Control: forcemerge 1135514 1135527 Hi,
On Sat, May 02, 2026 at 04:07:42AM -0400, Brad Barnett wrote: > > Package: src:linux > Version: 6.1.170-1 > Severity: important > > > After a bookworm upgrade today to: > Linux hostname 6.1.0-45-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.170-1 (2026-04 > -30) x86_64 GNU/Linux > > The following logs started to appear from time to time (src IP last octlets re > placed with ?): > May 2 03:49:36 hostname kernel: [41116.686651] icmp: detected local route for > 192.168.1.2 during ICMP sending, src 151.101.?.? > May 2 03:49:36 hostname kernel: [41116.687120] icmp: detected local route for > 192.168.1.2 during ICMP sending, src 151.101.?.? > May 2 03:49:36 hostname kernel: [41116.687223] icmp: detected local route for > 192.168.1.2 during ICMP sending, src 151.101.?.? > May 2 03:49:36 hostname kernel: [41116.687660] icmp: detected local route for > 192.168.1.2 during ICMP sending, src 151.101.?.? > May 2 03:49:36 hostname kernel: [41116.688718] icmp: detected local route for > 192.168.1.2 during ICMP sending, src 151.101.?.? > May 2 03:49:36 hostname kernel: [41116.689117] icmp: detected local route > for 192.168.1.2 during ICMP sending, src 151.101.?.? > May 2 03:49:36 hostname kernel: [41116.690593] icmp: detected local route > for 192.168.1.2 during ICMP sending, src 151.101.?.? > May 2 03:49:36 hostname kernel: [41116.691051] icmp: detected local route > for 192.168.1.2 during ICMP sending, src 151.101.?.? > > > I have hundreds of bookworm hosts reporting this, all with unrelated > iptables / networking configs. > > Some additional information: > > - absolutely no iptables, routing, or other configurations have > changed on any of these hosts (spread over multiple worksites) > > - the previous bookworm kernel image did report this > > - kernel upgrades for bullseye and trixie today do not exhibit this > problem, eg, this is isolated to bookworm only > > - hosts on bookworm and trixie with identical routing/firewalling, > show this issue only on bookworm > > I suspect a bad patch, or a partial patch related to: > > https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.165 > commit 1e20f24509da2a1485dcef76ed8fb9cc34c90dc5 > Author: Fernando Fernandez Mancera <[email protected]> > Date: Mon Jan 19 21:35:46 2026 +0100 > > But I could be wrong. I'm just basing this on the 170 changlog with: > > - netfilter: nf_conncount: fix tracking of connections from localhost > > I've rated this at higher priority, as I'm not sure of the > implications here. Whatever is broken, is literally messing with > the src (see the patch I refernced above) of the packet, it seems > possible conntrack breakage, and whatever else that might imply. > > Happy to provide any full tcpdumps (privately), packet captures, etc. > > Still looking into this, but felt it best to report ASAP. Thanks for your report. This is the same as #1135514 so I'm merging them. Regards, Salvatore
