On rawhide and on rhel6, x86-64, the pmap_agg_overflow.exp test case fails during shutdown by triggering a kernel null deref.  This must be a recent regression.  The oops reads something like:

[   92.933398] stap_066aedcae675ff178ad67841a6b558ca_1707: systemtap: 2.0/0.155, base: ffffffffa021e000, memory: 29dat
a/40text/6ctx/2058net/1138alloc kb, probes: 5
[  105.475935] BUG: unable to handle kernel NULL pointer dereference at 0000000000000068
[  105.476134] IP: [<ffffffffa0224ded>] _stp_pmap_agg+0xed/0x430 [stap_066aedcae675ff178ad67841a6b558ca_1707]
[  105.476134] PGD 78b66067 PUD 36b2f067 PMD 0 
[  105.476134] Oops: 0000 [#1] SMP 
[  105.476134] Modules linked in: stap_066aedcae675ff178ad67841a6b558ca_1707(F) nfsv4 auth_rpcgss nfs dns_resolver fscache lockd sunrpc ipt_MASQUERADE nf_conntrack_netbios_ns nf_conntrack_broadcast ip6table_mangle ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables iptable_nat nf_nat iptable_mangle nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ppdev parport_pc parport microcode virtio_net i2c_piix4 drm_kms_helper ttm drm i2c_core
[  105.476134] CPU 1 
[  105.476134] Pid: 1707, comm: stapio Tainted: GF            3.6.0-3.fc18.x86_64 #1 Bochs Bochs
[  105.476134] RIP: 0010:[<ffffffffa0224ded>]  [<ffffffffa0224ded>] _stp_pmap_agg+0xed/0x430 [stap_066aedcae675ff178ad67841a6b558ca_1707]
[  105.476134] RSP: 0018:ffff880036611d88  EFLAGS: 00010283
[  105.476134] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000007fc8
[  105.476134] RDX: ffff8800765210c8 RSI: ffff880075d27fc0 RDI: ffff8800765210c8
[  105.476134] RBP: ffff880036611de8 R08: ffff8800765210e0 R09: 0000000000000000
[  105.476134] R10: 0000000000000000 R11: 0000000000000000 R12: ffff880075b2ff60
[  105.476134] R13: ffff88007cd9bd10 R14: ffff880075b2ff70 R15: 0000000000000000
[  105.476134] FS:  00002b5f59e73640(0000) GS:ffff88007cc80000(0000) knlGS:0000000000000000
[  105.476134] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[  105.476134] CR2: 0000000000000068 CR3: 0000000077320000 CR4: 00000000000006e0
[  105.476134] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  105.476134] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  105.476134] Process stapio (pid: 1707, threadinfo ffff880036610000, task ffff880036500000)
[  105.476134] Stack:
[  105.476134]  ffff880036611d98 0000000300000001 ffff8800765210c0 0000000000007fc8
[  105.476134]  ffff880075d27fc0 0000000000000000 ffff880000000000 ffff88007542d000
[  105.476134]  0000000000000001 0000000000000001 0000000000000000 0000000000000001
[  105.476134] Call Trace:
[  105.476134]  [<ffffffffa022538a>] probe_2047+0x2a/0x220 [stap_066aedcae675ff178ad67841a6b558ca_1707]
[  105.476134]  [<ffffffff81625dc8>] ? unregister_kprobes.part.21+0x88/0xb0
[  105.476134]  [<ffffffffa0225ef9>] enter_be_probe+0xe9/0x1d0 [stap_066aedcae675ff178ad67841a6b558ca_1707]
[  105.476134]  [<ffffffffa0226e3d>] _stp_cleanup_and_exit+0x3bd/0x430 [stap_066aedcae675ff178ad67841a6b558ca_1707]
[  105.476134]  [<ffffffff8108fd60>] ? thread_group_times+0xb0/0xb0
[  105.476134]  [<ffffffffa02271ea>] _stp_ctl_write_cmd+0x25a/0xa40 [stap_066aedcae675ff178ad67841a6b558ca_1707]
[  105.476134]  [<ffffffff8127e7cc>] ? security_file_permission+0x2c/0xb0
[  105.476134]  [<ffffffff8118f2ec>] vfs_write+0xac/0x180
[  105.476134]  [<ffffffff8118f61a>] sys_write+0x4a/0x90
[  105.476134]  [<ffffffff81628269>] system_call_fastpath+0x16/0x1b
[  105.476134] Code: 00 48 63 45 ac 48 8b 55 b0 48 c7 45 b8 00 00 00 00 c7 45 a8 00 00 00 00 4c 8b 2a 4c 03 2c c5 e0 bc cd 81 48 8b 45 c8 48 8b 4d b8 <48> 03 48 68 49 8b 45 68 48 89 4d c0 48 8b 4d b8 4c 8b 34 08 4d 
[  105.476134] RIP  [<ffffffffa0224ded>] _stp_pmap_agg+0xed/0x430 [stap_066aedcae675ff178ad67841a6b558ca_1707]
[  105.476134] RSP: 0018:ffff880036611d88  EFLAGS: 00010283
[  105.476134] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000007fc8
[  105.476134] RDX: ffff8800765210c8 RSI: ffff880075d27fc0 RDI: ffff8800765210c8
[  105.476134] RBP: ffff880036611de8 R08: ffff8800765210e0 R09: 0000000000000000
[  105.476134] R10: 0000000000000000 R11: 0000000000000000 R12: ffff880075b2ff60
[  105.476134] R13: ffff88007cd9bd10 R14: ffff880075b2ff70 R15: 0000000000000000
[  105.476134] FS:  00002b5f59e73640(0000) GS:ffff88007cc80000(0000) knlGS:0000000000000000
[  105.476134] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[  105.476134] CR2: 0000000000000068 CR3: 0000000077320000 CR4: 00000000000006e0
[  105.476134] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  105.476134] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  105.476134] Process stapio (pid: 1707, threadinfo ffff880036610000, task ffff880036500000)
[  105.476134] Stack:
[  105.476134]  ffff880036611d98 0000000300000001 ffff8800765210c0 0000000000007fc8
[  105.476134]  ffff880075d27fc0 0000000000000000 ffff880000000000 ffff88007542d000
[  105.476134]  0000000000000001 0000000000000001 0000000000000000 0000000000000001
[  105.476134] Call Trace:
[  105.476134]  [<ffffffffa022538a>] probe_2047+0x2a/0x220 [stap_066aedcae675ff178ad67841a6b558ca_1707]
[  105.476134]  [<ffffffff81625dc8>] ? unregister_kprobes.part.21+0x88/0xb0
[  105.476134]  [<ffffffffa0225ef9>] enter_be_probe+0xe9/0x1d0 [stap_066aedcae675ff178ad67841a6b558ca_1707]
[  105.476134]  [<ffffffffa0226e3d>] _stp_cleanup_and_exit+0x3bd/0x430 [stap_066aedcae675ff178ad67841a6b558ca_1707]
[  105.476134]  [<ffffffff8108fd60>] ? thread_group_times+0xb0/0xb0
[  105.476134]  [<ffffffffa02271ea>] _stp_ctl_write_cmd+0x25a/0xa40 [stap_066aedcae675ff178ad67841a6b558ca_1707]
[  105.476134]  [<ffffffff8127e7cc>] ? security_file_permission+0x2c/0xb0
[  105.476134]  [<ffffffff8118f2ec>] vfs_write+0xac/0x180
[  105.476134]  [<ffffffff8118f61a>] sys_write+0x4a/0x90
[  105.476134]  [<ffffffff81628269>] system_call_fastpath+0x16/0x1b
[  105.476134] Code: 00 48 63 45 ac 48 8b 55 b0 48 c7 45 b8 00 00 00 00 c7 45 a8 00 00 00 00 4c 8b 2a 4c 03 2c c5 e0 bc cd 81 48 8b 45 c8 48 8b 4d b8 <48> 03 48 68 49 8b 45 68 48 89 4d c0 48 8b 4d b8 4c 8b 34 08 4d 
[  105.476134] RIP  [<ffffffffa0224ded>] _stp_pmap_agg+0xed/0x430 [stap_066aedcae675ff178ad67841a6b558ca_1707]
[  105.476134]  RSP <ffff880036611d88>
[  105.476134] CR2: 0000000000000068


The crash specifically is here'bouts:

                MAP_LOCK(m);
                /* walk the hash chains. */
                for (hash = 0; hash < HASH_TABLE_SIZE; hash++) {
                        head = &m->hashes[hash];
                        ahead = &agg->hashes[hash];
    6de5:       48 8b 45 c8             mov    -0x38(%rbp),%rax
    6de9:       48 8b 4d b8             mov    -0x48(%rbp),%rcx
    6ded:       48 03 48 68             add    0x68(%rax),%rcx         <<----- here
                        hlist_for_each(e, head) {
    6df1:       49 8b 45 68             mov    0x68(%r13),%rax
#endif