FYI, we noticed the following commit: commit: 994b35a3d3fb485ba1f56799458f317597842d86 ("sched: force update of blocked load of idle cpus") git://internal_merge_and_test_tree devel-catchup-201703281557 in testcase: boot on test machine: qemu-system-x86_64 -enable-kvm -cpu host -smp 2 -m 2G caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): +-------------------------------------------------------+------------+------------+ | | 05b40e0577 | 994b35a3d3 | +-------------------------------------------------------+------------+------------+ | boot_successes | 7 | 0 | | boot_failures | 1 | 8 | | BUG:workqueue_lockup-pool | 1 | | | BUG:kernel_hang_in_test_stage | 0 | 4 | | BUG:KASAN:null-ptr-deref_on_address | 0 | 4 | | BUG:unable_to_handle_kernel | 0 | 4 | | Oops:#[##] | 0 | 4 | | Kernel_panic-not_syncing:Fatal_exception_in_interrupt | 0 | 4 | +-------------------------------------------------------+------------+------------+ [ 7.607217] BUG: KASAN: null-ptr-deref on address 0000000000000028 [ 7.623033] Read of size 4 by task swapper/1/0 [ 7.634079] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.11.0-rc2-00228-g994b35a #1 [ 7.653558] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014 [ 7.679580] Call Trace: [ 7.687907] <IRQ> [ 7.694222] dump_stack+0xb3/0x113 [ 7.702786] kasan_report_error+0x424/0x510 [ 7.714540] ? debug_check_no_locks_freed+0x1c0/0x1c0 [ 7.728249] ? __lock_is_held+0x52/0x100 [ 7.739881] kasan_report+0x34/0x40 [ 7.749580] ? run_rebalance_domains+0x191/0x610 [ 7.762016] __asan_load4+0x61/0x80 [ 7.771742] run_rebalance_domains+0x191/0x610 [ 7.783732] ? run_rebalance_domains+0x10f/0x610 [ 7.796829] ? kvm_sched_clock_read+0x25/0x40 [ 7.809336] ? sched_clock+0x9/0x10 [ 7.819577] ? __do_softirq+0xde/0x343 [ 7.830297] __do_softirq+0x172/0x343 [ 7.840925] irq_exit+0x118/0x120 [ 7.850295] scheduler_ipi+0xda/0x220 [ 7.860342] smp_reschedule_interrupt+0x3d/0x40 [ 7.872496] reschedule_interrupt+0x93/0xa0 [ 7.883968] RIP: 0010:native_safe_halt+0x6/0x10 [ 7.895958] RSP: 0000:ffff880063cefe90 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff02 [ 7.915068] RAX: ffffed000c79c0f5 RBX: ffff880063ce0000 RCX: ffffffff86b627c7 [ 7.932150] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff880063ce07ac [ 7.946479] RBP: ffff880063cefe90 R08: 0000000000000003 R09: 0000000000000000 [ 7.963331] R10: 0000000000000000 R11: 0000000000000000 R12: ffff880063ce0000 [ 7.980240] R13: ffffffff87f23d18 R14: 0000000000000000 R15: 0000000000000000 [ 7.997735] </IRQ> [ 8.005229] ? trace_hardirqs_on_caller+0x187/0x280 [ 8.018249] default_idle+0xe/0x20 [ 8.202157] arch_cpu_idle+0xa/0x10 [ 8.212460] default_idle_call+0x27/0x40 [ 8.223575] do_idle+0x1d6/0x270 [ 8.233201] cpu_startup_entry+0x18/0x20 [ 8.244548] start_secondary+0x1c0/0x220 [ 8.254296] start_cpu+0x14/0x14 [ 8.263179] ================================================================== [ 8.282822] Disabling lock debugging due to kernel taint [ 8.296044] BUG: unable to handle kernel NULL pointer dereference at 0000000000000028 [ 8.315614] IP: run_rebalance_domains+0x195/0x610 [ 8.329741] PGD 0 [ 8.329773] [ 8.342837] Oops: 0000 [#1] SMP KASAN [ 8.352847] Modules linked in: [ 8.361884] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B 4.11.0-rc2-00228-g994b35a #1 [ 8.383829] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014 [ 8.408453] task: ffff880063ce0000 task.stack: ffff880063ce8000 [ 8.427569] RIP: 0010:run_rebalance_domains+0x195/0x610 [ 8.456415] RSP: 0000:ffff880064b07e80 EFLAGS: 00010296 [ 8.490307] RAX: ffff880063ce0000 RBX: ffff880064b159b0 RCX: ffffffff86b62656 [ 8.524915] RDX: 0000000000000004 RSI: 0000000000000003 RDI: 0000000000000060 [ 8.550579] RBP: ffff880064b07f18 R08: 0000000000000003 R09: 0000000000000001 [ 8.567047] R10: 0000000000000000 R11: 0000000000000000 R12: 00000000ffff8d37 [ 8.583929] R13: 0000000000000000 R14: ffff880064b21680 R15: 0000000000000001 [ 8.600487] FS: 0000000000000000(0000) GS:ffff880064b00000(0000) knlGS:0000000000000000 [ 8.620745] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 8.634484] CR2: 0000000000000028 CR3: 000000001f013000 CR4: 00000000000006a0 [ 8.650392] Call Trace: [ 8.658077] <IRQ> [ 8.664909] ? run_rebalance_domains+0x10f/0x610 [ 8.676388] ? kvm_sched_clock_read+0x25/0x40 [ 8.687214] ? sched_clock+0x9/0x10 [ 8.696480] ? __do_softirq+0xde/0x343 [ 8.706421] __do_softirq+0x172/0x343 [ 8.716175] irq_exit+0x118/0x120 [ 8.725517] scheduler_ipi+0xda/0x220 [ 8.735134] smp_reschedule_interrupt+0x3d/0x40 [ 8.746355] reschedule_interrupt+0x93/0xa0 [ 8.756916] RIP: 0010:native_safe_halt+0x6/0x10 [ 8.768255] RSP: 0000:ffff880063cefe90 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff02 [ 8.786759] RAX: ffffed000c79c0f5 RBX: ffff880063ce0000 RCX: ffffffff86b627c7 [ 8.802601] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff880063ce07ac [ 8.819430] RBP: ffff880063cefe90 R08: 0000000000000003 R09: 0000000000000000 [ 8.867009] R10: 0000000000000000 R11: 0000000000000000 R12: ffff880063ce0000 [ 8.891742] R13: ffffffff87f23d18 R14: 0000000000000000 R15: 0000000000000000 [ 8.907327] </IRQ> [ 8.914975] ? trace_hardirqs_on_caller+0x187/0x280 [ 8.930547] default_idle+0xe/0x20 [ 8.939876] arch_cpu_idle+0xa/0x10 [ 8.949373] default_idle_call+0x27/0x40 [ 8.959512] do_idle+0x1d6/0x270 [ 8.968494] cpu_startup_entry+0x18/0x20 [ 8.978794] start_secondary+0x1c0/0x220 [ 8.989010] start_cpu+0x14/0x14 [ 8.997859] Code: e8 61 86 16 00 4c 8b 2b e8 29 27 04 00 85 c0 74 0d 80 3d 76 c9 19 01 00 0f 84 28 04 00 00 49 8d 7d 28 e8 3f 85 16 00 49 8d 7d 60 <41> 8b 5d 28 e8 32 85 16 00 41 8b 45 60 89 df bb 01 00 00 00 48 [ 9.068790] RIP: run_rebalance_domains+0x195/0x610 RSP: ffff880064b07e80 [ 9.084410] CR2: 0000000000000028 [ 9.093483] ---[ end trace 426c09725ae0951b ]--- To reproduce: git clone https://github.com/01org/lkp-tests.git cd lkp-tests bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email Thanks, Xiaolong