Comment 8 for bug 1951289

Here's a decoded backtrace of the 5.0-rc5+ crash (commit 41ceb5e8 w/ the fix from commit 620a6dc4075 applied), which looks quite plausible.

static void __free_domain_allocs(struct s_data *d, enum s_alloc what,
                                 const struct cpumask *cpu_map)
{
[...]
1196 case sa_sd_storage:
1197 __sdt_free(cpu_map);
                /* Fall through */
[...]
}

static void __sdt_free(const struct cpumask *cpu_map)
{
[...]
1781 if (sdd->sd) {
1782 sd = *per_cpu_ptr(sdd->sd, j); <<< crash here
[...]
}

static int
build_sched_domains(const struct cpumask *cpu_map, struct sched_domain_attr *a\
ttr)
{
[...]
error:
1989 __free_domain_allocs(&d, alloc_state, cpu_map);
1990
1991 return ret;
}

[ 11.975494] alternatives: patching kernel code
[ 11.985402] Unable to handle kernel paging request at virtual address 000067
44c1718004
[ 11.994200] Mem abort info:
[ 11.997287] ESR = 0x96000004
[ 12.000667] Exception class = DABT (current EL), IL = 32 bits
[ 12.007236] SET = 0, FnV = 0
[ 12.010617] EA = 0, S1PTW = 0
[ 12.014092] Data abort info:
[ 12.017278] ISV = 0, ISS = 0x00000004
[ 12.021528] CM = 0, WnR = 0
[ 12.024810] [00006744c1718004] user address but active_mm is swapper
[ 12.031859] Internal error: Oops: 96000004 [#1] SMP
[ 12.037266] Modules linked in:
[ 12.040648] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.0.0-rc5+ #7
[ 12.047601] pstate: 80800009 (Nzcv daif -PAN +UAO)
[ 12.052917] pc : build_sched_domains (/home/ubuntu/linux/kernel/sched/topology.c:1782 /home/ubuntu/linux/kernel/sched/topology.c:1197 /home/ubuntu/linux/kernel/sched/topology.c:1989)
[ 12.058133] lr : build_sched_domains (/home/ubuntu/linux/kernel/sched/topology.c:1778 /home/ubuntu/linux/kernel/sched/topology.c:1197 /home/ubuntu/linux/kernel/sched/topology.c:1989)
[ 12.063342] sp : ffff00001043bcf0
[ 12.067011] x29: ffff00001043bcf0 x28: ffffb75d3ae21a00
[ 12.072900] x27: ffff50187e5dc730 x26: ffffb75d3a806e80
[ 12.078788] x25: ffff50187e5dd3a4 x24: ffffb75d3a8077a0
[ 12.084675] x23: 0000000000000000 x22: ffff50187e5dd3a4
[ 12.090561] x21: ffff50187e5dc730 x20: ffffd77cfb981400
[ 12.096452] x19: 0000000000000000 x18: 0000000000000014
[ 12.102342] x17: 00000000c60b0fdd x16: 00000000eb2df79d
[ 12.108231] x15: 000000001a6f88f6 x14: 00000000a5b719f8
[ 12.114122] x13: 00000000006ba184 x12: 000000004b281177
[ 12.120013] x11: ffff7f5df3eebf80 x10: 00000000cf4217a7
[ 12.125901] x9 : 0000000000003570 x8 : 0000000000210d00
[ 12.131791] x7 : ffffd77cfbaee580 x6 : 0000000000000002
[ 12.137680] x5 : ffffd77d7fe741c0 x4 : ffffffffffffffff
[ 12.143571] x3 : 0000000000000000 x2 : 00006744c1718000
[ 12.149460] x1 : 0000000000000004 x0 : 0000000000000004
[ 12.155352] Process swapper/0 (pid: 1, stack limit = 0x(____ptrval____))
[ 12.162785] Call trace:
[ 12.165490] build_sched_domains (/home/ubuntu/linux/kernel/sched/topology.c:1782 /home/ubuntu/linux/kernel/sched/topology.c:1197 /home/ubuntu/linux/kernel/sched/topology.c:1989)
[ 12.170314] sched_init_domains (/home/ubuntu/linux/kernel/sched/topology.c:2064)
[ 12.174760] sched_init_smp (/home/ubuntu/linux/kernel/sched/core.c:5876)
[ 12.178812] kernel_init_freeable (/home/ubuntu/linux/init/main.c:950 /home/ubuntu/linux/init/main.c:964 /home/ubuntu/linux/init/main.c:982 /home/ubuntu/linux/init/main.c:1135)
[ 12.183641] kernel_init (/home/ubuntu/linux/init/main.c:1057)
[ 12.187502] ret_from_fork (/home/ubuntu/linux/arch/arm64/kernel/entry.S:1073)
[ 12.191460] Code: b4000201 93407e77 aa0103e0 f8777aa2 (f8626800)
All code
========
   0: b4000201 cbz x1, 0x40
   4: 93407e77 sxtw x23, w19
   8: aa0103e0 mov x0, x1
   c: f8777aa2 ldr x2, [x21, x23, lsl #3]
  10:* f8626800 ldr x0, [x0, x2] <-- trapping instruction

Code starting with the faulting instruction
===========================================
   0: f8626800 ldr x0, [x0, x2]
[ 12.198259] ---[ end trace 90837fdb22e7ef78 ]---
[ 12.203390] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
[ 12.211906] SMP: stopping secondary CPUs
[ 12.216276] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]---