Re: [PATCH] [QUESTION] sched/fair: Potential vruntime underflow and unconstrained vlag scaling in rescale_entity()
From: Hongyu Jin
Date: Tue Jun 02 2026 - 08:25:36 EST
- kernel6.18.21 reproduce the same questioin
<4>[ 10.010851][T1080@C3] CPU: 3 UID: 0 PID: 1080 Comm: Jit thread pool Tainted: G W OE 6.18.21-android17-5-4k #1 PREEMPT e342f73d9fa572b2982020b3450c2e97788f7722
<4>[ 10.010862][T1080@C3] Tainted: [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
<4>[ 10.010872][T1080@C3] pstate: a04000c5 (NzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
<4>[ 10.010877][T1080@C3] pc : pick_task_fair+0xe8/0x194
<4>[ 10.010890][T1080@C3] lr : pick_task_fair+0xe8/0x194
<4>[ 10.010896][T1080@C3] sp : ffffffc0861dbc80
<4>[ 10.010899][T1080@C3] x29: ffffffc0861dbc80 x28: 0000000000000001 x27: ffffffe566a99000
<4>[ 10.010911][T1080@C3] x26: ffffffe566aa4000 x25: ffffffe566aa4380 x24: 0000000000000000
<4>[ 10.010922][T1080@C3] x23: 0000000000000002 x22: ffffff8176720840 x21: 0000000000000000
<4>[ 10.010933][T1080@C3] x20: ffffff8176720840 x19: ffffff8176720640 x18: ffffffc08603d040
<4>[ 10.010944][T1080@C3] x17: 00000000000004e9 x16: fbb79c5646e08229 x15: 0000000000000000
<4>[ 10.010954][T1080@C3] x14: 0000000000000002 x13: 00000000000004e7 x12: 0000000000000000
<4>[ 10.010965][T1080@C3] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffff808ae3ba00
<4>[ 10.010975][T1080@C3] x8 : 0000021ba4e7ceed x7 : 203a746978655f71 x6 : 0000000000000000
<4>[ 10.010986][T1080@C3] x5 : ffffff8086d668a5 x4 : 0000000000000000 x3 : 0000000000000010
<4>[ 10.010996][T1080@C3] x2 : ffffffc0861dbd80 x1 : 00000002f840e58a x0 : 0000000000000000
<4>[ 10.011007][T1080@C3] Call trace:
<4>[ 10.011012][T1080@C3] pick_task_fair+0xe8/0x194 (P)
<4>[ 10.011020][T1080@C3] pick_next_task_fair+0x78/0x794
<4>[ 10.011027][T1080@C3] __schedule+0x2a0/0xf38
<4>[ 10.011036][T1080@C3] schedule+0x11c/0x1c4
<4>[ 10.011042][T1080@C3] exit_to_user_mode_loop+0x78/0x1ac
<4>[ 10.011052][T1080@C3] el0_interrupt+0xac/0x108
<4>[ 10.011059][T1080@C3] __el0_irq_handler_common+0x18/0x28
<4>[ 10.011066][T1080@C3] el0t_64_irq_handler+0x10/0x1c
<4>[ 10.011071][T1080@C3] el0t_64_irq+0x1c4/0x1c8
- pick_eevdf() return NULL
5766 se = pick_eevdf(cfs_rq);
5767 if (se->sched_delayed) {
5768 dequeue_entities(rq, se, DEQUEUE_SLEEP | DEQUEUE_DELAYED);
5769 /*
5770 * Must not reference @se again, see __block_task().
5771 */
5772 return NULL;
- cpu3 cfs_rq hierarchy
CPU3 rq (0xffffff8176720640)
â??
â??â??â?? cfs_rq root (0xffffff8176720840) zero_vruntime = 10,906,890,879 (0x28a19f27f)
â?? nr_queued=3, h_nr_queued=2
â?? sum_w_vruntime=2,317,754,027,757, sum_weight=1255
â??
â??â??â?? [cfs.curr] top-app cgroup sched_entity (0xffffff808ae3ba00) depth=0,
â?? vruntime = 18,292,439,848,198,753,309 (0xfe07b9c2e8d6380d)
â?? entity_key = â??154,304,236,417,689,186 (0xfddbcd1d50fc599e)
â??
â??â??â?? cp_diskserver_v (se @ 0xffffff80fa4456c0) PID 1230, depth=0
â?? vruntime = 12,753,429,279
â?? entity_key = +1,846,538,400 (0x6e0ff0a0)
â??â?? child top-app cfs_rq (0xffffff808ae3aa00) zero_vruntime = 1,355,080,745 (0x50c4e429)
nr_queued=1
â??
â??â??â?? [cfs.curr] Jit thread pool (se @ 0xffffff80dca300c0) PID 1080, depth=1
parent â?? 0xffffff808ae3ba00
vruntime = 1,715,893,071
entity_key = +360,812,326 (0x15818f26)
(cpu3 rq->curr is "Jit thread pool")
- cfs_rq of cpu3
crash-arm64_v9.0.0_k618> cfs_rq.h_nr_runnable,sum_w_vruntime,sum_weight,zero_vruntime 0xffffff8176720840
h_nr_runnable = 2,
sum_w_vruntime = 2317754027757,
sum_weight = 1255,
zero_vruntime = 10906890879,
- sched_entity of cpu3 top-app cgroup
crash-arm64_v9.0.0_k618> sched_entity.deadline,vruntime,on_rq,vprot,vlag,slice,load 0xffffff808ae3ba00
deadline = 8715622320990,
vruntime = 18292439848198753309,
on_rq = 1 '\001',
vprot = 154304236428637793
vlag = 154304236428637793,
slice = 2800000,
load = {
weight = 46,
inv_weight = 2147483647
},
vruntime and vlag abnormal, The vruntime exception is caused by the vlag exception.