FS#67026 - [linux] kernel NULL pointer dereference in macsec/macsec_add_rxsa

Attached to Project: Arch Linux
Opened by Frantisek Sumsal (mrc0mmand) - Wednesday, 17 June 2020, 10:55 GMT
Last edited by freswa (frederik) - Sunday, 13 September 2020, 14:58 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Tobias Powalowski (tpowa)
Jan Alexander Steffens (heftig)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

One of our upstream systemd CI systems got upgraded to 5.7.2.arch1-1 and the systemd-networkd test suite started failing due to a kernel issue:

[ 47.165764] systemd[1]: Started Network Service.
[ 47.165836] systemd-networkd[394]: dummy98: IPv6 successfully enabled
[ 47.165877] systemd-networkd[394]: eth0: IPv6 successfully enabled
[ 47.170470] kernel: MACsec IEEE 802.1AE
[ 47.173488] systemd-networkd[394]: macsec99: netdev ready
[ 47.181490] kernel: BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 47.181529] kernel: #PF: supervisor read access in kernel mode
[ 47.181553] kernel: #PF: error_code(0x0000) - not-present page
[ 47.181577] kernel: PGD 0 P4D 0
[ 47.181592] kernel: Oops: 0000 [#1] PREEMPT SMP PTI
[ 47.181614] kernel: CPU: 0 PID: 394 Comm: systemd-network Not tainted 5.7.2-arch1-1 #1
[ 47.181645] kernel: Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproject.org-3.fc31 04/01/2014
[ 47.181701] kernel: RIP: 0010:macsec_add_rxsa+0x1ee/0x520 [macsec]
[ 47.181726] kernel: Code: fe ff ff 48 8b 85 48 ff ff ff 0f b7 30 48 8b 85 e8 fe ff ff 0f b7 50 18 83 ee 04 39 f2 0f 85 c6 54 00 00 48 8b 95 40 ff ff ff <0f> b7 32 83 ee 04 80 78 20 00 0f 84 ff 01 00 00 83 fe 08 0f 85 0f
[ 47.181782] kernel: RSP: 0018:ffffb10dc058ba80 EFLAGS: 00010246
[ 47.181795] kernel: RAX: ffffa13335bd8900 RBX: ffffa13379957360 RCX: 0000000000000000
[ 47.181817] kernel: RDX: 0000000000000000 RSI: 0000000000000010 RDI: ffffb10dc058ba50
[ 47.181834] kernel: RBP: ffffb10dc058bbc0 R08: ffffb10dc058baa8 R09: 0000000000000008
[ 47.181852] kernel: R10: 0000000000000001 R11: ffffffffc0a26b70 R12: 0000000000000000
[ 47.181870] kernel: R13: ffffa133768c0a20 R14: ffffb10dc058bb38 R15: ffffb10dc058bab8
[ 47.181894] kernel: FS: 00007f20464e8a80(0000) GS:ffffa1337dc00000(0000) knlGS:0000000000000000
[ 47.181907] kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 47.181917] kernel: CR2: 0000000000000000 CR3: 0000000035aac001 CR4: 0000000000160ef0
[ 47.181933] kernel: Call Trace:
[ 47.181958] kernel: ? genl_rcv_msg+0x1d2/0x475
[ 47.181967] kernel: genl_rcv_msg+0x1d2/0x475
[ 47.181989] kernel: ? netlink_unicast+0x309/0x340
[ 47.182001] kernel: ? genl_family_rcv_msg_attrs_parse.isra.0+0xf0/0xf0
[ 47.182028] kernel: netlink_rcv_skb+0x75/0x140
[ 47.182040] kernel: genl_rcv+0x24/0x40
[ 47.182048] kernel: netlink_unicast+0x242/0x340
[ 47.182057] kernel: netlink_sendmsg+0x243/0x480
[ 47.182072] kernel: sock_sendmsg+0x5e/0x60
[ 47.182087] kernel: __sys_sendto+0x120/0x180
[ 47.182097] kernel: __x64_sys_sendto+0x25/0x30
[ 47.182111] kernel: do_syscall_64+0x49/0x90
[ 47.182135] kernel: entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 47.182152] kernel: RIP: 0033:0x7f204745c1da
[ 47.182160] kernel: Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 76 c3 0f 1f 44 00 00 55 48 83 ec 30 44 89 4c
[ 47.182187] kernel: RSP: 002b:00007ffd313458a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 47.182201] kernel: RAX: ffffffffffffffda RBX: 00007ffd3134592c RCX: 00007f204745c1da
[ 47.182213] kernel: RDX: 0000000000000068 RSI: 000055a30dfa5230 RDI: 0000000000000009
[ 47.182224] kernel: RBP: 000055a30df8c810 R08: 00007ffd313458b0 R09: 0000000000000010
[ 47.182235] kernel: R10: 0000000000000000 R11: 0000000000000246 R12: 000055a30dfaa750
[ 47.182247] kernel: R13: 000000000000018a R14: 000055a30dfa52f0 R15: 000055a30d3cfb20
[ 47.182260] kernel: Modules linked in: macsec dummy intel_rapl_msr intel_rapl_common kvm_intel kvm irqbypass cfg80211 crct10dif_pclmul rfkill 8021q ghash_clmulni_intel garp mrp stp cirrus llc drm_kms_helper joydev mousedev cec psmouse input_leds rc_core pcspkr syscopya>
[ 47.184381] kernel: CR2: 0000000000000000
[ 47.185867] kernel: ---[ end trace 7d9b92c66c9d41fc ]---
[ 47.187103] kernel: RIP: 0010:macsec_add_rxsa+0x1ee/0x520 [macsec]
[ 47.188342] kernel: Code: fe ff ff 48 8b 85 48 ff ff ff 0f b7 30 48 8b 85 e8 fe ff ff 0f b7 50 18 83 ee 04 39 f2 0f 85 c6 54 00 00 48 8b 95 40 ff ff ff <0f> b7 32 83 ee 04 80 78 20 00 0f 84 ff 01 00 00 83 fe 08 0f 85 0f
[ 47.190198] kernel: RSP: 0018:ffffb10dc058ba80 EFLAGS: 00010246
[ 47.191464] kernel: RAX: ffffa13335bd8900 RBX: ffffa13379957360 RCX: 0000000000000000
[ 47.193298] kernel: RDX: 0000000000000000 RSI: 0000000000000010 RDI: ffffb10dc058ba50
[ 47.194095] kernel: RBP: ffffb10dc058bbc0 R08: ffffb10dc058baa8 R09: 0000000000000008
[ 47.194779] kernel: R10: 0000000000000001 R11: ffffffffc0a26b70 R12: 0000000000000000
[ 47.195257] kernel: R13: ffffa133768c0a20 R14: ffffb10dc058bb38 R15: ffffb10dc058bab8
[ 47.196289] kernel: FS: 00007f20464e8a80(0000) GS:ffffa1337dc00000(0000) knlGS:0000000000000000
[ 47.197811] kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 47.198446] kernel: CR2: 00007fa33a82e100 CR3: 0000000035aac001 CR4: 0000000000160ef0
[ 108.142145] systemd-udevd[280]: macsec99: Worker [396] processing SEQNUM=2177 is taking a long time
[ 109.546708] systemd-logind[313]: Power key pressed.


Additional info:
* package version(s)
# pacman -Q systemd linux
systemd 245.6-6
linux 5.7.2.arch1-1

* config and/or log files etc.
See the attachment for systemd-networkd configuration files which reproduce the issue.

Steps to reproduce:
1) unpack the tarball to /etc/systemd/network
2) # systemctl start systemd-networkd
3) network fails to come up and dmesg/journal contains the kernel trace mentioned above

* link to upstream bug report, if any
(systemd) https://github.com/systemd/systemd/issues/16199
This task depends upon

Closed by  freswa (frederik)
Sunday, 13 September 2020, 14:58 GMT
Reason for closing:  Upstream
Additional comments about closing:  https://bugzilla.kernel.org/show_bug.cgi ?id=208315
Comment by Frantisek Sumsal (mrc0mmand) - Thursday, 25 June 2020, 13:47 GMT
This issue is still present in kernel 5.8.0, filed as https://bugzilla.kernel.org/show_bug.cgi?id=208315.

Loading...