1. Patchew
  2. linux
  3. View series

[PATCH] sched/fair: Fix division-by-zero error in task_scan_max()

Xia Fukun posted 1 patch 1 month, 1 week ago 
kernel/sched/fair.c | 2 ++
1 file changed, 2 insertions(+)
[PATCH] sched/fair: Fix division-by-zero error in task_scan_max()
Posted by Xia Fukun 1 month, 1 week ago 
The error can be reproduced by following these steps:
First, set sysctl_numa_balancing_scan_size to 0:

echo 0 > /sys/kernel/debug/sched/numa_balancing/scan_size_mb

Then trigger the clone system call, for example, by using
pthread_create to create a new thread.

	Oops: divide error: 0000 [#1] SMP NOPTI
	CPU: 11 UID: 0 PID: 1 Comm: systemd Tainted: G S 6.17.0xfk_v2 #6
	Tainted: [S]=CPU_OUT_OF_SPEC
	Hardware name: SuperCloud R5210 G12/X12DPi-N6, BIOS 1.1c 08/30/2021
	RIP: 0010:task_scan_max+0x24/0x190
	RSP: 0018:ff56485a001ebc98 EFLAGS: 00010246
	...
	Call Trace:
	<TASK>
	init_numa_balancing+0xdb/0x1e0
	__sched_fork+0x110/0x180
	sched_fork+0xd/0x170
	copy_process+0x821/0x1aa0
	kernel_clone+0xbc/0x400
	__do_sys_clone3+0xde/0x120
	do_syscall_64+0xa4/0x260
	entry_SYSCALL_64_after_hwframe+0x77/0x7f

This patch fixes the issue by ensuring that the relevant value in
task_scan_max() is at least 1.

Fixes: 598f0ec0bc99 ("sched/numa: Set the scan rate proportional to the memory usage of the task being scanned")
Signed-off-by: Xia Fukun <xiafukun@huawei.com>
---
 kernel/sched/fair.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
index b173a059315c..ea962e3bcb13 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -1496,6 +1496,7 @@ static unsigned int task_nr_scan_windows(struct task_struct *p)
 	 * on resident pages
 	 */
 	nr_scan_pages = sysctl_numa_balancing_scan_size << (20 - PAGE_SHIFT);
+	nr_scan_pages = max_t(unsigned long, nr_scan_pages, 1UL << (20 - PAGE_SHIFT));
 	rss = get_mm_rss(p->mm);
 	if (!rss)
 		rss = nr_scan_pages;
@@ -1510,6 +1511,7 @@ static unsigned int task_nr_scan_windows(struct task_struct *p)
 static unsigned int task_scan_min(struct task_struct *p)
 {
 	unsigned int scan_size = READ_ONCE(sysctl_numa_balancing_scan_size);
+	scan_size = max_t(unsigned int, scan_size, 1);
 	unsigned int scan, floor;
 	unsigned int windows = 1;
 
-- 
2.34.1
Re: [PATCH] sched/fair: Fix division-by-zero error in task_scan_max()
Posted by Peter Zijlstra 1 month ago 
On Wed, Aug 27, 2025 at 12:34:27PM +0000, Xia Fukun wrote:
> The error can be reproduced by following these steps:
> First, set sysctl_numa_balancing_scan_size to 0:
> 
> echo 0 > /sys/kernel/debug/sched/numa_balancing/scan_size_mb
> 
> Then trigger the clone system call, for example, by using
> pthread_create to create a new thread.

How about rejecting 0 instead?
Re: [PATCH] sched/fair: Fix division-by-zero error in task_scan_max()
Posted by Xia Fukun 1 month ago 
On 8/27/2025 8:34 PM, Xia Fukun wrote:
> The error can be reproduced by following these steps:
> First, set sysctl_numa_balancing_scan_size to 0:
> 
> echo 0 > /sys/kernel/debug/sched/numa_balancing/scan_size_mb
> 
> Then trigger the clone system call, for example, by using
> pthread_create to create a new thread.
> 
> 	Oops: divide error: 0000 [#1] SMP NOPTI
> 	CPU: 11 UID: 0 PID: 1 Comm: systemd Tainted: G S 6.17.0xfk_v2 #6
> 	Tainted: [S]=CPU_OUT_OF_SPEC
> 	Hardware name: SuperCloud R5210 G12/X12DPi-N6, BIOS 1.1c 08/30/2021
> 	RIP: 0010:task_scan_max+0x24/0x190

Gentle ping ...

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.