A null dereference crash occurs in pipe_read()
Issue
- A null dereference crash occurs in pipe_read()
IPMI System Interface driver.
ipmi_si: Adding default-specified kcs state machine
ipmi_si: Trying default-specified kcs state machine at i/o address 0xca2, slave address 0x0, irq 0
ipmi_si (null): Interface detection failed
ipmi_si: Adding default-specified smic state machine
ipmi_si: Trying default-specified smic state machine at i/o address 0xca9, slave address 0x0, irq 0
ipmi_si (null): Interface detection failed
ipmi_si: Adding default-specified bt state machine
ipmi_si: Trying default-specified bt state machine at i/o address 0xe4, slave address 0x0, irq 0
ipmi_si (null): Interface detection failed
ipmi_si: Unable to find any System Interface(s)
BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
IP: [<ffffffff811ae151>] pipe_read+0x111/0x4e0
Kernel PGD 800000001f7c1067 PUD 7a6e7067 PMD 0
User PGD 1f7c1067 PUD 7a6e7067 PMD 0
Oops: 0000 [#1] SMP
last sysfs file: /sys/module/ipmi_msghandler/initstate
CPU 0
Modules linked in: ipmi_msghandler tcp_diag inet_diag autofs4 nfs lockd fscache auth_rpcgss nfs_acl sunrpc ipv6 vsock(U) dm_multipath ppdev parport_pc parport microcode vmware_balloon vmxnet3 vmci(U) i2c_piix4 sg shpchp ext4 jbd2 mbcache dm_snapshot dm_bufio sd_mod crc_t10dif sr_mod cdrom mptspi mptscsih mptbase scsi_transport_spi pata_acpi ata_generic ata_piix vmwgfx ttm drm_kms_helper drm i2c_core dm_mirror dm_region_hash dm_log dm_mod [last unloaded: ipmi_msghandler]
Pid: 6741, comm: sed Not tainted 2.6.32-754.31.1.el6.x86_64 #1 VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform
RIP: 0010:[<ffffffff811ae151>] [<ffffffff811ae151>] pipe_read+0x111/0x4e0
RSP: 0018:ffff88007c7e7cd8 EFLAGS: 00010287
RAX: ffff88001f61c800 RBX: 00000000ffffc900 RCX: 0000000000000000
RDX: ffff88001f61c858 RSI: ffff88001f61c858 RDI: ffff88001f748800
RBP: ffff88007c7e7d88 R08: ffffffff811a2830 R09: 0000000000000001
R10: 0000000000000078 R11: 0000000000000246 R12: ffff88007bd45480
R13: ffff88007c7e7e88 R14: ffff88007c7e7f18 R15: 0000000000000000
FS: 00007f2337a827a0(0000) GS:ffff88000c400000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000018 CR3: 000000001f7fc000 CR4: 00000000000407f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process sed (pid: 6741, threadinfo ffff88007c7e4000, task ffff880079dc2ab0)
Stack:
ffff88002188edd0 ffff88001f748848 ffff880079dc2ab0 ffff88007bd45480
<d> ffff880000000000 0000000000000000 ffff88001f61c858 0000000000000000
<d> ffff88007c7e7e88 ffffffffffff8800 0000000000001000 7c4426c0374be080
Call Trace:
[<ffffffff811a2930>] do_sync_read+0x100/0x140
[<ffffffff81161bb6>] ? handle_mm_fault+0x306/0x450
[<ffffffff810ac1c0>] ? autoremove_wake_function+0x0/0x40
[<ffffffff81168345>] ? do_mmap_pgoff+0x335/0x380
[<ffffffff81244d9c>] ? security_file_permission+0x1c/0x20
[<ffffffff811a3227>] vfs_read+0xb7/0x1a0
[<ffffffff811a3ff6>] ? fget_light_pos+0x16/0x50
[<ffffffff811a3571>] sys_read+0x51/0xb0
[<ffffffff815663a7>] system_call_fastpath+0x35/0x3a
Code: 48 8b 55 b8 48 8d 04 89 48 89 4d 98 48 c1 e0 03 48 8d 54 02 58 48 03 45 b8 48 89 55 80 48 89 d6 48 8b 48 68 48 89 4d 88 8b 58 64 <48> 8b 41 18 e8 86 54 10 00 85 c0 0f 85 93 02 00 00 48 8b 45 90
RIP [<ffffffff811ae151>] pipe_read+0x111/0x4e0
RSP <ffff88007c7e7cd8>
CR2: 0000000000000018
Environment
- Red Hat Enterprise Linux 6.10 (kernel-2.6.32-754.31.1.el6)
- A RHEL guest running on VMware hypervisor
- No 3rd-party/proprietary modules/drivers installed/loaded
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
