rc rc0: IR event FIFO is full! rc rc0: IR event FIFO is full! rc rc0: IR event FIFO is full! 8<--- cut here --- Unable to handle kernel paging request at virtual address 0000104c when write [0000104c] *pgd=8418e003, *pmd=00000000 Internal error: Oops: a05 [#1] PREEMPT SMP ARM Modules linked in: CPU: 0 UID: 0 PID: 2903 Comm: klogd Not tainted 6.12.0-rc4-syzkaller #0 Hardware name: ARM-Versatile Express PC is at ir_raw_event_store_with_filter+0xf4/0x10c drivers/media/rc/rc-ir-raw.c:184 LR is at __wake_up_klogd.part.0+0x7c/0xac kernel/printk/printk.c:4495 pc : [<81035db4>] lr : [<802bca34>] psr: 60000193 sp : df801d30 ip : df801bb0 fp : df801d44 r10: df801d78 r9 : 8283a6a0 r8 : 8216df70 r7 : 844faf00 r6 : 00000400 r5 : df801d50 r4 : 83cf0400 r3 : 0000104c r2 : 00000000 r1 : 00000100 r0 : 00000080 Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user Control: 30c5387d Table: 842376c0 DAC: fffffffd Register r0 information: non-paged memory Register r1 information: non-paged memory Register r2 information: NULL pointer Register r3 information: non-paged memory Register r4 information: slab kmalloc-1k start 83cf0400 pointer offset 0 size 1024 Register r5 information: 2-page vmalloc region starting at 0xdf800000 allocated at start_kernel+0x5d0/0x778 init/main.c:1008 Register r6 information: non-paged memory Register r7 information: slab kmalloc-192 start 844faf00 pointer offset 0 size 192 Register r8 information: non-slab/vmalloc memory Register r9 information: non-slab/vmalloc memory Register r10 information: 2-page vmalloc region starting at 0xdf800000 allocated at start_kernel+0x5d0/0x778 init/main.c:1008 Register r11 information: 2-page vmalloc region starting at 0xdf800000 allocated at start_kernel+0x5d0/0x778 init/main.c:1008 Register r12 information: 2-page vmalloc region starting at 0xdf800000 allocated at start_kernel+0x5d0/0x778 init/main.c:1008 Process klogd (pid: 2903, stack limit = 0xec3e0000) Stack: (0xdf801d30 to 0xdf802000) 1d20: 844f0e80 df801d50 df801d6c df801d48 1d40: 81040adc 81035ccc 00400032 844e06c0 00000080 00000100 0000035e 844f0e80 1d60: df801dac df801d70 81041090 81040abc 80de84cc 80de840c 00000080 00000100 1d80: 819c5d90 844faf00 ffffffb5 83827200 00000000 844faf00 00000200 83d74048 1da0: df801dcc df801db0 80de86e8 81040f1c 83827200 844faf00 844e06c4 844e06c0 1dc0: df801df4 df801dd0 80de8840 80de8648 83827200 83d74000 844e06c4 844e06c0 1de0: 844faf00 00000200 df801ea4 df801df8 80f47124 80de877c 00000000 00000000 1e00: 00000005 df801e10 80000113 8214f198 82604d40 83d74004 844e06c0 844e06c4 1e20: 827fb92e 83d74000 838273b0 83d74000 0000cc00 828fbaf4 df801e5c 838273ac 1e40: 82604d40 00000400 00000000 00000d7e 0000017e df801e60 83827370 0000cc00 1e60: ffffffb5 83d74048 00000000 00000005 00000000 f87cd2e2 83827370 83827370 1e80: dddc7220 dddc7140 dddc71e0 80f46918 00000000 83666000 df801f0c df801ea8 1ea0: 80304104 80f46924 df801ec4 8203a5d0 00000021 7eac0d70 00000000 827faede 1ec0: dddc7234 81a042d0 8260c5d0 000000a0 7eac0d70 00000021 00000021 f87cd2e2 1ee0: 20000113 dddc7140 20000113 ffffffff 7fffffff 00000101 83666000 00000100 1f00: df801f34 df801f10 803044a8 80303f3c 20000113 000000f0 826040a0 00000009 1f20: 00000008 00400100 df801fac df801f38 8024b524 80304420 df801f54 df801f48 1f40: 819ba008 00400100 82604d40 ffffc303 8221fc50 00000000 824bbd00 0000000a 1f60: 827fc2c8 8260c5d0 8220cfbc 824b1208 df801f38 82604080 8029e440 80293dec 1f80: 83666000 83666000 8221fc50 821df450 ec3e1cc8 00000000 83666000 00000001 1fa0: df801fc4 df801fb0 8024b920 8024b3d8 824bbcdc 8221fc50 df801fd4 df801fc8 1fc0: 8024bc20 8024b888 df801ffc df801fd8 819b93cc 8024bc1c 8027d414 20000013 1fe0: ffffffff ec3e1cfc 84009800 83666000 ec3e1cc4 df802000 819698dc 819b935c Call trace: frame pointer underflow [<81035cc0>] (ir_raw_event_store_with_filter) from [<81040adc>] (sz_push+0x2c/0x74 drivers/media/rc/streamzap.c:104) r5:df801d50 r4:844f0e80 [<81040ab0>] (sz_push) from [<81041090>] (sz_push_full_pulse drivers/media/rc/streamzap.c:115 [inline]) [<81040ab0>] (sz_push) from [<81041090>] (sz_push_half_pulse drivers/media/rc/streamzap.c:121 [inline]) [<81040ab0>] (sz_push) from [<81041090>] (streamzap_callback+0x180/0x270 drivers/media/rc/streamzap.c:189) r5:844f0e80 r4:0000035e [<81040f10>] (streamzap_callback) from [<80de86e8>] (__usb_hcd_giveback_urb+0xac/0x134 drivers/usb/core/hcd.c:1650) r10:83d74048 r9:00000200 r8:844faf00 r7:00000000 r6:83827200 r5:ffffffb5 r4:844faf00 [<80de863c>] (__usb_hcd_giveback_urb) from [<80de8840>] (usb_hcd_giveback_urb+0xd0/0xd4 drivers/usb/core/hcd.c:1734) r7:844e06c0 r6:844e06c4 r5:844faf00 r4:83827200 [<80de8770>] (usb_hcd_giveback_urb) from [<80f47124>] (dummy_timer+0x80c/0x1038 drivers/usb/gadget/udc/dummy_hcd.c:1993) r9:00000200 r8:844faf00 r7:844e06c0 r6:844e06c4 r5:83d74000 r4:83827200 [<80f46918>] (dummy_timer) from [<80304104>] (__run_hrtimer kernel/time/hrtimer.c:1691 [inline]) [<80f46918>] (dummy_timer) from [<80304104>] (__hrtimer_run_queues+0x1d4/0x460 kernel/time/hrtimer.c:1755) r10:83666000 r9:00000000 r8:80f46918 r7:dddc71e0 r6:dddc7140 r5:dddc7220 r4:83827370 [<80303f30>] (__hrtimer_run_queues) from [<803044a8>] (hrtimer_run_softirq+0x94/0xe4 kernel/time/hrtimer.c:1772) r10:00000100 r9:83666000 r8:00000101 r7:7fffffff r6:ffffffff r5:20000113 r4:dddc7140 [<80304414>] (hrtimer_run_softirq) from [<8024b524>] (handle_softirqs+0x158/0x464 kernel/softirq.c:554) r7:00400100 r6:00000008 r5:00000009 r4:826040a0 [<8024b3cc>] (handle_softirqs) from [<8024b920>] (__do_softirq kernel/softirq.c:588 [inline]) [<8024b3cc>] (handle_softirqs) from [<8024b920>] (invoke_softirq kernel/softirq.c:428 [inline]) [<8024b3cc>] (handle_softirqs) from [<8024b920>] (__irq_exit_rcu+0xa4/0x164 kernel/softirq.c:637) r10:00000001 r9:83666000 r8:00000000 r7:ec3e1cc8 r6:821df450 r5:8221fc50 r4:83666000 [<8024b87c>] (__irq_exit_rcu) from [<8024bc20>] (irq_exit+0x10/0x18 kernel/softirq.c:661) r5:8221fc50 r4:824bbcdc [<8024bc10>] (irq_exit) from [<819b93cc>] (generic_handle_arch_irq+0x7c/0x80 kernel/irq/handle.c:240) [<819b9350>] (generic_handle_arch_irq) from [<819698dc>] (call_with_stack+0x1c/0x20 arch/arm/lib/call_with_stack.S:40) r9:83666000 r8:84009800 r7:ec3e1cfc r6:ffffffff r5:20000013 r4:8027d414 [<819698c0>] (call_with_stack) from [<80200bcc>] (__irq_svc+0x8c/0xbc arch/arm/kernel/entry-armv.S:227) Exception stack(0xec3e1cc8 to 0xec3e1d10) 1cc0: 00000001 8203d900 00000001 83666000 00000000 dddd0400 1ce0: 819bcd48 a3eca508 84009800 83666000 00000001 ec3e1d5c ec3e1d08 ec3e1d18 1d00: 819c5c9c 8027d414 20000013 ffffffff [<8027d388>] (finish_task_switch) from [<819bcd48>] (context_switch kernel/sched/core.c:5331 [inline]) [<8027d388>] (finish_task_switch) from [<819bcd48>] (__schedule+0x424/0xc24 kernel/sched/core.c:6690) r10:83cd9ac0 r9:00000000 r8:83cd9500 r7:a3eca508 r6:83666000 r5:dddd0400 r4:84009800 [<819bc924>] (__schedule) from [<819bd974>] (preempt_schedule_irq+0x40/0xa8 kernel/sched/core.c:7012) r10:828731a8 r9:83666000 r8:80200be4 r7:ec3e1e1c r6:ffffffff r5:83666000 r4:00000000 [<819bd934>] (preempt_schedule_irq) from [<80200c04>] (svc_preempt+0x8/0x18) Exception stack(0xec3e1de8 to 0xec3e1e30) 1de0: 00000000 840c1039 00000000 b5403587 0000018f 82873408 1e00: 76ee82cf 00000270 00000000 00000039 828731a8 ec3e1efc 00000000 ec3e1e38 1e20: 0000000a 802bde0c 40000013 ffffffff r5:40000013 r4:802bde0c [<802bdbc0>] (syslog_print) from [<802be544>] (do_syslog+0x16c/0x3a0 kernel/printk/printk.c:1766) r10:00000067 r9:83666000 r8:76ee8140 r7:000003ff r6:00000000 r5:00000000 r4:00000002 [<802be3d8>] (do_syslog) from [<802be78c>] (__do_sys_syslog kernel/printk/printk.c:1858 [inline]) [<802be3d8>] (do_syslog) from [<802be78c>] (sys_syslog+0x14/0x18 kernel/printk/printk.c:1856) r9:83666000 r8:8020029c r7:00000067 r6:00000000 r5:76ee8509 r4:76ee8140 [<802be778>] (sys_syslog) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:67) Exception stack(0xec3e1fa8 to 0xec3e1ff0) 1fa0: 76ee8140 76ee8509 00000002 76ee8140 000003ff 0000066c 1fc0: 76ee8140 76ee8509 00000000 00000067 76ee8140 76ee794c 76ee8554 76eca21a 1fe0: 76ee7cfc 7eb9bc94 76e5c9d0 76d7cf1c Code: e594324c e8950003 e2833d41 e283300c (e8830003) ---[ end trace 0000000000000000 ]--- ---------------- Code disassembly (best guess): 0: e594324c ldr r3, [r4, #588] @ 0x24c 4: e8950003 ldm r5, {r0, r1} 8: e2833d41 add r3, r3, #4160 @ 0x1040 c: e283300c add r3, r3, #12 * 10: e8830003 stm r3, {r0, r1} <-- trapping instruction