Bug 859282

Summary: divide by zero in kvm_write_tsc
Product: [Fedora] Fedora Reporter: Mikhail <mikhail.v.gavrilov>
Component: kernelAssignee: Marcelo Tosatti <mtosatti>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 18CC: gansalmon, itamar, jonathan, kernel-maint, knoel, madhu.chinakonda, virt-maint
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-03-17 01:04:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
kvm-x86-handle-host-tsc-calibration-failure none

Description Mikhail 2012-09-21 01:53:14 UTC 
Description of problem:
[27437.518435] divide error: 0000 [#4] SMP 
[27437.518568] Modules linked in: vfat fat fuse ebtable_nat ebtables ipt_MASQUERADE nf_conntrack_netbios_ns nf_conntrack_broadcast ip6table_mangle ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 be2iscsi iscsi_boot_sysfs ip6table_filter bnx2i ip6_tables cnic uio cxgb4i cxgb4 lockd bnep bluetooth cxgb3i iptable_nat nf_nat rfkill cxgb3 mdio libcxgbi ib_iser rdma_cm ib_addr iw_cm ib_cm ib_sa ib_mad ib_core iscsi_tcp libiscsi_tcp libiscsi iptable_mangle scsi_transport_iscsi nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack iTCO_wdt iTCO_vendor_support ppdev snd_ice1724 snd_ak4113 snd_pt2258 snd_ak4114 snd_i2c snd_ice17xx_ak4xxx snd_ak4xxx_adda snd_ac97_codec coretemp microcode ac97_bus snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_pcm serio_raw snd_page_alloc snd_timer lpc_ich mfd_core snd soundcore
[27437.519270]  mei parport_pc parport vhost_net tun macvtap macvlan kvm_intel kvm uinput crc32c_intel i915 i2c_algo_bit drm_kms_helper atl1c drm i2c_core video usb_storage uas sunrpc
[27437.523618] Pid: 10682, comm: qemu-kvm Tainted: G      D      3.6.0-0.rc6.git0.2.fc18.i686.PAE #1 To Be Filled By O.E.M. To Be Filled By O.E.M./H61M/U3S3
[27437.527942] EIP: 0060:[<f7fec4cc>] EFLAGS: 00010006 CPU: 1
[27437.532385] EIP is at kvm_write_tsc+0xec/0x440 [kvm]
[27437.536680] EAX: b842c4c8 EBX: 000018f5 ECX: 002f31ed EDX: 00fa2f8e
[27437.541119] ESI: db5537d0 EDI: d7690000 EBP: d9f07d80 ESP: d9f07d1c
[27437.545577]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[27437.550033] CR0: 80050033 CR2: b6681e40 CR3: 19e50000 CR4: 000427f0
[27437.554687] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[27437.559157] DR6: ffff0ff0 DR7: 00000400
[27437.563612] Process qemu-kvm (pid: 10682, ti=d9f06000 task=dae72b20 task.ti=d9f06000)
[27437.567982] Stack:
[27437.572275]  f7fec25c 000000d0 f73191f8 f680162c f68037c4 db5537d0 00000292 f7fed8bf
[27437.576550]  68669952 fffff2cb d7691698 00000000 00000001 a8a3211e 000018f5 2cba6f4d
[27437.580739]  0000400c b842c4c8 00fa2f8e 00006b33 165ee31e d9f07d80 db5537d0 2cba6f4d
[27437.584852] Call Trace:
[27437.588874]  [<f7fec25c>] ? msr_io+0x4c/0x1d0 [kvm]
[27437.592866]  [<f7fed8bf>] ? kvm_set_msr_common+0x4bf/0x10b0 [kvm]
[27437.595597]  [<f7f89aaa>] vmx_set_msr+0x10a/0x270 [kvm_intel]
[27437.597685]  [<f7fe4890>] ? kvm_enable_efer_bits+0x20/0x20 [kvm]
[27437.599787]  [<f7fe48b6>] do_set_msr+0x26/0x30 [kvm]
[27437.601885]  [<f7fec2e9>] msr_io+0xd9/0x1d0 [kvm]
[27437.603960]  [<f7fec26a>] ? msr_io+0x5a/0x1d0 [kvm]
[27437.606023]  [<f7ff0025>] kvm_arch_vcpu_ioctl+0x405/0xf10 [kvm]
[27437.608078]  [<c06e8543>] ? debug_check_no_obj_freed+0x73/0x190
[27437.610136]  [<f7fdc266>] ? vcpu_load+0x16/0x80 [kvm]
[27437.612188]  [<f7fdc266>] ? vcpu_load+0x16/0x80 [kvm]
[27437.614216]  [<c04b6d0a>] ? mutex_remove_waiter+0x3a/0x100
[27437.616246]  [<c0a1b8fc>] ? mutex_lock_nested+0x27c/0x330
[27437.618237]  [<f7fdc266>] ? vcpu_load+0x16/0x80 [kvm]
[27437.620180]  [<f7fdc266>] ? vcpu_load+0x16/0x80 [kvm]
[27437.622066]  [<f7fefab8>] ? kvm_arch_vcpu_load+0x58/0x1c0 [kvm]
[27437.623907]  [<f7fdc394>] kvm_vcpu_ioctl+0x84/0x600 [kvm]
[27437.625695]  [<c0488498>] ? finish_task_switch+0x78/0x100
[27437.627457]  [<c04bc8fb>] ? trace_hardirqs_on+0xb/0x10
[27437.629181]  [<c0a1ef27>] ? _raw_spin_unlock_irq+0x27/0x40
[27437.630900]  [<c0488453>] ? finish_task_switch+0x33/0x100
[27437.632623]  [<f7fdc310>] ? vcpu_put+0x40/0x40 [kvm]
[27437.634336]  [<c059c60a>] do_vfs_ioctl+0x7a/0x5a0
[27437.636046]  [<c067bd2f>] ? inode_has_perm.isra.48.constprop.61+0x1f/0x80
[27437.637756]  [<c067be30>] ? file_has_perm+0xa0/0xb0
[27437.639449]  [<c058b401>] ? flush_delayed_fput+0x1/0x20
[27437.641142]  [<c067c112>] ? selinux_file_ioctl+0x62/0x120
[27437.642826]  [<c059cb98>] sys_ioctl+0x68/0x80
[27437.644507]  [<c0a2675f>] sysenter_do_call+0x12/0x38
[27437.646187] Code: 44 89 4c 24 48 69 4c 24 48 e8 03 00 00 f7 e3 8b 5c 24 38 01 ca 8b 8e 80 1c 00 00 89 44 24 44 8b 44 24 44 89 54 24 48 8b 54 24 48 <f7> f9 31 d2 89 4c 24 1c 8b 4c 24 34 2b 8f c0 16 00 00 1b 9f c4
[27437.649703] EIP: [<f7fec4cc>] kvm_write_tsc+0xec/0x440 [kvm] SS:ESP 0068:d9f07d1c
[27437.661302] ---[ end trace 0f3cc9cb83674460 ]---
[27437.661305] BUG: sleeping function called from invalid context at kernel/rwsem.c:20
[27437.661306] in_atomic(): 1, irqs_disabled(): 1, pid: 10682, name: qemu-kvm
[27437.661307] INFO: lockdep is turned off.
[27437.661308] irq event stamp: 0
[27437.661309] hardirqs last  enabled at (0): [<  (null)>]   (null)
[27437.661311] hardirqs last disabled at (0): [<c0452946>] copy_process.part.29+0x416/0x1270
[27437.661316] softirqs last  enabled at (0): [<c0452946>] copy_process.part.29+0x416/0x1270
[27437.661319] softirqs last disabled at (0): [<  (null)>]   (null)
[27437.661321] Pid: 10682, comm: qemu-kvm Tainted: G      D      3.6.0-0.rc6.git0.2.fc18.i686.PAE #1
[27437.661322] Call Trace:
[27437.661326]  [<c0489bc7>] __might_sleep+0x167/0x210
[27437.661330]  [<c0a1c970>] down_read+0x20/0x8b
[27437.661332]  [<c048308f>] ? __validate_process_creds+0x6f/0xd0
[27437.661335]  [<c046c8ae>] exit_signals+0x1e/0x110
[27437.661337]  [<c045afef>] do_exit+0x9f/0xa10
[27437.661340]  [<c0457e11>] ? kmsg_dump+0x21/0x210
[27437.661342]  [<c0457f80>] ? kmsg_dump+0x190/0x210
[27437.661345]  [<c0457f94>] ? kmsg_dump+0x1a4/0x210
[27437.661347]  [<c0457e11>] ? kmsg_dump+0x21/0x210
[27437.661349]  [<c0a2006a>] oops_end+0x8a/0xd0
[27437.661353]  [<c0419d54>] die+0x54/0x80
[27437.661355]  [<c0a1faa6>] do_trap+0x96/0xd0
[27437.661357]  [<c0417520>] ? math_state_restore+0xf0/0xf0
[27437.661359]  [<c04175c3>] do_divide_error+0xa3/0xb0
[27437.661373]  [<f7fec4cc>] ? kvm_write_tsc+0xec/0x440 [kvm]
[27437.661376]  [<c0573519>] ? deactivate_slab+0x419/0x540
[27437.661380]  [<c0a1efd2>] ? _raw_spin_unlock+0x22/0x30
[27437.661382]  [<c0573519>] ? deactivate_slab+0x419/0x540
[27437.661385]  [<c06dfc68>] ? trace_hardirqs_off_thunk+0xc/0x14
[27437.661387]  [<c0a1f838>] error_code+0x6c/0x74
[27437.661391]  [<c04a007b>] ? print_cfs_rq+0x74b/0x1990
[27437.661400]  [<f7fec4cc>] ? kvm_write_tsc+0xec/0x440 [kvm]
[27437.661408]  [<f7fec25c>] ? msr_io+0x4c/0x1d0 [kvm]
[27437.661417]  [<f7fed8bf>] ? kvm_set_msr_common+0x4bf/0x10b0 [kvm]
[27437.661422]  [<f7f89aaa>] vmx_set_msr+0x10a/0x270 [kvm_intel]
[27437.661431]  [<f7fe4890>] ? kvm_enable_efer_bits+0x20/0x20 [kvm]
[27437.661439]  [<f7fe48b6>] do_set_msr+0x26/0x30 [kvm]
[27437.661447]  [<f7fec2e9>] msr_io+0xd9/0x1d0 [kvm]
[27437.661455]  [<f7fec26a>] ? msr_io+0x5a/0x1d0 [kvm]
[27437.661464]  [<f7ff0025>] kvm_arch_vcpu_ioctl+0x405/0xf10 [kvm]
[27437.661467]  [<c06e8543>] ? debug_check_no_obj_freed+0x73/0x190
[27437.661475]  [<f7fdc266>] ? vcpu_load+0x16/0x80 [kvm]
[27437.661482]  [<f7fdc266>] ? vcpu_load+0x16/0x80 [kvm]
[27437.661484]  [<c04b6d0a>] ? mutex_remove_waiter+0x3a/0x100
[27437.661487]  [<c0a1b8fc>] ? mutex_lock_nested+0x27c/0x330
[27437.661494]  [<f7fdc266>] ? vcpu_load+0x16/0x80 [kvm]
[27437.661501]  [<f7fdc266>] ? vcpu_load+0x16/0x80 [kvm]
[27437.661510]  [<f7fefab8>] ? kvm_arch_vcpu_load+0x58/0x1c0 [kvm]
[27437.661518]  [<f7fdc394>] kvm_vcpu_ioctl+0x84/0x600 [kvm]
[27437.661520]  [<c0488498>] ? finish_task_switch+0x78/0x100
[27437.661522]  [<c04bc8fb>] ? trace_hardirqs_on+0xb/0x10
[27437.661524]  [<c0a1ef27>] ? _raw_spin_unlock_irq+0x27/0x40
[27437.661526]  [<c0488453>] ? finish_task_switch+0x33/0x100
[27437.661534]  [<f7fdc310>] ? vcpu_put+0x40/0x40 [kvm]
[27437.661536]  [<c059c60a>] do_vfs_ioctl+0x7a/0x5a0
[27437.661539]  [<c067bd2f>] ? inode_has_perm.isra.48.constprop.61+0x1f/0x80
[27437.661541]  [<c067be30>] ? file_has_perm+0xa0/0xb0
[27437.661543]  [<c058b401>] ? flush_delayed_fput+0x1/0x20
[27437.661545]  [<c067c112>] ? selinux_file_ioctl+0x62/0x120
[27437.661548]  [<c059cb98>] sys_ioctl+0x68/0x80
[27437.661550]  [<c0a2675f>] sysenter_do_call+0x12/0x38
[27437.661967] note: qemu-kvm[10682] exited with preempt_count 1
[27437.661997] BUG: scheduling while atomic: qemu-kvm/10682/0x10000002
[27437.661998] INFO: lockdep is turned off.
[27437.661999] Modules linked in: vfat fat fuse ebtable_nat ebtables ipt_MASQUERADE nf_conntrack_netbios_ns nf_conntrack_broadcast ip6table_mangle ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 be2iscsi iscsi_boot_sysfs ip6table_filter bnx2i ip6_tables cnic uio cxgb4i cxgb4 lockd bnep bluetooth cxgb3i iptable_nat nf_nat rfkill cxgb3 mdio libcxgbi ib_iser rdma_cm ib_addr iw_cm ib_cm ib_sa ib_mad ib_core iscsi_tcp libiscsi_tcp libiscsi iptable_mangle scsi_transport_iscsi nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack iTCO_wdt iTCO_vendor_support ppdev snd_ice1724 snd_ak4113 snd_pt2258 snd_ak4114 snd_i2c snd_ice17xx_ak4xxx snd_ak4xxx_adda snd_ac97_codec coretemp microcode ac97_bus snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_pcm serio_raw snd_page_alloc snd_timer lpc_ich mfd_core snd soundcore
[27437.662052]  mei parport_pc parport vhost_net tun macvtap macvlan kvm_intel kvm uinput crc32c_intel i915 i2c_algo_bit drm_kms_helper atl1c drm i2c_core video usb_storage uas sunrpc
[27437.662070] Pid: 10682, comm: qemu-kvm Tainted: G      D      3.6.0-0.rc6.git0.2.fc18.i686.PAE #1
[27437.662072] Call Trace:
[27437.662076]  [<c0a14152>] __schedule_bug+0x69/0x79
[27437.662086]  [<c0a1d4e2>] __schedule+0x8c2/0x9a0
[27437.662090]  [<c0a164c9>] ? __slab_free+0x2be/0x31b
[27437.662094]  [<c04bc8fb>] ? trace_hardirqs_on+0xb/0x10
[27437.662097]  [<c0a164c9>] ? __slab_free+0x2be/0x31b
[27437.662101]  [<c04dfb3c>] ? __audit_free+0x19c/0x260
[27437.662105]  [<c0489aa7>] ? __might_sleep+0x47/0x210
[27437.662108]  [<c048c80b>] __cond_resched+0x1b/0x30
[27437.662112]  [<c0a1d636>] _cond_resched+0x26/0x30
[27437.662116]  [<c0573a83>] kmem_cache_alloc+0x43/0x250
[27437.662119]  [<c04dfb3c>] ? __audit_free+0x19c/0x260
[27437.662123]  [<c04fadd5>] ? taskstats_exit+0x225/0x390
[27437.662126]  [<c04fadd5>] taskstats_exit+0x225/0x390
[27437.662130]  [<c0a1ef27>] ? _raw_spin_unlock_irq+0x27/0x40
[27437.662133]  [<c04cc189>] ? acct_collect+0x139/0x170
[27437.662136]  [<c045b080>] do_exit+0x130/0xa10
[27437.662140]  [<c0457f80>] ? kmsg_dump+0x190/0x210
[27437.662144]  [<c0457f94>] ? kmsg_dump+0x1a4/0x210
[27437.662147]  [<c0457e11>] ? kmsg_dump+0x21/0x210
[27437.662150]  [<c0a2006a>] oops_end+0x8a/0xd0
[27437.662154]  [<c0419d54>] die+0x54/0x80
[27437.662157]  [<c0a1faa6>] do_trap+0x96/0xd0
[27437.662160]  [<c0417520>] ? math_state_restore+0xf0/0xf0
[27437.662163]  [<c04175c3>] do_divide_error+0xa3/0xb0
[27437.662181]  [<f7fec4cc>] ? kvm_write_tsc+0xec/0x440 [kvm]
[27437.662184]  [<c0573519>] ? deactivate_slab+0x419/0x540
[27437.662188]  [<c0a1efd2>] ? _raw_spin_unlock+0x22/0x30
[27437.662191]  [<c0573519>] ? deactivate_slab+0x419/0x540
[27437.662195]  [<c06dfc68>] ? trace_hardirqs_off_thunk+0xc/0x14
[27437.662198]  [<c0a1f838>] error_code+0x6c/0x74
[27437.662202]  [<c04a007b>] ? print_cfs_rq+0x74b/0x1990
[27437.662217]  [<f7fec4cc>] ? kvm_write_tsc+0xec/0x440 [kvm]
[27437.662232]  [<f7fec25c>] ? msr_io+0x4c/0x1d0 [kvm]
[27437.662248]  [<f7fed8bf>] ? kvm_set_msr_common+0x4bf/0x10b0 [kvm]
[27437.662255]  [<f7f89aaa>] vmx_set_msr+0x10a/0x270 [kvm_intel]
[27437.662270]  [<f7fe4890>] ? kvm_enable_efer_bits+0x20/0x20 [kvm]
[27437.662283]  [<f7fe48b6>] do_set_msr+0x26/0x30 [kvm]
[27437.662296]  [<f7fec2e9>] msr_io+0xd9/0x1d0 [kvm]
[27437.662310]  [<f7fec26a>] ? msr_io+0x5a/0x1d0 [kvm]
[27437.662326]  [<f7ff0025>] kvm_arch_vcpu_ioctl+0x405/0xf10 [kvm]
[27437.662333]  [<c06e8543>] ? debug_check_no_obj_freed+0x73/0x190
[27437.662347]  [<f7fdc266>] ? vcpu_load+0x16/0x80 [kvm]
[27437.662361]  [<f7fdc266>] ? vcpu_load+0x16/0x80 [kvm]
[27437.662367]  [<c04b6d0a>] ? mutex_remove_waiter+0x3a/0x100
[27437.662374]  [<c0a1b8fc>] ? mutex_lock_nested+0x27c/0x330
[27437.662388]  [<f7fdc266>] ? vcpu_load+0x16/0x80 [kvm]
[27437.662401]  [<f7fdc266>] ? vcpu_load+0x16/0x80 [kvm]
[27437.662416]  [<f7fefab8>] ? kvm_arch_vcpu_load+0x58/0x1c0 [kvm]
[27437.662431]  [<f7fdc394>] kvm_vcpu_ioctl+0x84/0x600 [kvm]
[27437.662435]  [<c0488498>] ? finish_task_switch+0x78/0x100
[27437.662439]  [<c04bc8fb>] ? trace_hardirqs_on+0xb/0x10
[27437.662442]  [<c0a1ef27>] ? _raw_spin_unlock_irq+0x27/0x40
[27437.662446]  [<c0488453>] ? finish_task_switch+0x33/0x100
[27437.662458]  [<f7fdc310>] ? vcpu_put+0x40/0x40 [kvm]
[27437.662461]  [<c059c60a>] do_vfs_ioctl+0x7a/0x5a0
[27437.662465]  [<c067bd2f>] ? inode_has_perm.isra.48.constprop.61+0x1f/0x80
[27437.662469]  [<c067be30>] ? file_has_perm+0xa0/0xb0
[27437.662472]  [<c058b401>] ? flush_delayed_fput+0x1/0x20
[27437.662476]  [<c067c112>] ? selinux_file_ioctl+0x62/0x120
[27437.662479]  [<c059cb98>] sys_ioctl+0x68/0x80
[27437.662483]  [<c0a2675f>] sysenter_do_call+0x12/0x38
[mikhail@localhost ~]$
Comment 1 Dave Jones 2012-09-24 14:54:19 UTC 
Avi, is it possible that vcpu->arch.virtual_tsc_khz could ever be zero ?

I'm suspicious of this trace, because https://bugzilla.redhat.com/show_bug.cgi?id=859188 looked like some kind of hardware problem to me.
Comment 3 Marcelo Tosatti 2013-03-13 23:33:52 UTC 
Created attachment 709835 [details]
kvm-x86-handle-host-tsc-calibration-failure

fix for reported trace
Comment 4 Josh Boyer 2013-03-14 11:47:04 UTC 
Applied to F17/F18.  Will this go upstream for 3.9 and be CC'd to stable?
Comment 5 Fedora Update System 2013-03-14 15:16:01 UTC 
kernel-3.8.2-105.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/FEDORA-2013-3638/kernel-3.8.2-105.fc17
Comment 6 Josh Boyer 2013-03-14 15:18:49 UTC 
(In reply to comment #5)
> kernel-3.8.2-105.fc17 has been submitted as an update for Fedora 17.
> https://admin.fedoraproject.org/updates/FEDORA-2013-3638/kernel-3.8.2-105.
> fc17

That's a mistake.  The fix isn't in that build.  I'll correct the update.
Comment 7 Fedora Update System 2013-03-14 22:52:14 UTC 
kernel-3.8.3-101.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/kernel-3.8.3-101.fc17
Comment 8 Marcelo Tosatti 2013-03-15 01:48:44 UTC 
(In reply to comment #4)
> Applied to F17/F18.  Will this go upstream for 3.9 and be CC'd to stable?

No. It has been queued for 3.10.
Comment 9 Fedora Update System 2013-03-15 02:55:53 UTC 
kernel-3.8.3-201.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/kernel-3.8.3-201.fc18
Comment 10 Josh Boyer 2013-03-15 12:29:13 UTC 
(In reply to comment #8)
> (In reply to comment #4)
> > Applied to F17/F18.  Will this go upstream for 3.9 and be CC'd to stable?
> 
> No. It has been queued for 3.10.

OK.  I'll get it into the f19 and rawhide branches as well then.
Comment 11 Fedora Update System 2013-03-16 01:18:37 UTC 
Package kernel-3.8.3-201.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing kernel-3.8.3-201.fc18'
as soon as you are able to, then reboot.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-3893/kernel-3.8.3-201.fc18
then log in and leave karma (feedback).
Comment 12 Fedora Update System 2013-03-17 01:04:29 UTC 
kernel-3.8.3-201.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2013-03-22 00:10:47 UTC 
kernel-3.8.3-103.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.