watchdog: BUG: soft lockup - CPU#0 stuck for 430s! [syz.1.2218:8366] Modules linked in: CPU: 0 UID: 0 PID: 8366 Comm: syz.1.2218 Tainted: G L syzkaller #0 PREEMPT Tainted: [L]=SOFTLOCKUP Hardware name: ARM-Versatile Express PC is at __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:160 [inline] PC is at _raw_spin_unlock_irq+0x28/0x54 kernel/locking/spinlock.c:202 LR is at tmigr_handle_remote_cpu kernel/time/timer_migration.c:1038 [inline] LR is at tmigr_handle_remote_up+0x268/0x4b0 kernel/time/timer_migration.c:1074 pc : [<81a8bc8c>] lr : [<803460dc>] psr: 60000113 sp : df801e08 ip : df801e18 fp : df801e14 r10: 00000001 r9 : 00000075 r8 : 493e6700 r7 : ddddb488 r6 : df801ee0 r5 : 830bf3b0 r4 : 830bf380 r3 : 0000ff71 r2 : 00000101 r1 : 830bf3b0 r0 : ddddb488 Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user Control: 30c5387d Table: 85994580 DAC: fffffffd Call trace: frame pointer underflow [<81a8bc64>] (_raw_spin_unlock_irq) from [<803460dc>] (tmigr_handle_remote_cpu kernel/time/timer_migration.c:1038 [inline]) [<81a8bc64>] (_raw_spin_unlock_irq) from [<803460dc>] (tmigr_handle_remote_up+0x268/0x4b0 kernel/time/timer_migration.c:1074) [<80345e74>] (tmigr_handle_remote_up) from [<8034438c>] (__walk_groups_from+0x3c/0xe4 kernel/time/timer_migration.c:566) r10:8330bc00 r9:8280c820 r8:80345e74 r7:df801ee0 r6:830bf380 r5:00000002 r4:830bf380 [<80344350>] (__walk_groups_from) from [<80346724>] (__walk_groups kernel/time/timer_migration.c:583 [inline]) [<80344350>] (__walk_groups_from) from [<80346724>] (tmigr_handle_remote+0xe8/0x108 kernel/time/timer_migration.c:1133) r9:82804d80 r8:00000100 r7:00000001 r6:00000002 r5:00000002 r4:dddc7488 [<8034663c>] (tmigr_handle_remote) from [<803268f8>] (run_timer_softirq+0x30/0x34 kernel/time/timer.c:2408) r4:82804084 [<803268c8>] (run_timer_softirq) from [<8025aeb8>] (handle_softirqs+0x140/0x458 kernel/softirq.c:622) [<8025ad78>] (handle_softirqs) from [<8025b32c>] (__do_softirq kernel/softirq.c:656 [inline]) [<8025ad78>] (handle_softirqs) from [<8025b32c>] (invoke_softirq kernel/softirq.c:496 [inline]) [<8025ad78>] (handle_softirqs) from [<8025b32c>] (__irq_exit_rcu+0x110/0x1d0 kernel/softirq.c:723) r10:00006364 r9:00000000 r8:00000000 r7:ec6cdfb0 r6:82442b28 r5:8247dd4c r4:8330bc00 [<8025b21c>] (__irq_exit_rcu) from [<8025b6a4>] (irq_exit+0x10/0x18 kernel/softirq.c:751) r5:8247dd4c r4:826c2a9c [<8025b694>] (irq_exit) from [<81a7d8c4>] (generic_handle_arch_irq+0x7c/0x80 kernel/irq/handle.c:295) [<81a7d848>] (generic_handle_arch_irq) from [<81a4d9a4>] (call_with_stack+0x1c/0x20 arch/arm/lib/call_with_stack.S:40) r9:00000000 r8:826b8044 r7:8330bc00 r6:ffffffff r5:20000010 r4:000194ac [<81a4d988>] (call_with_stack) from [<80200f68>] (__irq_usr+0x88/0xa0 arch/arm/kernel/entry-armv.S:443) Exception stack(0xec6cdfb0 to 0xec6cdff8) dfa0: ffffffff 00000004 000001e4 00000000 dfc0: 00000000 00000000 00000000 00000000 00300000 00000000 00006364 76f3c0bc dfe0: 20001550 20001550 000194ac 000194ac 20000010 ffffffff Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G L syzkaller #0 PREEMPT Tainted: [L]=SOFTLOCKUP Hardware name: ARM-Versatile Express PC is at arch_spin_lock arch/arm/include/asm/spinlock.h:74 [inline] PC is at do_raw_spin_lock include/linux/spinlock.h:187 [inline] PC is at __raw_spin_lock include/linux/spinlock_api_smp.h:134 [inline] PC is at _raw_spin_lock+0x40/0x58 kernel/locking/spinlock.c:154 LR is at __raw_spin_lock include/linux/spinlock_api_smp.h:132 [inline] LR is at _raw_spin_lock+0x18/0x58 kernel/locking/spinlock.c:154 pc : [<81a8be44>] lr : [<81a8be1c>] psr: 80000113 sp : df805d68 ip : df805d68 fp : df805d7c r10: 81c05450 r9 : 84077440 r8 : 840a7288 r7 : 84077568 r6 : 00000001 r5 : 00000001 r4 : 84077568 r3 : 0000bc03 r2 : 0000bc04 r1 : 00000000 r0 : 00000001 Flags: Nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 30c5387d Table: 85164100 DAC: 00000000 Call trace: frame pointer underflow [<81a8be04>] (_raw_spin_lock) from [<809c4ab0>] (class_raw_spinlock_constructor include/linux/spinlock.h:535 [inline]) [<81a8be04>] (_raw_spin_lock) from [<809c4ab0>] (gpio_mmio_set+0x44/0x80 drivers/gpio/gpio-mmio.c:234) r5:00000001 r4:84077440 [<809c4a6c>] (gpio_mmio_set) from [<809b543c>] (gpiochip_set+0x1c/0x44 drivers/gpio/gpiolib.c:2919) r7:00000001 r6:00000000 r5:00000000 r4:84109300 [<809b5420>] (gpiochip_set) from [<809b7c54>] (gpiod_set_raw_value_commit+0x78/0x218 drivers/gpio/gpiolib.c:3662) [<809b7bdc>] (gpiod_set_raw_value_commit) from [<809b94f4>] (gpiod_set_value_nocheck+0x44/0x58 drivers/gpio/gpiolib.c:3881) r10:81c05450 r9:df805ebc r8:00000102 r7:00004f94 r6:00000007 r5:00000001 r4:84109300 [<809b94b0>] (gpiod_set_value_nocheck) from [<809b9544>] (gpiod_set_value+0x3c/0x88 drivers/gpio/gpiolib.c:3903) [<809b9508>] (gpiod_set_value) from [<809c9bac>] (gpio_led_set+0x5c/0x60 drivers/leds/leds-gpio.c:57) r5:832f0044 r4:832f0044 [<809c9b50>] (gpio_led_set) from [<809c7458>] (__led_set_brightness drivers/leds/led-core.c:52 [inline]) [<809c9b50>] (gpio_led_set) from [<809c7458>] (led_set_brightness_nopm drivers/leds/led-core.c:335 [inline]) [<809c9b50>] (gpio_led_set) from [<809c7458>] (led_set_brightness_nosleep+0x38/0x44 drivers/leds/led-core.c:369) r5:832f0044 r4:830d2d4c [<809c7420>] (led_set_brightness_nosleep) from [<809ca4a8>] (led_heartbeat_function+0x84/0x144 drivers/leds/trigger/ledtrig-heartbeat.c:90) [<809ca424>] (led_heartbeat_function) from [<80326268>] (call_timer_fn+0x30/0x220 kernel/time/timer.c:1748) r7:00004f94 r6:809ca424 r5:830d2d4c r4:83216000 [<80326238>] (call_timer_fn) from [<8032671c>] (expire_timers kernel/time/timer.c:1799 [inline]) [<80326238>] (call_timer_fn) from [<8032671c>] (__run_timers+0x2c4/0x3f8 kernel/time/timer.c:2373) r9:df805ebc r8:00004f94 r7:00000000 r6:809ca424 r5:dddd9f00 r4:830d2d4c [<80326458>] (__run_timers) from [<803268b8>] (__run_timer_base kernel/time/timer.c:2385 [inline]) [<80326458>] (__run_timers) from [<803268b8>] (__run_timer_base kernel/time/timer.c:2377 [inline]) [<80326458>] (__run_timers) from [<803268b8>] (run_timer_base+0x68/0x78 kernel/time/timer.c:2394) r10:83216000 r9:82804d80 r8:00000102 r7:00000001 r6:00000082 r5:00000002 r4:dddd9f00 [<80326850>] (run_timer_base) from [<803268e4>] (run_timer_softirq+0x1c/0x34 kernel/time/timer.c:2404) r4:82804084 [<803268c8>] (run_timer_softirq) from [<8025aeb8>] (handle_softirqs+0x140/0x458 kernel/softirq.c:622) [<8025ad78>] (handle_softirqs) from [<8025b32c>] (__do_softirq kernel/softirq.c:656 [inline]) [<8025ad78>] (handle_softirqs) from [<8025b32c>] (invoke_softirq kernel/softirq.c:496 [inline]) [<8025ad78>] (handle_softirqs) from [<8025b32c>] (__irq_exit_rcu+0x110/0x1d0 kernel/softirq.c:723) r10:00000000 r9:83216000 r8:00000000 r7:df865df8 r6:82442b28 r5:8247dd4c r4:83216000 [<8025b21c>] (__irq_exit_rcu) from [<8025b6a4>] (irq_exit+0x10/0x18 kernel/softirq.c:751) r5:8247dd4c r4:826c2a9c [<8025b694>] (irq_exit) from [<81a7d8c4>] (generic_handle_arch_irq+0x7c/0x80 kernel/irq/handle.c:295) [<81a7d848>] (generic_handle_arch_irq) from [<81a4d9a4>] (call_with_stack+0x1c/0x20 arch/arm/lib/call_with_stack.S:40) r9:83216000 r8:840a7288 r7:df865e2c r6:ffffffff r5:60000013 r4:80234eac [<81a4d988>] (call_with_stack) from [<80200bec>] (__irq_svc+0x8c/0xbc arch/arm/kernel/entry-armv.S:228) Exception stack(0xdf865df8 to 0xdf865e40) 5de0: e020f008 0000000c 5e00: 0000bc03 00000000 e020f008 0000000c 00000001 84077568 840a7288 84077440 5e20: 00000000 df865e54 df865e58 df865e48 809c52ac 80234eac 60000013 ffffffff [<80234e88>] (arm_heavy_mb) from [<809c52ac>] (gpio_mmio_write32+0x1c/0x24 drivers/gpio/gpio-mmio.c:87) [<809c5290>] (gpio_mmio_write32) from [<809c4ad0>] (gpio_mmio_set+0x64/0x80 drivers/gpio/gpio-mmio.c:241) r5:00000008 r4:84077440 [<809c4a6c>] (gpio_mmio_set) from [<809b543c>] (gpiochip_set+0x1c/0x44 drivers/gpio/gpiolib.c:2919) r7:00000001 r6:00000000 r5:00000003 r4:8410933c [<809b5420>] (gpiochip_set) from [<809b7c54>] (gpiod_set_raw_value_commit+0x78/0x218 drivers/gpio/gpiolib.c:3662) [<809b7bdc>] (gpiod_set_raw_value_commit) from [<809b94f4>] (gpiod_set_value_nocheck+0x44/0x58 drivers/gpio/gpiolib.c:3881) r10:00000000 r9:00000000 r8:00000001 r7:ddde24c0 r6:833d9558 r5:00000001 r4:8410933c [<809b94b0>] (gpiod_set_value_nocheck) from [<809b9544>] (gpiod_set_value+0x3c/0x88 drivers/gpio/gpiolib.c:3903) [<809b9508>] (gpiod_set_value) from [<809c9bac>] (gpio_led_set+0x5c/0x60 drivers/leds/leds-gpio.c:57) r5:000000ff r4:832f0314 [<809c9b50>] (gpio_led_set) from [<809c74e8>] (__led_set_brightness drivers/leds/led-core.c:52 [inline]) [<809c9b50>] (gpio_led_set) from [<809c74e8>] (led_set_brightness_nopm drivers/leds/led-core.c:335 [inline]) [<809c9b50>] (gpio_led_set) from [<809c74e8>] (led_set_brightness_nosleep drivers/leds/led-core.c:369 [inline]) [<809c9b50>] (gpio_led_set) from [<809c74e8>] (led_set_brightness+0x84/0x90 drivers/leds/led-core.c:328) r5:000000ff r4:832f0314 [<809c7464>] (led_set_brightness) from [<809c9054>] (led_trigger_event drivers/leds/led-triggers.c:420 [inline]) [<809c7464>] (led_set_brightness) from [<809c9054>] (led_trigger_event+0x40/0x58 drivers/leds/led-triggers.c:408) r5:000000ff r4:832f0314 [<809c9014>] (led_trigger_event) from [<809ca6b0>] (ledtrig_cpu+0xac/0xf4 drivers/leds/trigger/ledtrig-cpu.c:86) r7:ddde24c0 r6:00000002 r5:82b15cd8 r4:000001fd [<809ca604>] (ledtrig_cpu) from [<80227758>] (arch_cpu_idle_exit+0x14/0x18 arch/arm/kernel/process.c:98) r9:00000000 r8:00000001 r7:8280c710 r6:83216000 r5:8280c6d0 r4:00000001 [<80227744>] (arch_cpu_idle_exit) from [<802b0e84>] (do_idle+0x5c/0x2d8 kernel/sched/idle.c:334) [<802b0e28>] (do_idle) from [<802b1430>] (cpu_startup_entry+0x30/0x34 kernel/sched/idle.c:430) r10:00000000 r9:414fc0f0 r8:80003000 r7:82a7b4a4 r6:83216000 r5:00000001 r4:00000092 [<802b1400>] (cpu_startup_entry) from [<8022f04c>] (secondary_start_kernel+0x128/0x180 arch/arm/kernel/smp.c:478) [<8022ef24>] (secondary_start_kernel) from [<80220094>] (__enable_mmu+0x0/0xc arch/arm/kernel/head.S:446) r7:82a7b4a4 r6:30c0387d r5:00000000 r4:830b7bc0