8<--- cut here ---
Unable to handle kernel paging request at virtual address fee04f27 when write
[fee04f27] *pgd=80000080007003, *pmd=00000000
Internal error: Oops: a06 [#1] SMP ARM
Modules linked in:
CPU: 1 UID: 0 PID: 9994 Comm: syz.1.1389 Not tainted syzkaller #0 PREEMPT 
Hardware name: ARM-Versatile Express
PC is at __raw_writeb arch/arm/include/asm/io.h:88 [inline]
PC is at parport_attach drivers/comedi/drivers/comedi_parport.c:289 [inline]
PC is at parport_attach+0x174/0x1d0 drivers/comedi/drivers/comedi_parport.c:224
LR is at parport_attach drivers/comedi/drivers/comedi_parport.c:289 [inline]
LR is at parport_attach+0x164/0x1d0 drivers/comedi/drivers/comedi_parport.c:224
pc : [<813cbe08>]    lr : [<813cbdf8>]    psr: 60000013
sp : ed6fdd30  ip : ed6fdd30  fp : ed6fdd54
r10: 82b23f28  r9 : 00000003  r8 : 8424e0c0
r7 : ed6fdd90  r6 : 8424e0c0  r5 : 00000000  r4 : 00000000
r3 : fee04f27  r2 : 81e1793c  r1 : 00000001  r0 : 813cba78
Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 30c5387d  Table: 8517bf40  DAC: 00000000
Register r0 information: non-slab/vmalloc memory
Register r1 information: non-paged memory
Register r2 information: non-slab/vmalloc memory
Register r3 information: 0-page vmalloc region starting at 0xfee00000 allocated at pci_reserve_io+0x0/0x38 arch/arm/mm/mmu.c:1055
Register r4 information: NULL pointer
Register r5 information: NULL pointer
Register r6 information: slab kmalloc-192 start 8424e0c0 pointer offset 0 size 192
Register r7 information: 2-page vmalloc region starting at 0xed6fc000 allocated at kernel_clone+0xac/0x3ec kernel/fork.c:2609
Register r8 information: slab kmalloc-192 start 8424e0c0 pointer offset 0 size 192
Register r9 information: non-paged memory
Register r10 information: non-slab/vmalloc memory
Register r11 information: 2-page vmalloc region starting at 0xed6fc000 allocated at kernel_clone+0xac/0x3ec kernel/fork.c:2609
Register r12 information: 2-page vmalloc region starting at 0xed6fc000 allocated at kernel_clone+0xac/0x3ec kernel/fork.c:2609
Process syz.1.1389 (pid: 9994, stack limit = 0xed6fc000)
Stack: (0xed6fdd30 to 0xed6fe000)
dd20:                                     82402ca4 8424e0c0 829d1b2c 829d1b2c
dd40: 81e17dfc 8424e104 ed6fdd8c ed6fdd58 813c7e98 813cbca0 200000c0 00000000
dd60: ed6fdd7c 200000c0 8424e0c0 b5403587 200000c0 83a33000 40946400 00000003
dd80: ed6fde4c ed6fdd90 813c39e4 813c7d9c 656d6f63 705f6964 6f707261 00007472
dda0: 00000000 00004f27 0000000d 00000004 00000004 00000800 00000004 00000004
ddc0: 00000007 54c6cff3 00000022 00000002 00000001 00000001 00000001 00000006
dde0: 00000101 fffffffe 0000007f 00000003 40000003 00000089 0000cae3 00000000
de00: 20001e5b 00000003 00000e66 00000003 00000008 00004086 00000000 fffffff8
de20: 00000000 eefb81ad 00000000 85b6c180 8424e0c0 200000c0 200000c0 83a33000
de40: ed6fdf14 ed6fde50 813c49b0 813c38f0 00000000 ed6fde54 ed6fde54 eefb81ad
de60: 00000000 00000000 824755b4 0000005f 83ee8250 8424e0f0 8408b444 83a33000
de80: ed6fdee4 ed6fde90 807a98ec 8079fce4 00000064 00000001 00000000 ed6fdeac
dea0: 84affcd0 834e04c8 00006400 0000000b ed6fdea0 00000000 ed6fdd30 eefb81ad
dec0: 85b6c180 40946400 200000c0 200000c0 85b6c180 00000003 ed6fdef4 ed6fdee8
dee0: 807a9a0c eefb81ad ed6fdf14 40946400 00000000 85b6c181 200000c0 85b6c180
df00: 00000003 83a33000 ed6fdfa4 ed6fdf18 8057b738 813c43e0 ecac8b10 83a33000
df20: ed6fdf3c ed6fdf30 81a42b18 81a429e8 ed6fdf54 ed6fdf40 8025c478 8028d90c
df40: ed6fdfb0 40000000 ed6fdf84 ed6fdf58 802229ec 8025c434 00000000 8281ccf4
df60: ed6fdfb0 0014ca70 ecac8b10 80222940 00000000 eefb81ad ed6fdfac 00000000
df80: 00000000 00316308 00000036 8020029c 83a33000 00000036 00000000 ed6fdfa8
dfa0: 80200060 8057b614 00000000 00000000 00000003 40946400 200000c0 00000000
dfc0: 00000000 00000000 00316308 00000036 00300000 00000000 00006364 76f550bc
dfe0: 76f54ec0 76f54eb0 000195a4 00132510 60000010 00000003 00000000 00000000
Call trace: 
[<813cbc94>] (parport_attach) from [<813c7e98>] (comedi_device_attach+0x108/0x250 drivers/comedi/drivers.c:1007)
 r6:8424e104 r5:81e17dfc r4:829d1b2c
[<813c7d90>] (comedi_device_attach) from [<813c39e4>] (do_devconfig_ioctl+0x100/0x220 drivers/comedi/comedi_fops.c:872)
 r10:00000003 r9:40946400 r8:83a33000 r7:200000c0 r6:b5403587 r5:8424e0c0
 r4:200000c0
[<813c38e4>] (do_devconfig_ioctl) from [<813c49b0>] (comedi_unlocked_ioctl+0x5dc/0x1c50 drivers/comedi/comedi_fops.c:2178)
 r8:83a33000 r7:200000c0 r6:200000c0 r5:8424e0c0 r4:85b6c180
[<813c43d4>] (comedi_unlocked_ioctl) from [<8057b738>] (vfs_ioctl fs/ioctl.c:51 [inline])
[<813c43d4>] (comedi_unlocked_ioctl) from [<8057b738>] (do_vfs_ioctl fs/ioctl.c:551 [inline])
[<813c43d4>] (comedi_unlocked_ioctl) from [<8057b738>] (__do_sys_ioctl fs/ioctl.c:595 [inline])
[<813c43d4>] (comedi_unlocked_ioctl) from [<8057b738>] (sys_ioctl+0x130/0xba0 fs/ioctl.c:583)
 r10:83a33000 r9:00000003 r8:85b6c180 r7:200000c0 r6:85b6c181 r5:00000000
 r4:40946400
[<8057b608>] (sys_ioctl) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:67)
Exception stack(0xed6fdfa8 to 0xed6fdff0)
dfa0:                   00000000 00000000 00000003 40946400 200000c0 00000000
dfc0: 00000000 00000000 00316308 00000036 00300000 00000000 00006364 76f550bc
dfe0: 76f54ec0 76f54eb0 000195a4 00132510
 r10:00000036 r9:83a33000 r8:8020029c r7:00000036 r6:00316308 r5:00000000
 r4:00000000
Code: e596306c e3a04000 e7f33053 e2433612 (e5c34000) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	e596306c 	ldr	r3, [r6, #108]	@ 0x6c
   4:	e3a04000 	mov	r4, #0
   8:	e7f33053 	ubfx	r3, r3, #0, #20
   c:	e2433612 	sub	r3, r3, #18874368	@ 0x1200000
* 10:	e5c34000 	strb	r4, [r3] <-- trapping instruction