Bug 208315

Summary: [macsec] kernel NULL pointer dereference in macsec_add_rxsa
Product: Drivers Reporter: Frantisek Sumsal (frantisek)
Component: NetworkAssignee: drivers_network (drivers_network)
Status: RESOLVED CODE_FIX    
Severity: high CC: emericv
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 5.11.16-arch1-1 Subsystem:
Regression: Yes Bisected commit-id:
Attachments: systemd-networkd config files for reproducing the issue

Description Frantisek Sumsal 2020-06-25 13:44:19 UTC 
Created attachment 289885 [details]
systemd-networkd config files for reproducing the issue

Hello,

Our upstream systemd-networkd testsuite[0] managed to hit a NULL pointer dereference in the macsec driver on Arch Linux on kernel 5.7.2, filed as [1]. After minimizing the reproducer, I tried on Fedora Rawhide with 5.8.0-0.rc2.20200623gitdd0d718152e4.1 and apart from the original NULL pointer dereference, there's also "kernel: BUG: sleeping function called from invalid context at include/linux/percpu-rwsem.h:49":

[   76.101843] MACsec IEEE 802.1AE
[   76.160695] BUG: kernel NULL pointer dereference, address: 0000000000000000
[   76.166980] #PF: supervisor read access in kernel mode
[   76.168639] #PF: error_code(0x0000) - not-present page
[   76.170211] PGD 0 P4D 0 
[   76.170993] Oops: 0000 [#1] SMP PTI
[   76.172048] CPU: 0 PID: 581 Comm: systemd-network Not tainted 5.8.0-0.rc2.20200623gitdd0d718152e4.1.fc33.x86_64 #1
[   76.175034] Hardware name: Red Hat OpenStack Compute, BIOS 1.11.0-2.el7 04/01/2014
[   76.177432] RIP: 0010:macsec_add_rxsa+0x1a1/0x540 [macsec]
[   76.179285] Code: b6 78 04 48 8b 85 48 ff ff ff 0f b7 30 48 8b 85 e8 fe ff ff 0f b7 50 18 83 ee 04 39 f2 0f 85 f3 5b 00 00 48 8b 95 40 ff ff ff <0f> b7 32 83 ee 04 80 78 20 00 0f 84 31 02 00 00 83 fe 08 0f 85 7e
[   76.185346] RSP: 0018:ffffade24030fb10 EFLAGS: 00010246
[   76.186924] RAX: ffff9a28f12a9c00 RBX: ffff9a28f0b402a0 RCX: 0000000000000000
[   76.189178] RDX: 0000000000000000 RSI: 0000000000000010 RDI: 0000000000000246
[   76.191657] RBP: ffffade24030fc40 R08: 0000000000000001 R09: 0000000000000001
[   76.193924] R10: 0000000000000001 R11: 0000000000000000 R12: ffff9a28f0ff5900
[   76.196152] R13: 0000000000000000 R14: ffff9a28f0ff5900 R15: 0000000000000002
[   76.198246] FS:  00007f6620d82b80(0000) GS:ffff9a28ffc00000(0000) knlGS:0000000000000000
[   76.200686] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   76.202431] CR2: 0000000000000000 CR3: 000000006f89a001 CR4: 00000000007606f0
[   76.204581] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   76.206840] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   76.208937] PKRU: 55555554
[   76.209754] Call Trace:
[   76.210581]  ? avc_has_perm_noaudit+0xd8/0x1b0
[   76.212136]  ? find_held_lock+0x32/0x90
[   76.213356]  ? __nla_parse+0x22/0x25
[   76.214418]  ? genl_rcv_msg+0x18e/0x2d0
[   76.215584]  genl_rcv_msg+0x18e/0x2d0
[   76.216723]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x100/0x100
[   76.218553]  netlink_rcv_skb+0x47/0x110
[   76.219700]  genl_rcv+0x24/0x40
[   76.220622]  netlink_unicast+0x16d/0x230
[   76.221835]  netlink_sendmsg+0x23f/0x460
[   76.223044]  sock_sendmsg+0x5e/0x60
[   76.224275]  __sys_sendto+0xf1/0x160
[   76.225349]  ? finish_task_switch+0x6a/0x2b0
[   76.226592]  ? syscall_trace_enter+0x14a/0x330
[   76.227870]  __x64_sys_sendto+0x25/0x30
[   76.228997]  do_syscall_64+0x52/0xb0
[   76.230207]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   76.231826] RIP: 0033:0x7f6621ed65da
[   76.232913] Code: Bad RIP value.
[   76.233921] RSP: 002b:00007fff84af46d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   76.236278] RAX: ffffffffffffffda RBX: 00007fff84af476c RCX: 00007f6621ed65da
[   76.238943] RDX: 0000000000000068 RSI: 0000558547dc8760 RDI: 0000000000000008
[   76.241343] RBP: 0000558547dac970 R08: 00007fff84af46e0 R09: 0000000000000010
[   76.243827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000558547dc3f30
[   76.246346] R13: 0000000000000245 R14: 0000558547dc3a50 R15: 00005585477231c0
[   76.248843] Modules linked in: macsec dummy rfkill intel_rapl_msr intel_rapl_common isst_if_common nfit libnvdimm kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul snd_pcsp ghash_clmulni_intel cirrus snd_pcm drm_kms_helper snd_timer snd virtio_net cec joydev net_failover i2c_piix4 soundcore failover virtio_balloon sunrpc drm ip_tables crc32c_intel virtio_blk ata_generic serio_raw pata_acpi qemu_fw_cfg
[   76.262289] CR2: 0000000000000000
[   76.264050] ---[ end trace cd005af67828341d ]---
[   76.265957] RIP: 0010:macsec_add_rxsa+0x1a1/0x540 [macsec]
[   76.268118] Code: b6 78 04 48 8b 85 48 ff ff ff 0f b7 30 48 8b 85 e8 fe ff ff 0f b7 50 18 83 ee 04 39 f2 0f 85 f3 5b 00 00 48 8b 95 40 ff ff ff <0f> b7 32 83 ee 04 80 78 20 00 0f 84 31 02 00 00 83 fe 08 0f 85 7e
[   76.275801] RSP: 0018:ffffade24030fb10 EFLAGS: 00010246
[   76.278464] RAX: ffff9a28f12a9c00 RBX: ffff9a28f0b402a0 RCX: 0000000000000000
[   76.281788] RDX: 0000000000000000 RSI: 0000000000000010 RDI: 0000000000000246
[   76.285594] RBP: ffffade24030fc40 R08: 0000000000000001 R09: 0000000000000001
[   76.289405] R10: 0000000000000001 R11: 0000000000000000 R12: ffff9a28f0ff5900
[   76.292696] R13: 0000000000000000 R14: ffff9a28f0ff5900 R15: 0000000000000002
[   76.295906] FS:  00007f6620d82b80(0000) GS:ffff9a28ffc00000(0000) knlGS:0000000000000000
[   76.299093] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   76.301264] CR2: 0000000000000000 CR3: 000000006f89a001 CR4: 00000000007606f0
[   76.303817] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   76.306452] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   76.309016] PKRU: 55555554
[   76.310244] BUG: sleeping function called from invalid context at include/linux/percpu-rwsem.h:49
[   76.313335] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 581, name: systemd-network
[   76.316609] INFO: lockdep is turned off.
[   76.318188] irq event stamp: 81664
[   76.319568] hardirqs last  enabled at (81663): [<ffffffffb2bd16e2>] do_syscall_64+0x12/0xb0
[   76.322351] hardirqs last disabled at (81664): [<ffffffffb2bd1902>] idtentry_enter_cond_rcu+0x22/0x60
[   76.325500] softirqs last  enabled at (81646): [<ffffffffc0960e61>] macsec_add_rxsa+0x341/0x540 [macsec]
[   76.328680] softirqs last disabled at (81644): [<ffffffffc0960e2e>] macsec_add_rxsa+0x30e/0x540 [macsec]
[   76.331794] CPU: 0 PID: 581 Comm: systemd-network Tainted: G      D          --------- ---  5.8.0-0.rc2.20200623gitdd0d718152e4.1.fc33.x86_64 #1
[   76.336357] Hardware name: Red Hat OpenStack Compute, BIOS 1.11.0-2.el7 04/01/2014
[   76.339061] Call Trace:
[   76.340267]  dump_stack+0x92/0xc8
[   76.341662]  ___might_sleep.cold+0xb6/0xc6
[   76.343292]  exit_signals+0x1c/0x2d0
[   76.344728]  do_exit+0xcd/0xc30
[   76.346051]  rewind_stack_do_exit+0x17/0x20
[   76.347634] RIP: 0033:0x7f6621ed65da
[   76.349048] Code: Bad RIP value.
[   76.350640] RSP: 002b:00007fff84af46d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   76.353367] RAX: ffffffffffffffda RBX: 00007fff84af476c RCX: 00007f6621ed65da
[   76.355900] RDX: 0000000000000068 RSI: 0000558547dc8760 RDI: 0000000000000008
[   76.358516] RBP: 0000558547dac970 R08: 00007fff84af46e0 R09: 0000000000000010
[   76.361081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000558547dc3f30
[   76.363911] R13: 0000000000000245 R14: 0000558547dc3a50 R15: 00005585477231c0


Steps to reproduce:
1) Unpack the attached networkd-config.tar.gz to /etc/systemd/network
2) systemctl start systemd-networkd
3) Check dmesg/journal

[0] https://github.com/systemd/systemd/issues/16199
[1] https://bugs.archlinux.org/task/67026
Comment 1 Frantisek Sumsal 2020-11-26 19:09:05 UTC 
Still reproducible with 5.9.10-arch1-1:

systemd-networkd[282761]: macsec99: Receive channel is configured
systemd-resolved[277580]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/resolve1 interface=org.freedesktop.DBus.Properties member=PropertiesChanged cookie=2703 reply_cookie=0 signature=sa{sv}as error-name=n/a error-message=n/a
kernel: BUG: kernel NULL pointer dereference, address: 0000000000000000
kernel: #PF: supervisor read access in kernel mode
kernel: #PF: error_code(0x0000) - not-present page
kernel: PGD 0 P4D 0 
kernel: Oops: 0000 [#1] PREEMPT SMP NOPTI
kernel: CPU: 1 PID: 282761 Comm: systemd-network Not tainted 5.9.10-arch1-1 #1
kernel: Hardware name: Red Hat KVM, BIOS 1.11.1-4.module_el8.2.0+320+13f867d7 04/01/2014
kernel: RIP: 0010:macsec_add_rxsa+0x1ee/0x520 [macsec]
kernel: Code: fe ff ff 48 8b 85 48 ff ff ff 0f b7 30 48 8b 85 e8 fe ff ff 0f b7 50 18 83 ee 04 39 f2 0f 85 f6 54 00 00 48 8b 95 40 ff ff ff <0f> b7 32 83 ee 04 80 78 20 00 0f 84 fc 01 00 00 83 fe 08 0f 85 0c
kernel: RSP: 0018:ffff92dfc07c7ae0 EFLAGS: 00010246
kernel: RAX: ffff890539be5940 RBX: ffff890571127600 RCX: 0000000000000000
kernel: RDX: 0000000000000000 RSI: 0000000000000010 RDI: ffff92dfc07c7ab0
kernel: RBP: ffff92dfc07c7c20 R08: ffff92dfc07c7b08 R09: 0000000000000008
kernel: R10: ffff89056e77db80 R11: 0000000000000001 R12: 0000000000000000
kernel: R13: ffff8905711277e0 R14: ffff92dfc07c7b98 R15: ffff92dfc07c7b18
kernel: FS:  00007fda29312ec0(0000) GS:ffff890577c40000(0000) knlGS:0000000000000000
kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
kernel: CR2: 0000000000000000 CR3: 00000001f8c22000 CR4: 00000000000406e0
kernel: Call Trace:
kernel:  ? _raw_read_lock_irqsave+0x26/0x4d
kernel:  ? _raw_read_unlock_irqrestore+0x26/0x40
kernel:  ? genl_rcv_msg+0x1b8/0x310
kernel:  genl_rcv_msg+0x1b8/0x310
kernel:  ? genl_family_rcv_msg_attrs_parse.isra.0+0xd0/0xd0
kernel:  netlink_rcv_skb+0x75/0x140
kernel:  genl_rcv+0x24/0x40
kernel:  netlink_unicast+0x242/0x340
kernel:  netlink_sendmsg+0x243/0x480
kernel:  sock_sendmsg+0x5e/0x60
kernel:  __sys_sendto+0x120/0x180
kernel:  __x64_sys_sendto+0x25/0x30
kernel:  do_syscall_64+0x33/0x40
kernel:  entry_SYSCALL_64_after_hwframe+0x44/0xa9
kernel: RIP: 0033:0x7fda2930348a
kernel: Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 76 c3 0f 1f 44 00 00 55 48 83 ec 30 44 89 4c
kernel: RSP: 002b:00007fff79ba99b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
kernel: RAX: ffffffffffffffda RBX: 000056228c624120 RCX: 00007fda2930348a
kernel: RDX: 0000000000000068 RSI: 000056228c65a120 RDI: 0000000000000009
kernel: RBP: 00007fff79ba99e0 R08: 00007fff79ba99c0 R09: 0000000000000010
kernel: R10: 0000000000000000 R11: 0000000000000246 R12: 000056228c65fbc0
kernel: R13: 00007fff79ba9a4c R14: 000056228c0458b4 R15: 000056228c0d0660
kernel: Modules linked in: macsec ip6_gre ip6_tunnel sit sch_fq_pie sch_ets sch_hhf sch_pie sch_cake l2tp_ip l2tp_eth l2tp_netlink l2tp_core ifb fou xfrm_interface xfrm6_tunnel tunnel6 vxcan ipvtap tap ipvlan bareudp dm_crypt cbc encrypted_keys trusted tpm dm_mod loop wireguard curve25519_x86_64 libchacha20poly1305 chacha_x86_64 poly1305_x86_64 libblake2s blake2s_x86_64 libcurve25519_generic libchacha libblake2s_generic vrf veth vcan tun ipip tunnel4 geneve ip_gre ip_tunnel ip6_udp_tunnel udp_tunnel gre bridge bonding dummy algif_hash af_alg xt_nat xt_addrtype xt_tcpudp xt_MASQUERADE iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace sunrpc nfs_ssc fscache cirrus cfg80211 drm_kms_helper rfkill 8021q garp mrp cec stp joydev llc rc_core mousedev syscopyarea sysfillrect psmouse sysimgblt fb_sys_fops intel_agp edac_mce_amd intel_gtt crct10dif_pclmul pcspkr ghash_clmulni_intel input_leds i2c_piix4 evdev
kernel:  mac_hid qemu_fw_cfg drm fuse agpgart ip_tables x_tables ext4 crc32c_generic crc16 mbcache jbd2 virtio_net virtio_rng virtio_balloon net_failover virtio_console failover virtio_blk rng_core ata_generic pata_acpi serio_raw atkbd libps2 crc32_pclmul crc32c_intel aesni_intel uhci_hcd glue_helper ehci_pci crypto_simd floppy ehci_hcd cryptd virtio_pci ata_piix i8042 serio [last unloaded: netdevsim]
kernel: CR2: 0000000000000000
kernel: ---[ end trace bcf0efbdb514a3b8 ]---
kernel: RIP: 0010:macsec_add_rxsa+0x1ee/0x520 [macsec]
kernel: Code: fe ff ff 48 8b 85 48 ff ff ff 0f b7 30 48 8b 85 e8 fe ff ff 0f b7 50 18 83 ee 04 39 f2 0f 85 f6 54 00 00 48 8b 95 40 ff ff ff <0f> b7 32 83 ee 04 80 78 20 00 0f 84 fc 01 00 00 83 fe 08 0f 85 0c
kernel: RSP: 0018:ffff92dfc07c7ae0 EFLAGS: 00010246
kernel: RAX: ffff890539be5940 RBX: ffff890571127600 RCX: 0000000000000000
kernel: RDX: 0000000000000000 RSI: 0000000000000010 RDI: ffff92dfc07c7ab0
kernel: RBP: ffff92dfc07c7c20 R08: ffff92dfc07c7b08 R09: 0000000000000008
kernel: R10: ffff89056e77db80 R11: 0000000000000001 R12: 0000000000000000
kernel: R13: ffff8905711277e0 R14: ffff92dfc07c7b98 R15: ffff92dfc07c7b18
kernel: FS:  00007fda29312ec0(0000) GS:ffff890577c40000(0000) knlGS:0000000000000000
kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
kernel: CR2: 0000000000000000 CR3: 00000001f8c22000 CR4: 00000000000406e0
dbus-daemon[342]: [system] Connection has not authenticated soon enough, closing it (auth_timeout=30000ms, elapsed: 30029ms)
systemd[1]: Starting system activity accounting tool...
systemd[1]: systemd-networkd.service: Watchdog timeout (limit 3min)!
systemd[1]: systemd-networkd.service: Killing process 282761 (systemd-network) with signal SIGABRT.
systemd[1]: systemd-networkd.service: State 'stop-watchdog' timed out. Killing.
systemd[1]: systemd-networkd.service: Killing process 282761 (systemd-network) with signal SIGKILL.
Comment 2 Emeric Verschuur 2022-06-15 14:07:07 UTC 
Same issue with the Kernel 5.13.0-48-generic #54~20.04.1-Ubuntu

[  145.145857] MACsec IEEE 802.1AE
[  145.172658] BUG: kernel NULL pointer dereference, address: 0000000000000000
[  145.172711] #PF: supervisor read access in kernel mode
[  145.172740] #PF: error_code(0x0000) - not-present page
[  145.172769] PGD 0 P4D 0 
[  145.172799] Oops: 0000 [#1] SMP NOPTI
[  145.172827] CPU: 0 PID: 641 Comm: systemd-network Not tainted 5.13.0-48-generic #54~20.04.1-Ubuntu
[  145.172884] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015
[  145.172928] RIP: 0010:macsec_add_rxsa+0x143/0x480 [macsec]
[  145.172971] Code: b6 78 04 48 8b 85 e0 fe ff ff 0f b7 30 48 8b 85 80 fe ff ff 0f b7 50 18 83 ee 04 39 f2 0f 85 c1 57 00 00 48 8b 95 d8 fe ff ff <0f> b7 32 83 ee 04 80 78 20 00 0f 84 f3 01 00 00 83 fe 08 0f 85 11
[  145.173046] RSP: 0018:ffffae728056f8d0 EFLAGS: 00010246
[  145.173068] RAX: ffff9a0e89cb3940 RBX: ffff9a0e9422bc00 RCX: 0000000000000000
[  145.173096] RDX: 0000000000000000 RSI: 0000000000000010 RDI: ffffae728056f898
[  145.173124] RBP: ffffae728056fa68 R08: ffffae728056f8e8 R09: 000000000000000c
[  145.173150] R10: 0000000000000000 R11: 0000000000000001 R12: ffff9a0e9422b3c0
[  145.173177] R13: 0000000000000000 R14: ffff9a0e89ca9100 R15: 0000000000000000
[  145.173204] FS:  00007f8eb894ba40(0000) GS:ffff9a0efbc00000(0000) knlGS:0000000000000000
[  145.173234] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  145.173257] CR2: 0000000000000000 CR3: 0000000112e18006 CR4: 0000000000370ef0
[  145.173287] Call Trace:
[  145.173300]  <TASK>
[  145.173313]  ? __nla_validate_parse+0x14b/0x1a0
[  145.173337]  ? __nla_parse+0x25/0x30
[  145.173353]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x8b/0xe0
[  145.173379]  genl_family_rcv_msg_doit.isra.0+0xe9/0x150
[  145.173404]  genl_rcv_msg+0xe5/0x1e0
[  145.173421]  ? macsec_changelink+0x250/0x250 [macsec]
[  145.173444]  ? genl_family_rcv_msg_doit.isra.0+0x150/0x150
[  145.173467]  netlink_rcv_skb+0x53/0x100
[  145.173485]  genl_rcv+0x29/0x40
[  145.173500]  netlink_unicast+0x1a5/0x250
[  145.173518]  netlink_sendmsg+0x22e/0x470
[  145.173536]  sock_sendmsg+0x65/0x70
[  145.173552]  __sys_sendto+0x113/0x190
[  145.173570]  ? __secure_computing+0xa5/0x110
[  145.173590]  __x64_sys_sendto+0x29/0x30
[  145.173607]  do_syscall_64+0x61/0xb0
[  145.173624]  ? exit_to_user_mode_prepare+0x3d/0x1c0
[  145.173647]  ? syscall_exit_to_user_mode+0x27/0x50
[  145.173668]  ? __x64_sys_recvmsg+0x1f/0x30
[  145.173686]  ? do_syscall_64+0x6e/0xb0
[  145.173702]  ? syscall_exit_to_user_mode+0x27/0x50
[  145.173722]  ? do_syscall_64+0x6e/0xb0
[  145.173738]  ? syscall_exit_to_user_mode+0x27/0x50
[  145.173758]  ? do_syscall_64+0x6e/0xb0
[  145.174472]  ? do_syscall_64+0x6e/0xb0
[  145.175201]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  145.175857] RIP: 0033:0x7f8eb98796e4
[  145.176426] Code: 22 3f f7 ff 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 30 89 ef 48 89 44 24 08 e8 48 3f f7 ff 48 8b
[  145.177610] RSP: 002b:00007ffcdb2f8d70 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  145.178225] RAX: ffffffffffffffda RBX: 00007ffcdb2f8e2c RCX: 00007f8eb98796e4
[  145.178839] RDX: 0000000000000068 RSI: 000055c3cfdae9b0 RDI: 0000000000000009
[  145.179469] RBP: 0000000000000000 R08: 00007ffcdb2f8db0 R09: 0000000000000010
[  145.180071] R10: 0000000000000000 R11: 0000000000000293 R12: 000055c3cfda9a90
[  145.180633] R13: 0000000000000281 R14: 000055c3cfdaec80 R15: 000055c3ceda72c0
[  145.181120]  </TASK>
[  145.181593] Modules linked in: macsec xt_nat xt_tcpudp iptable_filter xt_MASQUERADE bpfilter wireguard curve25519_x86_64 libchacha20poly1305 chacha_x86_64 poly1305_x86_64 libblake2s blake2s_x86_64 libcurve25519_generic libchacha libblake2s_generic ip6_udp_tunnel udp_tunnel gpio_pca953x nls_iso8859_1 intel_rapl_msr intel_rapl_common kvm_intel snd_hda_codec_generic ledtrig_audio snd_hda_intel snd_intel_dspcfg kvm snd_intel_sdw_acpi input_leds snd_hda_codec rapl serio_raw snd_hda_core snd_hwdep efi_pstore snd_pcm qemu_fw_cfg snd_timer snd soundcore mac_hid sch_fq_codel iptable_nat nf_nat nf_conntrack sunrpc nf_defrag_ipv6 nf_defrag_ipv4 ip_tables x_tables autofs4 dm_crypt raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid0 multipath linear raid1 crct10dif_pclmul crc32_pclmul qxl drm_ttm_helper ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops cec rc_core ghash_clmulni_intel aesni_intel crypto_simd ahci i2c_i801 cryptd
[  145.181648]  virtio_net net_failover psmouse i2c_smbus libahci lpc_ich failover drm
[  145.186467] CR2: 0000000000000000
[  145.186983] ---[ end trace 817fb48678cb1c82 ]---
[  145.620450] RIP: 0010:macsec_add_rxsa+0x143/0x480 [macsec]
[  145.621122] Code: b6 78 04 48 8b 85 e0 fe ff ff 0f b7 30 48 8b 85 80 fe ff ff 0f b7 50 18 83 ee 04 39 f2 0f 85 c1 57 00 00 48 8b 95 d8 fe ff ff <0f> b7 32 83 ee 04 80 78 20 00 0f 84 f3 01 00 00 83 fe 08 0f 85 11
[  145.622218] RSP: 0018:ffffae728056f8d0 EFLAGS: 00010246
[  145.622784] RAX: ffff9a0e89cb3940 RBX: ffff9a0e9422bc00 RCX: 0000000000000000
[  145.623325] RDX: 0000000000000000 RSI: 0000000000000010 RDI: ffffae728056f898
[  145.623955] RBP: ffffae728056fa68 R08: ffffae728056f8e8 R09: 000000000000000c
[  145.624484] R10: 0000000000000000 R11: 0000000000000001 R12: ffff9a0e9422b3c0
[  145.625011] R13: 0000000000000000 R14: ffff9a0e89ca9100 R15: 0000000000000000
[  145.625541] FS:  00007f8eb894ba40(0000) GS:ffff9a0efbc00000(0000) knlGS:0000000000000000
[  145.626080] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  145.626623] CR2: 0000000000000000 CR3: 0000000112e18006 CR4: 0000000000370ef0
Comment 3 Frantisek Sumsal 2024-04-04 20:04:51 UTC 
I'm (very belatedly) closing this as resolved, since the issue was fixed in kernel 6.x by [0] (thanks again, Sabrina, for the fix!).

[0] https://lore.kernel.org/netdev/7b3fd03e1a46047e5ffe2a389fe74501f0a93206.1656519221.git.sd@queasysnail.net/T/#u