watchdog: BUG: soft lockup - CPU#0 stuck for 430s! [syz.0.809:5438]
Modules linked in:
CPU: 0 UID: 0 PID: 5438 Comm: syz.0.809 Tainted: G             L      syzkaller #0 PREEMPT 
Tainted: [L]=SOFTLOCKUP
Hardware name: ARM-Versatile Express
PC is at __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:160 [inline]
PC is at _raw_spin_unlock_irq+0x28/0x54 kernel/locking/spinlock.c:202
LR is at tmigr_handle_remote_cpu kernel/time/timer_migration.c:1038 [inline]
LR is at tmigr_handle_remote_up+0x268/0x4b0 kernel/time/timer_migration.c:1074
pc : [<81abba3c>]    lr : [<80346df4>]    psr: 60000113
sp : df801e08  ip : df801e18  fp : df801e14
r10: 00000001  r9 : 0000002c  r8 : 318ec080
r7 : ddddb488  r6 : df801ee0  r5 : 830bf3b0  r4 : 830bf380
r3 : 0000086a  r2 : 00000102  r1 : 830bf3b0  r0 : ddddb488
Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 30c5387d  Table: 851b9e80  DAC: fffffffd
Call trace: frame pointer underflow
[<81abba14>] (_raw_spin_unlock_irq) from [<80346df4>] (tmigr_handle_remote_cpu kernel/time/timer_migration.c:1038 [inline])
[<81abba14>] (_raw_spin_unlock_irq) from [<80346df4>] (tmigr_handle_remote_up+0x268/0x4b0 kernel/time/timer_migration.c:1074)
[<80346b8c>] (tmigr_handle_remote_up) from [<803450a4>] (__walk_groups_from+0x3c/0xe4 kernel/time/timer_migration.c:566)
 r10:84520c00 r9:8280c820 r8:80346b8c r7:df801ee0 r6:830bf380 r5:00000002
 r4:830bf380
[<80345068>] (__walk_groups_from) from [<8034743c>] (__walk_groups kernel/time/timer_migration.c:583 [inline])
[<80345068>] (__walk_groups_from) from [<8034743c>] (tmigr_handle_remote+0xe8/0x108 kernel/time/timer_migration.c:1133)
 r9:82804d80 r8:00000101 r7:00000001 r6:00000002 r5:00000002 r4:dddc7488
[<80347354>] (tmigr_handle_remote) from [<80327600>] (run_timer_softirq+0x30/0x34 kernel/time/timer.c:2408)
 r4:82804084
[<803275d0>] (run_timer_softirq) from [<8025b55c>] (handle_softirqs+0x140/0x458 kernel/softirq.c:622)
[<8025b41c>] (handle_softirqs) from [<8025b9d0>] (__do_softirq kernel/softirq.c:656 [inline])
[<8025b41c>] (handle_softirqs) from [<8025b9d0>] (invoke_softirq kernel/softirq.c:496 [inline])
[<8025b41c>] (handle_softirqs) from [<8025b9d0>] (__irq_exit_rcu+0x110/0x1d0 kernel/softirq.c:723)
 r10:221a0000 r9:84520c00 r8:00000000 r7:ead5dc70 r6:82443ff8 r5:8247f12c
 r4:84520c00
[<8025b8c0>] (__irq_exit_rcu) from [<8025bd48>] (irq_exit+0x10/0x18 kernel/softirq.c:751)
 r5:8247f12c r4:826c3a9c
[<8025bd38>] (irq_exit) from [<81aad664>] (generic_handle_arch_irq+0x7c/0x80 kernel/irq/handle.c:295)
[<81aad5e8>] (generic_handle_arch_irq) from [<81a7d614>] (call_with_stack+0x1c/0x20 arch/arm/lib/call_with_stack.S:40)
 r9:84520c00 r8:00000001 r7:ead5dca4 r6:ffffffff r5:60000013 r4:804cfff8
[<81a7d5f8>] (call_with_stack) from [<80200bec>] (__irq_svc+0x8c/0xbc arch/arm/kernel/entry-armv.S:228)
Exception stack(0xead5dc70 to 0xead5dcb8)
dc60:                                     deffd7e8 80238f78 df86871f df86871f
dc80: ffefd000 84520c00 00c00000 df86871f 00000001 85187b00 221a0000 ead5dcf4
dca0: 00400000 ead5dcc0 80236d98 804cfff8 60000013 ffffffff
[<804cfedc>] (__kmap_local_pfn_prot) from [<804d01a0>] (__kmap_local_page_prot mm/highmem.c:592 [inline])
[<804cfedc>] (__kmap_local_pfn_prot) from [<804d01a0>] (__kmap_local_page_prot+0x70/0x74 mm/highmem.c:575)
 r8:85fb9880 r7:ead5dd30 r6:000001a0 r5:00000000 r4:df868003
[<804d0130>] (__kmap_local_page_prot) from [<804eace0>] (kmap_local_page include/linux/highmem-internal.h:73 [inline])
[<804d0130>] (__kmap_local_page_prot) from [<804eace0>] (___pte_offset_map+0x90/0xd8 mm/pgtable-generic.c:303)
[<804eac50>] (___pte_offset_map) from [<804eaec8>] (__pte_offset_map include/linux/mm.h:3346 [inline])
[<804eac50>] (___pte_offset_map) from [<804eaec8>] (__pte_offset_map_lock+0x48/0xe8 mm/pgtable-generic.c:399)
 r9:85187b00 r8:84520c00 r7:ead5dd88 r6:221a0000 r5:85fb9880 r4:00210001
[<804eae80>] (__pte_offset_map_lock) from [<804c9300>] (pte_offset_map_lock include/linux/mm.h:3361 [inline])
[<804eae80>] (__pte_offset_map_lock) from [<804c9300>] (follow_page_pte+0x44/0x47c mm/gup.c:812)
 r10:221a0000 r9:85187b00 r8:84520c00 r7:00000000 r6:85fb9000 r5:85187b00
 r4:00210001
[<804c92bc>] (follow_page_pte) from [<804c98f4>] (follow_pmd_mask mm/gup.c:915 [inline])
[<804c92bc>] (follow_page_pte) from [<804c98f4>] (follow_pud_mask mm/gup.c:967 [inline])
[<804c92bc>] (follow_page_pte) from [<804c98f4>] (follow_p4d_mask mm/gup.c:984 [inline])
[<804c92bc>] (follow_page_pte) from [<804c98f4>] (follow_page_mask mm/gup.c:1023 [inline])
[<804c92bc>] (follow_page_pte) from [<804c98f4>] (__get_user_pages+0x1bc/0x6e4 mm/gup.c:1426)
 r10:000011a1 r9:221a0000 r8:84520c00 r7:00000000 r6:85fb9000 r5:85187b00
 r4:00210001
[<804c9738>] (__get_user_pages) from [<804cca38>] (populate_vma_page_range+0xd8/0x220 mm/gup.c:1860)
 r10:20fff000 r9:84edd680 r8:ead5de78 r7:25ffd000 r6:20fff000 r5:85187b00
 r4:00004ffe
[<804cc960>] (populate_vma_page_range) from [<804cd218>] (__mm_populate+0x11c/0x1b8 mm/gup.c:1963)
 r10:20fff000 r9:84edd78c r8:00000001 r7:84edd680 r6:25ffd000 r5:25ffd000
 r4:85187b00
[<804cd0fc>] (__mm_populate) from [<804e8754>] (mm_populate include/linux/mm.h:3701 [inline])
[<804cd0fc>] (__mm_populate) from [<804e8754>] (do_mremap+0x4e8/0x7c4 mm/mremap.c:1952)
 r10:20ff5000 r9:84520c00 r8:84edd78c r7:84edd680 r6:84520c00 r5:20ffd000
 r4:ead5df58
[<804e826c>] (do_mremap) from [<804e8abc>] (__do_sys_mremap mm/mremap.c:1997 [inline])
[<804e826c>] (do_mremap) from [<804e8abc>] (sys_mremap+0x8c/0xb0 mm/mremap.c:1965)
 r10:000000a3 r9:84520c00 r8:8020029c r7:000000a3 r6:003163b8 r5:00000000
 r4:20ffd000
[<804e8a30>] (sys_mremap) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:67)
Exception stack(0xead5dfa8 to 0xead5dff0)
dfa0:                   20ffd000 00000000 20ff5000 00002000 05000000 00000003
dfc0: 20ffd000 00000000 003163b8 000000a3 00300000 00000000 00006364 76f720bc
dfe0: 76f71ec0 76f71eb0 0001929c 00132320
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G             L      syzkaller #0 PREEMPT 
Tainted: [L]=SOFTLOCKUP
Hardware name: ARM-Versatile Express
PC is at arch_spin_lock arch/arm/include/asm/spinlock.h:73 [inline]
PC is at do_raw_spin_lock include/linux/spinlock.h:187 [inline]
PC is at __raw_spin_lock include/linux/spinlock_api_smp.h:134 [inline]
PC is at _raw_spin_lock+0x4c/0x58 kernel/locking/spinlock.c:154
LR is at __raw_spin_lock include/linux/spinlock_api_smp.h:132 [inline]
LR is at _raw_spin_lock+0x18/0x58 kernel/locking/spinlock.c:154
pc : [<81abbc00>]    lr : [<81abbbcc>]    psr: 80000113
sp : df805d68  ip : df805d68  fp : df805d7c
r10: 81c05450  r9 : 84082c40  r8 : 840c1688
r7 : 84082d68  r6 : 00000001  r5 : 00000001  r4 : 84082d68
r3 : 0000758f  r2 : 00007590  r1 : 00000000  r0 : 00000001
Flags: Nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 30c5387d  Table: 85174280  DAC: 00000000
Call trace: frame pointer underflow
[<81abbbb4>] (_raw_spin_lock) from [<809c776c>] (class_raw_spinlock_constructor include/linux/spinlock.h:535 [inline])
[<81abbbb4>] (_raw_spin_lock) from [<809c776c>] (gpio_mmio_set+0x44/0x80 drivers/gpio/gpio-mmio.c:234)
 r5:00000001 r4:84082c40
[<809c7728>] (gpio_mmio_set) from [<809b7f28>] (gpiochip_set+0x1c/0x44 drivers/gpio/gpiolib.c:2919)
 r7:00000001 r6:00000000 r5:00000000 r4:83ffc600
[<809b7f0c>] (gpiochip_set) from [<809ba7f0>] (gpiod_set_raw_value_commit+0x78/0x218 drivers/gpio/gpiolib.c:3662)
[<809ba778>] (gpiod_set_raw_value_commit) from [<809bc090>] (gpiod_set_value_nocheck+0x44/0x58 drivers/gpio/gpiolib.c:3881)
 r10:81c05450 r9:df805ebc r8:00000102 r7:ffffd4f4 r6:00000007 r5:00000001
 r4:83ffc600
[<809bc04c>] (gpiod_set_value_nocheck) from [<809bc0e0>] (gpiod_set_value+0x3c/0x88 drivers/gpio/gpiolib.c:3903)
[<809bc0a4>] (gpiod_set_value) from [<809cc87c>] (gpio_led_set+0x5c/0x60 drivers/leds/leds-gpio.c:57)
 r5:830fe044 r4:830fe044
[<809cc820>] (gpio_led_set) from [<809ca114>] (__led_set_brightness drivers/leds/led-core.c:52 [inline])
[<809cc820>] (gpio_led_set) from [<809ca114>] (led_set_brightness_nopm drivers/leds/led-core.c:335 [inline])
[<809cc820>] (gpio_led_set) from [<809ca114>] (led_set_brightness_nosleep+0x38/0x44 drivers/leds/led-core.c:369)
 r5:830fe044 r4:8331ec8c
[<809ca0dc>] (led_set_brightness_nosleep) from [<809cd178>] (led_heartbeat_function+0x84/0x144 drivers/leds/trigger/ledtrig-heartbeat.c:90)
[<809cd0f4>] (led_heartbeat_function) from [<80326f70>] (call_timer_fn+0x30/0x220 kernel/time/timer.c:1748)
 r7:ffffd4f4 r6:809cd0f4 r5:8331ec8c r4:83216000
[<80326f40>] (call_timer_fn) from [<80327424>] (expire_timers kernel/time/timer.c:1799 [inline])
[<80326f40>] (call_timer_fn) from [<80327424>] (__run_timers+0x2c4/0x3f8 kernel/time/timer.c:2373)
 r9:df805ebc r8:ffffd4f4 r7:00000000 r6:809cd0f4 r5:dddd9f00 r4:8331ec8c
[<80327160>] (__run_timers) from [<803275c0>] (__run_timer_base kernel/time/timer.c:2385 [inline])
[<80327160>] (__run_timers) from [<803275c0>] (__run_timer_base kernel/time/timer.c:2377 [inline])
[<80327160>] (__run_timers) from [<803275c0>] (run_timer_base+0x68/0x78 kernel/time/timer.c:2394)
 r10:83216000 r9:82804d80 r8:00000102 r7:00000001 r6:00000082 r5:00000002
 r4:dddd9f00
[<80327558>] (run_timer_base) from [<803275ec>] (run_timer_softirq+0x1c/0x34 kernel/time/timer.c:2404)
 r4:82804084
[<803275d0>] (run_timer_softirq) from [<8025b55c>] (handle_softirqs+0x140/0x458 kernel/softirq.c:622)
[<8025b41c>] (handle_softirqs) from [<8025b9d0>] (__do_softirq kernel/softirq.c:656 [inline])
[<8025b41c>] (handle_softirqs) from [<8025b9d0>] (invoke_softirq kernel/softirq.c:496 [inline])
[<8025b41c>] (handle_softirqs) from [<8025b9d0>] (__irq_exit_rcu+0x110/0x1d0 kernel/softirq.c:723)
 r10:00000000 r9:83216000 r8:00000000 r7:df865e08 r6:82443ff8 r5:8247f12c
 r4:83216000
[<8025b8c0>] (__irq_exit_rcu) from [<8025bd48>] (irq_exit+0x10/0x18 kernel/softirq.c:751)
 r5:8247f12c r4:826c3a9c
[<8025bd38>] (irq_exit) from [<81aad664>] (generic_handle_arch_irq+0x7c/0x80 kernel/irq/handle.c:295)
[<81aad5e8>] (generic_handle_arch_irq) from [<81a7d614>] (call_with_stack+0x1c/0x20 arch/arm/lib/call_with_stack.S:40)
 r9:83216000 r8:840c1688 r7:df865e3c r6:ffffffff r5:60000013 r4:809c7f6c
[<81a7d5f8>] (call_with_stack) from [<80200bec>] (__irq_svc+0x8c/0xbc arch/arm/kernel/entry-armv.S:228)
Exception stack(0xdf865e08 to 0xdf865e50)
5e00:                   e020f008 0000000c 0000758f 00000000 e020f008 0000000c
5e20: 00000001 84082d68 840c1688 84082c40 00000000 df865e6c df865e58 df865e58
5e40: 809c7f68 809c7f6c 60000013 ffffffff
[<809c7f4c>] (gpio_mmio_write32) from [<809c778c>] (gpio_mmio_set+0x64/0x80 drivers/gpio/gpio-mmio.c:241)
 r5:00000008 r4:84082c40
[<809c7728>] (gpio_mmio_set) from [<809b7f28>] (gpiochip_set+0x1c/0x44 drivers/gpio/gpiolib.c:2919)
 r7:00000001 r6:00000000 r5:00000003 r4:83ffc63c
[<809b7f0c>] (gpiochip_set) from [<809ba7f0>] (gpiod_set_raw_value_commit+0x78/0x218 drivers/gpio/gpiolib.c:3662)
[<809ba778>] (gpiod_set_raw_value_commit) from [<809bc090>] (gpiod_set_value_nocheck+0x44/0x58 drivers/gpio/gpiolib.c:3881)
 r10:00000000 r9:00000000 r8:00000001 r7:ddde24c0 r6:838c1858 r5:00000001
 r4:83ffc63c
[<809bc04c>] (gpiod_set_value_nocheck) from [<809bc0e0>] (gpiod_set_value+0x3c/0x88 drivers/gpio/gpiolib.c:3903)
[<809bc0a4>] (gpiod_set_value) from [<809cc87c>] (gpio_led_set+0x5c/0x60 drivers/leds/leds-gpio.c:57)
 r5:000000ff r4:830fe314
[<809cc820>] (gpio_led_set) from [<809ca1a4>] (__led_set_brightness drivers/leds/led-core.c:52 [inline])
[<809cc820>] (gpio_led_set) from [<809ca1a4>] (led_set_brightness_nopm drivers/leds/led-core.c:335 [inline])
[<809cc820>] (gpio_led_set) from [<809ca1a4>] (led_set_brightness_nosleep drivers/leds/led-core.c:369 [inline])
[<809cc820>] (gpio_led_set) from [<809ca1a4>] (led_set_brightness+0x84/0x90 drivers/leds/led-core.c:328)
 r5:000000ff r4:830fe314
[<809ca120>] (led_set_brightness) from [<809cbd24>] (led_trigger_event drivers/leds/led-triggers.c:420 [inline])
[<809ca120>] (led_set_brightness) from [<809cbd24>] (led_trigger_event+0x40/0x58 drivers/leds/led-triggers.c:408)
 r5:000000ff r4:830fe314
[<809cbce4>] (led_trigger_event) from [<809cd380>] (ledtrig_cpu+0xac/0xf4 drivers/leds/trigger/ledtrig-cpu.c:86)
 r7:ddde24c0 r6:00000002 r5:82b15cd8 r4:000001fd
[<809cd2d4>] (ledtrig_cpu) from [<80227a38>] (arch_cpu_idle_exit+0x14/0x18 arch/arm/kernel/process.c:98)
 r9:00000000 r8:00000001 r7:8280c710 r6:83216000 r5:8280c6d0 r4:00000001
[<80227a24>] (arch_cpu_idle_exit) from [<802b158c>] (do_idle+0x5c/0x2d8 kernel/sched/idle.c:334)
[<802b1530>] (do_idle) from [<802b1b38>] (cpu_startup_entry+0x30/0x34 kernel/sched/idle.c:430)
 r10:00000000 r9:414fc0f0 r8:80003000 r7:82a7b4a4 r6:83216000 r5:00000001
 r4:00000092
[<802b1b08>] (cpu_startup_entry) from [<8022f360>] (secondary_start_kernel+0x128/0x194 arch/arm/kernel/smp.c:478)
[<8022f238>] (secondary_start_kernel) from [<80220094>] (__enable_mmu+0x0/0xc arch/arm/kernel/head.S:446)
 r7:82a7b4a4 r6:30c0387d r5:00000000 r4:830b7bc0