Greeting, FYI, we noticed the following commit (built with gcc-9): commit: cbd87e97caf59c1a9d06d35e5a59404e4d7c8660 ("[PATCH] sched/fair: Update nohz.next_balance for newly NOHZ-idle CPUs") url: https://github.com/0day-ci/linux/commits/Valentin-Schneider/sched-fair-Update-nohz-next_balance-for-newly-NOHZ-idle-CPUs/20210714-194021 base: https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git 031e3bd8986fffe31e1ddbf5264cccfe30c9abd7 in testcase: trinity version: trinity-x86_64-da65f0aa-1_20210719 with following parameters: number: 99999 group: group-03 test-description: Trinity is a linux system call fuzz tester. test-url: http://codemonkey.org.uk/projects/trinity/ on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): If you fix the issue, kindly add following tag Reported-by: kernel test robot [ 11.102934][ C1] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 11.104253][ C1] #PF: supervisor write access in kernel mode [ 11.105209][ C1] #PF: error_code(0x0002) - not-present page [ 11.106215][ C1] PGD 0 P4D 0 [ 11.106848][ C1] Oops: 0002 [#1] SMP PTI [ 11.106919][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.13.0-rc6-00081-gcbd87e97caf5 #1 [ 11.106919][ C1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 11.106919][ C1] RIP: 0010:__memcpy (arch/x86/lib/memcpy_64.S:39) [ 11.106919][ C1] Code: 74 be 0f 1f 44 00 00 c7 05 97 29 d1 03 0f 00 00 00 eb ad cc cc cc cc cc 0f 1f 44 00 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 f3 a4 All code ======== 0: 74 be je 0xffffffffffffffc0 2: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) 7: c7 05 97 29 d1 03 0f movl $0xf,0x3d12997(%rip) # 0x3d129a8 e: 00 00 00 11: eb ad jmp 0xffffffffffffffc0 13: cc int3 14: cc int3 15: cc int3 16: cc int3 17: cc int3 18: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) 1d: 48 89 f8 mov %rdi,%rax 20: 48 89 d1 mov %rdx,%rcx 23: 48 c1 e9 03 shr $0x3,%rcx 27: 83 e2 07 and $0x7,%edx 2a:* f3 48 a5 rep movsq %ds:(%rsi),%es:(%rdi) <-- trapping instruction 2d: 89 d1 mov %edx,%ecx 2f: f3 a4 rep movsb %ds:(%rsi),%es:(%rdi) 31: c3 retq 32: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1) 38: 48 89 f8 mov %rdi,%rax 3b: 48 89 d1 mov %rdx,%rcx 3e: f3 a4 rep movsb %ds:(%rsi),%es:(%rdi) Code starting with the faulting instruction =========================================== 0: f3 48 a5 rep movsq %ds:(%rsi),%es:(%rdi) 3: 89 d1 mov %edx,%ecx 5: f3 a4 rep movsb %ds:(%rsi),%es:(%rdi) 7: c3 retq 8: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1) e: 48 89 f8 mov %rdi,%rax 11: 48 89 d1 mov %rdx,%rcx 14: f3 a4 rep movsb %ds:(%rsi),%es:(%rdi) [ 11.106919][ C1] RSP: 0000:ffffa8f280120f18 EFLAGS: 00010246 [ 11.106919][ C1] RAX: 0000000000000000 RBX: 00000000ffff1d2f RCX: 0000000000000001 [ 11.106919][ C1] RDX: 0000000000000000 RSI: ffff8b4d002b6ed0 RDI: 0000000000000000 [ 11.106919][ C1] RBP: ffffa8f280120f80 R08: 0000000000000001 R09: 0000000000000001 [ 11.106919][ C1] R10: ffffffffacc07000 R11: ffff8b4d01589dc0 R12: 0000000000000000 [ 11.106919][ C1] R13: 0000000000000001 R14: 0000000000000002 R15: 0000000000000007 [ 11.106919][ C1] FS: 0000000000000000(0000) GS:ffff8b502fa00000(0000) knlGS:0000000000000000 [ 11.106919][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 11.106919][ C1] CR2: 0000000000000000 CR3: 00000002e58b6000 CR4: 00000000000406e0 [ 11.106919][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 11.106919][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 11.106919][ C1] Call Trace: [ 11.106919][ C1] [ 11.106919][ C1] _nohz_idle_balance+0x7a/0x400 [ 11.106919][ C1] ? lock_is_held_type (arch/x86/include/asm/irqflags.h:140 kernel/locking/lockdep.c:5557) [ 11.106919][ C1] __do_softirq (arch/x86/include/asm/jump_label.h:19 include/linux/jump_label.h:200 include/trace/events/irq.h:142 kernel/softirq.c:559) [ 11.106919][ C1] irq_exit_rcu (kernel/softirq.c:432 kernel/softirq.c:636 kernel/softirq.c:648) [ 11.106919][ C1] sysvec_call_function_single (arch/x86/kernel/smp.c:243 (discriminator 14)) [ 11.106919][ C1] [ 11.106919][ C1] asm_sysvec_call_function_single (arch/x86/include/asm/idtentry.h:655) [ 11.106919][ C1] RIP: 0010:native_safe_halt (arch/x86/include/asm/irqflags.h:52) [ 11.106919][ C1] Code: 00 0f 00 2d 16 e1 45 00 f4 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 e9 07 00 00 00 0f 00 2d f6 e0 45 00 fb f4 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 0f 1f 44 00 All code ======== 0: 00 0f add %cl,(%rdi) 2: 00 2d 16 e1 45 00 add %ch,0x45e116(%rip) # 0x45e11e 8: f4 hlt 9: c3 retq a: 66 66 2e 0f 1f 84 00 data16 nopw %cs:0x0(%rax,%rax,1) 11: 00 00 00 00 15: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 1c: e9 07 00 00 00 jmpq 0x28 21: 0f 00 2d f6 e0 45 00 verw 0x45e0f6(%rip) # 0x45e11e 28: fb sti 29: f4 hlt 2a:* c3 retq <-- trapping instruction 2b: cc int3 2c: cc int3 2d: cc int3 2e: cc int3 2f: cc int3 30: cc int3 31: cc int3 32: cc int3 33: cc int3 34: cc int3 35: cc int3 36: cc int3 37: cc int3 38: cc int3 39: cc int3 3a: cc int3 3b: cc int3 3c: 0f .byte 0xf 3d: 1f (bad) 3e: 44 rex.R ... Code starting with the faulting instruction =========================================== 0: c3 retq 1: cc int3 2: cc int3 3: cc int3 4: cc int3 5: cc int3 6: cc int3 7: cc int3 8: cc int3 9: cc int3 a: cc int3 b: cc int3 c: cc int3 d: cc int3 e: cc int3 f: cc int3 10: cc int3 11: cc int3 12: 0f .byte 0xf 13: 1f (bad) 14: 44 rex.R To reproduce: # build kernel cd linux cp config-5.13.0-rc6-00081-gcbd87e97caf5 .config make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage git clone https://github.com/intel/lkp-tests.git cd lkp-tests bin/lkp qemu -k job-script # job-script is attached in this email --- 0DAY/LKP+ Test Infrastructure Open Source Technology Center https://lists.01.org/hyperkitty/list/lkp@lists.01.org Intel Corporation Thanks, Oliver Sang