sched_tick_start() and sched_tick_stop() are called during CPU hotplug for CPUs not in the HK_TYPE_KERNEL_NOISE set. They dereference tick_work_cpu, which is allocated by sched_tick_offload_init() and only called from housekeeping_init() when nohz_full= is present at boot.
When the DHM subsystem first-enables HK_TYPE_KERNEL_NOISE at runtime via housekeeping_update_types(), tick_work_cpu remains NULL because sched_tick_offload_init() is __init-only and cannot be re-invoked. A subsequent CPU offline/online cycle for an isolated CPU triggers WARN_ON_ONCE(!tick_work_cpu) followed by a NULL-pointer dereference in per_cpu_ptr(tick_work_cpu, cpu), crashing the kernel. Since nohz_full= was not active at boot, tick_nohz_full_running remains false and the tick-offload infrastructure is never activated; isolated CPUs continue to receive their own ticks. Guard both helpers with an additional !tick_work_cpu check so they become no-ops in this case. Signed-off-by: Jing Wu <[email protected]> Signed-off-by: Qiliang Yuan <[email protected]> --- kernel/sched/core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index 371b509d92164..df004e3efca70 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -5778,7 +5778,7 @@ static void sched_tick_start(int cpu) int os; struct tick_work *twork; - if (housekeeping_cpu(cpu, HK_TYPE_KERNEL_NOISE)) + if (housekeeping_cpu(cpu, HK_TYPE_KERNEL_NOISE) || !tick_work_cpu) return; WARN_ON_ONCE(!tick_work_cpu); @@ -5799,7 +5799,7 @@ static void sched_tick_stop(int cpu) struct tick_work *twork; int os; - if (housekeeping_cpu(cpu, HK_TYPE_KERNEL_NOISE)) + if (housekeeping_cpu(cpu, HK_TYPE_KERNEL_NOISE) || !tick_work_cpu) return; WARN_ON_ONCE(!tick_work_cpu); -- 2.43.0
