606673 – Guest kernel panic when format floppy in RHEL6.0 host

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 606673 - Guest kernel panic when format floppy in RHEL6.0 host

Summary: Guest kernel panic when format floppy in RHEL6.0 host

Keywords:
Status:	CLOSED DUPLICATE of bug 615839
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	kernel
Sub Component:
Version:	6.0
Hardware:	All
OS:	Linux
Priority:	high
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Red Hat Kernel Manager
QA Contact:	Red Hat Kernel QE team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	562808 580953
TreeView+	depends on / blocked

Reported:	2010-06-22 08:13 UTC by Joy Pu
Modified:	2010-07-21 19:40 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2010-07-21 19:40:10 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Joy Pu 2010-06-22 08:13:09 UTC

Description:
In the RHEL6.0 host, guest kernel panic while formatting floppy. This is happend in RHEL6.0 and RHEL5.5 guest. And the reproducible ratio is higher in RHEL6.0 guest. 

Version-Release number of selected component (if applicable):
host kernel:2.6.32-33.el6.x86_64  
guest kernel: 2.6.32-36.el6
	      2.6.18-203.el5
# rpm -qa|grep qemu
qemu-img-0.12.1.2-2.77.el6.x86_64
qemu-kvm-0.12.1.2-2.77.el6.x86_64
qemu-kvm-debuginfo-0.12.1.2-2.77.el6.x86_64
gpxe-roms-qemu-0.9.7-6.3.el6.noarch
qemu-kvm-tools-0.12.1.2-2.77.el6.x86_64

How reproducible:
67/100(RHEL6.0 guest)
2/50(RHEL5.5 guest)

Steps to Reproduce:
1. make a blank disk with dd
#dd if=/dev/zero of=images/test_floppy.img bs=512 count=2880
2. boot up a RHEL-6.0 guest
3. listen to serial by nc
# nc -U /tmp/serial-20100622-103219-qlda
4. load floppy module
modprobe floppy
5. format the floppy
mkfs -t ext3 /dev/fd0


Actual results:
guest kernel panic when format the floppy

Expected results:
guest can format and use the floppy normally

Additional info:
1. The command line:
# /usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/qemu -name 'vm1' -monitor tcp:0:6001,server,nowait -drive file=/usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/images/RHEL-Server-6.0-32-virtio.qcow2,if=virtio,cache=none,boot=on,aio=native -net nic,vlan=0,model=virtio,macaddr=02:77:04:AF:01:5f -net tap,vlan=0,ifname=virtio_0_6001,script=/usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/scripts/qemu-ifup-switch,downscript=no,vhost=on -m 2048 -smp 2 -soundhw ac97 -fda /usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/images/test_floppy.img -redir tcp:5000::22 -vnc :0 -spice port=8000,disable-ticketing -usbdevice tablet -rtc-td-hack -cpu qemu64,+sse2 -no-kvm-pit-reinjection -serial unix:/tmp/serial-20100622-103219-qlda,server,nowait

2.Host cpuinfo
processor       : 1
vendor_id       : GenuineIntel
cpu family      : 6
model           : 23
model name      : Intel(R) Core(TM)2 Duo CPU     E8500  @ 3.16GHz
stepping        : 10
cpu MHz         : 3158.335
cache size      : 6144 KB
physical id     : 0
siblings        : 2
core id         : 1
cpu cores       : 2
apicid          : 1
initial apicid  : 1
fpu             : yes
fpu_exception   : yes
cpuid level     : 13
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts rep_good aperfmperf pni dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm sse4_1 xsave lahf_lm tpr_shadow vnmi flexpriority
bogomips        : 6317.15
clflush size    : 64
cache_alignment : 64
address sizes   : 36 bits physical, 48 bits virtual
power management:


3.Kernel panic info
RHEL6.0:
BUG: unable to handle kernel NULL pointer dereference at 0000001d
IP: [<f8be6c5c>] setup_rw_floppy+0x5c/0x310 [floppy]
*pdpt = 0000000035932001 *pde = 000000007f37e067 
Oops: 0000 [#1] SMP 
last sysfs file: /sys/devices/platform/floppy.0/block/fd0/dev
Modules linked in: floppy(U) autofs4(U) sunrpc(U) ip6t_REJECT(U) nf_conntrack_ipv6(U) ip6table_filter(U) ip6_tables(U) ipv6(U) dm_mirror(U) dm_region_hash(U) dm_log(U) snd_intel8x0(U) snd_ac97_codec(U) ppdev(U) parport_pc(U) ac97_bus(U) parport(U) snd_seq(U) snd_seq_device(U) snd_pcm(U) snd_timer(U) i2c_piix4(U) i2c_core(U) snd(U) soundcore(U) sg(U) snd_page_alloc(U) ext4(U) mbcache(U) jbd2(U) sr_mod(U) cdrom(U) ata_generic(U) pata_acpi(U) virtio_net(U) virtio_blk(U) virtio_pci(U) virtio_ring(U) virtio(U) ata_piix(U) dm_mod(U) [last unloaded: scsi_wait_scan]

Pid: 0, comm: swapper Not tainted (2.6.32-37.el6.i686 #1) KVM
EIP: 0060:[<f8be6c5c>] EFLAGS: 00010246 CPU: 0
EIP is at setup_rw_floppy+0x5c/0x310 [floppy]
EAX: 00000000 EBX: 000000d9 ECX: 00000002 EDX: 00000000
ESI: 00000009 EDI: 00000000 EBP: 00000008 ESP: c09e9ea4
 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
Process swapper (pid: 0, ti=c09e8000 task=c09f2560 task.ti=c09e8000)
Stack:
 000003f0 f8be73a0 ecd8b546 00000246 c0b7a500 f8be9980 c09e9ef4 00000000
<0> c045fc4a 220c128f 00000006 00000001 220c128f c0b7ad10 00000100 f8be6f10
<0> c0b7af10 c0b7b110 c0b7b310 c047ed78 c09e9ef4 c09e9ef4 00000101 00000004
Call Trace:
 [<f8be73a0>] ? floppy_ready+0x490/0x680 [floppy]
 [<c045fc4a>] ? run_timer_softirq+0x13a/0x2c0
 [<f8be6f10>] ? floppy_ready+0x0/0x680 [floppy]
 [<c047ed78>] ? tick_program_event+0x28/0x40
 [<c045690f>] ? __do_softirq+0x8f/0x1b0
 [<c0456a6d>] ? do_softirq+0x3d/0x50
 [<c0456bc5>] ? irq_exit+0x65/0x70
 [<c04259a4>] ? smp_apic_timer_interrupt+0x54/0x90
 [<c040a335>] ? apic_timer_interrupt+0x31/0x38
 [<c042e6b2>] ? native_safe_halt+0x2/0x10
 [<c0410d79>] ? default_idle+0x39/0x90
 [<c0408784>] ? cpu_idle+0x94/0xd0
 [<c0a5496e>] ? start_kernel+0x38d/0x392
 [<c0a5441f>] ? unknown_bootoption+0x0/0x190
Code: dd 83 e5 08 75 69 31 ff 31 f6 80 78 1d 00 74 23 8d b4 26 00 00 00 00 0f be 44 30 1e 83 c6 01 e8 9b c5 ff ff 09 c7 a1 e0 a9 be f8 <0f> b6 50 1d 39 f2 7f e4 0f b6 05 e4 b3 be f8 6b c0 58 f6 80 3c 
EIP: [<f8be6c5c>] setup_rw_floppy+0x5c/0x310 [floppy] SS:ESP 0068:c09e9ea4
CR2: 000000000000001d
---[ end trace 4def7ae037234780 ]---
Kernel panic - not syncing: Fatal exception in interrupt
Pid: 0, comm: swapper Tainted: G      D    2.6.32-37.el6.i686 #1
Call Trace:
 [<c08163ff>] ? panic+0x42/0xed
 [<c0819b48>] ? oops_end+0xc8/0xd0
 [<c04303f2>] ? no_context+0xc2/0x190
 [<c081ae10>] ? do_page_fault+0x0/0x480
 [<c043062f>] ? bad_area_nosemaphore+0xf/0x20
 [<c081b1bb>] ? do_page_fault+0x3ab/0x480
 [<c042f479>] ? pvclock_clocksource_read+0x169/0x190
 [<c0424a23>] ? smp_reschedule_interrupt+0x13/0x20
 [<c040a029>] ? reschedule_interrupt+0x31/0x38
 [<c081ae10>] ? do_page_fault+0x0/0x480
 [<c0818f1b>] ? error_code+0x73/0x78
 [<f8be6c5c>] ? setup_rw_floppy+0x5c/0x310 [floppy]
 [<f8be73a0>] ? floppy_ready+0x490/0x680 [floppy]
 [<c045fc4a>] ? run_timer_softirq+0x13a/0x2c0
 [<f8be6f10>] ? floppy_ready+0x0/0x680 [floppy]
 [<c047ed78>] ? tick_program_event+0x28/0x40
 [<c045690f>] ? __do_softirq+0x8f/0x1b0
 [<c0456a6d>] ? do_softirq+0x3d/0x50
 [<c0456bc5>] ? irq_exit+0x65/0x70
 [<c04259a4>] ? smp_apic_timer_interrupt+0x54/0x90
 [<c040a335>] ? apic_timer_interrupt+0x31/0x38
 [<c042e6b2>] ? native_safe_halt+0x2/0x10
 [<c0410d79>] ? default_idle+0x39/0x90
 [<c0408784>] ? cpu_idle+0x94/0xd0
 [<c0a5496e>] ? start_kernel+0x38d/0x392
 [<c0a5441f>] ? unknown_bootoption+0x0/0x190


RHEL5.5:
BUG: unable to handle kernel NULL pointer dereference at virtual address 0000001d
 printing eip:
f89df543
*pde = 75feb067
Oops: 0000 [#1]
SMP 
last sysfs file: /class/misc/autofs/dev
Modules linked in: autofs4 hidp rfcomm l2cap bluetooth lockd sunrpc ip_conntrack_netbios_ns ipt_REJECT xt_state ip_conntrack nfnetlink iptable_filter ip_tables ip6t_REJECT xt_tcpudp ip6table_filter ip6_tables x_tables dm_multipath scsi_dh video backlight sbs power_meter hwmon i2c_ec dell_wmi wmi button battery asus_acpi ac ipv6 xfrm_nalgo crypto_api lp joydev snd_intel8x0 snd_ac97_codec ac97_bus snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq floppy snd_seq_device snd_pcm_oss snd_mixer_oss parport_pc pcspkr parport i2c_piix4 snd_pcm ide_cd i2c_core cdrom snd_timer snd soundcore snd_page_alloc serio_raw virtio_net dm_raid45 dm_message dm_region_hash dm_mem_cache dm_snapshot dm_zero dm_mirror dm_log dm_mod ata_piix libata sd_mod scsi_mod virtio_blk virtio_pci virtio_ring virtio ext3 jbd uhci_hcd ohci_hcd ehci_hcd
CPU:    0
EIP:    0060:[<f89df543>]    Not tainted VLI
EFLAGS: 00010246   (2.6.18-203.el5 #1) 
EIP is at setup_rw_floppy+0x1f7/0x272 [floppy]
eax: 00000000   ebx: 00000009   ecx: 00000014   edx: 00000000
esi: 00000000   edi: 00000008   ebp: 000000d9   esp: c0749fac
ds: 007b   es: 007b   ss: 0068
Process swapper (pid: 0, ti=c0749000 task=c068b3c0 task.ti=c0705000)
Stack: 00000246 c0749fcc c07bbf80 f89e7818 00000100 c042dbe9 00000000 f89df34c 
       c0749fcc c0749fcc c0705f90 00000001 c06fbb08 0000000a c042a61b 00000000 
       c0705f90 c0705000 00000046 00000020 c04073cf 
Call Trace:
 [<c042dbe9>] run_timer_softirq+0x14d/0x1d0
 [<f89df34c>] setup_rw_floppy+0x0/0x272 [floppy]
 [<c042a61b>] __do_softirq+0x87/0x114
 [<c04073cf>] do_softirq+0x52/0x9c
 [<c04059d7>] apic_timer_interrupt+0x1f/0x24
 [<c0403bb0>] default_idle+0x0/0x59
 [<c0403be1>] default_idle+0x31/0x59
 [<c0403ca8>] cpu_idle+0x9f/0xb9
 [<c070a9fa>] start_kernel+0x37b/0x383
 =======================
Code: c7 89 ef 83 e7 08 74 0a c7 05 00 92 9e f8 70 e4 9d f8 31 db 31 f6 eb 0d 0f be 44 13 1e 43 e8 22 e7 ff ff 09 c6 8b 15 c0 98 9e f8 <0f> b6 42 1d 39 c3 7c e5 0f b6 05 c4 a2 9e f8 6b c0 58 f6 80 dc 
EIP: [<f89df543>] setup_rw_floppy+0x1f7/0x272 [floppy] SS:ESP 0068:c0749fac
 <0>Kernel panic - not syncing: Fatal exception in interrupt

Comment 2 RHEL Program Management 2010-06-22 08:43:23 UTC

This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
inclusion.

Comment 4 RHEL Program Management 2010-07-15 15:17:15 UTC

This issue has been proposed when we are only considering blocker
issues in the current Red Hat Enterprise Linux release. It has
been denied for the current Red Hat Enterprise Linux release.

** If you would still like this issue considered for the current
release, ask your support representative to file as a blocker on
your behalf. Otherwise ask that it be considered for the next
Red Hat Enterprise Linux release. **

Comment 5 Marcelo Tosatti 2010-07-21 19:40:10 UTC


*** This bug has been marked as a duplicate of bug 615839 ***

Note You need to log in before you can comment on or make changes to this bug.