Package: src:linux Version: 4.9.6-3 Severity: important Tags: ipv6 Dear Debian Kernel Maintainers,
when trying to delete an IPv6 route with a specific route protocol field in a kernel 4.9, the kernel does not actually check the protocol of the route and just deletes all the routes that match the other attributes. This leads to various issues with routing daemons, for example BIRD. E.g. when a BGP withdraw update is being received with a prefix matching a kernel route, both "proto bird" and "proto kernel" get deleted. The only workaround is currently to maintain a manual blacklist in the routing daemon, however a proper fix at kernel level would be definitely appreciated. As a patch was already committed to the Linux Kernel Git Repository, I recommend backporting into the Debian Stretch kernel, as the patch is both overseeable and easy to implement. The bug itself can be easily reproduced on any Linux running kernel version 4.9 or lower by executing these commands: ~$ ip -6 route add ff::/64 dev eth0 proto kernel ~$ ip -6 route (check the routing table, the newly added route is visible) ~$ ip -6 route del ff::/64 proto boot ~$ ip -6 route (the route is gone, although it should still be there!) A link to the Git commit fixing this specific issue can be found at the following URL and was already merged into kernel 4.10 since rc1: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c2ed1880fd61a998e3ce40254a99a2ad000f1a7d -- Package-specific info: ** Version: Linux version 4.9.0-1-amd64 (debian-kernel@lists.debian.org) (gcc version 6.3.0 20170124 (Debian 6.3.0-5) ) #1 SMP Debian 4.9.6-3 (2017-01-28) ** Command line: BOOT_IMAGE=/vmlinuz-4.9.0-1-amd64 root=/dev/mapper/vg--main-lv--root ro quiet ** Not tainted ** Kernel log: Unable to read kernel log; any relevant messages should be attached ** Model information sys_vendor: QEMU product_name: Standard PC (i440FX + PIIX, 1996) product_version: pc-i440fx-2.7 chassis_vendor: QEMU chassis_version: pc-i440fx-2.7 bios_vendor: SeaBIOS bios_version: rel-1.9.3-0-ge2fc41e-prebuilt.qemu-project.org ** Loaded modules: binfmt_misc nf_log_ipv6 ip6t_REJECT nf_reject_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables nf_log_ipv4 nf_log_common xt_LOG xt_limit ipt_REJECT nf_reject_ipv4 xt_tcpudp nf_conntrack_ipv4 nf_defrag_ipv4 xt_multiport xt_recent xt_addrtype xt_conntrack nf_conntrack iptable_filter crct10dif_pclmul crc32_pclmul ghash_clmulni_intel hid_generic cirrus ppdev ttm drm_kms_helper usbhid joydev hid evdev serio_raw pcspkr sg drm virtio_balloon shpchp parport_pc parport acpi_cpufreq tpm_tis tpm_tis_core tpm button nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables x_tables autofs4 ext4 crc16 jbd2 crc32c_generic fscrypto ecb mbcache sr_mod cdrom ata_generic dm_mod virtio_blk virtio_net crc32c_intel aesni_intel aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd psmouse ata_piix uhci_hcd libata floppy ehci_hcd virtio_pci virtio_ring virtio i2c_piix4 usbcore usb_common scsi_mod ** PCI devices: 00:00.0 Host bridge [0600]: Intel Corporation 440FX - 82441FX PMC [Natoma] [8086:1237] (rev 02) Subsystem: Red Hat, Inc Qemu virtual machine [1af4:1100] Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 0 00:01.0 ISA bridge [0601]: Intel Corporation 82371SB PIIX3 ISA [Natoma/Triton II] [8086:7000] Subsystem: Red Hat, Inc Qemu virtual machine [1af4:1100] Control: I/O+ Mem+ BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- 00:01.1 IDE interface [0101]: Intel Corporation 82371SB PIIX3 IDE [Natoma/Triton II] [8086:7010] (prog-if 80 [Master]) Subsystem: Red Hat, Inc Qemu virtual machine [1af4:1100] Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 0 Region 0: [virtual] Memory at 000001f0 (32-bit, non-prefetchable) [size=8] Region 1: [virtual] Memory at 000003f0 (type 3, non-prefetchable) Region 2: [virtual] Memory at 00000170 (32-bit, non-prefetchable) [size=8] Region 3: [virtual] Memory at 00000370 (type 3, non-prefetchable) Region 4: I/O ports at e0a0 [size=16] Kernel driver in use: ata_piix Kernel modules: ata_piix, ata_generic 00:01.2 USB controller [0c03]: Intel Corporation 82371SB PIIX3 USB [Natoma/Triton II] [8086:7020] (rev 01) (prog-if 00 [UHCI]) Subsystem: Red Hat, Inc QEMU Virtual Machine [1af4:1100] Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 0 Interrupt: pin D routed to IRQ 11 Region 4: I/O ports at e040 [size=32] Kernel driver in use: uhci_hcd Kernel modules: uhci_hcd 00:01.3 Bridge [0680]: Intel Corporation 82371AB/EB/MB PIIX4 ACPI [8086:7113] (rev 03) Subsystem: Red Hat, Inc Qemu virtual machine [1af4:1100] Control: I/O+ Mem+ BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Interrupt: pin A routed to IRQ 9 Kernel driver in use: piix4_smbus Kernel modules: i2c_piix4 00:02.0 VGA compatible controller [0300]: Cirrus Logic GD 5446 [1013:00b8] (prog-if 00 [VGA controller]) Subsystem: Red Hat, Inc QEMU Virtual Machine [1af4:1100] Control: I/O+ Mem+ BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Region 0: Memory at fa000000 (32-bit, prefetchable) [size=32M] Region 1: Memory at fea50000 (32-bit, non-prefetchable) [size=4K] Expansion ROM at 000c0000 [disabled] [size=128K] Kernel driver in use: cirrus Kernel modules: cirrusfb, cirrus 00:03.0 Unclassified device [00ff]: Red Hat, Inc Virtio memory balloon [1af4:1002] Subsystem: Red Hat, Inc Virtio memory balloon [1af4:0005] Physical Slot: 3 Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 0 Interrupt: pin A routed to IRQ 10 Region 0: I/O ports at e060 [size=32] Region 4: Memory at fc000000 (64-bit, prefetchable) [size=8M] Capabilities: <access denied> Kernel driver in use: virtio-pci Kernel modules: virtio_pci 00:0a.0 SCSI storage controller [0100]: Red Hat, Inc Virtio block device [1af4:1001] Subsystem: Red Hat, Inc Virtio block device [1af4:0002] Physical Slot: 10 Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx+ Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 0 Interrupt: pin A routed to IRQ 10 Region 0: I/O ports at e000 [size=64] Region 1: Memory at fea51000 (32-bit, non-prefetchable) [size=4K] Region 4: Memory at fc800000 (64-bit, prefetchable) [size=8M] Capabilities: <access denied> Kernel driver in use: virtio-pci Kernel modules: virtio_pci 00:12.0 Ethernet controller [0200]: Red Hat, Inc Virtio network device [1af4:1000] Subsystem: Red Hat, Inc Virtio network device [1af4:0001] Physical Slot: 18 Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx+ Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 0 Interrupt: pin A routed to IRQ 10 Region 0: I/O ports at e080 [size=32] Region 1: Memory at fea52000 (32-bit, non-prefetchable) [size=4K] Region 4: Memory at fd000000 (64-bit, prefetchable) [size=8M] Expansion ROM at fea00000 [disabled] [size=256K] Capabilities: <access denied> Kernel driver in use: virtio-pci Kernel modules: virtio_pci 00:1e.0 PCI bridge [0604]: Red Hat, Inc. QEMU PCI-PCI bridge [1b36:0001] (prog-if 00 [Normal decode]) Control: I/O+ Mem+ BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Interrupt: pin A routed to IRQ 10 Region 0: Memory at fea53000 (64-bit, non-prefetchable) [size=256] Bus: primary=00, secondary=01, subordinate=01, sec-latency=0 I/O behind bridge: 0000d000-0000dfff Memory behind bridge: fe800000-fe9fffff Prefetchable memory behind bridge: 00000000fda00000-00000000fdbfffff Secondary status: 66MHz+ FastB2B+ ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- <SERR- <PERR- BridgeCtl: Parity- SERR+ NoISA- VGA- MAbort- >Reset- FastB2B- PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn- Capabilities: <access denied> Kernel modules: shpchp 00:1f.0 PCI bridge [0604]: Red Hat, Inc. QEMU PCI-PCI bridge [1b36:0001] (prog-if 00 [Normal decode]) Control: I/O+ Mem+ BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Interrupt: pin A routed to IRQ 11 Region 0: Memory at fea54000 (64-bit, non-prefetchable) [size=256] Bus: primary=00, secondary=02, subordinate=02, sec-latency=0 I/O behind bridge: 0000c000-0000cfff Memory behind bridge: fe600000-fe7fffff Prefetchable memory behind bridge: 00000000fd800000-00000000fd9fffff Secondary status: 66MHz+ FastB2B+ ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- <SERR- <PERR- BridgeCtl: Parity- SERR+ NoISA- VGA- MAbort- >Reset- FastB2B- PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn- Capabilities: <access denied> Kernel modules: shpchp ** USB devices: Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-1-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages linux-image-4.9.0-1-amd64 depends on: ii initramfs-tools [linux-initramfs-tool] 0.127 ii kmod 23-2 ii linux-base 4.5 Versions of packages linux-image-4.9.0-1-amd64 recommends: ii firmware-linux-free 3.4 ii irqbalance 1.1.0-2.2 Versions of packages linux-image-4.9.0-1-amd64 suggests: pn debian-kernel-handbook <none> ii grub-pc 2.02~beta3-4 pn linux-doc-4.9 <none> Versions of packages linux-image-4.9.0-1-amd64 is related to: pn firmware-amd-graphics <none> pn firmware-atheros <none> pn firmware-bnx2 <none> pn firmware-bnx2x <none> pn firmware-brcm80211 <none> pn firmware-cavium <none> pn firmware-intel-sound <none> pn firmware-intelwimax <none> pn firmware-ipw2x00 <none> pn firmware-ivtv <none> pn firmware-iwlwifi <none> pn firmware-libertas <none> pn firmware-linux-nonfree <none> pn firmware-misc-nonfree <none> pn firmware-myricom <none> pn firmware-netxen <none> pn firmware-qlogic <none> pn firmware-realtek <none> pn firmware-samsung <none> pn firmware-siano <none> pn firmware-ti-connectivity <none> pn xen-hypervisor <none> -- no debconf information
