Bug 1195360

Summary: Kernel 5.16.1-1 PAM issue after upgrading from 20220101 to 20220121
Product: [openSUSE] openSUSE Tumbleweed Reporter: Joe S <jmscdba>
Component: KernelAssignee: Paulo Alcantara <palcantara>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: ematsumiya, jengelh, jmscdba, jslaby, samba-maintainers
Version: Current   
Target Milestone: ---   
Hardware: x86-64   
OS: openSUSE Tumbleweed   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1195475    

Description Joe S 2022-01-31 17:34:57 UTC 
I just upgraded from build 20220101 to 20220121.

I use pam_cifscreds.so but pam-config still does not have built in support for it so for the last 2 years (when I started using TW ) whenever a new build updates pam I have to manually reapply my changes.

I add the following to /etc/pam.d/common-auth

    auth    optional        pam_cifscreds.so

I add the following to /etc/pam.d/common-session

    session required        pam_keyinit.so
    session optional        pam_cifscreds.so host=FILESERVER

and then I reboot.

I have 2 mounts in fstab for the cifs shares and they use the multiuser option.

Everything has worked fine for the last 2 years after I reapply the above changes to PAM but after updating to build 20220121, and applying those changes and rebooting when I try to login to the GUI desktop the system either hangs and does not login to the desktop or the login screen is redisplayed after a minute.

If I reboot using the previous kernel I was using (5.15.12-1) with the above pam.d config changes made, then I am able to login without issue and can access the cifs shares without issue so the issue appears to be with the 5.16.1-1 kernel.

If I comment out the pam_keyinit.so line added in common-session and reboot using the 5.16.1-1 kernel then I am able to login to the GUI now.

After logging in I use 'cifscreds -u joe FILESERVER' and enter my password and it completes successfully but when I try to access the cifs mounted share the following entries are in the system journal

kernel: BUG: kernel NULL pointer dereference, address: 0000000000000000
kernel: #PF: supervisor read access in kernel mode
kernel: #PF: error_code(0x0000) - not-present page

As mentioned, If I rebooting using the 5.15.12-1 kernel with the 3 above lines added to the pam configs everything works fine.

If I reboot using the 5.15.12-1 kernel but comment out the pam_keyinit.so line (which causes kernel 5.16.1-1 to have the null pointer issue) and then issue the cifscreds command after logging in I am also able to access the cifs shares without issue.

Is this a known issue?   Has it been fixed in a TW build after 20220121 ?


Here is the complete list of the journal entries when the issue occurs

Jan 31 10:12:08 DadLC.fios-router.home kded5[1611]: Registering ":1.48/StatusNotifierItem" to system tray
Jan 31 10:12:22 DadLC.fios-router.home kernel: BUG: kernel NULL pointer dereference, address: 0000000000000000
Jan 31 10:12:22 DadLC.fios-router.home kernel: #PF: supervisor read access in kernel mode
Jan 31 10:12:22 DadLC.fios-router.home kernel: #PF: error_code(0x0000) - not-present page
Jan 31 10:12:22 DadLC.fios-router.home kernel: PGD 0 P4D 0
Jan 31 10:12:22 DadLC.fios-router.home kernel: Oops: 0000 [#1] PREEMPT SMP PTI
Jan 31 10:12:22 DadLC.fios-router.home kernel: CPU: 2 PID: 2109 Comm: ls Not tainted 5.16.1-1-default #1 openSUSE Tumbleweed 3cf642e742f32b2eb0c8b3de3c646400fb247983
Jan 31 10:12:22 DadLC.fios-router.home kernel: Hardware name: VMware, Inc. VMware7,1/440BX Desktop Reference Platform, BIOS VMW71.00V.18452719.B64.2108091906 08/09/2021
Jan 31 10:12:22 DadLC.fios-router.home kernel: RIP: 0010:strnlen+0x17/0x30
Jan 31 10:12:22 DadLC.fios-router.home kernel: Code: 38 00 75 f7 48 29 f8 c3 31 c0 c3 0f 1f 84 00 00 00 00 00 48 8d 14 37 48 89 f8 48 85 f6 75 0b eb 19 48 83 c0 01 48 39 c2 74 09 <80> 38 00 75 f2 48 29 f8 c3 48 89 d0 48 29 f8 c3 31 c0 c3 66 0f 1f
Jan 31 10:12:22 DadLC.fios-router.home kernel: RSP: 0018:ffffb122450f3a08 EFLAGS: 00010206
Jan 31 10:12:22 DadLC.fios-router.home kernel: RAX: 0000000000000000 RBX: 000000000000002a RCX: ffffffffc0fc8000
Jan 31 10:12:22 DadLC.fios-router.home kernel: RDX: 0000000000000041 RSI: 0000000000000041 RDI: 0000000000000000
Jan 31 10:12:22 DadLC.fios-router.home kernel: RBP: ffff9974b55ee400 R08: 00000000000001c0 R09: 0000000000000000
Jan 31 10:12:22 DadLC.fios-router.home kernel: R10: ffff997487b39f00 R11: 0000000000000246 R12: ffffb122450f3a56
Jan 31 10:12:22 DadLC.fios-router.home kernel: R13: ffff9974a0887000 R14: ffff9974a0887000 R15: 0000000000000002
Jan 31 10:12:22 DadLC.fios-router.home kernel: FS:  00007f02bf986180(0000) GS:ffff9975b5e80000(0000) knlGS:0000000000000000
Jan 31 10:12:22 DadLC.fios-router.home kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jan 31 10:12:22 DadLC.fios-router.home kernel: CR2: 0000000000000000 CR3: 000000015ee22004 CR4: 00000000001706e0
Jan 31 10:12:22 DadLC.fios-router.home kernel: Call Trace:
Jan 31 10:12:22 DadLC.fios-router.home kernel:  <TASK>
Jan 31 10:12:22 DadLC.fios-router.home kernel:  size_of_ntlmssp_blob+0x6a/0x90 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
Jan 31 10:12:22 DadLC.fios-router.home kernel:  build_ntlmssp_negotiate_blob+0x38/0x120 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
Jan 31 10:12:22 DadLC.fios-router.home kernel:  SMB2_sess_auth_rawntlmssp_negotiate+0xc5/0x200 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
Jan 31 10:12:22 DadLC.fios-router.home kernel:  SMB2_sess_setup+0x1d2/0x2c0 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
Jan 31 10:12:22 DadLC.fios-router.home kernel:  cifs_setup_session+0xba/0x1c0 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
Jan 31 10:12:22 DadLC.fios-router.home kernel:  cifs_get_smb_ses+0x674/0xdc0 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
Jan 31 10:12:22 DadLC.fios-router.home kernel:  ? cifs_sb_tlink+0x64c/0xd40 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
Jan 31 10:12:22 DadLC.fios-router.home kernel:  ? kfree+0xba/0x410
Jan 31 10:12:22 DadLC.fios-router.home kernel:  cifs_sb_tlink+0x41d/0xd40 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
Jan 31 10:12:22 DadLC.fios-router.home kernel:  cifs_get_inode_info+0x73/0xa70 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
Jan 31 10:12:22 DadLC.fios-router.home kernel:  ? filename_lookup+0xcf/0x1d0
Jan 31 10:12:22 DadLC.fios-router.home kernel:  cifs_revalidate_dentry_attr+0x17a/0x3a0 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
Jan 31 10:12:22 DadLC.fios-router.home kernel:  cifs_getattr+0xb8/0x250 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
Jan 31 10:12:22 DadLC.fios-router.home kernel:  vfs_statx+0xa0/0x130
Jan 31 10:12:22 DadLC.fios-router.home kernel:  do_statx+0x40/0x80
Jan 31 10:12:22 DadLC.fios-router.home kernel:  __x64_sys_statx+0x1b/0x20
Jan 31 10:12:22 DadLC.fios-router.home kernel:  do_syscall_64+0x5c/0x80
Jan 31 10:12:22 DadLC.fios-router.home kernel:  ? exc_page_fault+0x68/0x150
Jan 31 10:12:22 DadLC.fios-router.home kernel:  entry_SYSCALL_64_after_hwframe+0x44/0xae
Jan 31 10:12:22 DadLC.fios-router.home kernel: RIP: 0033:0x7f02bfb4ffbe
Jan 31 10:12:22 DadLC.fios-router.home kernel: Code: e9 96 fd ff ff e8 50 21 02 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 90 90 41 89 ca b8 4c 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 2a 41 89 c1 85 c0 74 0f 48 8b 05 24 de 0f 00
Jan 31 10:12:22 DadLC.fios-router.home kernel: RSP: 002b:00007fff095014c8 EFLAGS: 00000202 ORIG_RAX: 000000000000014c
Jan 31 10:12:22 DadLC.fios-router.home kernel: RAX: ffffffffffffffda RBX: 00005575a0bc8668 RCX: 00007f02bfb4ffbe
Jan 31 10:12:22 DadLC.fios-router.home kernel: RDX: 0000000000000100 RSI: 00007fff09504150 RDI: 00000000ffffff9c
Jan 31 10:12:22 DadLC.fios-router.home kernel: RBP: 000000000000025e R08: 00007fff095014d0 R09: 0000000000000000
Jan 31 10:12:22 DadLC.fios-router.home kernel: R10: 000000000000025e R11: 0000000000000202 R12: 00007fff09504150
Jan 31 10:12:22 DadLC.fios-router.home kernel: R13: 00007fff09504150 R14: 0000000000000001 R15: 0000000000000000
Jan 31 10:12:22 DadLC.fios-router.home kernel:  </TASK>
Jan 31 10:12:22 DadLC.fios-router.home kernel: Modules linked in: binfmt_misc cmac nls_utf8 cifs cifs_arc4 cifs_md4 dns_resolver fscache netfs af_packet nft_objref nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 snd_seq_midi nft_fib snd_seq_midi_event snd_seq nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_tables ebtable_nat ebtable_broute ip6table_nat ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_mangle iptable_raw iptable_security rfkill ip_set nfnetlink ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter bpfilter intel_rapl_msr intel_rapl_common kvm_intel vmw_balloon kvm irqbypass pcspkr joydev vsock_loopback snd_ens1371 efi_pstore snd_ac97_codec ac97_bus snd_rawmidi vmw_vsock_virtio_transport_common snd_seq_device snd_pcm snd_timer snd soundcore e1000 mptctl vmw_vsock_vmci_transport i2c_piix4 vsock vmw_vmci tiny_power_button ac button nls_iso8859_1
Jan 31 10:12:22 DadLC.fios-router.home kernel:  nls_cp437 vfat fat fuse configfs ip_tables x_tables hid_generic usbhid sr_mod cdrom ata_generic crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel crypto_simd cryptd vmwgfx ttm serio_raw drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops cec rc_core ehci_pci drm mptspi scsi_transport_spi xhci_pci mptscsih xhci_pci_renesas mptbase xhci_hcd uhci_hcd ehci_hcd usbcore ata_piix btrfs blake2b_generic libcrc32c crc32c_intel xor raid6_pq sg dm_multipath dm_mod scsi_dh_rdac scsi_dh_emc scsi_dh_alua msr efivarfs
Jan 31 10:12:22 DadLC.fios-router.home kernel: CR2: 0000000000000000
Jan 31 10:12:22 DadLC.fios-router.home kernel: ---[ end trace 890a471ce1711812 ]---
Jan 31 10:12:22 DadLC.fios-router.home kernel: ------------[ cut here ]------------
Jan 31 10:12:22 DadLC.fios-router.home kernel: Voluntary context switch within RCU read-side critical section!
Jan 31 10:12:22 DadLC.fios-router.home kernel: WARNING: CPU: 2 PID: 2109 at kernel/rcu/tree_plugin.h:316 rcu_note_context_switch+0x56e/0x5d0
Jan 31 10:12:22 DadLC.fios-router.home kernel: Modules linked in: binfmt_misc cmac nls_utf8 cifs cifs_arc4 cifs_md4 dns_resolver fscache netfs af_packet nft_objref nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 snd_seq_midi nft_fib snd_seq_midi_event snd_seq nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_tables ebtable_nat ebtable_broute ip6table_nat ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_mangle iptable_raw iptable_security rfkill ip_set nfnetlink ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter bpfilter intel_rapl_msr intel_rapl_common kvm_intel vmw_balloon kvm irqbypass pcspkr joydev vsock_loopback snd_ens1371 efi_pstore snd_ac97_codec ac97_bus snd_rawmidi vmw_vsock_virtio_transport_common snd_seq_device snd_pcm snd_timer snd soundcore e1000 mptctl vmw_vsock_vmci_transport i2c_piix4 vsock vmw_vmci tiny_power_button ac button nls_iso8859_1
Jan 31 10:12:22 DadLC.fios-router.home kernel:  nls_cp437 vfat fat fuse configfs ip_tables x_tables hid_generic usbhid sr_mod cdrom ata_generic crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel crypto_simd cryptd vmwgfx ttm serio_raw drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops cec rc_core ehci_pci drm mptspi scsi_transport_spi xhci_pci mptscsih xhci_pci_renesas mptbase xhci_hcd uhci_hcd ehci_hcd usbcore ata_piix btrfs blake2b_generic libcrc32c crc32c_intel xor raid6_pq sg dm_multipath dm_mod scsi_dh_rdac scsi_dh_emc scsi_dh_alua msr efivarfs
Jan 31 10:12:22 DadLC.fios-router.home kernel: CPU: 2 PID: 2109 Comm: ls Tainted: G      D           5.16.1-1-default #1 openSUSE Tumbleweed 3cf642e742f32b2eb0c8b3de3c646400fb247983
Jan 31 10:12:22 DadLC.fios-router.home kernel: Hardware name: VMware, Inc. VMware7,1/440BX Desktop Reference Platform, BIOS VMW71.00V.18452719.B64.2108091906 08/09/2021
Jan 31 10:12:22 DadLC.fios-router.home kernel: RIP: 0010:rcu_note_context_switch+0x56e/0x5d0
Jan 31 10:12:22 DadLC.fios-router.home kernel: Code: 00 48 89 be 40 08 00 00 48 89 86 48 08 00 00 48 89 10 e9 40 fd ff ff 48 c7 c7 38 dd 24 bd c6 05 1a 2c de 01 01 e8 20 f8 8e 00 <0f> 0b e9 db fa ff ff c6 43 15 00 48 8b 73 20 ba 01 00 00 00 48 8b
Jan 31 10:12:22 DadLC.fios-router.home kernel: RSP: 0018:ffffb122450f3418 EFLAGS: 00010086
Jan 31 10:12:22 DadLC.fios-router.home kernel: RAX: 0000000000000000 RBX: ffff9975b5eb4640 RCX: 0000000000000027
Jan 31 10:12:22 DadLC.fios-router.home kernel: RDX: ffff9975b5ea2948 RSI: 0000000000000001 RDI: ffff9975b5ea2940
Jan 31 10:12:22 DadLC.fios-router.home kernel: RBP: ffffb122450f34c8 R08: 0000000000000000 R09: ffffb122450f3250
Jan 31 10:12:22 DadLC.fios-router.home kernel: R10: ffffb122450f3248 R11: ffff9975b55fffe8 R12: 0000000000000000
Jan 31 10:12:22 DadLC.fios-router.home kernel: R13: ffff9975033d0000 R14: 0000000000000007 R15: ffff9975033d0000
Jan 31 10:12:22 DadLC.fios-router.home kernel: FS:  00007f02bf986180(0000) GS:ffff9975b5e80000(0000) knlGS:0000000000000000
Jan 31 10:12:22 DadLC.fios-router.home kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jan 31 10:12:22 DadLC.fios-router.home kernel: CR2: 0000000000000000 CR3: 000000015ee22004 CR4: 00000000001706e0
Jan 31 10:12:22 DadLC.fios-router.home kernel: Call Trace:
Jan 31 10:12:22 DadLC.fios-router.home kernel:  <TASK>
Jan 31 10:12:22 DadLC.fios-router.home kernel:  __schedule+0xaf/0x10c0
Jan 31 10:12:22 DadLC.fios-router.home kernel:  ? sched_clock_cpu+0x9/0xb0
Jan 31 10:12:22 DadLC.fios-router.home kernel:  ? __smp_call_single_queue+0x23/0x40
Jan 31 10:12:22 DadLC.fios-router.home kernel:  schedule+0x4b/0xc0
Jan 31 10:12:22 DadLC.fios-router.home kernel:  schedule_timeout+0x115/0x150
Jan 31 10:12:22 DadLC.fios-router.home kernel:  wait_for_completion+0x89/0xe0
Jan 31 10:12:22 DadLC.fios-router.home kernel:  virt_efi_query_variable_info+0x141/0x150
Jan 31 10:12:22 DadLC.fios-router.home kernel:  efi_query_variable_store+0x5b/0x1a0
Jan 31 10:12:22 DadLC.fios-router.home kernel:  efivar_entry_set_safe+0xbd/0x210
Jan 31 10:12:22 DadLC.fios-router.home kernel:  efi_pstore_write+0x124/0x1a0 [efi_pstore 34e98f5929b0a65e88fd6e61ef6ab1e8ce7f5299]
Jan 31 10:12:22 DadLC.fios-router.home kernel:  ? pstore_dump+0x182/0x340
Jan 31 10:12:22 DadLC.fios-router.home kernel:  pstore_dump+0x182/0x340
Jan 31 10:12:22 DadLC.fios-router.home kernel:  kmsg_dump+0x46/0x60
Jan 31 10:12:22 DadLC.fios-router.home kernel:  oops_end+0x63/0xd0
Jan 31 10:12:22 DadLC.fios-router.home kernel:  page_fault_oops+0x158/0x2a0
Jan 31 10:12:22 DadLC.fios-router.home kernel:  ? search_bpf_extables+0x5f/0x80
Jan 31 10:12:22 DadLC.fios-router.home kernel:  exc_page_fault+0x68/0x150
Jan 31 10:12:22 DadLC.fios-router.home kernel:  asm_exc_page_fault+0x1e/0x30
Jan 31 10:12:22 DadLC.fios-router.home kernel: RIP: 0010:strnlen+0x17/0x30
Jan 31 10:12:22 DadLC.fios-router.home kernel: Code: 38 00 75 f7 48 29 f8 c3 31 c0 c3 0f 1f 84 00 00 00 00 00 48 8d 14 37 48 89 f8 48 85 f6 75 0b eb 19 48 83 c0 01 48 39 c2 74 09 <80> 38 00 75 f2 48 29 f8 c3 48 89 d0 48 29 f8 c3 31 c0 c3 66 0f 1f
Jan 31 10:12:22 DadLC.fios-router.home kernel: RSP: 0018:ffffb122450f3a08 EFLAGS: 00010206
Jan 31 10:12:22 DadLC.fios-router.home kernel: RAX: 0000000000000000 RBX: 000000000000002a RCX: ffffffffc0fc8000
Jan 31 10:12:22 DadLC.fios-router.home kernel: RDX: 0000000000000041 RSI: 0000000000000041 RDI: 0000000000000000
Jan 31 10:12:22 DadLC.fios-router.home kernel: RBP: ffff9974b55ee400 R08: 00000000000001c0 R09: 0000000000000000
Jan 31 10:12:22 DadLC.fios-router.home kernel: R10: ffff997487b39f00 R11: 0000000000000246 R12: ffffb122450f3a56
Jan 31 10:12:22 DadLC.fios-router.home kernel: R13: ffff9974a0887000 R14: ffff9974a0887000 R15: 0000000000000002
Jan 31 10:12:22 DadLC.fios-router.home kernel:  size_of_ntlmssp_blob+0x6a/0x90 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
Jan 31 10:12:22 DadLC.fios-router.home kernel:  build_ntlmssp_negotiate_blob+0x38/0x120 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
Jan 31 10:12:22 DadLC.fios-router.home kernel:  SMB2_sess_auth_rawntlmssp_negotiate+0xc5/0x200 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
Jan 31 10:12:22 DadLC.fios-router.home kernel:  SMB2_sess_setup+0x1d2/0x2c0 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
Jan 31 10:12:22 DadLC.fios-router.home kernel:  cifs_setup_session+0xba/0x1c0 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
Jan 31 10:12:22 DadLC.fios-router.home kernel:  cifs_get_smb_ses+0x674/0xdc0 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
Jan 31 10:12:22 DadLC.fios-router.home kernel:  ? cifs_sb_tlink+0x64c/0xd40 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
Jan 31 10:12:22 DadLC.fios-router.home kernel:  ? kfree+0xba/0x410
Jan 31 10:12:22 DadLC.fios-router.home kernel:  cifs_sb_tlink+0x41d/0xd40 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
Jan 31 10:12:22 DadLC.fios-router.home kernel:  cifs_get_inode_info+0x73/0xa70 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
Jan 31 10:12:22 DadLC.fios-router.home kernel:  ? filename_lookup+0xcf/0x1d0
Jan 31 10:12:22 DadLC.fios-router.home kernel:  cifs_revalidate_dentry_attr+0x17a/0x3a0 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
Jan 31 10:12:22 DadLC.fios-router.home kernel:  cifs_getattr+0xb8/0x250 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
Jan 31 10:12:22 DadLC.fios-router.home kernel:  vfs_statx+0xa0/0x130
Jan 31 10:12:22 DadLC.fios-router.home kernel:  do_statx+0x40/0x80
Jan 31 10:12:22 DadLC.fios-router.home kernel:  __x64_sys_statx+0x1b/0x20
Jan 31 10:12:22 DadLC.fios-router.home kernel:  do_syscall_64+0x5c/0x80
Jan 31 10:12:22 DadLC.fios-router.home kernel:  ? exc_page_fault+0x68/0x150
Jan 31 10:12:22 DadLC.fios-router.home kernel:  entry_SYSCALL_64_after_hwframe+0x44/0xae
Jan 31 10:12:22 DadLC.fios-router.home kernel: RIP: 0033:0x7f02bfb4ffbe
Jan 31 10:12:22 DadLC.fios-router.home kernel: Code: e9 96 fd ff ff e8 50 21 02 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 90 90 41 89 ca b8 4c 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 2a 41 89 c1 85 c0 74 0f 48 8b 05 24 de 0f 00
Jan 31 10:12:22 DadLC.fios-router.home kernel: RSP: 002b:00007fff095014c8 EFLAGS: 00000202 ORIG_RAX: 000000000000014c
Jan 31 10:12:22 DadLC.fios-router.home kernel: RAX: ffffffffffffffda RBX: 00005575a0bc8668 RCX: 00007f02bfb4ffbe
Jan 31 10:12:22 DadLC.fios-router.home kernel: RDX: 0000000000000100 RSI: 00007fff09504150 RDI: 00000000ffffff9c
Jan 31 10:12:22 DadLC.fios-router.home kernel: RBP: 000000000000025e R08: 00007fff095014d0 R09: 0000000000000000
Jan 31 10:12:22 DadLC.fios-router.home kernel: R10: 000000000000025e R11: 0000000000000202 R12: 00007fff09504150
Jan 31 10:12:22 DadLC.fios-router.home kernel: R13: 00007fff09504150 R14: 0000000000000001 R15: 0000000000000000
Jan 31 10:12:22 DadLC.fios-router.home kernel:  </TASK>
Jan 31 10:12:22 DadLC.fios-router.home kernel: ---[ end trace 890a471ce1711813 ]---
Jan 31 10:12:23 DadLC.fios-router.home kernel: RIP: 0010:strnlen+0x17/0x30
Jan 31 10:12:23 DadLC.fios-router.home kernel: Code: 38 00 75 f7 48 29 f8 c3 31 c0 c3 0f 1f 84 00 00 00 00 00 48 8d 14 37 48 89 f8 48 85 f6 75 0b eb 19 48 83 c0 01 48 39 c2 74 09 <80> 38 00 75 f2 48 29 f8 c3 48 89 d0 48 29 f8 c3 31 c0 c3 66 0f 1f
Jan 31 10:12:23 DadLC.fios-router.home kernel: RSP: 0018:ffffb122450f3a08 EFLAGS: 00010206
Jan 31 10:12:23 DadLC.fios-router.home kernel: RAX: 0000000000000000 RBX: 000000000000002a RCX: ffffffffc0fc8000
Jan 31 10:12:23 DadLC.fios-router.home kernel: RDX: 0000000000000041 RSI: 0000000000000041 RDI: 0000000000000000
Jan 31 10:12:23 DadLC.fios-router.home kernel: RBP: ffff9974b55ee400 R08: 00000000000001c0 R09: 0000000000000000
Jan 31 10:12:23 DadLC.fios-router.home kernel: R10: ffff997487b39f00 R11: 0000000000000246 R12: ffffb122450f3a56
Jan 31 10:12:23 DadLC.fios-router.home kernel: R13: ffff9974a0887000 R14: ffff9974a0887000 R15: 0000000000000002
Jan 31 10:12:23 DadLC.fios-router.home kernel: FS:  00007f02bf986180(0000) GS:ffff9975b5e80000(0000) knlGS:0000000000000000
Jan 31 10:12:23 DadLC.fios-router.home kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jan 31 10:12:23 DadLC.fios-router.home kernel: CR2: 00007f0829fd4030 CR3: 000000015ee22001 CR4: 00000000001706e0
Comment 1 Jiri Slaby 2022-02-01 09:39:43 UTC 
This seems to come from: 
commit 49bd49f983b5026e4557d31c5d737d9657c4113e
Author: Shyam Prasad N <sprasad@microsoft.com>
Date:   Fri Nov 5 19:03:57 2021 +0000

    cifs: send workstation name during ntlmssp session setup

Unwrap:
> BUG: kernel NULL pointer dereference, address: 0000000000000000
> #PF: supervisor read access in kernel mode
> #PF: error_code(0x0000) - not-present page
> PGD 0 P4D 0
> Oops: 0000 [#1] PREEMPT SMP PTI
> CPU: 2 PID: 2109 Comm: ls Not tainted 5.16.1-1-default #1 openSUSE Tumbleweed 3cf642e742f32b2eb0c8b3de3c646400fb247983
> Hardware name: VMware, Inc. VMware7,1/440BX Desktop Reference Platform, BIOS VMW71.00V.18452719.B64.2108091906 08/09/2021
> RIP: 0010:strnlen+0x17/0x30
> Code: 38 00 75 f7 48 29 f8 c3 31 c0 c3 0f 1f 84 00 00 00 00 00 48 8d 14 37 48 89 f8 48 85 f6 75 0b eb 19 48 83 c0 01 48 39 c2 74 09 <80> 38 00 75 f2 48 29 f8 c3 48 89 d0 48 29 f8 c3 31 c0 c3 66 0f 1f
> RSP: 0018:ffffb122450f3a08 EFLAGS: 00010206
> RAX: 0000000000000000 RBX: 000000000000002a RCX: ffffffffc0fc8000
> RDX: 0000000000000041 RSI: 0000000000000041 RDI: 0000000000000000
> RBP: ffff9974b55ee400 R08: 00000000000001c0 R09: 0000000000000000
> R10: ffff997487b39f00 R11: 0000000000000246 R12: ffffb122450f3a56
> R13: ffff9974a0887000 R14: ffff9974a0887000 R15: 0000000000000002
> FS:  00007f02bf986180(0000) GS:ffff9975b5e80000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000000000000000 CR3: 000000015ee22004 CR4: 00000000001706e0
> Call Trace:
>  <TASK>
>  size_of_ntlmssp_blob+0x6a/0x90 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
>  build_ntlmssp_negotiate_blob+0x38/0x120 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
>  SMB2_sess_auth_rawntlmssp_negotiate+0xc5/0x200 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
>  SMB2_sess_setup+0x1d2/0x2c0 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
>  cifs_setup_session+0xba/0x1c0 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
>  cifs_get_smb_ses+0x674/0xdc0 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
>  cifs_sb_tlink+0x41d/0xd40 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
>  cifs_get_inode_info+0x73/0xa70 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
>  cifs_revalidate_dentry_attr+0x17a/0x3a0 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
>  cifs_getattr+0xb8/0x250 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
>  vfs_statx+0xa0/0x130
>  do_statx+0x40/0x80
>  __x64_sys_statx+0x1b/0x20
>  do_syscall_64+0x5c/0x80
>  entry_SYSCALL_64_after_hwframe+0x44/0xae
> RIP: 0033:0x7f02bfb4ffbe
> Code: e9 96 fd ff ff e8 50 21 02 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 90 90 41 89 ca b8 4c 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 2a 41 89 c1 85 c0 74 0f 48 8b 05 24 de 0f 00
> RSP: 002b:00007fff095014c8 EFLAGS: 00000202 ORIG_RAX: 000000000000014c
> RAX: ffffffffffffffda RBX: 00005575a0bc8668 RCX: 00007f02bfb4ffbe
> RDX: 0000000000000100 RSI: 00007fff09504150 RDI: 00000000ffffff9c
> RBP: 000000000000025e R08: 00007fff095014d0 R09: 0000000000000000
> R10: 000000000000025e R11: 0000000000000202 R12: 00007fff09504150
> R13: 00007fff09504150 R14: 0000000000000001 R15: 0000000000000000
>  </TASK>
> Modules linked in: binfmt_misc cmac nls_utf8 cifs cifs_arc4 cifs_md4 dns_resolver fscache netfs af_packet nft_objref nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 snd_seq_midi nft_fib snd_seq_midi_event snd_seq nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_tables ebtable_nat ebtable_broute ip6table_nat ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_mangle iptable_raw iptable_security rfkill ip_set nfnetlink ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter bpfilter intel_rapl_msr intel_rapl_common kvm_intel vmw_balloon kvm irqbypass pcspkr joydev vsock_loopback snd_ens1371 efi_pstore snd_ac97_codec ac97_bus snd_rawmidi vmw_vsock_virtio_transport_common snd_seq_device snd_pcm snd_timer snd soundcore e1000 mptctl vmw_vsock_vmci_transport i2c_piix4 vsock vmw_vmci tiny_power_button ac button nls_iso8859_1
>  nls_cp437 vfat fat fuse configfs ip_tables x_tables hid_generic usbhid sr_mod cdrom ata_generic crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel crypto_simd cryptd vmwgfx ttm serio_raw drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops cec rc_core ehci_pci drm mptspi scsi_transport_spi xhci_pci mptscsih xhci_pci_renesas mptbase xhci_hcd uhci_hcd ehci_hcd usbcore ata_piix btrfs blake2b_generic libcrc32c crc32c_intel xor raid6_pq sg dm_multipath dm_mod scsi_dh_rdac scsi_dh_emc scsi_dh_alua msr efivarfs
> CR2: 0000000000000000
Comment 2 Jiri Slaby 2022-02-01 09:52:44 UTC 
> size_of_ntlmssp_blob+0x6a/0x90 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]

It's obviously the last strnlen in there:
        sz += sizeof(__le16) * strnlen(ses->workstation_name, CIFS_MAX_WORKSTATION_LEN);

The others are protected:
if (ses->domainName)
...
if (ses->user_name)

Not sure why this one is not. Paulo?
Comment 3 Jiri Slaby 2022-02-01 09:57:41 UTC 
>  cifs_get_smb_ses+0x674/0xdc0 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]

Oh, there is:
        if (ctx->workstation_name) {
                ses->workstation_name = kstrdup(ctx->workstation_name,
                                                GFP_KERNEL);
                if (!ses->workstation_name)
                        goto get_ses_fail;
        }

So apparently the context has workstation_name == NULL and the dup didn't happen. So there should be a check of workstation_name in size_of_ntlmssp_blob.
Comment 4 Jiri Slaby 2022-02-01 10:07:10 UTC 
And the commit author originally did:
+	if (ses->workstation_name)
+		sz += 2 * strnlen(ses->workstation_name, CIFS_MAX_WORKSTATION_LEN);
+	else
+		sz += 2 * strlen(CIFS_DEFAULT_WORKSTATION_NAME);

This was removed later.

Ccing also Enzo who was involved in the discussion too.
Comment 5 Paulo Alcantara 2022-02-01 16:28:15 UTC 
Hi Jiri,

(In reply to Jiri Slaby from comment #3)
> >  cifs_get_smb_ses+0x674/0xdc0 [cifs 7ef9028630b6a8ae2a075c5cad1bded3495fffbf]
> 
> Oh, there is:
>         if (ctx->workstation_name) {
>                 ses->workstation_name = kstrdup(ctx->workstation_name,
>                                                 GFP_KERNEL);
>                 if (!ses->workstation_name)
>                         goto get_ses_fail;
>         }
> 
> So apparently the context has workstation_name == NULL and the dup didn't
> happen. So there should be a check of workstation_name in
> size_of_ntlmssp_blob.

Thank you for the analysis.  You're quite right and there was even a patch posted on the mailing list that potentially fixes it:

    https://lore.kernel.org/all/20211222160405.3174438-2-ryandbair@gmail.com/

The original patch didn't catch it because of the author didn't use multiuser mount option and therefore workstation_name was always set from utsname()->nodename rather than from keyring (cifs_set_cifscreds).

I'm gonna review and comment the patch.  If OK, I'll ask Steve to apply and mark it for 5.16 stable.
Comment 6 Joe S 2022-02-01 21:23:03 UTC 
Wow, thanks for the quick response and work on this I really appreciate it!

Any idea when the fix will appear in the TW builds ?

I'm using tumbleweed_cli to control which TW build I'm using, which is currently 20220121.

Will the fix be included in those build repos too or will I need to update to a later TW build?

Back in 12/2020 I reported the issue with pam-config not having built in support for the pam_cifscreds.so module but I reported it here:

https://github.com/SUSE/pam-config/issues/7

Would it be better to submit a separate bug request to have that support added so that I don't have to keep manually fixing the pam config files after most TW updates?

Thanks again!
Comment 7 Paulo Alcantara 2022-02-01 22:12:53 UTC 
(In reply to Joe S from comment #6) 
> Any idea when the fix will appear in the TW builds ?

No idea.  I will let you know when it gets applied upstream and
backported to TW kernel.  Then I'll build a TEST kernel so you can try
it out.

> I'm using tumbleweed_cli to control which TW build I'm using, which is
> currently 20220121.
> 
> Will the fix be included in those build repos too or will I need to update
> to a later TW build?

Sorry, but I don't know which tool is that.  AFAICS, once it's
backported, next update should have it.

> Back in 12/2020 I reported the issue with pam-config not having built in
> support for the pam_cifscreds.so module but I reported it here:
> 
> https://github.com/SUSE/pam-config/issues/7
> 
> Would it be better to submit a separate bug request to have that support
> added so that I don't have to keep manually fixing the pam config files
> after most TW updates?

Probably yes.

Thank you for the detailed report!  Really appreciate it.
Comment 8 Enzo Matsumiya 2022-02-01 22:21:18 UTC 
(In reply to Joe S from comment #6)
> > Back in 12/2020 I reported the issue with pam-config not having built in
> > support for the pam_cifscreds.so module but I reported it here:
> > 
> > https://github.com/SUSE/pam-config/issues/7
> > 
> > Would it be better to submit a separate bug request to have that support
> > added so that I don't have to keep manually fixing the pam config files
> > after most TW updates?
> 
> Probably yes.

Agreed.

I'd suggest opening a new bug with pam maintainer and probably the security team as well. They'll be the ones to decide whether it's safe/ok to include/enable pam_cifscreds in the default install.
Comment 9 Joe S 2022-02-01 22:40:58 UTC 
> Sorry, but I don't know which tool is that.  AFAICS, once it's
> backported, next update should have it.

tumbleweed_cli allows you to point to one of the 20 history repositories.

This allows you to install stuff later which will come from the same build as you are currently running ( as long as you don't get more than 20 builds behind ).

Here's a link

https://github.com/boombatower/tumbleweed-cli

 
> > Back in 12/2020 I reported the issue with pam-config not having built in
> > support for the pam_cifscreds.so module but I reported it here:
> > 
> > https://github.com/SUSE/pam-config/issues/7
> > 
> > Would it be better to submit a separate bug request to have that support
> > added so that I don't have to keep manually fixing the pam config files
> > after most TW updates?
> 
> Probably yes.
> 
> Thank you for the detailed report!  Really appreciate it.

Ok, I will work on submitting that shortly.
Comment 10 Joe S 2022-02-01 22:46:26 UTC 
> I'd suggest opening a new bug with pam maintainer and probably the security
> team as well. They'll be the ones to decide whether it's safe/ok to
> include/enable pam_cifscreds in the default install.

Can you please give me a little guidance on how add the pam maintainer and security team to a new bug as I'm unclear how/where to do that?

Thank!
Comment 11 Enzo Matsumiya 2022-02-01 23:08:05 UTC 
(In reply to Joe S from comment #10)
> Can you please give me a little guidance on how add the pam maintainer and
> security team to a new bug as I'm unclear how/where to do that?
> 
> Thank!

pam-config maintainer: Thorsten Kukuk (kukuk@suse.com)
(this can be found for any package with "osc maintainer -e $package_name")

openSUSE security team: security@suse.de (https://en.opensuse.org/openSUSE:Security_team)

HTH
Comment 12 Joe S 2022-02-01 23:51:17 UTC 
> I'd suggest opening a new bug with pam maintainer and probably the security
> team as well. They'll be the ones to decide whether it's safe/ok to
> include/enable pam_cifscreds in the default install.

Can you please give me a little guidance on how add the pam maintainer and security team to a new bug as I'm unclear how/where to do that?

Thank!



(In reply to Enzo Matsumiya from comment #11)
> (In reply to Joe S from comment #10)
> > Can you please give me a little guidance on how add the pam maintainer and
> > security team to a new bug as I'm unclear how/where to do that?
> > 
> > Thank!
> 
> pam-config maintainer: Thorsten Kukuk (kukuk@suse.com)
> (this can be found for any package with "osc maintainer -e $package_name")
> 
> openSUSE security team: security@suse.de
> (https://en.opensuse.org/openSUSE:Security_team)
> 
> HTH

Ok, bug submitted for pam-config support for pam_cifscreds.so

https://bugzilla.opensuse.org/show_bug.cgi?id=1195411
Comment 13 Jiri Slaby 2022-02-02 07:20:47 UTC 
Pushed the fix to master+stable. It will appear in TW soon (in ~ a week). You can use Kernel:stable in the meantime (the fix will appear there today) or at least confirm the fix works for you.
Comment 14 Joe S 2022-02-02 14:56:22 UTC 
(In reply to Jiri Slaby from comment #13)
> Pushed the fix to master+stable. It will appear in TW soon (in ~ a week).
> You can use Kernel:stable in the meantime (the fix will appear there today)
> or at least confirm the fix works for you.

Hi Jiri,

I've never installed a kernel other than the ones included in the regular TW repositories so please correct me if I've done something wrong here....

If downloaded the following

https://download.opensuse.org/repositories/Kernel:/stable/standard/x86_64/kernel-default-5.16.5-2.1.g5277fb2.x86_64.rpm

and then ran zypper install on that rpm.

zypper complained about the pgp key not being available and signature verification failed  but I assume that is because I installed it that way instead of having it pulled from the normal repositories.

Installation seemed to work and dracut was executed but at the end it produced the following messages:

Failed to enroll new keys
Failed to import /etc/uefi/certs/6A4E915C.crt
warning: %post(kernel-default-5.16.5-2.1.g5277fb2.x86_64) scriptlet failed, exit status 255


Executing %posttrans scripts .....................................................................................[done]

I rebooted the system and uname -r reports it is using the new kernel

5.16.5-2.g5277fb2-default

I applied my changes to common-auth and common-session and rebooted the system.

Is there a better way to have the pam changes recognized as I have not found one?   A google search termed up a reference to /usr/sbin/pam-auth-update but that does not appear to be available in TW.

After rebooting with the new kernel and pam changes applied I tested everything out and am happy to report that everything now seems to be working properly.

Heartfelt thanks to everyone for their hard work in getting this resolved so quickly, I really appreciate it!
Comment 15 Jiri Slaby 2022-02-03 05:59:36 UTC 
(In reply to Joe S from comment #14)
> Is there a better way to have the pam changes recognized as I have not found
> one?   A google search termed up a reference to /usr/sbin/pam-auth-update
> but that does not appear to be available in TW.

Sorry, I have no idea about pam.

> After rebooting with the new kernel and pam changes applied I tested
> everything out and am happy to report that everything now seems to be
> working properly.

Perfect.
Comment 16 Jiri Slaby 2022-02-03 06:06:52 UTC 
JFYI, submitted to TW:
https://build.opensuse.org/request/show/950876