Description of problem: During testing in EL4u7 pv guest, guest panic'ed with the following: Based on log files the kernel paniced at 11pm: Apr 22 23:00:35 adc68002xems kernel: ------------[ cut here ]------------ Apr 22 23:00:35 adc68002xems kernel: kernel BUG at fs/binfmt_elf.c:1616! Apr 22 23:00:35 adc68002xems kernel: invalid operand: 0000 [#1] Apr 22 23:00:35 adc68002xems kernel: SMP Apr 22 23:00:35 adc68002xems kernel: Modules linked in: md5(U) ipv6(U) autofs4(U) i2c_dev(U) i2c_core(U) nfs(U) lockd(U) sunrpc(U) dm_mirror(U) dm_multipath(U) dm_mod(U) ext3(U) jbd(U) Apr 22 23:00:35 adc68002xems kernel: CPU: 0 Apr 22 23:00:35 adc68002xems kernel: EIP: 0061:[<c017fd4e>] Not tainted VLI Apr 22 23:00:35 adc68002xems kernel: EFLAGS: 00010206 (2.6.9-55.0.12.9.1.ELxenU) Apr 22 23:00:35 adc68002xems kernel: EIP is at elf_core_dump+0x6b8/0xa38 Apr 22 23:00:35 adc68002xems kernel: eax: ec57fe0c ebx: bfffe380 ecx: bfffe380 edx: bfffe380 Apr 22 23:00:35 adc68002xems kernel: esi: 0ba53000 edi: 0000001c ebp: 00009514 esp: ec57fdb0 Apr 22 23:00:35 adc68002xems kernel: ds: 007b es: 007b ss: 0068 Apr 22 23:00:35 adc68002xems kernel: Process oracle (pid: 30186, threadinfo=ec57f000 task=e5f342b0) Apr 22 23:00:35 adc68002xems kernel: Stack: 0000c6ff d4d23500 00000000 c26e6a00 ea6d3680 c029fa40 c26fe180 d6138c40 Apr 22 23:00:35 adc68002xems kernel: e57e4700 00000006 ffffffff 0018f000 00000000 0ba53000 00000000 c0000000 Apr 22 23:00:35 adc68002xems kernel: 00000001 e9ae9e80 00000006 e743d92c ea1ba17c ec57fe04 ec57fe04 00000001 Apr 22 23:00:35 adc68002xems kernel: 3e7bf217 fffffffe 00d7eb50 3e7bf217 fffffffe 00d7eb50 3e7bf217 00000004 Apr 22 23:00:35 adc68002xems kernel: Call Trace: Apr 22 23:00:35 adc68002xems kernel: [<c0163e26>] do_coredump+0x24d/0x297 Apr 22 23:00:35 adc68002xems kernel: [<c01170da>] try_to_wake_up+0x2ab/0x2b6 Apr 22 23:00:35 adc68002xems kernel: [<c0125bc0>] __dequeue_signal+0x14c/0x155 Apr 22 23:00:35 adc68002xems kernel: [<c0125bf6>] dequeue_signal+0x2d/0x54 Apr 22 23:00:35 adc68002xems kernel: [<c01274b2>] get_signal_to_deliver+0x317/0x346 Apr 22 23:00:35 adc68002xems kernel: [<c01071bb>] do_signal+0x47/0xd0 Apr 22 23:00:35 adc68002xems kernel: [<c0126543>] group_send_sig_info+0x59/0x61 Apr 22 23:00:35 adc68002xems kernel: [<c01c1b50>] atomic_dec_and_lock+0x20/0x40 Apr 22 23:00:35 adc68002xems kernel: [<c01275a5>] sigprocmask+0xb0/0xca Apr 22 23:00:35 adc68002xems kernel: [<c0127657>] sys_rt_sigprocmask+0x98/0x145 Apr 22 23:00:35 adc68002xems kernel: [<c010726c>] do_notify_resume+0x28/0x38 Apr 22 23:00:35 adc68002xems kernel: [<c0263bc9>] work_notifysig+0x13/0x1a Apr 22 23:00:35 adc68002xems kernel: [<c026007b>] packet_setsockopt+0x9a/0x19a Apr 22 23:00:35 adc68002xems kernel: [<c026007b>] packet_setsockopt+0x9a/0x19a Apr 22 23:00:35 adc68002xems kernel: Code: 66 83 3d 2c e0 ff bf 00 0f 84 9b 00 00 00 89 c3 b9 20 00 00 00 89 da 8d 44 24 5c e8 01 1f 04 00 83 7c 24 5c 01 75 3c 85 f6 74 08 <0f> 0b 50 06 7d e7 27 c0 8b 44 24 34 31 d2 89 c6 89 44 24 60 8b Apr 22 23:00:35 adc68002xems kernel: <0>Fatal exception: panic in 5 seconds Version-Release number of selected component (if applicable): el4u7 and above to the latest el4 kernel How reproducible: whenever a process coredumps in a guest. Steps to Reproduce: 1. in a guest, try coredumping a process 2. 3. Actual results: Expected results: Additional info:
Created attachment 415538 [details] patch that fixes wrong vsyscall page pointer from elf_core_dump Please review and include this part of your next errata.
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
The patch was committed as 3fa265a0e29ae61e373d0490ea2d85ef84cb0f54 in kernel-2.6.9-89.2 and it will be included in 4.9. *** This bug has been marked as a duplicate of bug 461038 ***