Bug 594531

Summary: BUG IN ELF_CORE_DUMP
Product: Red Hat Enterprise Linux 4 Reporter: Guru Anbalagane <guru.anbalagane>
Component: kernel-xenAssignee: Andrew Jones <drjones>
Status: CLOSED DUPLICATE QA Contact: Red Hat Kernel QE team <kernel-qe>
Severity: medium Docs Contact:
Priority: low    
Version: 4.8CC: drjones, emcnabb, greg.marsden, pbonzini, tina.yang, xen-maint
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-10-06 14:20:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 458302    
Attachments:
Description Flags
patch that fixes wrong vsyscall page pointer from elf_core_dump none

Description Guru Anbalagane 2010-05-20 23:02:00 UTC 
Description of problem:
During testing in EL4u7 pv guest, guest panic'ed with the following:

Based on log files the kernel paniced at 11pm:

Apr 22 23:00:35 adc68002xems kernel: ------------[ cut here ]------------
Apr 22 23:00:35 adc68002xems kernel: kernel BUG at fs/binfmt_elf.c:1616!
Apr 22 23:00:35 adc68002xems kernel: invalid operand: 0000 [#1]
Apr 22 23:00:35 adc68002xems kernel: SMP
Apr 22 23:00:35 adc68002xems kernel: Modules linked in: md5(U) ipv6(U)
autofs4(U) i2c_dev(U) i2c_core(U) nfs(U) lockd(U) sunrpc(U) dm_mirror(U)
dm_multipath(U) dm_mod(U) ext3(U) jbd(U)
Apr 22 23:00:35 adc68002xems kernel: CPU:    0
Apr 22 23:00:35 adc68002xems kernel: EIP:    0061:[<c017fd4e>]    Not tainted
VLI
Apr 22 23:00:35 adc68002xems kernel: EFLAGS: 00010206  
(2.6.9-55.0.12.9.1.ELxenU)
Apr 22 23:00:35 adc68002xems kernel: EIP is at elf_core_dump+0x6b8/0xa38
Apr 22 23:00:35 adc68002xems kernel: eax: ec57fe0c   ebx: bfffe380   ecx:
bfffe380   edx: bfffe380
Apr 22 23:00:35 adc68002xems kernel: esi: 0ba53000   edi: 0000001c   ebp:
00009514   esp: ec57fdb0
Apr 22 23:00:35 adc68002xems kernel: ds: 007b   es: 007b   ss: 0068
Apr 22 23:00:35 adc68002xems kernel: Process oracle (pid: 30186,
threadinfo=ec57f000 task=e5f342b0)
Apr 22 23:00:35 adc68002xems kernel: Stack: 0000c6ff d4d23500 00000000
c26e6a00 ea6d3680 c029fa40 c26fe180 d6138c40
Apr 22 23:00:35 adc68002xems kernel:        e57e4700 00000006 ffffffff
0018f000 00000000 0ba53000 00000000 c0000000
Apr 22 23:00:35 adc68002xems kernel:        00000001 e9ae9e80 00000006
e743d92c ea1ba17c ec57fe04 ec57fe04 00000001
Apr 22 23:00:35 adc68002xems kernel:        3e7bf217 fffffffe 00d7eb50
3e7bf217 fffffffe 00d7eb50 3e7bf217 00000004
Apr 22 23:00:35 adc68002xems kernel: Call Trace:
Apr 22 23:00:35 adc68002xems kernel:  [<c0163e26>] do_coredump+0x24d/0x297
Apr 22 23:00:35 adc68002xems kernel:  [<c01170da>] try_to_wake_up+0x2ab/0x2b6
Apr 22 23:00:35 adc68002xems kernel:  [<c0125bc0>]
__dequeue_signal+0x14c/0x155
Apr 22 23:00:35 adc68002xems kernel:  [<c0125bf6>] dequeue_signal+0x2d/0x54
Apr 22 23:00:35 adc68002xems kernel:  [<c01274b2>]
get_signal_to_deliver+0x317/0x346
Apr 22 23:00:35 adc68002xems kernel:  [<c01071bb>] do_signal+0x47/0xd0
Apr 22 23:00:35 adc68002xems kernel:  [<c0126543>]
group_send_sig_info+0x59/0x61
Apr 22 23:00:35 adc68002xems kernel:  [<c01c1b50>]
atomic_dec_and_lock+0x20/0x40
Apr 22 23:00:35 adc68002xems kernel:  [<c01275a5>] sigprocmask+0xb0/0xca
Apr 22 23:00:35 adc68002xems kernel:  [<c0127657>]
sys_rt_sigprocmask+0x98/0x145
Apr 22 23:00:35 adc68002xems kernel:  [<c010726c>] do_notify_resume+0x28/0x38
Apr 22 23:00:35 adc68002xems kernel:  [<c0263bc9>] work_notifysig+0x13/0x1a
Apr 22 23:00:35 adc68002xems kernel:  [<c026007b>]
packet_setsockopt+0x9a/0x19a
Apr 22 23:00:35 adc68002xems kernel:  [<c026007b>]
packet_setsockopt+0x9a/0x19a
Apr 22 23:00:35 adc68002xems kernel: Code: 66 83 3d 2c e0 ff bf 00 0f 84 9b
00 00 00 89 c3 b9 20 00 00 00 89 da 8d 44 24 5c e8 01 1f 04 00 83 7c 24 5c 01
75 3c 85 f6 74 08 <0f> 0b 50 06 7d e7 27 c0 8b 44 24 34 31 d2 89 c6 89 44 24
60 8b
Apr 22 23:00:35 adc68002xems kernel:  <0>Fatal exception: panic in 5 seconds

Version-Release number of selected component (if applicable):

el4u7 and above to the latest el4 kernel
How reproducible:
whenever  a process coredumps in a guest.

Steps to Reproduce:
1. in a guest, try coredumping a process 
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Guru Anbalagane 2010-05-20 23:06:17 UTC 
Created attachment 415538 [details]
patch that fixes wrong vsyscall page pointer from elf_core_dump

Please review and include this part of your next errata.
Comment 2 RHEL Program Management 2010-07-01 10:09:09 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 4 Paolo Bonzini 2010-10-06 14:20:03 UTC 
The patch was committed as 3fa265a0e29ae61e373d0490ea2d85ef84cb0f54 in kernel-2.6.9-89.2 and it will be included in 4.9.

*** This bug has been marked as a duplicate of bug 461038 ***