Description of problem: Tested RHEL5.5 guest on RHEL5.6/RHEL6.0 host. When write data to floppy with 'dd', guest kernel panic. Version-Release number of selected component (if applicable): RHEL5.6 host: # uname -r 2.6.18-231.el5 # rpm -q kvm kvm-83-207.el5 RHEL5.5 guest: # rpm -q kernel kernel-2.6.18-194.el5 How reproducible: 100% Steps to Reproduce: 1.start VM with qemu. command: /usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/qemu -name 'vm1' -monitor unix:'/tmp/monitor-humanmonitor1-20101115-114926-fhoN',server,nowait -serial unix:'/tmp/serial-20101115-114926-fhoN',server,nowait -drive file='/usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/images/RHEL-Server-5.5-32-virtio.qcow2',index=0,if=virtio,media=disk,cache=none,boot=on,format=qcow2 -net nic,vlan=0,model=virtio,macaddr='9a:34:06:60:c4:7a' -net tap,vlan=0,ifname='t0-114926-fhoN',script='/usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/scripts/qemu-ifup-switch',downscript='no' -m 4096 -smp 2,cores=1,threads=1,sockets=2 -cpu qemu64,+sse2 -soundhw ac97 -fda '/usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/images/test_floppy.img' -vnc :0 -spice port=8000,disable-ticketing -qxl 1 -rtc-td-hack -M rhel5.5.0 -usbdevice tablet -no-kvm-pit-reinjection 2. mount floppy to /mnt and write data to /mnt with dd: # mount /dev/fd0 /mnt/ # dd if=/dev/urandom of=/mnt/test_floppy bs=1M count=1 # rm -f /mnt/test_floppy 3. guest kernel panic Actual results: guest kernel panic. Expected results: no kernel panic, write file to floppy successfully. Additional info: dmesg output: BUG: unable to handle kernel NULL pointer dereference at virtual address 0000001d printing eip: f8987547 *pde = b664f067 Oops: 0000 [#1] SMP last sysfs file: /class/misc/autofs/dev Modules linked in: autofs4 hidp rfcomm l2cap bluetooth lockd sunrpc ip_conntrack_netbios_ns ipt_REJECT xt_state ip_conntrack nfnetlink iptable_filter ip_tables ip6t_REJECT xt_tcpudp ip6table_filter ip6_tables x_tables ipv6 xfrm_nalgo crypto_api loop dm_multipath scsi_dh video backlight sbs power_meter hwmon i2c_ec dell_wmi wmi button battery asus_acpi ac lp joydev snd_intel8x0 snd_ac97_codec ac97_bus snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss snd_pcm snd_timer parport_pc parport snd i2c_piix4 floppy tpm_tis ide_cd soundcore cdrom tpm snd_page_alloc i2c_core virtio_balloon serio_raw tpm_bios pcspkr virtio_net dm_raid45 dm_message dm_region_hash dm_mem_cache dm_snapshot dm_zero dm_mirror dm_log dm_mod ata_piix libata sd_mod scsi_mod virtio_blk virtio_pci virtio_ring virtio ext3 jbd uhci_hcd ohci_hcd ehci_hcd CPU: 0 EIP: 0060:[<f8987547>] Not tainted VLI EFLAGS: 00010246 (2.6.18-231.el5 #1) EIP is at setup_rw_floppy+0x1f7/0x272 [floppy] eax: 00000000 ebx: 00000009 ecx: 00000014 edx: 00000000 esi: 00000000 edi: 00000008 ebp: 000000da esp: f7feff5c ds: 007b es: 007b ss: 0068 Process events/0 (pid: 8, ti=f7fef000 task=f7c0a000 task.ti=f7fef000) Stack: 00000246 f898f840 f898f844 f7c11ec0 00000296 c0433c16 f8987a9f 00000000 f7c11ed8 f7c11ec0 f7c11ed0 00000000 c043468a 00000001 00000000 f7c97f44 00010000 00000000 00000000 f7c0a000 c041f80f 00100100 00200200 ffffffff Call Trace: [<c0433c16>] run_workqueue+0x7f/0xc3 [<f8987a9f>] floppy_start+0x0/0xda [floppy] [<c043468a>] worker_thread+0xd9/0x10b [<c041f80f>] default_wake_function+0x0/0xc [<c04345b1>] worker_thread+0x0/0x10b [<c0436ab7>] kthread+0xc0/0xed [<c04369f7>] kthread+0x0/0xed [<c0405c87>] kernel_thread_helper+0x7/0x10 ======================= Code: c7 89 ef 83 e7 08 74 0a c7 05 00 12 99 f8 70 64 98 f8 31 db 31 f6 eb 0d 0f be 44 13 1e 43 e8 1e e7 ff ff 09 c6 8b 15 c0 18 99 f8 <0f> b6 42 1d 39 c3 7c e5 0f b6 05 c4 22 99 f8 6b c0 58 f6 80 dc EIP: [<f8987547>] setup_rw_floppy+0x1f7/0x272 [floppy] SS:ESP 0068:f7feff5c <0>Kernel panic - not syncing: Fatal exception (Process terminated with status 0)
*** Bug 707528 has been marked as a duplicate of this bug. ***
*** Bug 552152 has been marked as a duplicate of this bug. ***
This request was evaluated by Red Hat Product Management for inclusion in Red Hat Enterprise Linux 5.7 and Red Hat does not plan to fix this issue the currently developed update. Contact your manager or support representative in case you need to escalate this bug.