8<--- cut here ---
Unable to handle kernel paging request at virtual address fee09003 when write
[fee09003] *pgd=80000080007003, *pmd=00000000
Internal error: Oops: a06 [#1] SMP ARM
Modules linked in:
CPU: 1 UID: 0 PID: 10390 Comm: syz.7.981 Tainted: G             L      syzkaller #0 PREEMPT 
Tainted: [L]=SOFTLOCKUP
Hardware name: ARM-Versatile Express
PC is at __raw_writeb arch/arm/include/asm/io.h:88 [inline]
PC is at subdev_8255_io drivers/comedi/drivers/comedi_8255.c:47 [inline]
PC is at subdev_8255_io+0x60/0x6c drivers/comedi/drivers/comedi_8255.c:43
LR is at subdev_8255_io drivers/comedi/drivers/comedi_8255.c:47 [inline]
LR is at subdev_8255_io+0x4c/0x6c drivers/comedi/drivers/comedi_8255.c:43
pc : [<81468918>]    lr : [<81468904>]    psr: 60000013
sp : dfa91cb8  ip : dfa91cb8  fp : dfa91cd4
r10: 00009000  r9 : 00000004  r8 : dfa91da4
r7 : 00000000  r6 : 0000009b  r5 : 8474ab40  r4 : 00009003
r3 : 0000009b  r2 : fee09003  r1 : 00000001  r0 : 8474ab40
Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 30c5387d  Table: 86a24a80  DAC: 00000000
Register r0 information: slab kmalloc-192 start 8474ab40 pointer offset 0 size 192
Register r1 information: non-paged memory
Register r2 information: 0-page vmalloc region starting at 0xfee00000 allocated at pci_reserve_io+0x0/0x38 arch/arm/mm/mmu.c:1048
Register r3 information: non-paged memory
Register r4 information: non-paged memory
Register r5 information: slab kmalloc-192 start 8474ab40 pointer offset 0 size 192
Register r6 information: non-paged memory
Register r7 information: NULL pointer
Register r8 information: 2-page vmalloc region starting at 0xdfa90000 allocated at kernel_clone+0xc4/0x444 kernel/fork.c:2722
Register r9 information: non-paged memory
Register r10 information: non-paged memory
Register r11 information: 2-page vmalloc region starting at 0xdfa90000 allocated at kernel_clone+0xc4/0x444 kernel/fork.c:2722
Register r12 information: 2-page vmalloc region starting at 0xdfa90000 allocated at kernel_clone+0xc4/0x444 kernel/fork.c:2722
Process syz.7.981 (pid: 10390, stack limit = 0xdfa90000)
Stack: (0xdfa91cb8 to 0xdfa92000)
1ca0:                                                       814688b8 00009000
1cc0: 8474ab40 00000000 dfa91cf4 dfa91cd8 814685f4 814688c4 00009000 805329dc
1ce0: 866fe9c0 866fe9c0 dfa91d14 dfa91cf8 814689ac 814685a8 8474ab40 00000000
1d00: 866fe9c0 00000000 dfa91d54 dfa91d18 81468b5c 81468930 ffffffff 00000004
1d20: 82a20900 00000000 00000000 82bd2b24 8474ab40 00000000 dfa91d90 8474ab40
1d40: 00000000 82d29754 dfa91d8c dfa91d58 81457500 81468af4 40946400 00000000
1d60: dfa91d7c 20000140 8474ab40 b5403587 40946400 00000001 00000005 8410d780
1d80: dfa91e4c dfa91d90 81452d0c 81457404 35353238 00000000 00000000 00000000
1da0: 00000000 00009000 00000000 00000a1a 00000004 00000004 0800afa3 00000004
1dc0: 00000008 00005857 00000002 00000007 00000009 00000001 00000005 00000006
1de0: 00000501 00000000 00000004 00000002 0000000a 00000008 0000caa2 00001003
1e00: 20001e5b 02000003 00000e69 00000002 00000004 00004086 00000000 00000004
1e20: 00000000 66466076 00000000 83895f80 8474ab40 20000140 40946400 00000001
1e40: dfa91f14 dfa91e50 81454030 81452c44 00000000 66466076 00000000 00000000
1e60: 82531804 dfa91ea4 0000005f 847c2990 00000064 8474ab70 dfa91ee4 dfa91e88
1e80: 807eaa84 807e0d98 00000064 00000001 00000000 dfa91ea4 8661f610 83428088
1ea0: 00006400 0000000b dfa91e98 00000000 00000000 66466076 00000000 83895f80
1ec0: 40946400 20000140 20000140 83895f80 00000005 8410d780 dfa91ef4 dfa91ee8
1ee0: 807eabb8 66466076 dfa91f14 00000000 83895f81 40946400 20000140 83895f80
1f00: 00000005 8410d780 dfa91fa4 dfa91f18 805a2310 81453ce8 ecac8b10 8410d780
1f20: dfa91f3c dfa91f30 81b1b714 81b1b5e0 dfa91f54 dfa91f40 8025a6ac 8028e2e4
1f40: dfa91fb0 40000000 dfa91f84 dfa91f58 80220be0 8025a668 00000000 82a1c63c
1f60: dfa91fb0 0013e9b0 ecac8b10 80220b34 00000000 66466076 dfa91fac 00000000
1f80: 00000000 00346450 00000036 8020029c 8410d780 00000036 00000000 dfa91fa8
1fa0: 80200060 805a20d8 00000000 00000000 00000005 40946400 20000140 00000000
1fc0: 00000000 00000000 00346450 00000036 00346418 00000000 00000001 76ede0dc
1fe0: 76edde88 76edde78 00018ebc 00130810 60000010 00000005 00000000 00000000
Call trace: 
[<814688b8>] (subdev_8255_io) from [<814685f4>] (subdev_8255_do_config+0x58/0x60 drivers/comedi/drivers/comedi_8255.c:115)
 r7:00000000 r6:8474ab40 r5:00009000 r4:814688b8
[<8146859c>] (subdev_8255_do_config) from [<814689ac>] (__subdev_8255_init drivers/comedi/drivers/comedi_8255.c:172 [inline])
[<8146859c>] (subdev_8255_do_config) from [<814689ac>] (subdev_8255_io_init+0x88/0x98 drivers/comedi/drivers/comedi_8255.c:192)
 r4:866fe9c0
[<81468924>] (subdev_8255_io_init) from [<81468b5c>] (dev_8255_attach drivers/comedi/drivers/8255.c:84 [inline])
[<81468924>] (subdev_8255_io_init) from [<81468b5c>] (dev_8255_attach+0x74/0x138 drivers/comedi/drivers/8255.c:46)
 r7:00000000 r6:866fe9c0 r5:00000000 r4:8474ab40
[<81468ae8>] (dev_8255_attach) from [<81457500>] (comedi_device_attach+0x108/0x244 drivers/comedi/drivers.c:1101)
 r10:82d29754 r9:00000000 r8:8474ab40 r7:dfa91d90 r6:00000000 r5:8474ab40
 r4:82bd2b24
[<814573f8>] (comedi_device_attach) from [<81452d0c>] (do_devconfig_ioctl+0xd4/0x21c drivers/comedi/comedi_fops.c:930)
 r10:8410d780 r9:00000005 r8:00000001 r7:40946400 r6:b5403587 r5:8474ab40
 r4:20000140
[<81452c38>] (do_devconfig_ioctl) from [<81454030>] (comedi_unlocked_ioctl+0x354/0x1db8 drivers/comedi/comedi_fops.c:2302)
 r8:00000001 r7:40946400 r6:20000140 r5:8474ab40 r4:83895f80
[<81453cdc>] (comedi_unlocked_ioctl) from [<805a2310>] (vfs_ioctl fs/ioctl.c:51 [inline])
[<81453cdc>] (comedi_unlocked_ioctl) from [<805a2310>] (do_vfs_ioctl fs/ioctl.c:551 [inline])
[<81453cdc>] (comedi_unlocked_ioctl) from [<805a2310>] (__do_sys_ioctl fs/ioctl.c:595 [inline])
[<81453cdc>] (comedi_unlocked_ioctl) from [<805a2310>] (sys_ioctl+0x244/0xb5c fs/ioctl.c:583)
 r10:8410d780 r9:00000005 r8:83895f80 r7:20000140 r6:40946400 r5:83895f81
 r4:00000000
[<805a20cc>] (sys_ioctl) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:67)
Exception stack(0xdfa91fa8 to 0xdfa91ff0)
1fa0:                   00000000 00000000 00000005 40946400 20000140 00000000
1fc0: 00000000 00000000 00346450 00000036 00346418 00000000 00000001 76ede0dc
1fe0: 76edde88 76edde78 00018ebc 00130810
 r10:00000036 r9:8410d780 r8:8020029c r7:00000036 r6:00346450 r5:00000000
 r4:00000000
Code: e6ef3076 e0842002 e7f32052 e2422612 (e5c23000) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	e6ef3076 	uxtb	r3, r6
   4:	e0842002 	add	r2, r4, r2
   8:	e7f32052 	ubfx	r2, r2, #0, #20
   c:	e2422612 	sub	r2, r2, #18874368	@ 0x1200000
* 10:	e5c23000 	strb	r3, [r2] <-- trapping instruction