Hi,
Fedora got a bug report https://bugzilla.redhat.com/show_bug.cgi?id=1401612
In qemu with two virtio-net interfaces:
$ ip l
...
5: ens14: mtu 1500 qdisc noop state DOWN mode DEFAULT
group default qlen 1000
link/ether 52:54:00:e9:64:41 brd ff:ff:ff:ff:ff:ff
6: ens15: mtu 1500 qdisc noop state DOWN mode DEFAULT
group default qlen 1000
link/ether 52:54:00:e9:64:42 brd ff:ff:ff:ff:ff:ff
$ sudo ip link add bond1 type bond
$ sudo ip link set ens14 master bond1
Segmentation fault
[ cut here ]
kernel BUG at ./include/linux/scatterlist.h:140!
invalid opcode: [#1] SMP
Modules linked in: bonding ip6t_rpfilter ip6t_REJECT nf_reject_ipv6
xt_conntrack ip
ata_generic crc32c_intel qxl drm_kms_helper virtio_pci serio_raw ttm drm
pata_acpi
CPU: 5 PID: 1983 Comm: ip Not tainted 4.9.0-0.rc6.git2.1.fc26.x86_64 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.0.0 02/06/2015
task: 9d50a3583240 task.stack: b06e4104
RIP: 0010:[] [] sg_init_one+0x8c/0xa0
RSP: 0018:b06e41043698 EFLAGS: 00010246
RAX: RBX: b06e41043774 RCX: 0028
RDX: 131ec1043774 RSI: 0013 RDI: b06ec1043774
RBP: b06e410436b0 R08: 001ddbe0 R09: b06e410436c8
R10: 0001 R11: R12: 0006
R13: b06e410436c8 R14: 9d50b2dc1800 R15: 9d50b3db9600
FS: 7f15347e5700() GS:9d50bb00() knlGS:
CS: 0010 DS: ES: CR0: 80050033
CR2: 7ffc09bc4000 CR3: 000135797000 CR4: 000406e0
Stack:
9d50b229d000 b06e41043772 b06e41043720
c0051123 9d50a3583240 87654321 0002
7b8f5301
Call Trace:
[] virtnet_set_mac_address+0xb3/0x140 [virtio_net]
[] dev_set_mac_address+0x55/0xc0
[] bond_enslave+0x34e/0x1180 [bonding]
[] do_setlink+0x6cf/0xd10
[] ? get_page_from_freelist+0x6ba/0xca0
[] ? sched_clock+0x9/0x10
[] ? kvm_sched_clock_read+0x25/0x40
[] ? __lock_acquire+0x346/0x1290
[] ? nla_parse+0xa6/0x120
[] rtnl_newlink+0x5c8/0x870
[] ? avc_has_perm_noaudit+0x32/0x210
[] ? ns_capable_common+0x7a/0x90
[] ? ns_capable+0x13/0x20
[] rtnetlink_rcv_msg+0xe6/0x210
[] ? rtnetlink_rcv+0x1b/0x40
[] ? rtnetlink_rcv+0x1b/0x40
[] ? rtnl_newlink+0x870/0x870
[] netlink_rcv_skb+0xa4/0xc0
[] rtnetlink_rcv+0x2a/0x40
[] netlink_unicast+0x1f7/0x2f0
[] ? netlink_unicast+0x16f/0x2f0
[] netlink_sendmsg+0x302/0x3c0
[] sock_sendmsg+0x38/0x50
[] ___sys_sendmsg+0x2e3/0x2f0
[] ? __audit_syscall_entry+0xad/0xf0
[] ? kvm_sched_clock_read+0x25/0x40
[] ? sched_clock+0x9/0x10
[] ? __audit_syscall_entry+0xad/0xf0
[] ? __audit_syscall_entry+0xad/0xf0
[] ? trace_hardirqs_on_caller+0xf5/0x1b0
[] __sys_sendmsg+0x54/0x90
[] SyS_sendmsg+0x12/0x20
[] do_syscall_64+0x6c/0x1f0
[] entry_SYSCALL64_slow_path+0x25/0x25
Code: ca 75 2c 49 8b 55 08 f6 c2 01 75 25 83 e2 03 81 e3 ff 0f 00 00 45 89 65
14 48
RIP [] sg_init_one+0x8c/0xa0
RSP
---[ end trace 9076d2284efbf735 ]---
This looks like an issue with CONFIG_VMAP_STACK since bond_enslave uses
struct sockaddr from the stack and virtnet_set_mac_address calls
sg_init_one which triggers BUG_ON(!virt_addr_valid(buf));
I know there have been a lot of CONFIG_VMAP_STACK fixes around but I
didn't find this one reported yet.
Thanks,
Laura