Hi all, I get kernel panic on 'floppy' module load. If I blacklist the module, then everything works. The issue happens in Xen HVM, other virtualization modes (PV, PVH) works fine. PV dom0 works too. I haven't tried bare metal, but I assume it works fine too. The issue happens on newer kernels too (5.8.10 crashes, 5.8.5 works), but I have it most analyzed on 4.19.x. Other interesting observations: - The crash does not manifest when the VM does nothing else than loading floppy (by adding systemd.target=modprobe@floppy.service to kernel cmdline). - This bug is not just another "memory corruption" one, but appears to be caused by a hole where the IOAPIC registers are supposed to be mapped. If this is a pagetable corruption then this is a blocker. - No other significant differences in kmsg are observed (In particular, I/O APIC appears to be initialised successfully without any anomalies). - Modules linked in: floppy(+) xenfs xen_gntdev xen_gntalloc xen_privcmd xen_evtchn overlay xen_blkfront - Loading floppy early in boot along with the module list above (nopat modules-load=xenfs,xen-gntdev,xen-gntalloc,xen-privcmd,xen-evtchn,xen-blkfront,overlay,floppy) seems to avoid the crash. - Even with the above, unloading and reloading floppy still results in a crash. I've read git log between 4.19.142 and 4.19.143 and I don't see any obvious change that could cause this. The only thing that may be remotely relevant is a "XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information." commit, so I'm adding involved people to this thread. The actual crash message (this is from 4.19.144, but it is the same on 4.19.143): [ 2.631097] BUG: unable to handle kernel paging request at ffffffffff5f9000 [ 2.631117] PGD 1220e067 P4D 1220e067 PUD 12210067 PMD 12211067 PTE 0 [ 2.631135] Oops: 0002 [#1] SMP PTI [ 2.631147] CPU: 1 PID: 275 Comm: systemd-udevd Tainted: G O 4.19.144-1.pvops.qubes.x86_64 #1 [ 2.631173] Hardware name: Xen HVM domU, BIOS 4.8.5-22.fc25 08/15/2020 [ 2.631192] RIP: 0010:ioapic_configure_entry+0x66/0xb0 [ 2.631206] Code: 8d 88 04 02 00 00 48 8d 04 c0 44 8d 52 11 4d 8d 1c c0 c1 e1 0c 48 63 c9 41 8b 43 14 25 ff 0f 00 00 48 2d 00 10 80 00 48 29 c8 <44> 89 10 44 89 48 10 41 8b 43 14 83 c2 10 25 ff 0f 00 00 48 2d 00 [ 2.631251] RSP: 0000:ffffaf4f40353b08 EFLAGS: 00010086 [ 2.631265] RAX: ffffffffff5f9000 RBX: ffff8c3155ad7480 RCX: 0000000000206000 [ 2.631285] RDX: 0000000000000008 RSI: ffff8c314e369640 RDI: 00000000ffffffff [ 2.631304] RBP: ffff8c3155914828 R08: ffffffffb09cfac0 R09: 0000000000000001 [ 2.631324] R10: 0000000000000019 R11: ffffffffb09cfb50 R12: ffff8c3155935e00 [ 2.631343] R13: ffff8c3155914828 R14: ffff8c3155914960 R15: ffff8c31559148a4 [ 2.631363] FS: 000072ea2b67fb80(0000) GS:ffff8c3156f00000(0000) knlGS:0000000000000000 [ 2.631383] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2.631399] CR2: ffffffffff5f9000 CR3: 000000000c266005 CR4: 00000000001606e0 [ 2.631420] Call Trace: [ 2.631433] mp_irqdomain_activate+0x21/0x40 [ 2.631448] __irq_domain_activate_irq+0x60/0xa0 [ 2.631462] irq_domain_activate_irq+0x25/0x40 [ 2.631476] __setup_irq+0x3ba/0x720 [ 2.631486] request_threaded_irq+0xfa/0x170 [ 2.631502] floppy_module_init+0xa33/0x1d23 [floppy] [ 2.631518] ? netlink_broadcast_filtered+0x157/0x410 [ 2.631533] ? set_cmos+0x112/0x112 [floppy] [ 2.631548] do_one_initcall+0x4d/0x1d6 [ 2.631559] ? free_unref_page_commit+0x9f/0x120 [ 2.631573] ? _cond_resched+0x16/0x40 [ 2.631584] ? kmem_cache_alloc_trace+0x169/0x1e0 [ 2.631598] do_init_module+0x5b/0x20e [ 2.631610] load_module+0x1bb9/0x1fc0 [ 2.631624] ? ima_post_read_file+0xe2/0x120 [ 2.631639] ? __do_sys_finit_module+0xd2/0x100 [ 2.631653] __do_sys_finit_module+0xd2/0x100 [ 2.631667] do_syscall_64+0x5b/0x190 [ 2.631679] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2.631693] RIP: 0033:0x72ea2c7a137d [ 2.631704] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d eb 6a 0c 00 f7 d8 64 89 01 48 [ 2.631749] RSP: 002b:00007fffafe7b4f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 2.631770] RAX: ffffffffffffffda RBX: 000064f1749ff120 RCX: 000072ea2c7a137d [ 2.631790] RDX: 0000000000000000 RSI: 000072ea2c40095d RDI: 0000000000000006 [ 2.631809] RBP: 0000000000020000 R08: 0000000000000000 R09: 0000000000000007 [ 2.631828] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000000 [ 2.631848] R13: 000072ea2c40095d R14: 000064f174c89690 R15: 000064f1749fedd0 [ 2.631868] Modules linked in: floppy(+) iwldvm(+) mac80211 fjes(-) iwlwifi cfg80211 ttm ehci_pci rfkill e1000e(+) drm_kms_helper ehci_hcd ata_generic pata_acpi i2c_piix4 u2mfn(O) xen_gnt dev xen_gntalloc xen_blkback xen_evtchn drm xenfs xen_privcmd overlay xen_blkfront [ 2.631932] CR2: ffffffffff5f9000 [ 2.631944] ---[ end trace 28ae492a4a502a7c ]--- [ 2.631958] RIP: 0010:ioapic_configure_entry+0x66/0xb0 [ 2.631972] Code: 8d 88 04 02 00 00 48 8d 04 c0 44 8d 52 11 4d 8d 1c c0 c1 e1 0c 48 63 c9 41 8b 43 14 25 ff 0f 00 00 48 2d 00 10 80 00 48 29 c8 <44> 89 10 44 89 48 10 41 8b 43 14 83 c2 10 25 ff 0f 00 00 48 2d 00 [ 2.632018] RSP: 0000:ffffaf4f40353b08 EFLAGS: 00010086 [ 2.632032] RAX: ffffffffff5f9000 RBX: ffff8c3155ad7480 RCX: 0000000000206000 [ 2.632051] RDX: 0000000000000008 RSI: ffff8c314e369640 RDI: 00000000ffffffff [ 2.632071] RBP: ffff8c3155914828 R08: ffffffffb09cfac0 R09: 0000000000000001 [ 2.632090] R10: 0000000000000019 R11: ffffffffb09cfb50 R12: ffff8c3155935e00 [ 2.632109] R13: ffff8c3155914828 R14: ffff8c3155914960 R15: ffff8c31559148a4 [ 2.632129] FS: 000072ea2b67fb80(0000) GS:ffff8c3156f00000(0000) knlGS:0000000000000000 [ 2.632149] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2.632166] CR2: ffffffffff5f9000 CR3: 000000000c266005 CR4: 00000000001606e0 [ 2.632185] Kernel panic - not syncing: Fatal exception [ 2.632319] Kernel Offset: 0x2e000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
Attachment:
signature.asc
Description: PGP signature