Description of problem: I was trying to experiment with bond devices in a qemu machine. I added two virtio-net interfaces. Adding them as slaves results in oops: $ ip l ... 5: ens14: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether 52:54:00:e9:64:41 brd ff:ff:ff:ff:ff:ff 6: ens15: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether 52:54:00:e9:64:42 brd ff:ff:ff:ff:ff:ff $ sudo ip link add bond1 type bond $ sudo ip link set ens14 master bond1 Segmentation fault Mon 2016-12-05 12:15:25 EST kernel: ------------[ cut here ]------------ Mon 2016-12-05 12:15:25 EST kernel: kernel BUG at ./include/linux/scatterlist.h:140! Mon 2016-12-05 12:15:25 EST kernel: invalid opcode: 0000 [#1] SMP Mon 2016-12-05 12:15:25 EST kernel: Modules linked in: bonding ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ip Mon 2016-12-05 12:15:25 EST kernel: ata_generic crc32c_intel qxl drm_kms_helper virtio_pci serio_raw ttm drm pata_acpi Mon 2016-12-05 12:15:25 EST kernel: CPU: 5 PID: 1983 Comm: ip Not tainted 4.9.0-0.rc6.git2.1.fc26.x86_64 #1 Mon 2016-12-05 12:15:25 EST kernel: Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.0.0 02/06/2015 Mon 2016-12-05 12:15:25 EST kernel: task: ffff9d50a3583240 task.stack: ffffb06e41040000 Mon 2016-12-05 12:15:25 EST kernel: RIP: 0010:[<ffffffffbc4896fc>] [<ffffffffbc4896fc>] sg_init_one+0x8c/0xa0 Mon 2016-12-05 12:15:25 EST kernel: RSP: 0018:ffffb06e41043698 EFLAGS: 00010246 Mon 2016-12-05 12:15:25 EST kernel: RAX: 0000000000000000 RBX: ffffb06e41043774 RCX: 0000000000000028 Mon 2016-12-05 12:15:25 EST kernel: RDX: 0000131ec1043774 RSI: 0000000000000013 RDI: ffffb06ec1043774 Mon 2016-12-05 12:15:25 EST kernel: RBP: ffffb06e410436b0 R08: 00000000001ddbe0 R09: ffffb06e410436c8 Mon 2016-12-05 12:15:25 EST kernel: R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000006 Mon 2016-12-05 12:15:25 EST kernel: R13: ffffb06e410436c8 R14: ffff9d50b2dc1800 R15: ffff9d50b3db9600 Mon 2016-12-05 12:15:25 EST kernel: FS: 00007f15347e5700(0000) GS:ffff9d50bb000000(0000) knlGS:0000000000000000 Mon 2016-12-05 12:15:25 EST kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Mon 2016-12-05 12:15:25 EST kernel: CR2: 00007ffc09bc4000 CR3: 0000000135797000 CR4: 00000000000406e0 Mon 2016-12-05 12:15:25 EST kernel: Stack: Mon 2016-12-05 12:15:25 EST kernel: ffff9d50b229d000 0000000000000000 ffffb06e41043772 ffffb06e41043720 Mon 2016-12-05 12:15:25 EST kernel: ffffffffc0051123 ffff9d50a3583240 0000000087654321 0000000000000002 Mon 2016-12-05 12:15:25 EST kernel: 0000000000000000 0000000000000000 0000000000000000 000000007b8f5301 Mon 2016-12-05 12:15:25 EST kernel: Call Trace: Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffc0051123>] virtnet_set_mac_address+0xb3/0x140 [virtio_net] Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffbc7ae305>] dev_set_mac_address+0x55/0xc0 Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffc03f319e>] bond_enslave+0x34e/0x1180 [bonding] Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffbc7ca22f>] do_setlink+0x6cf/0xd10 Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffbc20dd6a>] ? get_page_from_freelist+0x6ba/0xca0 Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffbc037de9>] ? sched_clock+0x9/0x10 Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffbc068475>] ? kvm_sched_clock_read+0x25/0x40 Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffbc111ed6>] ? __lock_acquire+0x346/0x1290 Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffbc4aa436>] ? nla_parse+0xa6/0x120 Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffbc7ce9e8>] rtnl_newlink+0x5c8/0x870 Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffbc3ecb32>] ? avc_has_perm_noaudit+0x32/0x210 Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffbc0bbfca>] ? ns_capable_common+0x7a/0x90 Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffbc0bbff3>] ? ns_capable+0x13/0x20 Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffbc7ced76>] rtnetlink_rcv_msg+0xe6/0x210 Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffbc7c951b>] ? rtnetlink_rcv+0x1b/0x40 Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffbc7c951b>] ? rtnetlink_rcv+0x1b/0x40 Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffbc7cec90>] ? rtnl_newlink+0x870/0x870 Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffbc7f7394>] netlink_rcv_skb+0xa4/0xc0 Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffbc7c952a>] rtnetlink_rcv+0x2a/0x40 Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffbc7f6d07>] netlink_unicast+0x1f7/0x2f0 Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffbc7f6c7f>] ? netlink_unicast+0x16f/0x2f0 Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffbc7f7102>] netlink_sendmsg+0x302/0x3c0 Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffbc790c28>] sock_sendmsg+0x38/0x50 Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffbc791773>] ___sys_sendmsg+0x2e3/0x2f0 Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffbc18830d>] ? __audit_syscall_entry+0xad/0xf0 Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffbc068475>] ? kvm_sched_clock_read+0x25/0x40 Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffbc037de9>] ? sched_clock+0x9/0x10 Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffbc18830d>] ? __audit_syscall_entry+0xad/0xf0 Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffbc18830d>] ? __audit_syscall_entry+0xad/0xf0 Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffbc111775>] ? trace_hardirqs_on_caller+0xf5/0x1b0 Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffbc7924b4>] __sys_sendmsg+0x54/0x90 Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffbc792502>] SyS_sendmsg+0x12/0x20 Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffbc003eec>] do_syscall_64+0x6c/0x1f0 Mon 2016-12-05 12:15:25 EST kernel: [<ffffffffbc917589>] entry_SYSCALL64_slow_path+0x25/0x25 Mon 2016-12-05 12:15:25 EST kernel: Code: ca 75 2c 49 8b 55 08 f6 c2 01 75 25 83 e2 03 81 e3 ff 0f 00 00 45 89 65 14 48 Mon 2016-12-05 12:15:25 EST kernel: RIP [<ffffffffbc4896fc>] sg_init_one+0x8c/0xa0 Mon 2016-12-05 12:15:25 EST kernel: RSP <ffffb06e41043698> Mon 2016-12-05 12:15:25 EST kernel: ---[ end trace 9076d2284efbf735 ]--- Version-Release number of selected component (if applicable): kernel-4.9.0-0.rc6.git2.1.fc26.x86_64 How reproducible: 100%. systemd-networkd triggers the same oops.
With the device type changed to e1000, no crash.
BUG_ON(!virt_addr_valid(buf)); This looks like another issue with vmap stacks. I'll double check the mailing list archives to see if this has been reported already.
Try this: https://lkml.kernel.org/r/fe889e578d5dffa9ae0834b449a35fcfd1e10694.1480990173.git.luto@kernel.org
Fix given and accepted by maintainers. I threw it in today's rawhide, should actually be showing up in Linus' tree before the final 4.9 release.
That was fast. Thanks!