5.4.y missing upstream commit 4b793acd, causing: WARNING: in hsr_addr_subst_dest - Linux-stable-mirror

11 May 2021


      Hello Greg,
During Syzkaller reproducer testing on 5.4.y (5.4.118-rc1) the following 
crash occurred:
WARNING: in hsr_addr_subst_dest
https://syzkaller.appspot.com/bug?id=924b5574f42ebeddc94fad06f2fa329b199d58d...
We cherry-pick'd upstream commit 4b793acd to 5.4.y and the crash no 
longer occurs (rebooted 10 times with the fix commit - no failures).
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
The cherry-pick of upstream commit 4b793acd was clean.
[   63.452196] ------------[ cut here ]------------
[   63.453371] hsr_addr_subst_dest: Unknown node
[   63.454993] WARNING: CPU: 2 PID: 16155 at net/hsr/hsr_framereg.c:321 
hsr_addr_subst_dest+0x456/0x510
[   63.457170] Kernel panic - not syncing: panic_on_warn set ...
[   63.458557] CPU: 2 PID: 16155 Comm: 924b5574f42ebed Not tainted 
5.4.118-rc1-syzk #1
[   63.460377] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), 
BIOS ?-20190213_084539-x86-ol7-builder-03.us.oracle.com-1.oci.el7 
04/01/2014
[   63.463426] Call Trace:
[   63.464038]  dump_stack+0xd4/0x119
[   63.464873]  panic+0x28f/0x6ad
[   63.465643]  ? add_taint.cold.9+0x16/0x16
[   63.466624]  ? __probe_kernel_read+0x194/0x1e0
[   63.467700]  ? __warn.cold.12+0x14/0x2f
[   63.468636]  ? __warn+0xdf/0x1d0
[   63.469430]  ? hsr_addr_subst_dest+0x456/0x510
[   63.470509]  __warn.cold.12+0x2f/0x2f
[   63.471407]  ? hsr_addr_subst_dest+0x456/0x510
[   63.472486]  report_bug+0x279/0x300
[   63.473339]  do_error_trap+0x105/0x170
[   63.474263]  do_invalid_op+0x3b/0x50
[   63.475142]  ? hsr_addr_subst_dest+0x456/0x510
[   63.476223]  invalid_op+0x28/0x30
[   63.477040] RIP: 0010:hsr_addr_subst_dest+0x456/0x510
[   63.478368] Code: fb db 07 00 0f 0b e9 a0 fe ff ff e8 84 f6 72 f4 48 
c7 c6 60 9a f9 8f 48 c7 c7 20 9a f9 8f c6 05 c6 e5 d4 05 01 e8 d5 db 07 
00 <0f> 0b e9 7a fe ff ff 4c 89 e7 e8 4b 44 b2 f4 e9 65 fc ff ff e8 21
[   63.482793] RSP: 0018:ffff888100527648 EFLAGS: 00010286
[   63.484054] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 
ffffffff81882886
[   63.485753] RDX: 0000000000000000 RSI: ffffffff815ff026 RDI: 
0000000000000001
[   63.487454] RBP: ffff888100527688 R08: ffff8880b2c6ae80 R09: 
ffffed10216660c9
[   63.489150] R10: ffffed10216660c8 R11: ffff88810b330647 R12: 
ffff8880b2e1a8e0
[   63.490853] R13: 00000000e3ffe048 R14: ffff8880b2e1a8e0 R15: 
00000000ff39fffd
[   63.492568]  ? __irq_work_queue_local+0xa6/0xe0
[   63.493667]  ? vprintk_func+0x86/0x120
[   63.494585]  ? hsr_addr_subst_dest+0x456/0x510
[   63.495660]  hsr_forward_skb+0x1329/0x1cb0
[   63.496655]  hsr_dev_xmit+0x115/0x190
[   63.497560]  dev_hard_start_xmit+0x13f/0x630
[   63.498592]  ? __sanitizer_cov_trace_cmp4+0x20/0x20
[   63.499760]  __dev_queue_xmit+0x1e4a/0x2860
[   63.500769]  ? __kmalloc_reserve.isra.54+0xf0/0xf0
[   63.501917]  ? netdev_core_pick_tx+0x300/0x300
[   63.502988]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   63.504278]  ? alloc_skb_with_frags+0x38e/0x540
[   63.505367]  ? prep_new_page+0x13d/0x330
[   63.506317]  ? __kasan_check_write+0x14/0x20
[   63.507355]  ? __mod_zone_page_state+0xa5/0xd0
[   63.508430]  ? __kasan_check_write+0x14/0x20
[   63.509459]  ? copyin+0x85/0xd0
[   63.510223]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   63.511391]  ? _copy_from_iter+0x2dc/0xb20
[   63.512390]  ? __virt_addr_valid+0x247/0x310
[   63.513432]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   63.514740]  ? packet_parse_headers.isra.64+0x347/0x490
[   63.515995]  ? packet_parse_headers.isra.64+0x12a/0x490
[   63.517242]  ? tpacket_destruct_skb+0x570/0x570
[   63.518336]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   63.519513]  dev_queue_xmit+0x1c/0x20
[   63.520403]  packet_sendmsg+0x198f/0x2ee0
[   63.521368]  ? tpacket_snd+0x4050/0x4050
[   63.522319]  ? selinux_secmark_relabel_packet+0xe0/0xe0
[   63.523577]  ? selinux_socket_bind+0x163/0x980
[   63.524650]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   63.525821]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   63.527114]  ? security_socket_sendmsg+0x99/0xc0
[   63.528227]  ? tpacket_snd+0x4050/0x4050
[   63.529180]  sock_sendmsg+0x155/0x190
[   63.530068]  __sys_sendto+0x27f/0x3b0
[   63.530959]  ? __ia32_sys_getpeername+0xb0/0xb0
[   63.532048]  ? packet_do_bind+0x470/0x990
[   63.533018]  ? packet_bind+0x169/0x1c0
[   63.533933]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   63.535228]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   63.536406]  ? __audit_syscall_entry+0x43c/0x580
[   63.537516]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   63.538810]  ? syscall_trace_enter+0x498/0xdb0
[   63.539886]  ? trace_event_raw_event_sys_exit+0x280/0x280
[   63.541180]  ? __audit_syscall_exit+0x791/0xc30
[   63.542273]  __x64_sys_sendto+0xe6/0x1a0
[   63.543226]  do_syscall_64+0xe6/0x4d0
[   63.544118]  ? prepare_exit_to_usermode+0x1bf/0x280
[   63.545291]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   63.546515] RIP: 0033:0x4332a9
[   63.547263] Code: fd ff 48 81 c4 80 00 00 00 e9 f1 fe ff ff 0f 1f 00 
48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 
05 <48> 3d 01 f0 ff ff 0f 83 bb ad fd ff c3 66 2e 0f 1f 84 00 00 00 00
[   63.551678] RSP: 002b:00007fff7655df08 EFLAGS: 00000216 ORIG_RAX: 
000000000000002c
[   63.553473] RAX: ffffffffffffffda RBX: 0000000000400328 RCX: 
00000000004332a9
[   63.555172] RDX: 0000000000000011 RSI: 0000000020000140 RDI: 
0000000000000003
[   63.556872] RBP: 00007fff7655df30 R08: 0000000000000000 R09: 
0000000000000000
[   63.558575] R10: 0000000000000004 R11: 0000000000000216 R12: 
0000000000000000
[   63.560267] R13: 000000000040e3b0 R14: 000000000040e440 R15: 
0000000000000006
[   63.562771] Dumping ftrace buffer:
[   63.563604] ---------------------------------
[   63.564685] rb_produ-210       2.... 7283224us : 
ring_buffer_producer_thread: Starting ring buffer hammer
[   63.566936] rb_produ-210       2.... 17283292us : 
ring_buffer_producer_thread: End ring buffer hammer
[   63.569115] rb_produ-210       2.... 17365464us : 
ring_buffer_producer_thread: Running Consumer at nice: 19
[   63.571415] rb_produ-210       2.... 17365467us : 
ring_buffer_producer_thread: Running Producer at nice: 19
[   63.573721] rb_produ-210       2.... 17365468us : 
ring_buffer_producer_thread: WARNING!!! This test is running at lowest 
priority.
[   63.576489] rb_produ-210       2.... 17365470us : 
ring_buffer_producer_thread: Time:     10000059 (usecs)
[   63.578750] rb_produ-210       2.... 17365472us : 
ring_buffer_producer_thread: Overruns: 3881100
[   63.580827] rb_produ-210       2.... 17365475us : 
ring_buffer_producer_thread: Read:     3590700  (by events)
[   63.583167] rb_produ-210       2.... 17365477us : 
ring_buffer_producer_thread: Entries:  0
[   63.585128] rb_produ-210       2.... 17365479us : 
ring_buffer_producer_thread: Total:    7471800
[   63.587213] rb_produ-210       2.... 17365481us : 
ring_buffer_producer_thread: Missed:   0
[   63.589173] rb_produ-210       2.... 17365482us : 
ring_buffer_producer_thread: Hit:      7471800
[   63.591256] rb_produ-210       2.... 17365484us : 
ring_buffer_producer_thread: Entries per millisec: 747
[   63.593506] rb_produ-210       2.... 17365486us : 
ring_buffer_producer_thread: 1338 ns per entry
[   63.595587] rb_produ-210       2.... 17365487us : 
ring_buffer_producer_thread: Sleeping for 10 secs
[   63.597728] rb_produ-210       2.... 37929811us : 
ring_buffer_producer_thread: End ring buffer hammer
[   63.599913] rb_produ-210       2.... 37951467us : 
ring_buffer_producer_thread: Running Consumer at nice: 19
[   63.602208] rb_produ-210       2.... 37951471us : 
ring_buffer_producer_thread: Running Producer at nice: 19
[   63.604506] rb_produ-210       2.... 37951472us : 
ring_buffer_producer_thread: WARNING!!! This test is running at lowest 
priority.
[   63.607272] rb_produ-210       2.... 37951474us : 
ring_buffer_producer_thread: Time:     10092798 (usecs)
[   63.609540] rb_produ-210       2.... 37951476us : 
ring_buffer_producer_thread: Overruns: 195330
[   63.611593] rb_produ-210       2.... 37951479us : 
ring_buffer_producer_thread: Read:     1469527  (by pages)
[   63.613901] rb_produ-210       2.... 37951481us : 
ring_buffer_producer_thread: Entries:  4193
[   63.615917] rb_produ-210       2.... 37951482us : 
ring_buffer_producer_thread: Total:    1669050
[   63.617991] rb_produ-210       2.... 37951484us : 
ring_buffer_producer_thread: Missed:   0
[   63.619945] rb_produ-210       2.... 37951486us : 
ring_buffer_producer_thread: Hit:      1669050
[   63.622016] rb_produ-210       2.... 37951488us : 
ring_buffer_producer_thread: Entries per millisec: 165
[   63.624245] rb_produ-210       2.... 37951489us : 
ring_buffer_producer_thread: 6060 ns per entry
[   63.626315] rb_produ-210       2.... 37951490us : 
ring_buffer_producer_thread: Sleeping for 10 secs
[   63.628448] rb_produ-210       2.... 48317537us : 
ring_buffer_producer_thread: Starting ring buffer hammer
[   63.630703] ---------------------------------
Thank you,
George