859282 – divide by zero in kvm_write_tsc

Bug 859282 - divide by zero in kvm_write_tsc

Summary: divide by zero in kvm_write_tsc

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel
Sub Component:
Version:	18
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Marcelo Tosatti
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-09-21 01:53 UTC by Mikhail
Modified:	2013-03-22 00:10 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-03-17 01:04:24 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
kvm-x86-handle-host-tsc-calibration-failure (2.24 KB, patch) 2013-03-13 23:33 UTC, Marcelo Tosatti	no flags	Details \| Diff
View All

Description Mikhail 2012-09-21 01:53:14 UTC

Description of problem:
[27437.518435] divide error: 0000 [#4] SMP 
[27437.518568] Modules linked in: vfat fat fuse ebtable_nat ebtables ipt_MASQUERADE nf_conntrack_netbios_ns nf_conntrack_broadcast ip6table_mangle ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 be2iscsi iscsi_boot_sysfs ip6table_filter bnx2i ip6_tables cnic uio cxgb4i cxgb4 lockd bnep bluetooth cxgb3i iptable_nat nf_nat rfkill cxgb3 mdio libcxgbi ib_iser rdma_cm ib_addr iw_cm ib_cm ib_sa ib_mad ib_core iscsi_tcp libiscsi_tcp libiscsi iptable_mangle scsi_transport_iscsi nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack iTCO_wdt iTCO_vendor_support ppdev snd_ice1724 snd_ak4113 snd_pt2258 snd_ak4114 snd_i2c snd_ice17xx_ak4xxx snd_ak4xxx_adda snd_ac97_codec coretemp microcode ac97_bus snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_pcm serio_raw snd_page_alloc snd_timer lpc_ich mfd_core snd soundcore
[27437.519270]  mei parport_pc parport vhost_net tun macvtap macvlan kvm_intel kvm uinput crc32c_intel i915 i2c_algo_bit drm_kms_helper atl1c drm i2c_core video usb_storage uas sunrpc
[27437.523618] Pid: 10682, comm: qemu-kvm Tainted: G      D      3.6.0-0.rc6.git0.2.fc18.i686.PAE #1 To Be Filled By O.E.M. To Be Filled By O.E.M./H61M/U3S3
[27437.527942] EIP: 0060:[<f7fec4cc>] EFLAGS: 00010006 CPU: 1
[27437.532385] EIP is at kvm_write_tsc+0xec/0x440 [kvm]
[27437.536680] EAX: b842c4c8 EBX: 000018f5 ECX: 002f31ed EDX: 00fa2f8e
[27437.541119] ESI: db5537d0 EDI: d7690000 EBP: d9f07d80 ESP: d9f07d1c
[27437.545577]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[27437.550033] CR0: 80050033 CR2: b6681e40 CR3: 19e50000 CR4: 000427f0
[27437.554687] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[27437.559157] DR6: ffff0ff0 DR7: 00000400
[27437.563612] Process qemu-kvm (pid: 10682, ti=d9f06000 task=dae72b20 task.ti=d9f06000)
[27437.567982] Stack:
[27437.572275]  f7fec25c 000000d0 f73191f8 f680162c f68037c4 db5537d0 00000292 f7fed8bf
[27437.576550]  68669952 fffff2cb d7691698 00000000 00000001 a8a3211e 000018f5 2cba6f4d
[27437.580739]  0000400c b842c4c8 00fa2f8e 00006b33 165ee31e d9f07d80 db5537d0 2cba6f4d
[27437.584852] Call Trace:
[27437.588874]  [<f7fec25c>] ? msr_io+0x4c/0x1d0 [kvm]
[27437.592866]  [<f7fed8bf>] ? kvm_set_msr_common+0x4bf/0x10b0 [kvm]
[27437.595597]  [<f7f89aaa>] vmx_set_msr+0x10a/0x270 [kvm_intel]
[27437.597685]  [<f7fe4890>] ? kvm_enable_efer_bits+0x20/0x20 [kvm]
[27437.599787]  [<f7fe48b6>] do_set_msr+0x26/0x30 [kvm]
[27437.601885]  [<f7fec2e9>] msr_io+0xd9/0x1d0 [kvm]
[27437.603960]  [<f7fec26a>] ? msr_io+0x5a/0x1d0 [kvm]
[27437.606023]  [<f7ff0025>] kvm_arch_vcpu_ioctl+0x405/0xf10 [kvm]
[27437.608078]  [<c06e8543>] ? debug_check_no_obj_freed+0x73/0x190
[27437.610136]  [<f7fdc266>] ? vcpu_load+0x16/0x80 [kvm]
[27437.612188]  [<f7fdc266>] ? vcpu_load+0x16/0x80 [kvm]
[27437.614216]  [<c04b6d0a>] ? mutex_remove_waiter+0x3a/0x100
[27437.616246]  [<c0a1b8fc>] ? mutex_lock_nested+0x27c/0x330
[27437.618237]  [<f7fdc266>] ? vcpu_load+0x16/0x80 [kvm]
[27437.620180]  [<f7fdc266>] ? vcpu_load+0x16/0x80 [kvm]
[27437.622066]  [<f7fefab8>] ? kvm_arch_vcpu_load+0x58/0x1c0 [kvm]
[27437.623907]  [<f7fdc394>] kvm_vcpu_ioctl+0x84/0x600 [kvm]
[27437.625695]  [<c0488498>] ? finish_task_switch+0x78/0x100
[27437.627457]  [<c04bc8fb>] ? trace_hardirqs_on+0xb/0x10
[27437.629181]  [<c0a1ef27>] ? _raw_spin_unlock_irq+0x27/0x40
[27437.630900]  [<c0488453>] ? finish_task_switch+0x33/0x100
[27437.632623]  [<f7fdc310>] ? vcpu_put+0x40/0x40 [kvm]
[27437.634336]  [<c059c60a>] do_vfs_ioctl+0x7a/0x5a0
[27437.636046]  [<c067bd2f>] ? inode_has_perm.isra.48.constprop.61+0x1f/0x80
[27437.637756]  [<c067be30>] ? file_has_perm+0xa0/0xb0
[27437.639449]  [<c058b401>] ? flush_delayed_fput+0x1/0x20
[27437.641142]  [<c067c112>] ? selinux_file_ioctl+0x62/0x120
[27437.642826]  [<c059cb98>] sys_ioctl+0x68/0x80
[27437.644507]  [<c0a2675f>] sysenter_do_call+0x12/0x38
[27437.646187] Code: 44 89 4c 24 48 69 4c 24 48 e8 03 00 00 f7 e3 8b 5c 24 38 01 ca 8b 8e 80 1c 00 00 89 44 24 44 8b 44 24 44 89 54 24 48 8b 54 24 48 <f7> f9 31 d2 89 4c 24 1c 8b 4c 24 34 2b 8f c0 16 00 00 1b 9f c4
[27437.649703] EIP: [<f7fec4cc>] kvm_write_tsc+0xec/0x440 [kvm] SS:ESP 0068:d9f07d1c
[27437.661302] ---[ end trace 0f3cc9cb83674460 ]---
[27437.661305] BUG: sleeping function called from invalid context at kernel/rwsem.c:20
[27437.661306] in_atomic(): 1, irqs_disabled(): 1, pid: 10682, name: qemu-kvm
[27437.661307] INFO: lockdep is turned off.
[27437.661308] irq event stamp: 0
[27437.661309] hardirqs last  enabled at (0): [<  (null)>]   (null)
[27437.661311] hardirqs last disabled at (0): [<c0452946>] copy_process.part.29+0x416/0x1270
[27437.661316] softirqs last  enabled at (0): [<c0452946>] copy_process.part.29+0x416/0x1270
[27437.661319] softirqs last disabled at (0): [<  (null)>]   (null)
[27437.661321] Pid: 10682, comm: qemu-kvm Tainted: G      D      3.6.0-0.rc6.git0.2.fc18.i686.PAE #1
[27437.661322] Call Trace:
[27437.661326]  [<c0489bc7>] __might_sleep+0x167/0x210
[27437.661330]  [<c0a1c970>] down_read+0x20/0x8b
[27437.661332]  [<c048308f>] ? __validate_process_creds+0x6f/0xd0
[27437.661335]  [<c046c8ae>] exit_signals+0x1e/0x110
[27437.661337]  [<c045afef>] do_exit+0x9f/0xa10
[27437.661340]  [<c0457e11>] ? kmsg_dump+0x21/0x210
[27437.661342]  [<c0457f80>] ? kmsg_dump+0x190/0x210
[27437.661345]  [<c0457f94>] ? kmsg_dump+0x1a4/0x210
[27437.661347]  [<c0457e11>] ? kmsg_dump+0x21/0x210
[27437.661349]  [<c0a2006a>] oops_end+0x8a/0xd0
[27437.661353]  [<c0419d54>] die+0x54/0x80
[27437.661355]  [<c0a1faa6>] do_trap+0x96/0xd0
[27437.661357]  [<c0417520>] ? math_state_restore+0xf0/0xf0
[27437.661359]  [<c04175c3>] do_divide_error+0xa3/0xb0
[27437.661373]  [<f7fec4cc>] ? kvm_write_tsc+0xec/0x440 [kvm]
[27437.661376]  [<c0573519>] ? deactivate_slab+0x419/0x540
[27437.661380]  [<c0a1efd2>] ? _raw_spin_unlock+0x22/0x30
[27437.661382]  [<c0573519>] ? deactivate_slab+0x419/0x540
[27437.661385]  [<c06dfc68>] ? trace_hardirqs_off_thunk+0xc/0x14
[27437.661387]  [<c0a1f838>] error_code+0x6c/0x74
[27437.661391]  [<c04a007b>] ? print_cfs_rq+0x74b/0x1990
[27437.661400]  [<f7fec4cc>] ? kvm_write_tsc+0xec/0x440 [kvm]
[27437.661408]  [<f7fec25c>] ? msr_io+0x4c/0x1d0 [kvm]
[27437.661417]  [<f7fed8bf>] ? kvm_set_msr_common+0x4bf/0x10b0 [kvm]
[27437.661422]  [<f7f89aaa>] vmx_set_msr+0x10a/0x270 [kvm_intel]
[27437.661431]  [<f7fe4890>] ? kvm_enable_efer_bits+0x20/0x20 [kvm]
[27437.661439]  [<f7fe48b6>] do_set_msr+0x26/0x30 [kvm]
[27437.661447]  [<f7fec2e9>] msr_io+0xd9/0x1d0 [kvm]
[27437.661455]  [<f7fec26a>] ? msr_io+0x5a/0x1d0 [kvm]
[27437.661464]  [<f7ff0025>] kvm_arch_vcpu_ioctl+0x405/0xf10 [kvm]
[27437.661467]  [<c06e8543>] ? debug_check_no_obj_freed+0x73/0x190
[27437.661475]  [<f7fdc266>] ? vcpu_load+0x16/0x80 [kvm]
[27437.661482]  [<f7fdc266>] ? vcpu_load+0x16/0x80 [kvm]
[27437.661484]  [<c04b6d0a>] ? mutex_remove_waiter+0x3a/0x100
[27437.661487]  [<c0a1b8fc>] ? mutex_lock_nested+0x27c/0x330
[27437.661494]  [<f7fdc266>] ? vcpu_load+0x16/0x80 [kvm]
[27437.661501]  [<f7fdc266>] ? vcpu_load+0x16/0x80 [kvm]
[27437.661510]  [<f7fefab8>] ? kvm_arch_vcpu_load+0x58/0x1c0 [kvm]
[27437.661518]  [<f7fdc394>] kvm_vcpu_ioctl+0x84/0x600 [kvm]
[27437.661520]  [<c0488498>] ? finish_task_switch+0x78/0x100
[27437.661522]  [<c04bc8fb>] ? trace_hardirqs_on+0xb/0x10
[27437.661524]  [<c0a1ef27>] ? _raw_spin_unlock_irq+0x27/0x40
[27437.661526]  [<c0488453>] ? finish_task_switch+0x33/0x100
[27437.661534]  [<f7fdc310>] ? vcpu_put+0x40/0x40 [kvm]
[27437.661536]  [<c059c60a>] do_vfs_ioctl+0x7a/0x5a0
[27437.661539]  [<c067bd2f>] ? inode_has_perm.isra.48.constprop.61+0x1f/0x80
[27437.661541]  [<c067be30>] ? file_has_perm+0xa0/0xb0
[27437.661543]  [<c058b401>] ? flush_delayed_fput+0x1/0x20
[27437.661545]  [<c067c112>] ? selinux_file_ioctl+0x62/0x120
[27437.661548]  [<c059cb98>] sys_ioctl+0x68/0x80
[27437.661550]  [<c0a2675f>] sysenter_do_call+0x12/0x38
[27437.661967] note: qemu-kvm[10682] exited with preempt_count 1
[27437.661997] BUG: scheduling while atomic: qemu-kvm/10682/0x10000002
[27437.661998] INFO: lockdep is turned off.
[27437.661999] Modules linked in: vfat fat fuse ebtable_nat ebtables ipt_MASQUERADE nf_conntrack_netbios_ns nf_conntrack_broadcast ip6table_mangle ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 be2iscsi iscsi_boot_sysfs ip6table_filter bnx2i ip6_tables cnic uio cxgb4i cxgb4 lockd bnep bluetooth cxgb3i iptable_nat nf_nat rfkill cxgb3 mdio libcxgbi ib_iser rdma_cm ib_addr iw_cm ib_cm ib_sa ib_mad ib_core iscsi_tcp libiscsi_tcp libiscsi iptable_mangle scsi_transport_iscsi nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack iTCO_wdt iTCO_vendor_support ppdev snd_ice1724 snd_ak4113 snd_pt2258 snd_ak4114 snd_i2c snd_ice17xx_ak4xxx snd_ak4xxx_adda snd_ac97_codec coretemp microcode ac97_bus snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_pcm serio_raw snd_page_alloc snd_timer lpc_ich mfd_core snd soundcore
[27437.662052]  mei parport_pc parport vhost_net tun macvtap macvlan kvm_intel kvm uinput crc32c_intel i915 i2c_algo_bit drm_kms_helper atl1c drm i2c_core video usb_storage uas sunrpc
[27437.662070] Pid: 10682, comm: qemu-kvm Tainted: G      D      3.6.0-0.rc6.git0.2.fc18.i686.PAE #1
[27437.662072] Call Trace:
[27437.662076]  [<c0a14152>] __schedule_bug+0x69/0x79
[27437.662086]  [<c0a1d4e2>] __schedule+0x8c2/0x9a0
[27437.662090]  [<c0a164c9>] ? __slab_free+0x2be/0x31b
[27437.662094]  [<c04bc8fb>] ? trace_hardirqs_on+0xb/0x10
[27437.662097]  [<c0a164c9>] ? __slab_free+0x2be/0x31b
[27437.662101]  [<c04dfb3c>] ? __audit_free+0x19c/0x260
[27437.662105]  [<c0489aa7>] ? __might_sleep+0x47/0x210
[27437.662108]  [<c048c80b>] __cond_resched+0x1b/0x30
[27437.662112]  [<c0a1d636>] _cond_resched+0x26/0x30
[27437.662116]  [<c0573a83>] kmem_cache_alloc+0x43/0x250
[27437.662119]  [<c04dfb3c>] ? __audit_free+0x19c/0x260
[27437.662123]  [<c04fadd5>] ? taskstats_exit+0x225/0x390
[27437.662126]  [<c04fadd5>] taskstats_exit+0x225/0x390
[27437.662130]  [<c0a1ef27>] ? _raw_spin_unlock_irq+0x27/0x40
[27437.662133]  [<c04cc189>] ? acct_collect+0x139/0x170
[27437.662136]  [<c045b080>] do_exit+0x130/0xa10
[27437.662140]  [<c0457f80>] ? kmsg_dump+0x190/0x210
[27437.662144]  [<c0457f94>] ? kmsg_dump+0x1a4/0x210
[27437.662147]  [<c0457e11>] ? kmsg_dump+0x21/0x210
[27437.662150]  [<c0a2006a>] oops_end+0x8a/0xd0
[27437.662154]  [<c0419d54>] die+0x54/0x80
[27437.662157]  [<c0a1faa6>] do_trap+0x96/0xd0
[27437.662160]  [<c0417520>] ? math_state_restore+0xf0/0xf0
[27437.662163]  [<c04175c3>] do_divide_error+0xa3/0xb0
[27437.662181]  [<f7fec4cc>] ? kvm_write_tsc+0xec/0x440 [kvm]
[27437.662184]  [<c0573519>] ? deactivate_slab+0x419/0x540
[27437.662188]  [<c0a1efd2>] ? _raw_spin_unlock+0x22/0x30
[27437.662191]  [<c0573519>] ? deactivate_slab+0x419/0x540
[27437.662195]  [<c06dfc68>] ? trace_hardirqs_off_thunk+0xc/0x14
[27437.662198]  [<c0a1f838>] error_code+0x6c/0x74
[27437.662202]  [<c04a007b>] ? print_cfs_rq+0x74b/0x1990
[27437.662217]  [<f7fec4cc>] ? kvm_write_tsc+0xec/0x440 [kvm]
[27437.662232]  [<f7fec25c>] ? msr_io+0x4c/0x1d0 [kvm]
[27437.662248]  [<f7fed8bf>] ? kvm_set_msr_common+0x4bf/0x10b0 [kvm]
[27437.662255]  [<f7f89aaa>] vmx_set_msr+0x10a/0x270 [kvm_intel]
[27437.662270]  [<f7fe4890>] ? kvm_enable_efer_bits+0x20/0x20 [kvm]
[27437.662283]  [<f7fe48b6>] do_set_msr+0x26/0x30 [kvm]
[27437.662296]  [<f7fec2e9>] msr_io+0xd9/0x1d0 [kvm]
[27437.662310]  [<f7fec26a>] ? msr_io+0x5a/0x1d0 [kvm]
[27437.662326]  [<f7ff0025>] kvm_arch_vcpu_ioctl+0x405/0xf10 [kvm]
[27437.662333]  [<c06e8543>] ? debug_check_no_obj_freed+0x73/0x190
[27437.662347]  [<f7fdc266>] ? vcpu_load+0x16/0x80 [kvm]
[27437.662361]  [<f7fdc266>] ? vcpu_load+0x16/0x80 [kvm]
[27437.662367]  [<c04b6d0a>] ? mutex_remove_waiter+0x3a/0x100
[27437.662374]  [<c0a1b8fc>] ? mutex_lock_nested+0x27c/0x330
[27437.662388]  [<f7fdc266>] ? vcpu_load+0x16/0x80 [kvm]
[27437.662401]  [<f7fdc266>] ? vcpu_load+0x16/0x80 [kvm]
[27437.662416]  [<f7fefab8>] ? kvm_arch_vcpu_load+0x58/0x1c0 [kvm]
[27437.662431]  [<f7fdc394>] kvm_vcpu_ioctl+0x84/0x600 [kvm]
[27437.662435]  [<c0488498>] ? finish_task_switch+0x78/0x100
[27437.662439]  [<c04bc8fb>] ? trace_hardirqs_on+0xb/0x10
[27437.662442]  [<c0a1ef27>] ? _raw_spin_unlock_irq+0x27/0x40
[27437.662446]  [<c0488453>] ? finish_task_switch+0x33/0x100
[27437.662458]  [<f7fdc310>] ? vcpu_put+0x40/0x40 [kvm]
[27437.662461]  [<c059c60a>] do_vfs_ioctl+0x7a/0x5a0
[27437.662465]  [<c067bd2f>] ? inode_has_perm.isra.48.constprop.61+0x1f/0x80
[27437.662469]  [<c067be30>] ? file_has_perm+0xa0/0xb0
[27437.662472]  [<c058b401>] ? flush_delayed_fput+0x1/0x20
[27437.662476]  [<c067c112>] ? selinux_file_ioctl+0x62/0x120
[27437.662479]  [<c059cb98>] sys_ioctl+0x68/0x80
[27437.662483]  [<c0a2675f>] sysenter_do_call+0x12/0x38
[mikhail@localhost ~]$

Comment 1 Dave Jones 2012-09-24 14:54:19 UTC

Avi, is it possible that vcpu->arch.virtual_tsc_khz could ever be zero ?

I'm suspicious of this trace, because https://bugzilla.redhat.com/show_bug.cgi?id=859188 looked like some kind of hardware problem to me.

Comment 3 Marcelo Tosatti 2013-03-13 23:33:52 UTC

Created attachment 709835 [details]
kvm-x86-handle-host-tsc-calibration-failure

fix for reported trace

Comment 4 Josh Boyer 2013-03-14 11:47:04 UTC

Applied to F17/F18.  Will this go upstream for 3.9 and be CC'd to stable?

Comment 5 Fedora Update System 2013-03-14 15:16:01 UTC

kernel-3.8.2-105.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/FEDORA-2013-3638/kernel-3.8.2-105.fc17

Comment 6 Josh Boyer 2013-03-14 15:18:49 UTC

(In reply to comment #5)
> kernel-3.8.2-105.fc17 has been submitted as an update for Fedora 17.
> https://admin.fedoraproject.org/updates/FEDORA-2013-3638/kernel-3.8.2-105.
> fc17

That's a mistake.  The fix isn't in that build.  I'll correct the update.

Comment 7 Fedora Update System 2013-03-14 22:52:14 UTC

kernel-3.8.3-101.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/kernel-3.8.3-101.fc17

Comment 8 Marcelo Tosatti 2013-03-15 01:48:44 UTC

(In reply to comment #4)
> Applied to F17/F18.  Will this go upstream for 3.9 and be CC'd to stable?

No. It has been queued for 3.10.

Comment 9 Fedora Update System 2013-03-15 02:55:53 UTC

kernel-3.8.3-201.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/kernel-3.8.3-201.fc18

Comment 10 Josh Boyer 2013-03-15 12:29:13 UTC

(In reply to comment #8)
> (In reply to comment #4)
> > Applied to F17/F18.  Will this go upstream for 3.9 and be CC'd to stable?
> 
> No. It has been queued for 3.10.

OK.  I'll get it into the f19 and rawhide branches as well then.

Comment 11 Fedora Update System 2013-03-16 01:18:37 UTC

Package kernel-3.8.3-201.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing kernel-3.8.3-201.fc18'
as soon as you are able to, then reboot.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-3893/kernel-3.8.3-201.fc18
then log in and leave karma (feedback).

Comment 12 Fedora Update System 2013-03-17 01:04:29 UTC

kernel-3.8.3-201.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 13 Fedora Update System 2013-03-22 00:10:47 UTC

kernel-3.8.3-103.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.