* [syzbot] [kernel?] BUG: soft lockup in tmigr_handle_remote
@ 2025-12-09 5:41 syzbot
2025-12-12 6:41 ` Thomas Gleixner
0 siblings, 1 reply; 2+ messages in thread
From: syzbot @ 2025-12-09 5:41 UTC (permalink / raw)
To: anna-maria, frederic, linux-kernel, syzkaller-bugs, tglx
Hello,
syzbot found the following issue on:
HEAD commit: c2f2b01b74be Merge tag 'i3c/for-6.19' of git://git.kernel...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1258721a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=4d5b48b67d177d90
dashboard link: https://syzkaller.appspot.com/bug?extid=416b3bb7740906d1fb1e
compiler: arm-linux-gnueabi-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/98a89b9f34e4/non_bootable_disk-c2f2b01b.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/1d5b0c92d398/vmlinux-c2f2b01b.xz
kernel image: https://storage.googleapis.com/syzbot-assets/ab235c28e1ed/zImage-c2f2b01b.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+416b3bb7740906d1fb1e@syzkaller.appspotmail.com
watchdog: BUG: soft lockup - CPU#0 stuck for 430s! [swapper/0:0]
Modules linked in:
CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT
Hardware name: ARM-Versatile Express
PC is at __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:160 [inline]
PC is at _raw_spin_unlock_irq+0x28/0x54 kernel/locking/spinlock.c:202
LR is at tmigr_handle_remote_cpu kernel/time/timer_migration.c:1038 [inline]
LR is at tmigr_handle_remote_up+0x268/0x4b0 kernel/time/timer_migration.c:1074
pc : [<81abb53c>] lr : [<80346df4>] psr: 60000113
sp : 82801be0 ip : 82801bf0 fp : 82801bec
r10: 00000001 r9 : 00000031 r8 : b7f9d100
r7 : ddddb488 r6 : 82801cb8 r5 : 830bf3b0 r4 : 830bf380
r3 : 000085d1 r2 : 00000103 r1 : 830bf3b0 r0 : ddddb488
Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
Control: 30c5387d Table: 85dd6940 DAC: fffffffd
Call trace:
[<81abb514>] (_raw_spin_unlock_irq) from [<80346df4>] (tmigr_handle_remote_cpu kernel/time/timer_migration.c:1038 [inline])
[<81abb514>] (_raw_spin_unlock_irq) from [<80346df4>] (tmigr_handle_remote_up+0x268/0x4b0 kernel/time/timer_migration.c:1074)
[<80346b8c>] (tmigr_handle_remote_up) from [<803450a4>] (__walk_groups_from+0x3c/0xe4 kernel/time/timer_migration.c:566)
r10:8281b500 r9:8280c820 r8:80346b8c r7:82801cb8 r6:830bf380 r5:00000002
r4:830bf380
[<80345068>] (__walk_groups_from) from [<8034743c>] (__walk_groups kernel/time/timer_migration.c:583 [inline])
[<80345068>] (__walk_groups_from) from [<8034743c>] (tmigr_handle_remote+0xe8/0x108 kernel/time/timer_migration.c:1133)
r9:82804d80 r8:00000102 r7:00000001 r6:00000082 r5:00000002 r4:dddc7488
[<80347354>] (tmigr_handle_remote) from [<80327600>] (run_timer_softirq+0x30/0x34 kernel/time/timer.c:2408)
r4:82804084
[<803275d0>] (run_timer_softirq) from [<8025b55c>] (handle_softirqs+0x140/0x458 kernel/softirq.c:622)
[<8025b41c>] (handle_softirqs) from [<8025b9d0>] (__do_softirq kernel/softirq.c:656 [inline])
[<8025b41c>] (handle_softirqs) from [<8025b9d0>] (invoke_softirq kernel/softirq.c:496 [inline])
[<8025b41c>] (handle_softirqs) from [<8025b9d0>] (__irq_exit_rcu+0x110/0x1d0 kernel/softirq.c:723)
r10:00000000 r9:8281b500 r8:00000000 r7:82801dd8 r6:82443e68 r5:8247ef9c
r4:8281b500
[<8025b8c0>] (__irq_exit_rcu) from [<8025bd48>] (irq_exit+0x10/0x18 kernel/softirq.c:751)
r5:8247ef9c r4:826c3a9c
[<8025bd38>] (irq_exit) from [<81aad164>] (generic_handle_arch_irq+0x7c/0x80 kernel/irq/handle.c:295)
[<81aad0e8>] (generic_handle_arch_irq) from [<80200bdc>] (__irq_svc+0x7c/0xbc arch/arm/kernel/entry-armv.S:228)
Exception stack(0x82801dd8 to 0x82801e20)
1dc0: 00000001 00000000
1de0: 00008872 00008870 84121368 00000004 00000001 84121368 842d1a88 84121240
1e00: 00000000 82801e3c 82801e28 82801e28 81abb6cc 81abb6f4 80000013 ffffffff
r9:8281b500 r8:842d1a88 r7:82801e0c r6:ffffffff r5:80000013 r4:81abb6f4
[<81abb6b4>] (_raw_spin_lock) from [<809c74b8>] (class_raw_spinlock_constructor include/linux/spinlock.h:535 [inline])
[<81abb6b4>] (_raw_spin_lock) from [<809c74b8>] (gpio_mmio_set+0x44/0x80 drivers/gpio/gpio-mmio.c:234)
r5:00000004 r4:84121240
[<809c7474>] (gpio_mmio_set) from [<809b7c74>] (gpiochip_set+0x1c/0x44 drivers/gpio/gpiolib.c:2919)
r7:00000001 r6:00000000 r5:00000002 r4:841e1028
[<809b7c58>] (gpiochip_set) from [<809ba53c>] (gpiod_set_raw_value_commit+0x78/0x218 drivers/gpio/gpiolib.c:3662)
[<809ba4c4>] (gpiod_set_raw_value_commit) from [<809bbddc>] (gpiod_set_value_nocheck+0x44/0x58 drivers/gpio/gpiolib.c:3881)
r10:00000000 r9:00000000 r8:00000001 r7:dddce4c0 r6:838dbad8 r5:00000001
r4:841e1028
[<809bbd98>] (gpiod_set_value_nocheck) from [<809bbe2c>] (gpiod_set_value+0x3c/0x88 drivers/gpio/gpiolib.c:3903)
[<809bbdf0>] (gpiod_set_value) from [<809cc5c8>] (gpio_led_set+0x5c/0x60 drivers/leds/leds-gpio.c:57)
r5:000000ff r4:83315a24
[<809cc56c>] (gpio_led_set) from [<809c9ef0>] (__led_set_brightness drivers/leds/led-core.c:52 [inline])
[<809cc56c>] (gpio_led_set) from [<809c9ef0>] (led_set_brightness_nopm drivers/leds/led-core.c:335 [inline])
[<809cc56c>] (gpio_led_set) from [<809c9ef0>] (led_set_brightness_nosleep drivers/leds/led-core.c:369 [inline])
[<809cc56c>] (gpio_led_set) from [<809c9ef0>] (led_set_brightness+0x84/0x90 drivers/leds/led-core.c:328)
r5:000000ff r4:83315a24
[<809c9e6c>] (led_set_brightness) from [<809cba70>] (led_trigger_event drivers/leds/led-triggers.c:420 [inline])
[<809c9e6c>] (led_set_brightness) from [<809cba70>] (led_trigger_event+0x40/0x58 drivers/leds/led-triggers.c:408)
r5:000000ff r4:83315a24
[<809cba30>] (led_trigger_event) from [<809cd0cc>] (ledtrig_cpu+0xac/0xf4 drivers/leds/trigger/ledtrig-cpu.c:86)
r7:dddce4c0 r6:00000002 r5:82b15cd8 r4:000001fd
[<809cd020>] (ledtrig_cpu) from [<80227a38>] (arch_cpu_idle_exit+0x14/0x18 arch/arm/kernel/process.c:98)
r9:00000000 r8:00000000 r7:8280c710 r6:8281b500 r5:8280c6d0 r4:00000000
[<80227a24>] (arch_cpu_idle_exit) from [<802b158c>] (do_idle+0x5c/0x2d8 kernel/sched/idle.c:334)
[<802b1530>] (do_idle) from [<802b1b38>] (cpu_startup_entry+0x30/0x34 kernel/sched/idle.c:430)
r10:8281aff4 r9:8280c680 r8:823bea70 r7:00000000 r6:deffc06c r5:828222e8
r4:000000ed
[<802b1b08>] (cpu_startup_entry) from [<81aaeb7c>] (kernel_init+0x0/0x138 init/main.c:757)
[<81aaea9c>] (rest_init) from [<8260145c>] (start_kernel+0x844/0x860 init/main.c:1206)
[<82600c18>] (start_kernel) from [<00000000>] (0x0)
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT
Hardware name: ARM-Versatile Express
PC is at arch_spin_lock arch/arm/include/asm/spinlock.h:74 [inline]
PC is at do_raw_spin_lock include/linux/spinlock.h:187 [inline]
PC is at __raw_spin_lock include/linux/spinlock_api_smp.h:134 [inline]
PC is at _raw_spin_lock+0x40/0x58 kernel/locking/spinlock.c:154
LR is at __raw_spin_lock include/linux/spinlock_api_smp.h:132 [inline]
LR is at _raw_spin_lock+0x18/0x58 kernel/locking/spinlock.c:154
pc : [<81abb6f4>] lr : [<81abb6cc>] psr: 80000113
sp : df805d68 ip : df805d68 fp : df805d7c
r10: 81c05450 r9 : 84121240 r8 : 842d1a88
r7 : 84121368 r6 : 00000001 r5 : 00000001 r4 : 84121368
r3 : 00008870 r2 : 00008871 r1 : 00000000 r0 : 00000001
Flags: Nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
Control: 30c5387d Table: 84d295c0 DAC: 00000000
Call trace: frame pointer underflow
[<81abb6b4>] (_raw_spin_lock) from [<809c74b8>] (class_raw_spinlock_constructor include/linux/spinlock.h:535 [inline])
[<81abb6b4>] (_raw_spin_lock) from [<809c74b8>] (gpio_mmio_set+0x44/0x80 drivers/gpio/gpio-mmio.c:234)
r5:00000001 r4:84121240
[<809c7474>] (gpio_mmio_set) from [<809b7c74>] (gpiochip_set+0x1c/0x44 drivers/gpio/gpiolib.c:2919)
r7:00000001 r6:00000000 r5:00000000 r4:841e1000
[<809b7c58>] (gpiochip_set) from [<809ba53c>] (gpiod_set_raw_value_commit+0x78/0x218 drivers/gpio/gpiolib.c:3662)
[<809ba4c4>] (gpiod_set_raw_value_commit) from [<809bbddc>] (gpiod_set_value_nocheck+0x44/0x58 drivers/gpio/gpiolib.c:3881)
r10:81c05450 r9:df805ebc r8:00000102 r7:ffffde37 r6:00000007 r5:00000001
r4:841e1000
[<809bbd98>] (gpiod_set_value_nocheck) from [<809bbe2c>] (gpiod_set_value+0x3c/0x88 drivers/gpio/gpiolib.c:3903)
[<809bbdf0>] (gpiod_set_value) from [<809cc5c8>] (gpio_led_set+0x5c/0x60 drivers/leds/leds-gpio.c:57)
r5:83315844 r4:83315844
[<809cc56c>] (gpio_led_set) from [<809c9e60>] (__led_set_brightness drivers/leds/led-core.c:52 [inline])
[<809cc56c>] (gpio_led_set) from [<809c9e60>] (led_set_brightness_nopm drivers/leds/led-core.c:335 [inline])
[<809cc56c>] (gpio_led_set) from [<809c9e60>] (led_set_brightness_nosleep+0x38/0x44 drivers/leds/led-core.c:369)
r5:83315844 r4:8444c58c
[<809c9e28>] (led_set_brightness_nosleep) from [<809ccec4>] (led_heartbeat_function+0x84/0x144 drivers/leds/trigger/ledtrig-heartbeat.c:90)
[<809cce40>] (led_heartbeat_function) from [<80326f70>] (call_timer_fn+0x30/0x220 kernel/time/timer.c:1748)
r7:ffffde37 r6:809cce40 r5:8444c58c r4:83216000
[<80326f40>] (call_timer_fn) from [<80327424>] (expire_timers kernel/time/timer.c:1799 [inline])
[<80326f40>] (call_timer_fn) from [<80327424>] (__run_timers+0x2c4/0x3f8 kernel/time/timer.c:2373)
r9:df805ebc r8:ffffde37 r7:00000000 r6:809cce40 r5:dddd9f00 r4:8444c58c
[<80327160>] (__run_timers) from [<803275c0>] (__run_timer_base kernel/time/timer.c:2385 [inline])
[<80327160>] (__run_timers) from [<803275c0>] (__run_timer_base kernel/time/timer.c:2377 [inline])
[<80327160>] (__run_timers) from [<803275c0>] (run_timer_base+0x68/0x78 kernel/time/timer.c:2394)
r10:83216000 r9:82804d80 r8:00000102 r7:00000001 r6:00000082 r5:00000002
r4:dddd9f00
[<80327558>] (run_timer_base) from [<803275ec>] (run_timer_softirq+0x1c/0x34 kernel/time/timer.c:2404)
r4:82804084
[<803275d0>] (run_timer_softirq) from [<8025b55c>] (handle_softirqs+0x140/0x458 kernel/softirq.c:622)
[<8025b41c>] (handle_softirqs) from [<8025b9d0>] (__do_softirq kernel/softirq.c:656 [inline])
[<8025b41c>] (handle_softirqs) from [<8025b9d0>] (invoke_softirq kernel/softirq.c:496 [inline])
[<8025b41c>] (handle_softirqs) from [<8025b9d0>] (__irq_exit_rcu+0x110/0x1d0 kernel/softirq.c:723)
r10:00000000 r9:83216000 r8:00000000 r7:df865e08 r6:82443e68 r5:8247ef9c
r4:83216000
[<8025b8c0>] (__irq_exit_rcu) from [<8025bd48>] (irq_exit+0x10/0x18 kernel/softirq.c:751)
r5:8247ef9c r4:826c3a9c
[<8025bd38>] (irq_exit) from [<81aad164>] (generic_handle_arch_irq+0x7c/0x80 kernel/irq/handle.c:295)
[<81aad0e8>] (generic_handle_arch_irq) from [<81a7d0fc>] (call_with_stack+0x1c/0x20 arch/arm/lib/call_with_stack.S:40)
r9:83216000 r8:842d1a88 r7:df865e3c r6:ffffffff r5:60000013 r4:809c7cb8
[<81a7d0e0>] (call_with_stack) from [<80200bec>] (__irq_svc+0x8c/0xbc arch/arm/kernel/entry-armv.S:228)
Exception stack(0xdf865e08 to 0xdf865e50)
5e00: e0227008 00000008 00008870 00000000 e0227008 00000008
5e20: 00000001 84121368 842d1a88 84121240 00000000 df865e6c df865e58 df865e58
5e40: 809c7cb4 809c7cb8 60000013 ffffffff
[<809c7c98>] (gpio_mmio_write32) from [<809c74d8>] (gpio_mmio_set+0x64/0x80 drivers/gpio/gpio-mmio.c:241)
r5:00000008 r4:84121240
[<809c7474>] (gpio_mmio_set) from [<809b7c74>] (gpiochip_set+0x1c/0x44 drivers/gpio/gpiolib.c:2919)
r7:00000001 r6:00000000 r5:00000003 r4:841e103c
[<809b7c58>] (gpiochip_set) from [<809ba53c>] (gpiod_set_raw_value_commit+0x78/0x218 drivers/gpio/gpiolib.c:3662)
[<809ba4c4>] (gpiod_set_raw_value_commit) from [<809bbddc>] (gpiod_set_value_nocheck+0x44/0x58 drivers/gpio/gpiolib.c:3881)
r10:00000000 r9:00000000 r8:00000001 r7:ddde24c0 r6:838dbd58 r5:00000001
r4:841e103c
[<809bbd98>] (gpiod_set_value_nocheck) from [<809bbe2c>] (gpiod_set_value+0x3c/0x88 drivers/gpio/gpiolib.c:3903)
[<809bbdf0>] (gpiod_set_value) from [<809cc5c8>] (gpio_led_set+0x5c/0x60 drivers/leds/leds-gpio.c:57)
r5:000000ff r4:83315b14
[<809cc56c>] (gpio_led_set) from [<809c9ef0>] (__led_set_brightness drivers/leds/led-core.c:52 [inline])
[<809cc56c>] (gpio_led_set) from [<809c9ef0>] (led_set_brightness_nopm drivers/leds/led-core.c:335 [inline])
[<809cc56c>] (gpio_led_set) from [<809c9ef0>] (led_set_brightness_nosleep drivers/leds/led-core.c:369 [inline])
[<809cc56c>] (gpio_led_set) from [<809c9ef0>] (led_set_brightness+0x84/0x90 drivers/leds/led-core.c:328)
r5:000000ff r4:83315b14
[<809c9e6c>] (led_set_brightness) from [<809cba70>] (led_trigger_event drivers/leds/led-triggers.c:420 [inline])
[<809c9e6c>] (led_set_brightness) from [<809cba70>] (led_trigger_event+0x40/0x58 drivers/leds/led-triggers.c:408)
r5:000000ff r4:83315b14
[<809cba30>] (led_trigger_event) from [<809cd0cc>] (ledtrig_cpu+0xac/0xf4 drivers/leds/trigger/ledtrig-cpu.c:86)
r7:ddde24c0 r6:00000002 r5:82b15cd8 r4:000000fe
[<809cd020>] (ledtrig_cpu) from [<80227a38>] (arch_cpu_idle_exit+0x14/0x18 arch/arm/kernel/process.c:98)
r9:00000000 r8:00000001 r7:8280c710 r6:83216000 r5:8280c6d0 r4:00000001
[<80227a24>] (arch_cpu_idle_exit) from [<802b158c>] (do_idle+0x5c/0x2d8 kernel/sched/idle.c:334)
[<802b1530>] (do_idle) from [<802b1b38>] (cpu_startup_entry+0x30/0x34 kernel/sched/idle.c:430)
r10:00000000 r9:414fc0f0 r8:80003000 r7:82a7b4a4 r6:83216000 r5:00000001
r4:00000092
[<802b1b08>] (cpu_startup_entry) from [<8022f360>] (secondary_start_kernel+0x128/0x194 arch/arm/kernel/smp.c:478)
[<8022f238>] (secondary_start_kernel) from [<80220094>] (__enable_mmu+0x0/0xc arch/arm/kernel/head.S:446)
r7:82a7b4a4 r6:30c0387d r5:00000000 r4:830b7bc0
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [syzbot] [kernel?] BUG: soft lockup in tmigr_handle_remote
2025-12-09 5:41 [syzbot] [kernel?] BUG: soft lockup in tmigr_handle_remote syzbot
@ 2025-12-12 6:41 ` Thomas Gleixner
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Gleixner @ 2025-12-12 6:41 UTC (permalink / raw)
To: syzbot, anna-maria, frederic, linux-kernel, syzkaller-bugs
Cc: Lee Jones, Pavel Machek, linux-leds, Bartosz Golaszewski
On Mon, Dec 08 2025 at 21:41, syzbot wrote:
> CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT
> Hardware name: ARM-Versatile Express
> PC is at __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:160 [inline]
> PC is at _raw_spin_unlock_irq+0x28/0x54 kernel/locking/spinlock.c:202
> LR is at tmigr_handle_remote_cpu kernel/time/timer_migration.c:1038 [inline]
> LR is at tmigr_handle_remote_up+0x268/0x4b0 kernel/time/timer_migration.c:1074
> pc : [<81abb53c>] lr : [<80346df4>] psr: 60000113
> sp : 82801be0 ip : 82801bf0 fp : 82801bec
> r10: 00000001 r9 : 00000031 r8 : b7f9d100
> r7 : ddddb488 r6 : 82801cb8 r5 : 830bf3b0 r4 : 830bf380
> r3 : 000085d1 r2 : 00000103 r1 : 830bf3b0 r0 : ddddb488
> Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
> Control: 30c5387d Table: 85dd6940 DAC: fffffffd
> Call trace:
> [<81abb514>] (_raw_spin_unlock_irq) from [<80346df4>] (tmigr_handle_remote_cpu kernel/time/timer_migration.c:1038 [inline])
> [<81abb514>] (_raw_spin_unlock_irq) from [<80346df4>] (tmigr_handle_remote_up+0x268/0x4b0 kernel/time/timer_migration.c:1074)
> [<80346b8c>] (tmigr_handle_remote_up) from [<803450a4>] (__walk_groups_from+0x3c/0xe4 kernel/time/timer_migration.c:566)
> r10:8281b500 r9:8280c820 r8:80346b8c r7:82801cb8 r6:830bf380 r5:00000002
> r4:830bf380
> [<80345068>] (__walk_groups_from) from [<8034743c>] (__walk_groups kernel/time/timer_migration.c:583 [inline])
> [<80345068>] (__walk_groups_from) from [<8034743c>] (tmigr_handle_remote+0xe8/0x108 kernel/time/timer_migration.c:1133)
> r9:82804d80 r8:00000102 r7:00000001 r6:00000082 r5:00000002 r4:dddc7488
> [<80347354>] (tmigr_handle_remote) from [<80327600>] (run_timer_softirq+0x30/0x34 kernel/time/timer.c:2408)
> r4:82804084
> [<803275d0>] (run_timer_softirq) from [<8025b55c>] (handle_softirqs+0x140/0x458 kernel/softirq.c:622)
> [<8025b41c>] (handle_softirqs) from [<8025b9d0>] (__do_softirq kernel/softirq.c:656 [inline])
> [<8025b41c>] (handle_softirqs) from [<8025b9d0>] (invoke_softirq kernel/softirq.c:496 [inline])
> [<8025b41c>] (handle_softirqs) from [<8025b9d0>] (__irq_exit_rcu+0x110/0x1d0 kernel/softirq.c:723)
> r10:00000000 r9:8281b500 r8:00000000 r7:82801dd8 r6:82443e68 r5:8247ef9c
> r4:8281b500
> [<8025b8c0>] (__irq_exit_rcu) from [<8025bd48>] (irq_exit+0x10/0x18 kernel/softirq.c:751)
> r5:8247ef9c r4:826c3a9c
> [<8025bd38>] (irq_exit) from [<81aad164>] (generic_handle_arch_irq+0x7c/0x80 kernel/irq/handle.c:295)
> [<81aad0e8>] (generic_handle_arch_irq) from [<80200bdc>] (__irq_svc+0x7c/0xbc arch/arm/kernel/entry-armv.S:228)
> Exception stack(0x82801dd8 to 0x82801e20)
> 1dc0: 00000001 00000000
> 1de0: 00008872 00008870 84121368 00000004 00000001 84121368 842d1a88 84121240
> 1e00: 00000000 82801e3c 82801e28 82801e28 81abb6cc 81abb6f4 80000013 ffffffff
> r9:8281b500 r8:842d1a88 r7:82801e0c r6:ffffffff r5:80000013 r4:81abb6f4
> [<81abb6b4>] (_raw_spin_lock) from [<809c74b8>] (class_raw_spinlock_constructor include/linux/spinlock.h:535 [inline])
> [<81abb6b4>] (_raw_spin_lock) from [<809c74b8>] (gpio_mmio_set+0x44/0x80 drivers/gpio/gpio-mmio.c:234)
> r5:00000004 r4:84121240
So this holds the gpio chip lock, with interrupts enabled, so the timer
interrupt can hit in the lock held region....
> [<809c7474>] (gpio_mmio_set) from [<809b7c74>] (gpiochip_set+0x1c/0x44 drivers/gpio/gpiolib.c:2919)
> r7:00000001 r6:00000000 r5:00000002 r4:841e1028
While on the other CPU:
> CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT
> Hardware name: ARM-Versatile Express
> PC is at arch_spin_lock arch/arm/include/asm/spinlock.h:74 [inline]
> PC is at do_raw_spin_lock include/linux/spinlock.h:187 [inline]
> PC is at __raw_spin_lock include/linux/spinlock_api_smp.h:134 [inline]
> PC is at _raw_spin_lock+0x40/0x58 kernel/locking/spinlock.c:154
> LR is at __raw_spin_lock include/linux/spinlock_api_smp.h:132 [inline]
> LR is at _raw_spin_lock+0x18/0x58 kernel/locking/spinlock.c:154
> pc : [<81abb6f4>] lr : [<81abb6cc>] psr: 80000113
> sp : df805d68 ip : df805d68 fp : df805d7c
> r10: 81c05450 r9 : 84121240 r8 : 842d1a88
> r7 : 84121368 r6 : 00000001 r5 : 00000001 r4 : 84121368
> r3 : 00008870 r2 : 00008871 r1 : 00000000 r0 : 00000001
> Flags: Nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
> Control: 30c5387d Table: 84d295c0 DAC: 00000000
> Call trace: frame pointer underflow
> [<81abb6b4>] (_raw_spin_lock) from [<809c74b8>] (class_raw_spinlock_constructor include/linux/spinlock.h:535 [inline])
> [<81abb6b4>] (_raw_spin_lock) from [<809c74b8>] (gpio_mmio_set+0x44/0x80 drivers/gpio/gpio-mmio.c:234)
> r5:00000001 r4:84121240
> [<809c7474>] (gpio_mmio_set) from [<809b7c74>] (gpiochip_set+0x1c/0x44 drivers/gpio/gpiolib.c:2919)
> r7:00000001 r6:00000000 r5:00000000 r4:841e1000
> [<809b7c58>] (gpiochip_set) from [<809ba53c>] (gpiod_set_raw_value_commit+0x78/0x218 drivers/gpio/gpiolib.c:3662)
> [<809ba4c4>] (gpiod_set_raw_value_commit) from [<809bbddc>] (gpiod_set_value_nocheck+0x44/0x58 drivers/gpio/gpiolib.c:3881)
> r10:81c05450 r9:df805ebc r8:00000102 r7:ffffde37 r6:00000007 r5:00000001
> r4:841e1000
> [<809bbd98>] (gpiod_set_value_nocheck) from [<809bbe2c>] (gpiod_set_value+0x3c/0x88 drivers/gpio/gpiolib.c:3903)
> [<809bbdf0>] (gpiod_set_value) from [<809cc5c8>] (gpio_led_set+0x5c/0x60 drivers/leds/leds-gpio.c:57)
> r5:83315844 r4:83315844
> [<809cc56c>] (gpio_led_set) from [<809c9e60>] (__led_set_brightness drivers/leds/led-core.c:52 [inline])
> [<809cc56c>] (gpio_led_set) from [<809c9e60>] (led_set_brightness_nopm drivers/leds/led-core.c:335 [inline])
> [<809cc56c>] (gpio_led_set) from [<809c9e60>] (led_set_brightness_nosleep+0x38/0x44 drivers/leds/led-core.c:369)
> r5:83315844 r4:8444c58c
> [<809c9e28>] (led_set_brightness_nosleep) from [<809ccec4>] (led_heartbeat_function+0x84/0x144 drivers/leds/trigger/ledtrig-heartbeat.c:90)
> [<809cce40>] (led_heartbeat_function) from [<80326f70>] (call_timer_fn+0x30/0x220 kernel/time/timer.c:1748)
> r7:ffffde37 r6:809cce40 r5:8444c58c r4:83216000
> [<80326f40>] (call_timer_fn) from [<80327424>] (expire_timers kernel/time/timer.c:1799 [inline])
> [<80326f40>] (call_timer_fn) from [<80327424>] (__run_timers+0x2c4/0x3f8 kernel/time/timer.c:2373)
> r9:df805ebc r8:ffffde37 r7:00000000 r6:809cce40 r5:dddd9f00 r4:8444c58c
The timer soft interrupt tries to aquire the same lock...
7e061b462b3d ("gpio: mmio: use lock guards") got this wrong:
- unsigned long flags;
- raw_spin_lock_irqsave(&chip->lock, flags);
+ guard(raw_spinlock)(&chip->lock);
No?
Thanks,
tglx
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-12-12 6:41 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-12-09 5:41 [syzbot] [kernel?] BUG: soft lockup in tmigr_handle_remote syzbot
2025-12-12 6:41 ` Thomas Gleixner
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.