Created attachment 1208899 [details] build.log Description of problem: When loading the virtio-rng module, the kernel crashes. supermin: internal insmod virtio_blk.ko supermin: internal insmod virtio-rng.ko supermin: internal insmod virtio_console.ko supermin: internal insmod virtio_net.ko supermin: internal insmod nd_btt.ko supermin: internal insmod nd_pmem.ko supermin: internal insmod virtio_scsi.ko supermin: internal insmod virtio_balloon.ko supermin: internal insmod virtio_input.ko supermin: internal insmod virtio_mmio.ko supermin: internal insmod virtio_pci.ko [ 6.608284] virtio-pci 0000:00:02.0: PCI->APIC IRQ transform: INT A -> IRQ 10 [ 6.643278] scsi host2: Virtio SCSI HBA [ 6.666275] virtio-pci 0000:00:03.0: PCI->APIC IRQ transform: INT A -> IRQ 11 [ 6.714268] scsi 2:0:0:0: Direct-Access QEMU QEMU HARDDISK 2.5+ PQ: 0 ANSI: 5 [ 6.746263] scsi 2:0:1:0: Direct-Access QEMU QEMU HARDDISK 2.5+ PQ: 0 ANSI: 5 [ 6.762260] virtio-pci 0000:00:04.0: PCI->APIC IRQ transform: INT A -> IRQ 11 [ 6.806254] virtio-pci 0000:00:05.0: PCI->APIC IRQ transform: INT A -> IRQ 10 [ 6.829250] ------------[ cut here ]------------ [ 6.829250] kernel BUG at ./include/linux/scatterlist.h:140! [ 6.829250] invalid opcode: 0000 [#1] SMP [ 6.829250] Modules linked in: virtio_pci(+) virtio_mmio virtio_input virtio_balloon virtio_scsi nd_pmem nd_btt virtio_net virtio_console virtio_rng virtio_blk virtio_ring virtio crc32_generic [ 6.829250] CPU: 0 PID: 1 Comm: init Not tainted 4.9.0-0.rc0.git4.1.fc26.x86_64 #1 [ 6.829250] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-1.fc26 04/01/2014 [ 6.829250] task: ffff97bedee30000 task.stack: ffffb92c400c8000 [ 6.829250] RIP: 0010:[<ffffffff8247e52c>] [<ffffffff8247e52c>] sg_init_one+0x8c/0xa0 [ 6.829250] RSP: 0018:ffffb92c400cb7d0 EFLAGS: 00000246 [ 6.829250] RAX: 0000000000000000 RBX: ffffb92c400cb858 RCX: 0000000000000028 [ 6.829250] RDX: 0000216d800cb858 RSI: 0000000000000021 RDI: ffffb92cc00cb858 [ 6.829250] RBP: ffffb92c400cb7e8 R08: 0000000000000072 R09: 0000000000000000 [ 6.829250] R10: ffffb92c400cb7f8 R11: 0000000000000000 R12: 0000000000000010 [ 6.829250] R13: ffffb92c400cb7f8 R14: 0000000000000010 R15: 0000000000000000 [ 6.829250] FS: 00007fff894397c0(0000) GS:ffff97bedf000000(0000) knlGS:0000000000000000 [ 6.829250] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 6.829250] CR2: 00007f5438735000 CR3: 000000001c0da000 CR4: 00000000000006f0 [ 6.829250] Stack: [ 6.829250] ffff97bedc242e00 0000000000000001 ffffb92c400cb858 ffffb92c400cb848 [ 6.829250] ffffffffc003b226 0000000087654321 0000000000000002 0000000000000000 [ 6.829250] 0000000000000000 0000000000000000 000000008a5aee39 ffff97bedc242e00 [ 6.829250] Call Trace: [ 6.829250] [<ffffffffc003b226>] virtio_read+0xc6/0x110 [virtio_rng] [ 6.829250] [<ffffffff825bd30e>] add_early_randomness+0x5e/0xd0 [ 6.829250] [<ffffffff825bd3c5>] set_current_rng+0x45/0x160 [ 6.829250] [<ffffffff825bd787>] hwrng_register+0x117/0x1c0 [ 6.829250] [<ffffffffc003b149>] virtrng_scan+0x19/0x30 [virtio_rng] [ 6.829250] [<ffffffffc001b7a8>] virtio_dev_probe+0x198/0x1e0 [virtio] [ 6.829250] [<ffffffff825ea703>] driver_probe_device+0x223/0x430 [ 6.829250] [<ffffffff825eaa8c>] __device_attach_driver+0x8c/0x100 [ 6.829250] [<ffffffff825eaa00>] ? __driver_attach+0xf0/0xf0 [ 6.829250] [<ffffffff825e80da>] bus_for_each_drv+0x6a/0xb0 [ 6.829250] [<ffffffff825ea372>] __device_attach+0xe2/0x160 [ 6.829250] [<ffffffff825eab43>] device_initial_probe+0x13/0x20 [ 6.829250] [<ffffffff825e9543>] bus_probe_device+0xa3/0xb0 [ 6.829250] [<ffffffff825e6fa2>] device_add+0x382/0x650 [ 6.829250] [<ffffffffc007a9b0>] ? vp_modern_find_vqs+0x70/0x70 [virtio_pci] [ 6.829250] [<ffffffffc007a9b0>] ? vp_modern_find_vqs+0x70/0x70 [virtio_pci] [ 6.829250] [<ffffffff825e728a>] device_register+0x1a/0x20 [ 6.829250] [<ffffffffc001b3f9>] register_virtio_device+0xb9/0x100 [virtio] [ 6.829250] [<ffffffffc007b673>] virtio_pci_probe+0xc3/0x140 [virtio_pci] [ 6.829250] [<ffffffff824c8395>] local_pci_probe+0x45/0xa0 [ 6.829250] [<ffffffff824c93fa>] ? pci_match_device+0xca/0x110 [ 6.829250] [<ffffffff824c9813>] pci_device_probe+0x103/0x150 [ 6.829250] [<ffffffff825ea703>] driver_probe_device+0x223/0x430 [ 6.829250] [<ffffffff825ea9f3>] __driver_attach+0xe3/0xf0 [ 6.829250] [<ffffffff825ea910>] ? driver_probe_device+0x430/0x430 [ 6.829250] [<ffffffff825e8003>] bus_for_each_dev+0x73/0xc0 [ 6.829250] [<ffffffff825e9e2e>] driver_attach+0x1e/0x20 [ 6.829250] [<ffffffff825e9853>] bus_add_driver+0x173/0x270 [ 6.829250] [<ffffffffc0081000>] ? 0xffffffffc0081000 [ 6.829250] [<ffffffff825eb650>] driver_register+0x60/0xe0 [ 6.829250] [<ffffffffc0081000>] ? 0xffffffffc0081000 [ 6.829250] [<ffffffff824c7cf0>] __pci_register_driver+0x60/0x70 [ 6.829250] [<ffffffffc008101e>] virtio_pci_driver_init+0x1e/0x1000 [virtio_pci] [ 6.829250] [<ffffffff82002190>] do_one_initcall+0x50/0x180 [ 6.829250] [<ffffffff821308f5>] ? rcu_read_lock_sched_held+0x45/0x80 [ 6.829250] [<ffffffff82275397>] ? kmem_cache_alloc_trace+0x277/0x2d0 [ 6.829250] [<ffffffff821fa237>] ? do_init_module+0x27/0x1f1 [ 6.829250] [<ffffffff821fa26f>] do_init_module+0x5f/0x1f1 [ 6.829250] [<ffffffff8215dd91>] load_module+0x2401/0x2b40 [ 6.829250] [<ffffffff8215a5c0>] ? __symbol_put+0x70/0x70 [ 6.829250] [<ffffffff820ec1c0>] ? sched_clock_cpu+0x90/0xc0 [ 6.829250] [<ffffffff8223b0a3>] ? __might_fault+0x43/0xa0 [ 6.829250] [<ffffffff8215e66b>] SYSC_init_module+0x19b/0x1c0 [ 6.829250] [<ffffffff8215e7ae>] SyS_init_module+0xe/0x10 [ 6.829250] [<ffffffff829072c1>] entry_SYSCALL_64_fastpath+0x1f/0xc2 [ 6.829250] Code: ca 75 2c 49 8b 55 08 f6 c2 01 75 25 83 e2 03 81 e3 ff 0f 00 00 45 89 65 14 48 09 d0 41 89 5d 10 49 89 45 08 5b 41 5c 41 5d 5d c3 <0f> 0b 0f 0b 0f 0b 0f 0b 48 8b 15 d5 ea 98 00 eb a3 0f 1f 00 55 [ 6.829250] RIP [<ffffffff8247e52c>] sg_init_one+0x8c/0xa0 [ 6.829250] RSP <ffffb92c400cb7d0> [ 6.830250] ---[ end trace 5ee0e2bc93e1fccb ]--- [ 6.852246] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b [ 6.852246] [ 6.852246] Kernel Offset: 0x1000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) Version-Release number of selected component (if applicable): kernel 4.9.0-0.rc0.git4.1.fc26 How reproducible: 100% Steps to Reproduce: 1. Run libguestfs-test-tool Additional information: See attached build.log & root.log.
Still present in kernel-4.9.0-0.rc0.git6.2.fc26.x86_64 [ 1.390535] ------------[ cut here ]------------ [ 1.391027] kernel BUG at ./include/linux/scatterlist.h:140! [ 1.391027] invalid opcode: 0000 [#1] SMP [ 1.391027] Modules linked in: virtio_pci(+) virtio_mmio virtio_input virtio_balloon virtio_scsi nd_pmem nd_btt virtio_net virtio_console virtio_rng virtio_blk virtio_ring virtio nfit crc32_generic crct10dif_pclmul crc32c_intel crc32_pclmul [ 1.391027] CPU: 0 PID: 1 Comm: init Not tainted 4.9.0-0.rc0.git6.2.fc26.x86_64 #1 [ 1.391027] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-1.fc26 04/01/2014 [ 1.391027] task: ffff91f29de53240 task.stack: ffffb820000cc000 [ 1.391027] RIP: 0010:[<ffffffff8347e3fc>] [<ffffffff8347e3fc>] sg_init_one+0x8c/0xa0 [ 1.391027] RSP: 0018:ffffb820000cf7d0 EFLAGS: 00010246 [ 1.391027] RAX: 0000000000000000 RBX: ffffb820000cf858 RCX: 0000000000000028 [ 1.391027] RDX: 0000262d800cf858 RSI: 0000000000000026 RDI: ffffb820800cf858 [ 1.391027] RBP: ffffb820000cf7e8 R08: 000000000000006a R09: ffffb820000cf7f8 [ 1.391027] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000010 [ 1.391027] R13: ffffb820000cf7f8 R14: 0000000000000010 R15: 0000000000000000 [ 1.391027] FS: 00007fffd6e6e140(0000) GS:ffff91f29ee00000(0000) knlGS:0000000000000000 [ 1.391027] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1.391027] CR2: 00007fc67e24e000 CR3: 000000001bdad000 CR4: 00000000000406f0 [ 1.391027] Stack: [ 1.391027] ffff91f29be3b400 0000000000000001 ffffb820000cf858 ffffb820000cf848 [ 1.391027] ffffffffc0056226 0000000087654321 0000000000000002 0000000000000000 [ 1.391027] 0000000000000000 0000000000000000 000000002a14e409 ffff91f29be3b400 [ 1.391027] Call Trace: [ 1.391027] [<ffffffffc0056226>] virtio_read+0xc6/0x110 [virtio_rng] [ 1.391027] [<ffffffff835be9ee>] add_early_randomness+0x5e/0xd0 [ 1.391027] [<ffffffff835beaa5>] set_current_rng+0x45/0x160 [ 1.391027] [<ffffffff835bee47>] hwrng_register+0xf7/0x130 [ 1.391027] [<ffffffffc0056149>] virtrng_scan+0x19/0x30 [virtio_rng] [ 1.391027] [<ffffffffc00467a8>] virtio_dev_probe+0x198/0x1e0 [virtio] [ 1.391027] [<ffffffff835ebd53>] driver_probe_device+0x223/0x430 [ 1.391027] [<ffffffff835ec0dc>] __device_attach_driver+0x8c/0x100 [ 1.391027] [<ffffffff835ec050>] ? __driver_attach+0xf0/0xf0 [ 1.391027] [<ffffffff835e972a>] bus_for_each_drv+0x6a/0xb0 [ 1.391027] [<ffffffff835eb9c2>] __device_attach+0xe2/0x160 [ 1.391027] [<ffffffff835ec193>] device_initial_probe+0x13/0x20 [ 1.391027] [<ffffffff835eab93>] bus_probe_device+0xa3/0xb0 [ 1.391027] [<ffffffff835e85f2>] device_add+0x382/0x650 [ 1.391027] [<ffffffffc00929b0>] ? vp_modern_find_vqs+0x70/0x70 [virtio_pci] [ 1.391027] [<ffffffffc00929b0>] ? vp_modern_find_vqs+0x70/0x70 [virtio_pci] [ 1.391027] [<ffffffff835e88da>] device_register+0x1a/0x20 [ 1.391027] [<ffffffffc00463f9>] register_virtio_device+0xb9/0x100 [virtio] [ 1.391027] [<ffffffffc0093673>] virtio_pci_probe+0xc3/0x140 [virtio_pci] [ 1.391027] [<ffffffff834c97b5>] local_pci_probe+0x45/0xa0 [ 1.391027] [<ffffffff834ca81a>] ? pci_match_device+0xca/0x110 [ 1.391027] [<ffffffff834cac33>] pci_device_probe+0x103/0x150 [ 1.391027] [<ffffffff835ebd53>] driver_probe_device+0x223/0x430 [ 1.391027] [<ffffffff835ec043>] __driver_attach+0xe3/0xf0 [ 1.391027] [<ffffffff835ebf60>] ? driver_probe_device+0x430/0x430 [ 1.391027] [<ffffffff835e9653>] bus_for_each_dev+0x73/0xc0 [ 1.391027] [<ffffffff835eb47e>] driver_attach+0x1e/0x20 [ 1.391027] [<ffffffff835eaea3>] bus_add_driver+0x173/0x270 [ 1.391027] [<ffffffffc0099000>] ? 0xffffffffc0099000 [ 1.391027] [<ffffffff835ecca0>] driver_register+0x60/0xe0 [ 1.391027] [<ffffffffc0099000>] ? 0xffffffffc0099000 [ 1.391027] [<ffffffff834c90d0>] __pci_register_driver+0x60/0x70 [ 1.391027] [<ffffffffc009901e>] virtio_pci_driver_init+0x1e/0x1000 [virtio_pci] [ 1.391027] [<ffffffff83002190>] do_one_initcall+0x50/0x180 [ 1.391027] [<ffffffff83130ac5>] ? rcu_read_lock_sched_held+0x45/0x80 [ 1.391027] [<ffffffff83275517>] ? kmem_cache_alloc_trace+0x277/0x2d0 [ 1.391027] [<ffffffff831fa457>] ? do_init_module+0x27/0x1f1 [ 1.391027] [<ffffffff831fa48f>] do_init_module+0x5f/0x1f1 [ 1.391027] [<ffffffff8315df91>] load_module+0x2401/0x2b40 [ 1.391027] [<ffffffff8315a7c0>] ? __symbol_put+0x70/0x70 [ 1.391027] [<ffffffff830ec480>] ? sched_clock_cpu+0x90/0xc0 [ 1.391027] [<ffffffff8323a9f3>] ? __might_fault+0x43/0xa0 [ 1.391027] [<ffffffff8315e86b>] SYSC_init_module+0x19b/0x1c0 [ 1.391027] [<ffffffff8315e9ae>] SyS_init_module+0xe/0x10 [ 1.391027] [<ffffffff83909941>] entry_SYSCALL_64_fastpath+0x1f/0xc2 [ 1.391027] Code: ca 75 2c 49 8b 55 08 f6 c2 01 75 25 83 e2 03 81 e3 ff 0f 00 00 45 89 65 14 48 09 d0 41 89 5d 10 49 89 45 08 5b 41 5c 41 5d 5d c3 <0f> 0b 0f 0b 0f 0b 0f 0b 48 8b 15 05 ec 98 00 eb a3 0f 1f 00 55 [ 1.391027] RIP [<ffffffff8347e3fc>] sg_init_one+0x8c/0xa0 [ 1.391027] RSP <ffffb820000cf7d0> [ 1.668095] ---[ end trace 8120a17353b469c4 ]---
Still present in 4.9.0-0.rc1.git2.1.fc26.x86_64
(I have a patch for this, waiting for Rich's test results.)
Confirmed that Laszlo's patch fixes this problem for me.
Created attachment 1212949 [details] [PATCH RESEND] hwrng: core - don't pass stack allocated buffer to rng->read() Patch sent to - linux-crypto.org - linux-kernel.org Message-Id: <20161021204809.14068-1-lersek>
Andy Lutomirski pointed out that an earlier (and better) fix had been picked into the crypto maintainer tree: http://www.mail-archive.com/linux-crypto@vger.kernel.org/msg21515.html Namely hwrng: core - Don't use a stack buffer in add_early_randomness() https://git.kernel.org/cgit/linux/kernel/git/herbert/cryptodev-2.6.git/commit/?id=6d4952d9d9d4dc2bb9c0255d95a09405a1e958f7
I don't see the patch in -rc2. Do you want the patch pulled into rawhide early or is it okay to wait for it to come into an rc (I'm assuming it is going to get pulled into an rc since its is a bug fix for a new feature)
That would be nice, because this bug breaks several scenarios including running any Rawhide guest with virtio-rng, and all use of libguestfs (on Rawhide).
I agree; please apply the patch to rawhide for now.
I had to start a new rawhide build for unrelated reasons so I pulled this patch in to the 2nd version. The fix should be available in kernel-4.9.0-0.rc2.git0.2.fc26 .
The patch actually came in with this mornings rawhide snapshot so everything should be really covered now. Feel free to close this bug once you've verified everything is working as expected.
Rich, do you agree to close this BZ? I'm okay with that.
Yup, I tested the patch earlier, let's close this. Thanks everyone.