Description of problem: RHEL-5.7 guest kenerl panic when formatting floppy or mount it. Version-Release number of selected component (if applicable): 05/23 17:58:51 DEBUG| kvm_utils:0438| Fetching KVM module version... 05/23 17:58:51 DEBUG|kvm_test_u:0962| Current version is: kvm-83-232.el5 How reproducible: 50% (runs 4 times totally) Steps to Reproduce: 1. start a guest with command: qemu -name 'vm1' ... -fda '/usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/images/test_floppy.img' 2. launch floppy module: 05/23 18:00:35 DEBUG|kvm_subpro:1223| Sending command: modprobe floppy 3. format this floppy in guest: 05/23 18:00:36 DEBUG|kvm_subpro:1223| Sending command: mkfs -t ext3 /dev/fd0 4. guest kernel panic. btw, sometimes formating will complete, but when mounting this floppy, guest panic occur. 05/26 02:16:20 DEBUG| aexpect:1224| Sending command: modprobe floppy 05/26 02:16:20 DEBUG| aexpect:1224| Sending command: echo $? 05/26 02:16:20 DEBUG| aexpect:1224| Sending command: mkfs -t ext3 /dev/fd0 05/26 02:16:21 DEBUG| aexpect:1224| Sending command: echo $? 05/26 02:16:21 INFO | floppy:0037| Floppy disk formatted successfully 05/26 02:16:21 DEBUG| aexpect:1224| Sending command: mount /dev/fd0 /mnt/ 05/26 02:16:22 DEBUG| aexpect:1224| Sending command: echo $? 05/26 02:16:22 DEBUG| aexpect:1224| Sending command: (dd if=/dev/urandom of=/mnt/test_floppy bs=1M count=1) && (rm -f /mnt/test_floppy) 05/26 02:16:22 DEBUG| aexpect:1224| Sending command: echo $? 05/26 02:16:22 DEBUG| aexpect:1224| Sending command: cp /etc/passwd /mnt/passwd 05/26 02:16:22 DEBUG|kvm_monito:0220| Send command: info status 05/26 02:16:22 DEBUG|kvm_monito:0220| Send command: screendump /dev/shm/scrdump-fxqVaq.ppm 05/26 02:16:22 DEBUG| aexpect:1224| Sending command: echo $? 05/26 02:16:22 INFO | floppy:0056| Succeed to copy file '/etc/passwd' into floppy disk 05/26 02:16:22 INFO | floppy:0059| Comparing both files to see whether it is unchanged 05/26 02:16:22 DEBUG| aexpect:1224| Sending command: diff /etc/passwd /mnt/passwd 05/26 02:16:22 DEBUG| aexpect:1224| Sending command: echo $? 05/26 02:16:23 DEBUG| aexpect:1224| Sending command: rm -f /mnt/passwd 05/26 02:16:23 DEBUG| aexpect:1224| Sending command: echo $? 05/26 02:16:23 DEBUG| aexpect:1224| Sending command: umount /mnt/ after "umount /mnt", guest kernel panic occur. Actual results: guest kernel panic. Expected results: guest runs well. Additional info: full qemu command line: 05/23 17:59:27 DEBUG| kvm_vm:1033| Running qemu command: /usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/qemu \ -name 'vm1' \ -monitor unix:'/tmp/monitor-humanmonitor1-20110523-143822-94OL',server,nowait \ -serial unix:'/tmp/serial-20110523-143822-94OL',server,nowait \ -drive file='/usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/images/RHEL-Server-5.7-32.qcow2',index=0,if=ide,media=disk,cache=none,format=qcow2 \ -net nic,vlan=0,model=rtl8139,macaddr='9a:5d:44:81:e7:af' \ -net tap,vlan=0,ifname='t0-143822-94OL',script='/usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/scripts/qemu-ifup-switch',downscript='no' \ -m 4096 \ -smp 2,cores=1,threads=1,sockets=2 \ -cpu qemu64,+sse2 \ -soundhw ac97 \ -fda '/usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/images/test_floppy.img' \ -spice port=8000,disable-ticketing \ -qxl 1 \ -rtc-td-hack \ -M rhel5.6.0 \ -boot c \ -usbdevice tablet \ -no-kvm-pit-reinjection
Created attachment 500775 [details] guest dmesg
Created attachment 500776 [details] screenshot of guest
guest kernel panic call trace: 2011-05-23 18:00:36: BUG: unable to handle kernel NULL pointer dereference at virtual address 0000001d 2011-05-23 18:00:36: printing eip: 2011-05-23 18:00:36: f89b454b 2011-05-23 18:00:36: *pde = b73f9067 2011-05-23 18:00:36: Oops: 0000 [#1] 2011-05-23 18:00:36: SMP 2011-05-23 18:00:36: last sysfs file: /class/misc/autofs/dev 2011-05-23 18:00:36: Modules linked in: autofs4 hidp rfcomm l2cap bluetooth lockd sunrpc ip_conntrack_netbios_ns ipt_REJECT xt_state ip_conntrack nfnetlink iptable_filter ip_tables ip6t_REJECT xt_tcpudp ip6table_filter ip6_tables x_tables be2iscsi ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp bnx2i cnic ipv6 xfrm_nalgo crypto_api uio cxgb3i libcxgbi cxgb3 8021q libiscsi_tcp libiscsi2 scsi_transport_iscsi2 scsi_transport_iscsi loop dm_multipath scsi_dh video backlight sbs power_meter hwmon i2c_ec dell_wmi wmi button battery asus_acpi ac lp joydev snd_intel8x0 snd_ac97_codec ac97_bus snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss ide_cd parport_pc virtio_balloon snd_pcm i2c_piix4 floppy parport snd_timer 8139too i2c_core cdrom tpm_tis snd 8139cp mii virtio_pci virtio_ring tpm virtio serio_raw tpm_bios soundcore pcspkr snd_page_alloc dm_raid45 dm_message dm_region_hash dm_mem_cache dm_snapshot dm_zero dm_mirror dm_log dm_mod ata_piix libata sd_mod scsi_mod ext3 jbd uhci_hcd ohci_hcd ehci_hcd 2011-05-23 18:00:36: CPU: 1 2011-05-23 18:00:36: EIP: 0060:[<f89b454b>] Not tainted VLI 2011-05-23 18:00:36: EFLAGS: 00010246 (2.6.18-262.el5 #1) 2011-05-23 18:00:36: EIP is at setup_rw_floppy+0x1f7/0x272 [floppy] 2011-05-23 18:00:36: eax: 00000000 ebx: 00000009 ecx: 00000014 edx: 00000000 2011-05-23 18:00:36: esi: 00000000 edi: 00000008 ebp: 000000d9 esp: f7fedf5c 2011-05-23 18:00:36: ds: 007b es: 007b ss: 0068 2011-05-23 18:00:36: Process events/1 (pid: 9, ti=f7fed000 task=f7feeaa0 task.ti=f7fed000) 2011-05-23 18:00:36: Stack: 00000246 f89bc840 f89bc844 f7c29dc0 00000296 c0433d39 f89b4aa3 00000000 2011-05-23 18:00:36: f7c29dd8 f7c29dc0 f7c29dd0 00000000 c043479c 00000001 00000000 f7c8df44 2011-05-23 18:00:36: 00010000 00000000 00000000 f7feeaa0 c041f843 00100100 00200200 ffffffff 2011-05-23 18:00:36: Call Trace: 2011-05-23 18:00:36: [<c0433d39>] run_workqueue+0x81/0xc5 2011-05-23 18:00:36: [<f89b4aa3>] floppy_start+0x0/0xda [floppy] 2011-05-23 18:00:36: [<c043479c>] worker_thread+0xd9/0x10d 2011-05-23 18:00:36: [<c041f843>] default_wake_function+0x0/0xc 2011-05-23 18:00:36: [<c04346c3>] worker_thread+0x0/0x10d 2011-05-23 18:00:36: [<c0436bce>] kthread+0xc0/0xee 2011-05-23 18:00:36: [<c0436b0e>] kthread+0x0/0xee 2011-05-23 18:00:36: [<c0405c87>] kernel_thread_helper+0x7/0x10 2011-05-23 18:00:36: ======================= 2011-05-23 18:00:36: Code: c7 89 ef 83 e7 08 74 0a c7 05 00 e2 9b f8 70 34 9b f8 31 db 31 f6 eb 0d 0f be 44 13 1e 43 e8 1a e7 ff ff 09 c6 8b 15 c0 e8 9b f8 <0f> b6 42 1d 39 c3 7c e5 0f b6 05 c4 f2 9b f8 6b c0 58 f6 80 dc 2011-05-23 18:00:36: EIP: [<f89b454b>] setup_rw_floppy+0x1f7/0x272 [floppy] SS:ESP 0068:f7fedf5c 2011-05-23 18:00:36: <0>Kernel panic - not syncing: Fatal exception 2011-05-23 18:00:36:
Please check for existing bug before opening new one. *** This bug has been marked as a duplicate of bug 653324 ***