[Bug 2129580] Re: [questing] kernel BUG at lib/string_helpers.c:1043!
Frode Nordahl
2129580 at bugs.launchpad.net
Wed Oct 29 00:28:58 UTC 2025
$ git bisect bad
34451f435c99988c2b02ab24c591db4a0315c495 is the first bad commit
commit 34451f435c99988c2b02ab24c591db4a0315c495 (HEAD)
Author: Thomas Weißschuh <thomas.weissschuh at linutronix.de>
Date: Tue Aug 5 14:38:08 2025 +0200
fs: always return zero on success from replace_fd()
commit 708c04a5c2b78e22f56e2350de41feba74dfccd9 upstream.
replace_fd() returns the number of the new file descriptor through the
return value of do_dup2(). However its callers never care about the
specific returned number. In fact the caller in receive_fd_replace() treats
any non-zero return value as an error and therefore never calls
__receive_sock() for most file descriptors, which is a bug.
To fix the bug in receive_fd_replace() and to avoid the same issue
happening in future callers, signal success through a plain zero.
Suggested-by: Al Viro <viro at zeniv.linux.org.uk>
Link: https://lore.kernel.org/lkml/20250801220215.GS222315@ZenIV/
Fixes: 173817151b15 ("fs: Expand __receive_fd() to accept existing fd")
Fixes: 42eb0d54c08a ("fs: split receive_fd_replace from __receive_fd")
Cc: stable at vger.kernel.org
Signed-off-by: Thomas Weißschuh <thomas.weissschuh at linutronix.de>
Link: https://lore.kernel.org/20250805-fix-receive_fd_replace-v3-1-b72ba8b34bac@linutronix.de
Signed-off-by: Christian Brauner <brauner at kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
fs/file.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
** Changed in: linux (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to openvswitch in Ubuntu.
https://bugs.launchpad.net/bugs/2129580
Title:
[questing] kernel BUG at lib/string_helpers.c:1043!
Status in linux package in Ubuntu:
New
Status in openvswitch package in Ubuntu:
New
Bug description:
Steps to reproduce the issue:
1. sudo apt build-dep openvswitch
2. git clone https://github.com/openvswitch/ovs.git
3. cd ovs
4. ./boot.sh && ./configure && make -j$(nproc)
5. sudo make check-kernel TESTSUITEFLAGS="-j1 18"
[ 113.572334] kernel BUG at lib/string_helpers.c:1043!
[ 113.574460] Oops: invalid opcode: 0000 [#1] SMP NOPTI
[ 113.576569] CPU: 28 UID: 0 PID: 621 Comm: kworker/28:2 Tainted: G W 6.17.0-6-generic #6-Ubuntu PREEMPT(voluntary)
[ 113.585277] Tainted: [W]=WARN
[ 113.586715] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009)/LXD, BIOS unknown 2/2/2022
[ 113.590549] Workqueue: mld mld_ifc_work
[ 113.592104] RIP: 0010:__fortify_panic+0xd/0xf
[ 113.593853] Code: e9 12 8f 9c 00 e9 38 8f 9c 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 40 0f b6 ff 48 89 e5 e8 93 a8 9c 00 <0f> 0b 48 8b 95 28 ff ff ff 48 8b b5 30 ff ff ff 4c 89 e9 48 c7 c7
[ 113.601212] RSP: 0018:ffffd16440870bb0 EFLAGS: 00010246
[ 113.603298] RAX: 0000000000000000 RBX: ffff8be7c788b600 RCX: 0000000000000000
[ 113.606140] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 113.609031] RBP: ffffd16440870bb0 R08: 0000000000000000 R09: 0000000000000000
[ 113.611856] R10: 0000000000000000 R11: 0000000000000000 R12: ffffd16440870c38
[ 113.614690] R13: 0000000000000004 R14: 0000000000000001 R15: ffff8be7ef7e1a80
[ 113.617556] FS: 0000000000000000(0000) GS:ffff8bef6dc7f000(0000) knlGS:0000000000000000
[ 113.620752] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 113.623048] CR2: 00007ef5f13e0c47 CR3: 0000000509840000 CR4: 0000000000350ef0
[ 113.625880] Call Trace:
[ 113.626883] <IRQ>
[ 113.627725] erspan_rcv.cold+0x68/0x83 [ip_gre]
[ 113.629547] ? ip_route_input_slow+0x816/0x9d0
[ 113.631334] gre_rcv+0x1b2/0x1c0 [ip_gre]
[ 113.632949] gre_rcv+0x8e/0x100 [gre]
[ 113.634428] ? raw_v4_input+0x250/0x280
[ 113.635974] ip_protocol_deliver_rcu+0x1ea/0x210
[ 113.637830] ip_local_deliver_finish+0x86/0x110
[ 113.639699] ip_local_deliver+0x65/0x110
[ 113.641285] ? ip_rcv_finish_core+0xd6/0x370
[ 113.643010] ip_rcv+0x186/0x1a0
[ 113.644287] __netif_receive_skb_one_core+0x8d/0xa0
[ 113.646246] __netif_receive_skb+0x16/0x70
[ 113.647891] ? _raw_spin_unlock_irq+0xe/0x60
[ 113.649616] process_backlog+0x90/0x160
[ 113.651163] __napi_poll+0x35/0x200
[ 113.652576] net_rx_action+0x20b/0x3f0
[ 113.654087] ? __run_timers+0x1c8/0x2c0
[ 113.655635] handle_softirqs+0xdf/0x330
[ 113.657183] __do_softirq+0x10/0x18
[ 113.658604] do_softirq.part.0+0x3f/0x80
[ 113.660182] </IRQ>
[ 113.661051] <TASK>
[ 113.661914] __local_bh_enable_ip+0x6a/0x70
[ 113.663598] __dev_queue_xmit+0x44f/0x850
[ 113.665211] ? __kmalloc_noprof+0x2b8/0x580
[ 113.666885] ? ndisc_mc_map+0x41/0xe0
[ 113.668411] ? ndisc_constructor+0x1f6/0x3f0
[ 113.670424] ? _raw_write_unlock_bh+0x1a/0x30
[ 113.672456] ? ___neigh_create+0x755/0x9d0
[ 113.674378] neigh_resolve_output+0x122/0x200
[ 113.676402] ip6_finish_output2+0x212/0x620
[ 113.678349] ? __kmalloc_node_track_caller_noprof+0x282/0x5a0
[ 113.680904] ? __alloc_skb+0x87/0x1b0
[ 113.682635] ? sched_balance_rq+0x100/0x9c0
[ 113.684567] ip6_finish_output+0x1ea/0x4a0
[ 113.686461] ? nf_hook_slow+0x48/0x120
[ 113.688225] ip6_output+0x75/0x1b0
[ 113.689834] ? __pfx_ip6_finish_output+0x10/0x10
[ 113.691914] NF_HOOK.constprop.0+0x4e/0x130
[ 113.693696] ? xfrm_lookup+0x11/0x30
[ 113.695013] ? icmp6_dst_alloc+0x16f/0x230
[ 113.696486] mld_sendpack+0x196/0x270
[ 113.697832] mld_send_cr+0x2c1/0x340
[ 113.699220] mld_ifc_work+0x32/0x170
[ 113.700530] process_one_work+0x18e/0x370
[ 113.701983] worker_thread+0x317/0x450
[ 113.703345] ? _raw_spin_unlock_irqrestore+0x11/0x60
[ 113.705086] ? __pfx_worker_thread+0x10/0x10
[ 113.706598] kthread+0x10b/0x220
[ 113.707795] ? _raw_spin_unlock_irq+0xe/0x60
[ 113.709317] ? __pfx_kthread+0x10/0x10
[ 113.710670] ret_from_fork+0x134/0x150
[ 113.712030] ? __pfx_kthread+0x10/0x10
[ 113.713378] ret_from_fork_asm+0x1a/0x30
[ 113.714786] </TASK>
[ 113.715655] Modules linked in: vport_vxlan vxlan vport_gre ip_gre vport_geneve geneve openvswitch ip6_gre ip6_tunnel tunnel6 bonding tls 8021q garp mrp stp llc veth nfnetlink_cttimeout ip_tunnel gre ip6_udp_tunnel udp_tunnel nsh nf_conncount nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 psample qrtr cfg80211 binfmt_misc nls_iso8859_1 intel_rapl_msr intel_rapl_common kvm_amd ccp 9pnet_virtio 9pnet kvm netfs virtiofs irqbypass i2c_i801 i2c_smbus lpc_ich vmw_vsock_virtio_transport virtio_input i2c_mux vmgenid joydev input_leds mac_hid sch_fq_codel msr efi_pstore dm_multipath nfnetlink vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vsock vmw_vmci dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 btrfs blake2b_generic raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq raid1 raid0 linear polyval_clmulni psmouse ahci virtio_gpu ghash_clmulni_intel serio_raw libahci virtio_dma_buf virtio_rng aesni_intel [last unloaded: geneve]
[ 113.744262] ---[ end trace 0000000000000000 ]---
[ 115.172377] RIP: 0010:__fortify_panic+0xd/0xf
[ 115.178114] Code: e9 12 8f 9c 00 e9 38 8f 9c 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 40 0f b6 ff 48 89 e5 e8 93 a8 9c 00 <0f> 0b 48 8b 95 28 ff ff ff 48 8b b5 30 ff ff ff 4c 89 e9 48 c7 c7
[ 115.186507] RSP: 0018:ffffd16440870bb0 EFLAGS: 00010246
[ 115.188985] RAX: 0000000000000000 RBX: ffff8be7c788b600 RCX: 0000000000000000
[ 115.192253] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 115.195447] RBP: ffffd16440870bb0 R08: 0000000000000000 R09: 0000000000000000
[ 115.198650] R10: 0000000000000000 R11: 0000000000000000 R12: ffffd16440870c38
[ 115.201849] R13: 0000000000000004 R14: 0000000000000001 R15: ffff8be7ef7e1a80
[ 115.205063] FS: 0000000000000000(0000) GS:ffff8bef6dc7f000(0000) knlGS:0000000000000000
[ 115.208651] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 115.211321] CR2: 00007ef5f13e0c47 CR3: 0000000509840000 CR4: 0000000000350ef0
[ 115.214550] Kernel panic - not syncing: Fatal exception in interrupt
[ 115.217563] Kernel Offset: 0x2ce00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 116.452155] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2129580/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list