The kernel often crashes due to a use-after-free bug in [bmsensor] module

Solution Verified - Updated -

Issue

  • The kernel crashes often.
  • A crash due to GPF occurred in mem_cgroup_iter()
[787904.821362] general protection fault, probably for non-canonical address 0xe69009cd5fa05458: 0000 [#1] SMP PTI
[787904.821456] CPU: 0 PID: 390 Comm: kswapd0 Kdump: loaded Tainted: G           OE    --------- -  - 4.18.0-513.11.1.el8_9.x86_64 #1
[787904.821536] Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 07/18/2016
[787904.821590] RIP: 0010:mem_cgroup_iter+0x183/0x230
[787904.821637] Code: 81 e8 03 00 00 41 39 45 08 0f 85 51 ff ff ff eb b1 4d 85 e4 0f 85 05 ff ff ff 4c 89 e3 e9 ce fe ff ff 48 8b 40 18 a8 03 75 6c <65> 48 ff 00 e9 ec fe ff ff 48 89 f0 f0 49 0f b1 3f 48 8b b1 e0 03
[787904.821753] RSP: 0018:ffff944e8e24fcd8 EFLAGS: 00010246
[787904.821794] RAX: e69080e320205458 RBX: ffff88cb8196d000 RCX: ffff88cb8196d048
[787904.821842] RDX: 0000000000000001 RSI: ffff88cb49674000 RDI: ffff88cb8194e000
[787904.821890] RBP: ffff88cb4006e000 R08: 0000000000000000 R09: ffff88cb5495d488
[787904.821938] R10: 0000000000000000 R11: 0000000000000040 R12: ffff88cb8194e000
[787904.821985] R13: 0000000000000000 R14: ffff88cb8194e000 R15: ffff88eabffd5000
[787904.822033] FS:  0000000000000000(0000) GS:ffff88ea3f800000(0000) knlGS:0000000000000000
[787904.822088] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[787904.822128] CR2: 00007f0558943044 CR3: 0000000378c10005 CR4: 00000000001706f0
[787904.822177] Call Trace:
[787904.822204]  ? __die_body+0x1a/0x60
[787904.822244]  ? die_addr+0x38/0x51
[787904.822275]  ? do_general_protection+0x135/0x280
[787904.822314]  ? general_protection+0x1e/0x30
[787904.822349]  ? mem_cgroup_iter+0x183/0x230
[787904.822386]  ? mem_cgroup_iter+0x58/0x230
[787904.822421]  shrink_node+0x196/0x710
[787904.822457]  balance_pgdat+0x2d7/0x550
[787904.822493]  kswapd+0x20b/0x3d0
[787904.822524]  ? finish_wait+0x80/0x80
[787904.822555]  ? balance_pgdat+0x550/0x550
[787904.822590]  kthread+0x134/0x150
[787904.822621]  ? set_kthread_struct+0x50/0x50
[787904.822656]  ret_from_fork+0x35/0x40
[787904.822693] Modules linked in: ...
        ...
  • A crash due to GPF occurred in mutex_lock()
[133194.561051] general protection fault, probably for non-canonical address 0xbc80e5aeaee8bea3: 0000 [#1] SMP PTI
[133194.561130] CPU: 34 PID: 1 Comm: systemd Kdump: loaded Tainted: G           OE    --------- -  - 4.18.0-513.11.1.el8_9.x86_64 #1
[133194.561198] Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 07/18/2016
[133194.561244] RIP: 0010:mutex_lock+0x19/0x30
[133194.561278] Code: 00 0f 1f 44 00 00 be 02 00 00 00 e9 d1 fb ff ff 90 0f 1f 44 00 00 53 48 89 fb e8 02 e0 ff ff 31 c0 65 48 8b 14 25 40 dc 01 00 <f0> 48 0f b1 13 74 06 48 89 df 5b eb ca 5b c3 cc cc cc cc 0f 1f 40
[133194.561376] RSP: 0018:ffffb34c8c4bfe00 EFLAGS: 00010246
[133194.561411] RAX: 0000000000000000 RBX: bc80e5aeaee8bea3 RCX: ffff98a3064cc300
[133194.561453] RDX: ffff98c2066b5000 RSI: ffff98b8f32b6c28 RDI: bc80e5aeaee8bea3
[133194.561493] RBP: 0000000000000000 R08: ffff98c1fffd5000 R09: 0000000000000000
[133194.561534] R10: ffffb34c8c4bfed0 R11: 0000000000000000 R12: ffff98a3069d3800
[133194.561575] R13: bc80e5aeaee8babb R14: 0000000000000000 R15: 0000000000000000
[133194.561615] FS:  00007f696583d9c0(0000) GS:ffff98c17fd80000(0000) knlGS:0000000000000000
[133194.561662] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[133194.561696] CR2: 000055c2da7c7000 CR3: 00000020a8174003 CR4: 00000000001706e0
[133194.561738] Call Trace:
[133194.561762]  ? __die_body+0x1a/0x60
[133194.561796]  ? die_addr+0x38/0x51
[133194.561822]  ? do_general_protection+0x135/0x280
[133194.561855]  ? general_protection+0x1e/0x30
[133194.561884]  ? mutex_lock+0x19/0x30
[133194.561910]  cgroup_pidlist_start+0x46/0x140
[133194.561942]  kernfs_seq_start+0x4d/0x90
[133194.561973]  seq_read+0xb2/0x420
[133194.561999]  vfs_read+0x91/0x150
[133194.562024]  ksys_read+0x4f/0xb0
[133194.562047]  do_syscall_64+0x5b/0x1b0
[133194.562079]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[133194.562115] RIP: 0033:0x7f6963bacd74
[133194.562144] Code: ff 77 53 c3 66 90 41 54 49 89 d4 55 48 89 f5 53 89 fb 48 83 ec 10 e8 5b 44 f0 ff 4c 89 e2 48 89 ee 89 df 41 89 c0 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 48 89 44 24 08 e8 97 44 f0 ff 48
[133194.562242] RSP: 002b:00007ffdf7299340 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[133194.562287] RAX: ffffffffffffffda RBX: 0000000000000017 RCX: 00007f6963bacd74
[133194.562328] RDX: 0000000000001000 RSI: 000055c2da92cd00 RDI: 0000000000000017
[133194.562369] RBP: 000055c2da92cd00 R08: 0000000000000000 R09: 000055c2da74a20e
[133194.562409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000001000
[133194.562450] R13: 00007f6963e493a0 R14: 0000000000000000 R15: 0000000000000000
[133194.562492] Modules linked in: ...
        ...

Environment

  • Red Hat Enterprise Linux 8.9.z
  • Trend Micro module named "bmsensor" - version 1.2.2050.2052 Build 1.2.2052 Commit 1.6862.945f045

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content