Package: linux-image-2.6.18-2-xen-686
Version: 2.6.18-5
Severity: critical
Executing program "crash" with core dumps enabled (ulimit -c unlimited) results
in kernel looping the following message:
Bad pte = 0033e0a0, process = crash, vm_flags = 100070, vaddr = b7602000
[<c0144b5d>] vm_normal_page+0x98/0xb0
[<c0145116>] follow_page+0xe8/0x182
[<c0146b49>] get_user_pages+0x288/0x2f1
[<c017b1db>] elf_Core_dump+0x972/0xb4b
[<c015ee74>] do_coredump+0x4a8/0x4fc
[<c012399c>] dequeue_signal+0x15/0x9c
[<c0123fed>] get_signal_to_deliver+0x39e/0x3d0
[<c0103ee7>] do_notify_resume+0x71/0x5e9
[<c0156153>] __fput+0x11c/0x13f
[<c0151fd6>] kmem_cache_free+0x44/0x7d
[<c0110b5a>] do_page_fault+0x39f/0x7c8
[<c012449f>] sys_rt_sigprocmask+0x4b/0xc5
[<c012449f>] sys_rt_sigprocmask+0x4b/0xc5
[<c01048b5>] work_notifysig+0x13/0x1a
<repeats infinitely>
The program aborts and dumps core without issue with the kernel from
linux-image-2.6.18-2-686.
The system is a Sarge machine with enough packages pulled from unstable to
install xen-linux-system-2.6.18-2-xen-686. I have triggered the problem both in
Dom0 and a DomU, on both real hardware (opteron) and inside VMWare (p4).
gcc crash.c -o crash -ldl -lpthread
crash.c (any library appears to work equivalently in the dlopen):
---------------------
#include <dlfcn.h>
#include <pthread.h>
#include <stdlib.h>
#include <unistd.h>
void* crash(void* arg)
{
dlopen("libm.so.6", RTLD_LAZY);
abort();
return 0;
}
int main(int argc, char** argv)
{
pthread_t t;
pthread_create(&t, NULL, crash, NULL);
while (1)
{
usleep(100000);
}
return (0);
}
