Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 596876 - s390x kprobes unregistration problem
Summary: s390x kprobes unregistration problem
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: kernel
Version: 6.0
Hardware: s390x
OS: Linux
Target Milestone: rc
: 6.0
Assignee: Hendrik Brueckner
QA Contact: Red Hat Kernel QE team
Depends On:
TreeView+ depends on / blocked
Reported: 2010-05-27 17:06 UTC by David Smith
Modified: 2010-11-11 15:44 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2010-11-11 15:44:44 UTC
Target Upstream Version:

Attachments (Terms of Use)
module makefile (deleted)
2010-05-27 17:07 UTC, David Smith
no flags Details
base module source (deleted)
2010-05-27 17:08 UTC, David Smith
no flags Details
module header (deleted)
2010-05-27 17:08 UTC, David Smith
no flags Details
linux-2.6.32-s390-kernel-panic-kprobes.patch (deleted)
2010-06-09 09:01 UTC, IBM Bug Proxy
no flags Details

Description David Smith 2010-05-27 17:06:39 UTC
Description of problem:

The kernel crashes when unregistering a large number of kprobes on s390x.

Version-Release number of selected component (if applicable):


How reproducible:

Every time.

Steps to Reproduce:
1. build module
2. insert module
3. remove module
Actual results:

Output seen on console:

Process rmmod (pid: 6489, task: 000000001d220040, ksp: 000000001ecd7b00)
000000001ecd7a40 000000001ecd79c0 0000000000000002 0000000000000000
       000000001ecd7a60 000000001ecd79d8 000000001ecd79d8 00000000004aa358
       000000001fe23211 0000000000000000 0000000000000204 0000000000000020
       000000000000000d 000000000000000c 000000001ecd7a30 0000000000000000
       0000000000000000 00000000001052f0 000000001ecd79c0 000000001ecd7a00
Call Trace:
(<00000000001051f0> show_trace+0xe8/0x138)
 <00000000004aa1a6> panic+0x92/0x1f0
 <0000000000105842> die+0x16e/0x17c
 <0000000000100f96> do_no_context+0xae/0xec
 <00000000004ae086> do_protection_exception+0x2ca/0x2d8
 <0000000000118234> sysc_return+0x0/0x8
 <000000000011906e> module_free+0x36/0x4c
(<000000000011906a> module_free+0x32/0x4c)
 <00000000004b1298> collect_one_slot+0x7c/0xbc
 <00000000004b14ce> free_insn_slot+0x12a/0x130
01: HCPGSP2629I The virtual machine is placed in CP mode due to a SIGP stop from
 CPU 00.
 <00000000004aec50> arch_remove_kprobe+0x3c/0x50
 <00000000004b02e8> unregister_kprobes+0xa0/0xdc
 <00000000004b0356> unregister_kprobe+0x32/0x3c
 <000003c001fce0ae> kprobe_exit+0x56/0xcc kprobe_module
 <0000000000186024> SyS_delete_module+0x16c/0x274
 <0000000000118362> sysc_tracego+0xe/0x14
 <000000496897e4ae> 0x496897e4ae
00: HCPGIR450W CP entered; disabled wait PSW 00020001 80000000 00000000 00111E68

Expected results:

Module removed successfully.

Additional info:

Comment 1 David Smith 2010-05-27 17:07:27 UTC
Created attachment 417312 [details]
module makefile

Comment 2 David Smith 2010-05-27 17:08:06 UTC
Created attachment 417315 [details]
base module source

Comment 3 David Smith 2010-05-27 17:08:57 UTC
Created attachment 417316 [details]
module header

Comment 4 David Smith 2010-05-27 17:10:44 UTC
Build instructions.  Put 3 attachment files in a directory.  Run the following:

# make -C /lib/modules/`uname -r`/build/ M=`pwd` modules

To duplicate the crash, do the following:

# insmod kprobe_module.ko
# rmmod kprobe_module

Comment 8 Frank Ch. Eigler 2010-05-28 20:06:56 UTC
*** Bug 589159 has been marked as a duplicate of this bug. ***

Comment 9 RHEL Product and Program Management 2010-06-07 16:05:58 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for

Comment 10 IBM Bug Proxy 2010-06-09 09:01:05 UTC
Created attachment 422478 [details]

------- Comment on attachment From 2010-06-09 04:54 EDT-------

Description: kernel: fix kernel panic caused by using kprobes
Symptom:     A kernel panic might occur when setting numerous kprobes with
             systemtap. Further, the kernel might crash when unregistering
             a large number of kprobes on s390x.
Problem:     Currently, kprobes allows probing of (inline) functions that
             starts with the stnsm/stosm/epsw instructions.  The probed
             instructions will be executed in a single stepped and irq
             disabled context.  Therefore the results of stnsm, stosm, and
             epsw would be wrong if probed.
             Further, when unregistering numerous kprobes, the kprobe code
             calls s390x' module_free() passing a NULL pointer.  A missing
             check causes a kernel panic.
Solution:    Prohibit probing of the stnsm/stosm/epsw instructions and add
             a check to module_free() to prevent NULL pointer dereferences.

Comment 11 Hendrik Brueckner 2010-06-09 10:27:45 UTC
The patch has been posted to rhkernel by Hendrik Brueckner <>

Comment 12 Aristeu Rozanski 2010-07-01 16:22:12 UTC
Patch(es) available on kernel-2.6.32-42.el6

Comment 16 2010-11-11 15:44:44 UTC
Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.

Note You need to log in before you can comment on or make changes to this bug.