Your message dated Fri, 13 Mar 2026 18:33:12 +0000
with message-id <[email protected]>
and subject line Bug#1127597: fixed in linux 6.1.164-1
has caused the Debian Bug report #1127597,
regarding ip6_tunnel, ip6tnl, module fails to encapsulate/transmit packets in
kernel 6.1.0-43
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1127597: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127597
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: linux-image-6.1.0-43-amd64
Version: 6.1.162-1
Severity: important
Tags: upstream
Hello,
The ip6_tunnel kernel module is broken in linux-image-6.1.0-43-amd64
(upstream 6.1.162). IPv6 tunnels (mode "any") fail to encapsulate or
transmit any packets.
WORKING CONFIGURATION:
- Kernel: 6.1.0-37-amd64 (upstream 6.1.140)
- Tunnel works correctly with identical configuration
BROKEN CONFIGURATION:
- Kernel: 6.1.0-43-amd64 (upstream 6.1.162)
- Same tunnel configuration fails completely
REPRODUCTION STEPS:
1. Create IPv6 tunnel with mode "any":
ip link add tun0 type ip6tnl mode any \
remote 2001:db8::2 \
local 2001:db8::1 \
encaplimit 4
ip addr add 192.0.2.1/30 dev tun0
ip addr add 2001:db8:1::1/126 dev tun0
ip link set tun0 up mtu 1500
2. Send traffic through tunnel:
ping -c 3 -I tun0 192.0.2.2
3. Monitor physical interface:
tcpdump -i eth0 -nn 'ip6 and host 2001:db8::2'
EXPECTED BEHAVIOR (kernel 6.1.0-37):
- tcpdump shows encapsulated packets with protocol 60 (DSTOPT) or 4 (IPIP)
- Tunnel traffic flows successfully
ACTUAL BEHAVIOR (kernel 6.1.0-43):
- tcpdump captures ZERO packets
- TX counter increments on tunnel interface but packets disappear in
kernel
- RX packets show errors
EVIDENCE - Side-by-side comparison:
Kernel 6.1.0-37 (WORKING):
Protocol 60 (DSTOPT) packets visible on wire
Encapsulation functioning correctly
Kernel 6.1.0-43 (BROKEN):
0 packets captured
No packets transmitted to physical interface
SYSTEM INFORMATION:
- Debian version: 12 (bookworm)
- Architecture: amd64
- Broken kernel: 6.1.0-43-amd64 (6.1.162-1)
- Working kernel: 6.1.0-37-amd64 (6.1.140-1)
- Boot parameters tested: default and mitigations=off (both fail)
IMPACT:
- All IPv6 tunnels using ip6tnl module are affected
- Workaround: downgrade to 6.1.0-37
ADDITIONAL NOTES:
- Issue persists regardless of tunnel parameters (MTU, encaplimit,
offloads)
- Module parameter changes have no effect
- Issue affects both encapsulation (TX) and decapsulation (RX)
- No relevant errors in dmesg or kernel logs
Could you please investigate this regression? Is there any additional
debugging information or testing I can provide to help identify the root
cause?
Would additional debugging output be helpful? I can provide kernel
logs, strace output, or test patches if needed.
--
[image: Hostinger Logo]
Network Operations Center
*NOC *| Hostinger Global
*E: *[email protected] <[email protected]>
*W: *www.hostinger.com
*A: *Global HQ, Jonavos g. 60c, Kaunas 44192
[image: Facebook Icon] <https://www.facebook.com/hostinger/> [image:
Instagram Icon] <https://www.instagram.com/hostinger_global/> [image:
Twitter Icon] <https://twitter.com/Hostinger> [image: Youtube Icon]
<https://www.youtube.com/channel/UC4UDct7xQd0Ng6G_eMHnA1Q>
[image: Linkedin Icon]
<https://www.linkedin.com/company/hostinger-international/>
--
This
message and its attachments may contain privileged and confidential
information. If you are not the intended recipient, do not use, copy, or
disclose this information. Please notify the sender and permanently
delete
the message from your system.
--- End Message ---
--- Begin Message ---
Source: linux
Source-Version: 6.1.164-1
Done: Salvatore Bonaccorso <[email protected]>
We believe that the bug you reported is fixed in the latest version of
linux, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated linux package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 09 Mar 2026 07:45:42 +0100
Source: linux
Architecture: source
Version: 6.1.164-1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Kernel Team <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 1127597
Changes:
linux (6.1.164-1) bookworm-security; urgency=high
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.163
- nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec
(CVE-2026-23112)
- [x86] kfence: fix booting on 32bit non-PAE systems
- [x86] platform/x86: intel_telemetry: Fix swapped arrays in PSS output
- rbd: check for EOD after exclusive lock is ensured to be held
- Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem"
- KVM: Don't clobber irqfd routing type when deassigning irqfd
- netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX
(CVE-2025-38201)
- [arm*] binder: fix BR_FROZEN_REPLY error log
- binderfs: fix ida_alloc_max() upper bound
- [arm64] pmdomain: imx8mp-blk-ctrl: Keep gpc power domain on for system
wakeup
- [arm64] pmdomain: imx8mp-blk-ctrl: Keep usb phy power domain on for
system
wakeup
- [arm64] pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains
- gve: Fix stats report corruption on queue count change
- tracing: Fix ftrace event field alignments
- gve: Correct ethtool rx_dropped calculation
- wifi: mac80211: ocb: skip rx_no_sta when interface is not joined
- wifi: wlcore: ensure skb headroom before skb_push
- net: usb: sr9700: support devices with virtual driver CD
- block,bfq: fix aux stat accumulation destination
- smb/server: call ksmbd_session_rpc_close() on error path in
create_smb2_pipe()
- [amd64] HID: intel-ish-hid: Update ishtp bus match to support device ID
table
- HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL
- btrfs: fix reservation leak in some error paths when inserting inline
extent
- [amd64] HID: intel-ish-hid: Reset enum_devices_done before enumeration
- HID: playstation: Center initial joystick axes to prevent spurious events
- ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk
- netfilter: replace -EEXIST with -EBUSY
- HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list
- HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report()
- HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101)
- ring-buffer: Avoid softlockup in ring_buffer_resize() during memory free
- wifi: mac80211: collect station statistics earlier when disconnect
- nvme-fc: release admin tagset if init fails
- wifi: cfg80211: Fix bitrate calculation overflow for HE rates
- scsi: target: iscsi: Fix use-after-free in
iscsit_dec_session_usage_count()
- ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU
- scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()
- wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice
- [x86] platform/x86: toshiba_haps: Fix memory leaks in add/remove routines
- [x86] platform/x86: intel_telemetry: Fix PSS event register mask
- smb/client: fix memory leak in smb2_open_file()
- net: liquidio: Initialize netdev pointer before queue setup
- net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup
- net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup
- macvlan: fix error recovery in macvlan_common_newlink()
- net: don't touch dev->stats in BPF redirect paths
- tipc: use kfree_sensitive() for session key material
- [x86] drm/mgag200: fix mgag200_bmc_stop_scanout()
- [armhf] hwmon: (occ) Mark occ_init_attribute() as __printf
- netfilter: nf_tables: fix inverted genmask check in
nft_map_catchall_activate() (CVE-2026-23111)
- [amd64] ASoC: amd: fix memory leak in acp3x pdm dma ops
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
(CVE-2025-40082)
- iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089)
- [arm64] spi: tegra: Fix a memory leak in tegra_slink_probe()
- ALSA: hda/realtek: Really fix headset mic for TongFang X6AR55xU.
https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.164
- smb: client: split cached_fid bitfields to avoid shared-byte RMW races
(CVE-2026-23230)
- ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error
paths (CVE-2026-23220)
- smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()
(CVE-2026-23228)
- crypto: octeontx - Fix length check to avoid truncation in
ucode_load_store
- crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly
(CVE-2026-23222)
- crypto: virtio - Add spinlock protection with virtqueue notification
(CVE-2026-23229)
- crypto: virtio - Remove duplicated virtqueue_kick in
virtio_crypto_skcipher_crypt_req
- nilfs2: Fix potential block overflow that cause system hang
(CVE-2025-71237)
- scsi: qla2xxx: Validate sp before freeing associated memory
(CVE-2025-71236)
- scsi: qla2xxx: Allow recovery for tape devices
- scsi: qla2xxx: Delay module unload while fabric scan in progress
(CVE-2025-71235)
- scsi: qla2xxx: Query FW again before proceeding with login
- gpio: omap: do not register driver in probe()
- btrfs: fix racy bitfield write in btrfs_clear_space_info_full()
(CVE-2025-68358)
- net: sfp: Fix quirk for Ubiquiti U-Fiber Instant SFP module
- smb: client: set correct id, uid and cruid for multiuser automounts
(CVE-2024-26822)
- scsi: qla2xxx: Fix bsg_done() causing double free
- PCI: endpoint: Automatically create a function specific attributes group
- PCI: endpoint: Remove unused field in struct pci_epf_group
- PCI: endpoint: Avoid creating sub-groups asynchronously (CVE-2025-71233)
- bus: fsl-mc: Replace snprintf and sprintf with sysfs_emit in sysfs show
functions
- bus: fsl-mc: fix use-after-free in driver_override_show()
(CVE-2026-23221)
- scsi: qla2xxx: Remove dead code (GNN ID)
- scsi: qla2xxx: Reduce fabric scan duplicate code
- scsi: qla2xxx: Free sp in error path to fix system crash (CVE-2025-71232)
- cacheinfo: Decrement refcount in cache_setup_of_node()
- cacheinfo: Remove of_node_put() for fw_token
- ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU
- [x86] ASoC: amd: yc: Add ASUS ExpertBook PM1503CDA to quirks list
- gpio: sprd: Change sprd_gpio lock to raw_spin_lock
- ALSA: hda/realtek: Add quirk for Inspur S14-G1
- romfs: check sb_set_blocksize() return value
- [arm64,armhf] drm/tegra: hdmi: sor: Fix error: variable ājā set but not
used
- [x86] platform/x86: classmate-laptop: Add missing NULL pointer checks
- [x86] ASoC: Intel: sof_es8336: Add DMI quirk for Huawei BOD-WXX9
- [x86] platform/x86: panasonic-laptop: Fix sysfs group leak in error path
- gpiolib: acpi: Fix gpio count with string references
- Revert "wireguard: device: enable threaded NAPI"
- mptcp: schedule rtx timer only after pushing data
- mptcp: ensure context reset on disconnect() (CVE-2025-71144)
- xsk: Fix race condition in AF_XDP generic RX path (CVE-2025-37920)
- devlink: rate: Unset parent pointer in devl_rate_nodes_destroy
(CVE-2025-40251)
- clk: mediatek: fix of_iomap memory leak (CVE-2023-53424)
- nfsd: don't ignore the return code of svc_proc_register()
(CVE-2025-22026)
- ksmbd: set ATTR_CTIME flags when setting mtime (CVE-2024-57895)
- ACPI: APEI: send SIGBUS to current task if synchronous memory error not
recovered (CVE-2025-39763)
- net: stmmac: Fix accessing freed irq affinity_hint (CVE-2025-23155)
- net: dsa: free routing table on probe failure (CVE-2025-37786)
- mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (CVE-2026-23169)
- wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac()
(CVE-2025-38643)
- cpuset: Fix missing adaptation for cpuset_is_populated
- fbdev: rivafb: fix divide error in nv3_arb()
- fbdev: smscufx: properly copy ioctl memory to kernelspace
- f2fs: fix IS_CHECKPOINTED flag inconsistency issue caused by concurrent
atomic commit and checkpoint writes
- f2fs: fix to avoid UAF in f2fs_write_end_io()
- f2fs: fix out-of-bounds access in sysfs attribute read/write
- USB: serial: option: add Telit FN920C04 RNDIS compositions
- net: tunnel: make skb_vlan_inet_prepare() return drop reasons
(Closes: #1127597)
.
[ Ben Hutchings ]
* CI: Delete support for ccache, which was removed from common pipeline
* CI: Update build job to work after another common pipeline change
.
[ Salvatore Bonaccorso ]
* apparmor: fix kernel-doc complaints
* apparmor: Fix kernel-doc warnings in apparmor/policy.c
* apparmor: validate DFA start states are in bounds in unpack_pdb
* apparmor: fix memory leak in verify_header
* apparmor: replace recursive profile removal with iterative approach
* apparmor: fix: limit the number of levels of policy namespaces
* apparmor: fix side-effect bug in match_char() macro usage
* apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
* apparmor: Fix double free of ns_name in aa_replace_profiles()
* apparmor: fix unprivileged local user can do privileged policy management
* apparmor: fix differential encoding verification
* apparmor: fix race on rawdata dereference
* apparmor: fix race between freeing data and fs accessing it
Checksums-Sha1:
188bce2ad12ad95d07ed261fdfba8179ccf39d4d 399396 linux_6.1.164-1.dsc
e4db617da819e75d5353e7bc2fd53ac186029e01 137862600 linux_6.1.164.orig.tar.xz
79cb09784f3aa13ad8c700563f42e2b842f0ca7b 1830072 linux_6.1.164-1.debian.tar.xz
c7e27085358ae1c71d17b329dfaa562826b66d9c 6965 linux_6.1.164-1_source.buildinfo
Checksums-Sha256:
a16375d86e1ec7fcb7e16e3d6dbcb08cab098aca04bfb7510b10befaf7e13e26 399396
linux_6.1.164-1.dsc
d2971cca3c00dbaa0da62660790ff9ef77b271afc42df468a182d3852d8c1c47 137862600
linux_6.1.164.orig.tar.xz
7eceed389147fe334a6df3071e2f6b7963b9ac2ec3b6387fd34a26aae0e8fda7 1830072
linux_6.1.164-1.debian.tar.xz
45fdf333dcf5e44edc74c4b8105f52c750697595eeab10402dd94aea5613bec5 6965
linux_6.1.164-1_source.buildinfo
Files:
b9213aca4f573505b7f2395713031971 399396 kernel optional linux_6.1.164-1.dsc
60946795ab2c32cb86e37c8dd39a137e 137862600 kernel optional
linux_6.1.164.orig.tar.xz
59c460fd095405d109626b45f04f6bf7 1830072 kernel optional
linux_6.1.164-1.debian.tar.xz
6634128415dcf92d3b46016fdd038dae 6965 kernel optional
linux_6.1.164-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmmubUVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EuKQP/jgsBQliBppD5p/J1LXbaYh5SlRwgUGG
AmRsiUisZ698bp46szEAGuAEUWmIoi5reR4icZsSkmOzuwjDtHwOzBvbMkS3FM+5
bgaHwKOoZlLif9Mxfk8TabtrKnG4PMISt8nxXFRPToghxVmbWFcNsKRauv5NfXbT
VXtBdm4hQIQ6WQrKjrfr4LcNI/0F3AG/kQ5+YRlwdKAcE0JopjsezLejEyM9Qaox
7PBp+b09tSfADxil3qyjkYLaQA9LwoqJO4mVXMoi2Z/mqZezD7UZFAgKgxVmPokv
Kwti/6C4ObMt5G0cE1NxLr/yXNs10PNvOJgKHWaxP8t2yoCrbQSabccfdxpTLWFx
jFwRJ18sMKjG1d6Zr7l+seogXMkmojrmj7VxDMDW7MeJa3Rkb5LubS7ble93iiFZ
39RxrRTp/yUffgBb2e4Ju/m8tvMAEeNdY/CHMZfP1O851Ul78Rw9iAGyrGYNbU7i
+8AXaKpkiyaqLVFTtPJAxw25k4Cr+J+0oPGYpIq1cbwIpM3RysZgDAg4SPWwAbYT
vdM0Qf/ZY679DxzqDxxrkb5BrK0skhRfGgZjA0m+zuE7v0wLmBN4O1BSQhHUPsk3
DIbZlIK2QVLUEZhQoGmIshTNDe8BPKN+Etl04fF33jKl36WNUYsAj/hXt0uE8OgO
Tg+ZTZwlHp1q
=uUKM
-----END PGP SIGNATURE-----
pgpFt5TRuYtQc.pgp
Description: PGP signature
--- End Message ---
