Bug 653324

Summary: RHEL5.5 guest kernel panic when write to floppy
Product: Red Hat Enterprise Linux 5 Reporter: Qingtang Zhou <qzhou>
Component: kernelAssignee: Virtualization Maintenance <virt-maint>
Status: CLOSED WONTFIX QA Contact: Red Hat Kernel QE team <kernel-qe>
Severity: medium Docs Contact:
Priority: low    
Version: 5.5CC: kcao, michen, rhod
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-08-11 11:03:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 580948    

Description Qingtang Zhou 2010-11-15 09:40:50 UTC 
Description of problem:
Tested RHEL5.5 guest on RHEL5.6/RHEL6.0 host.
When write data to floppy with 'dd', guest kernel panic.

Version-Release number of selected component (if applicable):
RHEL5.6 host:
# uname -r
2.6.18-231.el5
# rpm -q kvm
kvm-83-207.el5

RHEL5.5 guest:
# rpm -q kernel
kernel-2.6.18-194.el5

How reproducible:
100%

Steps to Reproduce:
1.start VM with qemu. command:
/usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/qemu -name 'vm1' 
-monitor unix:'/tmp/monitor-humanmonitor1-20101115-114926-fhoN',server,nowait 
-serial unix:'/tmp/serial-20101115-114926-fhoN',server,nowait 
-drive file='/usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/images/RHEL-Server-5.5-32-virtio.qcow2',index=0,if=virtio,media=disk,cache=none,boot=on,format=qcow2 
-net nic,vlan=0,model=virtio,macaddr='9a:34:06:60:c4:7a' 
-net tap,vlan=0,ifname='t0-114926-fhoN',script='/usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/scripts/qemu-ifup-switch',downscript='no' 
-m 4096 -smp 2,cores=1,threads=1,sockets=2 -cpu qemu64,+sse2 -soundhw ac97 
-fda '/usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/images/test_floppy.img' 
-vnc :0 -spice port=8000,disable-ticketing -qxl 1 -rtc-td-hack -M rhel5.5.0 
-usbdevice tablet -no-kvm-pit-reinjection

2. mount floppy to /mnt and write data to /mnt with dd:
# mount /dev/fd0 /mnt/
# dd if=/dev/urandom of=/mnt/test_floppy bs=1M count=1
# rm -f /mnt/test_floppy

3. guest kernel panic
  
Actual results:
guest kernel panic.

Expected results:
no kernel panic, write file to floppy successfully.

Additional info:
dmesg output:
BUG: unable to handle kernel NULL pointer dereference at virtual address 0000001d
 printing eip:
f8987547
*pde = b664f067
Oops: 0000 [#1]
SMP
last sysfs file: /class/misc/autofs/dev
Modules linked in: autofs4 hidp rfcomm l2cap bluetooth lockd sunrpc ip_conntrack_netbios_ns ipt_REJECT xt_state ip_conntrack nfnetlink iptable_filter ip_tables ip6t_REJECT xt_tcpudp ip6table_filter ip6_tables x_tables ipv6 xfrm_nalgo crypto_api loop dm_multipath scsi_dh video backlight sbs power_meter hwmon i2c_ec dell_wmi wmi button battery asus_acpi ac lp joydev snd_intel8x0 snd_ac97_codec ac97_bus snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss snd_pcm snd_timer parport_pc parport snd i2c_piix4 floppy tpm_tis ide_cd soundcore cdrom tpm snd_page_alloc i2c_core virtio_balloon serio_raw tpm_bios pcspkr virtio_net dm_raid45 dm_message dm_region_hash dm_mem_cache dm_snapshot dm_zero dm_mirror dm_log dm_mod ata_piix libata sd_mod scsi_mod virtio_blk virtio_pci virtio_ring virtio ext3 jbd uhci_hcd ohci_hcd ehci_hcd
CPU:    0
EIP:    0060:[<f8987547>]    Not tainted VLI
EFLAGS: 00010246   (2.6.18-231.el5 #1)
EIP is at setup_rw_floppy+0x1f7/0x272 [floppy]
eax: 00000000   ebx: 00000009   ecx: 00000014   edx: 00000000
esi: 00000000   edi: 00000008   ebp: 000000da   esp: f7feff5c
ds: 007b   es: 007b   ss: 0068
Process events/0 (pid: 8, ti=f7fef000 task=f7c0a000 task.ti=f7fef000)
Stack: 00000246 f898f840 f898f844 f7c11ec0 00000296 c0433c16 f8987a9f 00000000
       f7c11ed8 f7c11ec0 f7c11ed0 00000000 c043468a 00000001 00000000 f7c97f44
       00010000 00000000 00000000 f7c0a000 c041f80f 00100100 00200200 ffffffff
Call Trace:
 [<c0433c16>] run_workqueue+0x7f/0xc3
 [<f8987a9f>] floppy_start+0x0/0xda [floppy]
 [<c043468a>] worker_thread+0xd9/0x10b
 [<c041f80f>] default_wake_function+0x0/0xc
 [<c04345b1>] worker_thread+0x0/0x10b
 [<c0436ab7>] kthread+0xc0/0xed
 [<c04369f7>] kthread+0x0/0xed
 [<c0405c87>] kernel_thread_helper+0x7/0x10
 =======================
Code: c7 89 ef 83 e7 08 74 0a c7 05 00 12 99 f8 70 64 98 f8 31 db 31 f6 eb 0d 0f be 44 13 1e 43 e8 1e e7 ff ff 09 c6 8b 15 c0 18 99 f8 <0f> b6 42 1d 39 c3 7c e5 0f b6 05 c4 22 99 f8 6b c0 58 f6 80 dc
EIP: [<f8987547>] setup_rw_floppy+0x1f7/0x272 [floppy] SS:ESP 0068:f7feff5c
 <0>Kernel panic - not syncing: Fatal exception

(Process terminated with status 0)
Comment 1 Gleb Natapov 2011-05-30 11:24:27 UTC 
*** Bug 707528 has been marked as a duplicate of this bug. ***
Comment 2 Gleb Natapov 2011-05-30 12:25:25 UTC 
*** Bug 552152 has been marked as a duplicate of this bug. ***
Comment 4 RHEL Program Management 2011-06-20 22:15:28 UTC 
This request was evaluated by Red Hat Product Management for inclusion in Red Hat Enterprise Linux 5.7 and Red Hat does not plan to fix this issue the currently developed update.

Contact your manager or support representative in case you need to escalate this bug.