rc rc0: IR event FIFO is full! rc rc0: IR event FIFO is full! rc rc0: IR event FIFO is full! rc rc0: IR event FIFO is full! 8<--- cut here --- Unable to handle kernel paging request at virtual address 0000104c when write [0000104c] *pgd=84281003, *pmd=00000000 Internal error: Oops: a05 [#1] PREEMPT SMP ARM Modules linked in: CPU: 1 UID: 0 PID: 2904 Comm: klogd Not tainted 6.12.0-rc5-syzkaller #0 Hardware name: ARM-Versatile Express PC is at ir_raw_event_store_with_filter+0xf4/0x10c drivers/media/rc/rc-ir-raw.c:184 LR is at __wake_up_klogd.part.0+0x7c/0xac kernel/printk/printk.c:4495 pc : [<81036ec4>] lr : [<802bcacc>] psr: 60000193 sp : df805d30 ip : df805bb0 fp : df805d44 r10: df805d78 r9 : 8283a6a0 r8 : 8216e0c8 r7 : 842b4840 r6 : 00000400 r5 : df805d50 r4 : 83fc8000 r3 : 0000104c r2 : 00000000 r1 : 00000100 r0 : 00000080 Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment none Control: 30c5387d Table: 840f7d40 DAC: 00000000 Register r0 information: non-paged memory Register r1 information: non-paged memory Register r2 information: NULL pointer Register r3 information: non-paged memory Register r4 information: slab kmalloc-1k start 83fc8000 pointer offset 0 size 1024 Register r5 information: 2-page vmalloc region starting at 0xdf804000 allocated at start_kernel+0x5d0/0x778 init/main.c:1008 Register r6 information: non-paged memory Register r7 information: slab kmalloc-192 start 842b4840 pointer offset 0 size 192 Register r8 information: non-slab/vmalloc memory Register r9 information: non-slab/vmalloc memory Register r10 information: 2-page vmalloc region starting at 0xdf804000 allocated at start_kernel+0x5d0/0x778 init/main.c:1008 Register r11 information: 2-page vmalloc region starting at 0xdf804000 allocated at start_kernel+0x5d0/0x778 init/main.c:1008 Register r12 information: 2-page vmalloc region starting at 0xdf804000 allocated at start_kernel+0x5d0/0x778 init/main.c:1008 Process klogd (pid: 2904, stack limit = 0xec224000) Stack: (0xdf805d30 to 0xdf806000) 5d20: 844f0100 df805d50 df805d6c df805d48 5d40: 81041be4 81036ddc 00400036 84518380 00000080 00000100 00000379 844f0100 5d60: df805dac df805d70 81042198 81041bc4 80de9414 80de9354 00000080 00000100 5d80: 819c7610 842b4840 ffffffb5 8383a600 00000000 842b4840 00000200 8360c048 5da0: df805dcc df805db0 80de9630 81042024 8383a600 842b4840 84518384 84518380 5dc0: df805df4 df805dd0 80de9788 80de9590 8383a600 8360c000 84518384 84518380 5de0: 842b4840 00000200 df805ea4 df805df8 80f48200 80de96c4 00000000 00000000 5e00: 00000005 df805e10 80000113 8214f2f0 82604d40 8360c004 84518380 84518384 5e20: 827fb92d 8360c000 8383a7b0 8360c000 0000cc00 828e3ebc df805e5c 8383a7ac 5e40: 82604d40 00000400 00000000 00000c72 00000072 df805e60 8383a770 0000cc00 5e60: ffffffb5 8360c048 00000000 00000005 00000000 b40eff1d 8383a770 8383a770 5e80: ddddb220 ddddb140 ddddb1e0 80f479f4 00000000 83dc0c00 df805f0c df805ea8 5ea0: 803041dc 80f47a00 df805ec4 8203a718 00000026 1284dd70 00000000 827faede 5ec0: ddddb234 81a042d0 8260c5d0 000000a0 1284dd70 00000026 00000025 b40eff1d 5ee0: 20000113 ddddb140 20000113 ffffffff 7fffffff 00000101 83dc0c00 00000100 5f00: df805f34 df805f10 80304580 80304014 20000113 000000f0 826040a0 00000009 5f20: 00000008 00400100 df805fac df805f38 8024b51c 803044f8 df805f54 df805f48 5f40: 819bb888 00400100 82604d40 ffffcab0 8221fddc 00000000 824bbd00 0000000a 5f60: 827fc2c8 8260c5d0 8220d148 824b1208 df805f38 82604080 8029e4a8 80293e54 5f80: 83dc0c00 83dc0c00 8221fddc 821df5c8 ec225d20 00000000 83dc0c00 00000001 5fa0: df805fc4 df805fb0 8024b918 8024b3d0 824bbcdc 8221fddc df805fd4 df805fc8 5fc0: 8024bc18 8024b880 df805ffc df805fd8 819bac4c 8024bc14 8027d47c 20000013 5fe0: ffffffff ec225d54 83dc1800 83dc0c00 ec225d1c df806000 8196b15c 819babdc Call trace: frame pointer underflow [<81036dd0>] (ir_raw_event_store_with_filter) from [<81041be4>] (sz_push+0x2c/0x74 drivers/media/rc/streamzap.c:104) r5:df805d50 r4:844f0100 [<81041bb8>] (sz_push) from [<81042198>] (sz_push_full_pulse drivers/media/rc/streamzap.c:115 [inline]) [<81041bb8>] (sz_push) from [<81042198>] (sz_push_half_pulse drivers/media/rc/streamzap.c:121 [inline]) [<81041bb8>] (sz_push) from [<81042198>] (streamzap_callback+0x180/0x270 drivers/media/rc/streamzap.c:189) r5:844f0100 r4:00000379 [<81042018>] (streamzap_callback) from [<80de9630>] (__usb_hcd_giveback_urb+0xac/0x134 drivers/usb/core/hcd.c:1650) r10:8360c048 r9:00000200 r8:842b4840 r7:00000000 r6:8383a600 r5:ffffffb5 r4:842b4840 [<80de9584>] (__usb_hcd_giveback_urb) from [<80de9788>] (usb_hcd_giveback_urb+0xd0/0xd4 drivers/usb/core/hcd.c:1734) r7:84518380 r6:84518384 r5:842b4840 r4:8383a600 [<80de96b8>] (usb_hcd_giveback_urb) from [<80f48200>] (dummy_timer+0x80c/0x1038 drivers/usb/gadget/udc/dummy_hcd.c:1993) r9:00000200 r8:842b4840 r7:84518380 r6:84518384 r5:8360c000 r4:8383a600 [<80f479f4>] (dummy_timer) from [<803041dc>] (__run_hrtimer kernel/time/hrtimer.c:1691 [inline]) [<80f479f4>] (dummy_timer) from [<803041dc>] (__hrtimer_run_queues+0x1d4/0x460 kernel/time/hrtimer.c:1755) r10:83dc0c00 r9:00000000 r8:80f479f4 r7:ddddb1e0 r6:ddddb140 r5:ddddb220 r4:8383a770 [<80304008>] (__hrtimer_run_queues) from [<80304580>] (hrtimer_run_softirq+0x94/0xe4 kernel/time/hrtimer.c:1772) r10:00000100 r9:83dc0c00 r8:00000101 r7:7fffffff r6:ffffffff r5:20000113 r4:ddddb140 [<803044ec>] (hrtimer_run_softirq) from [<8024b51c>] (handle_softirqs+0x158/0x464 kernel/softirq.c:554) r7:00400100 r6:00000008 r5:00000009 r4:826040a0 [<8024b3c4>] (handle_softirqs) from [<8024b918>] (__do_softirq kernel/softirq.c:588 [inline]) [<8024b3c4>] (handle_softirqs) from [<8024b918>] (invoke_softirq kernel/softirq.c:428 [inline]) [<8024b3c4>] (handle_softirqs) from [<8024b918>] (__irq_exit_rcu+0xa4/0x164 kernel/softirq.c:637) r10:00000001 r9:83dc0c00 r8:00000000 r7:ec225d20 r6:821df5c8 r5:8221fddc r4:83dc0c00 [<8024b874>] (__irq_exit_rcu) from [<8024bc18>] (irq_exit+0x10/0x18 kernel/softirq.c:661) r5:8221fddc r4:824bbcdc [<8024bc08>] (irq_exit) from [<819bac4c>] (generic_handle_arch_irq+0x7c/0x80 kernel/irq/handle.c:240) [<819babd0>] (generic_handle_arch_irq) from [<8196b15c>] (call_with_stack+0x1c/0x20 arch/arm/lib/call_with_stack.S:40) r9:83dc0c00 r8:83dc1800 r7:ec225d54 r6:ffffffff r5:20000013 r4:8027d47c [<8196b140>] (call_with_stack) from [<80200bcc>] (__irq_svc+0x8c/0xbc arch/arm/kernel/entry-armv.S:227) Exception stack(0xec225d20 to 0xec225d68) 5d20: 00000001 8203da48 00000001 83dc0c00 00000000 ddde4400 819be5c8 a3eca510 5d40: 83dc1800 83dc0c00 00000001 ec225db4 ec225d60 ec225d70 819c751c 8027d47c 5d60: 20000013 ffffffff [<8027d3f0>] (finish_task_switch) from [<819be5c8>] (context_switch kernel/sched/core.c:5331 [inline]) [<8027d3f0>] (finish_task_switch) from [<819be5c8>] (__schedule+0x424/0xc24 kernel/sched/core.c:6690) r10:83fc29c0 r9:00000000 r8:838c0c00 r7:a3eca510 r6:83dc0c00 r5:ddde4400 r4:83dc1800 [<819be1a4>] (__schedule) from [<819bf1f4>] (preempt_schedule_irq+0x40/0xa8 kernel/sched/core.c:7012) r10:00000121 r9:83dc0c00 r8:80200be4 r7:ec225e74 r6:ffffffff r5:83dc0c00 r4:00000000 [<819bf1b4>] (preempt_schedule_irq) from [<80200c04>] (svc_preempt+0x8/0x18) Exception stack(0xec225e40 to 0xec225e88) 5e40: 00000050 00000000 00000000 fffffdef 00000000 00004000 00000000 83043400 5e60: 00000003 83dc0c00 00000121 ec225f8c ec225df8 ec225e90 8174aecc 814882e0 5e80: 00000013 ffffffff r5:00000013 r4:814882e0 [<814881d8>] (__sys_sendto) from [<81488368>] (__do_sys_send net/socket.c:2236 [inline]) [<814881d8>] (__sys_sendto) from [<81488368>] (sys_send+0x20/0x28 net/socket.c:2233) r8:8020029c r7:00000121 r6:76fd85a0 r5:76fd85a0 r4:00c221a8 [<81488348>] (sys_send) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:67) Exception stack(0xec225fa8 to 0xec225ff0) 5fa0: 00c221a8 76fd85a0 00000003 00c29d80 00000050 00004000 5fc0: 00c221a8 76fd85a0 76fd85a0 00000121 00000000 00000013 76ea0e60 00c29d83 5fe0: 00000000 7ec56bb8 76e28460 76e2d918 Code: e594324c e8950003 e2833d41 e283300c (e8830003) ---[ end trace 0000000000000000 ]--- ---------------- Code disassembly (best guess): 0: e594324c ldr r3, [r4, #588] @ 0x24c 4: e8950003 ldm r5, {r0, r1} 8: e2833d41 add r3, r3, #4160 @ 0x1040 c: e283300c add r3, r3, #12 * 10: e8830003 stm r3, {r0, r1} <-- trapping instruction