |
| X-Debian-Message | from BTS |
| X-Mailing-List | <debian-bugs-dist@lists.debian.org> archive/latest/1967230 |
| List-ID | <debian-bugs-dist.lists.debian.org> |
| List-URL | <https://lists.debian.org/debian-bugs-dist/> |
| Approved | robomod@news.nic.it |
| Lines | 55 |
| Organization | linux.* mail to news gateway |
| Sender | robomod@news.nic.it |
| X-Original-Date | Sat, 2 May 2026 04:07:42 -0400 |
| X-Original-Message-ID | <20260502040742.29e6642e@be.back.L8R.net> |
| Xref | csiph.com linux.debian.bugs.dist:1291723 linux.debian.kernel:92227 |
Cross-posted to 2 groups.
Show key headers only | View raw
Package: src:linux
Version: 6.1.170-1
Severity: important
After a bookworm upgrade today to:
Linux hostname 6.1.0-45-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.170-1 (2026-04
-30) x86_64 GNU/Linux
The following logs started to appear from time to time (src IP last octlets re
placed with ?):
May 2 03:49:36 hostname kernel: [41116.686651] icmp: detected local route for
192.168.1.2 during ICMP sending, src 151.101.?.?
May 2 03:49:36 hostname kernel: [41116.687120] icmp: detected local route for
192.168.1.2 during ICMP sending, src 151.101.?.?
May 2 03:49:36 hostname kernel: [41116.687223] icmp: detected local route for
192.168.1.2 during ICMP sending, src 151.101.?.?
May 2 03:49:36 hostname kernel: [41116.687660] icmp: detected local route for
192.168.1.2 during ICMP sending, src 151.101.?.?
May 2 03:49:36 hostname kernel: [41116.688718] icmp: detected local route for
192.168.1.2 during ICMP sending, src 151.101.?.?
May 2 03:49:36 hostname kernel: [41116.689117] icmp: detected local route for 192.168.1.2 during ICMP sending, src 151.101.?.?
May 2 03:49:36 hostname kernel: [41116.690593] icmp: detected local route for 192.168.1.2 during ICMP sending, src 151.101.?.?
May 2 03:49:36 hostname kernel: [41116.691051] icmp: detected local route for 192.168.1.2 during ICMP sending, src 151.101.?.?
I have hundreds of bookworm hosts reporting this, all with unrelated iptables / networking configs.
Some additional information:
- absolutely no iptables, routing, or other configurations have changed on any of these hosts (spread over multiple worksites)
- the previous bookworm kernel image did report this
- kernel upgrades for bullseye and trixie today do not exhibit this problem, eg, this is isolated to bookworm only
- hosts on bookworm and trixie with identical routing/firewalling, show this issue only on bookworm
I suspect a bad patch, or a partial patch related to:
https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.165
commit 1e20f24509da2a1485dcef76ed8fb9cc34c90dc5
Author: Fernando Fernandez Mancera <fmancera@suse.de>
Date: Mon Jan 19 21:35:46 2026 +0100
But I could be wrong. I'm just basing this on the 170 changlog with:
- netfilter: nf_conncount: fix tracking of connections from localhost
I've rated this at higher priority, as I'm not sure of the implications here. Whatever is broken, is literally messing with the src (see the patch I refernced above) of the packet, it seems possible conntrack breakage, and whatever else that might imply.
Happy to provide any full tcpdumps (privately), packet captures, etc.
Still looking into this, but felt it best to report ASAP.
Back to linux.debian.kernel | Previous | Next — Next in thread | Find similar
Bug#1135527: linux-image-6.1.0-45-amd64: probable borked netfilter patch / log spamming in bookworm release 6.1.170-1 Brad Barnett <debian-bugs5@L8R.net> - 2026-05-02 10:20 +0200 Bug#1135527: linux-image-6.1.0-45-amd64: probable borked netfilter patch / log spamming in bookworm release 6.1.170-1 Salvatore Bonaccorso <carnil@debian.org> - 2026-05-02 10:30 +0200 Processed: Re: Bug#1135527: linux-image-6.1.0-45-amd64: probable borked netfilter patch / log spamming in bookworm release 6.1.170-1 "Debian Bug Tracking System" <owner@bugs.debian.org> - 2026-05-02 10:30 +0200 Bug#1135527: IMPORTANT TEXT CHANGE IN PRIOR MESSAGE Brad Barnett <debian-bugs5@L8R.net> - 2026-05-02 10:40 +0200 Bug#1135527: marked as done (linux-image-6.1.0-45-amd64: probable borked netfilter patch / log spamming in bookworm release 6.1.170-1) "Debian Bug Tracking System" <owner@bugs.debian.org> - 2026-05-10 20:40 +0200
csiph-web