------------[ cut here ]------------
kernel BUG at include/linux/scatterlist.h:187!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 1 PID: 15077 Comm: syz-executor.0 Not tainted 6.9.0-rc1-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at sg_set_buf include/linux/scatterlist.h:187 [inline]
PC is at sg_init_one+0x9c/0xa8 lib/scatterlist.c:143
LR is at sg_init_table+0x2c/0x40 lib/scatterlist.c:128
pc : [<807e8650>]    lr : [<807e6a44>]    psr: 80000113
sp : eb03dad0  ip : eb03db08  fp : eb03daec
r10: 00000000  r9 : ffedc004  r8 : ff7fbf1c
r7 : 00000074  r6 : eb03daf0  r5 : 83f34bb8  r4 : ffedc004
r3 : df000000  r2 : ffffffd8  r1 : 00000000  r0 : eb03daf0
Flags: Nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 30c5387d  Table: 84431c80  DAC: 00000000
Register r0 information: 2-page vmalloc region starting at 0xeb03c000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r1 information: NULL pointer
Register r2 information: non-paged memory
Register r3 information: non-paged memory
Register r4 information: non-paged memory
Register r5 information: slab vmap_area start 83f34bb8 pointer offset 0 size 40
Register r6 information: 2-page vmalloc region starting at 0xeb03c000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r7 information: non-paged memory
Register r8 information: 0-page vmalloc region starting at 0xff7d8000 allocated at pcpu_get_vm_areas+0x0/0x12c8 mm/vmalloc.c:3064
Register r9 information: non-paged memory
Register r10 information: NULL pointer
Register r11 information: 2-page vmalloc region starting at 0xeb03c000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r12 information: 2-page vmalloc region starting at 0xeb03c000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Process syz-executor.0 (pid: 15077, stack limit = 0xeb03c000)
Stack: (0xeb03dad0 to 0xeb03e000)
dac0:                                     ff7fbefc 83f34bb8 dedc2948 83d41580
dae0: eb03db4c eb03daf0 804c3ddc 807e85c0 00000002 00000000 00000000 00000000
db00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
db20: 00000004 46bd90c1 83f34bb8 00000004 dedc2948 84439ac4 84439ac0 84439ac0
db40: eb03db74 eb03db50 804c6a20 804c3d2c dedc2948 00000000 eb03dbe4 00000000
db60: 845a8c00 84425600 eb03dbc4 eb03db78 804bbbfc 804c68d0 804bd120 802e27a0
db80: eb03dbec 00000000 00100cca 00000000 00000000 46bd90c1 eb03dbd4 00000004
dba0: 00100cca 00000000 00000000 eb03dbe3 00000007 00000000 eb03dc3c eb03dbc8
dbc0: 804bd61c 804bbb60 eb03dbe3 00000000 8184cfa4 dedc2948 00000005 00000005
dbe0: 017ed340 00000000 00000000 00000000 00000000 00000000 00000001 00000000
dc00: eb03dc00 eb03dc00 818753b0 46bd90c1 00000406 00000001 00000000 00000005
dc20: 83ffad20 00100cca 00000000 eb03dd50 eb03dcb4 eb03dc40 804bd970 804bd464
dc40: 00000000 46bd90c1 00000001 eb03dd50 00000000 00000000 eb03dc8c eb03dc68
dc60: 8042e9b8 8042e80c eb03dd50 8260cac8 83ffad20 76bb9000 84425600 00000000
dc80: eb03dcb4 46bd90c1 804bcdf0 eb03dd50 00000000 00000005 83ffad20 84425600
dca0: 00000000 00000000 eb03dd14 eb03dcb8 8047f370 804bd914 80494464 80479d24
dcc0: eb03dd84 845a8c00 00000000 00000000 76bb9000 83f20c00 eb03dd14 eb03dce8
dce0: 84425600 804943ec fee20003 00000214 845a8c00 76bb9000 83ffad20 76bb9000
dd00: 83f20c00 00000000 eb03ddc4 eb03dd18 80480c54 8047f17c 83f20c40 ffffffff
dd20: eb03dd88 76bb9ae8 81c66394 8439950c 83f20c40 76b9a000 76bb9fff 8439950c
dd40: 00000000 ffffffff eb03dd50 eb03de48 83ffad20 00000cc0 00076bb9 76bb9000
dd60: 76bb9000 00000a14 840e6da8 84431c88 00000580 00000000 00000000 00000000
dd80: 00000000 defd0c94 00000000 00000000 eb03ddc4 46bd90c1 80480310 eb03de48
dda0: 76bb9ae8 00000214 00000207 76bb9000 83f20c00 00000007 eb03de0c eb03ddc8
ddc0: 80215d94 80480888 eb03de0c eb03ddd8 81897158 818984d8 01c8a119 845a8c00
dde0: eb03de3c 8261d0e0 00000207 76bb9ae8 eb03de48 80215c4c 845a8c00 003d0f00
de00: eb03de44 eb03de10 802161dc 80215c58 8189aa28 a3ea1a58 eb03de34 eb03de28
de20: 818a3788 81848d04 00000113 ffffffff eb03de7c 00000000 eb03df44 eb03de48
de40: 80200ae4 802161b0 eb03ded0 76bb9ae8 ffffffe8 00000000 845a8c00 eb03dee0
de60: eb03dfb0 76bb9ae0 00000000 845a8c00 003d0f00 eb03df44 00000018 eb03de94
de80: 80426de4 81848d04 00000113 ffffffff 8089c160 eb03dee0 eb03dfb0 00000000
dea0: 845a8c00 eb03ded0 00000008 00000000 845a8c00 80426de4 96750be9 00000150
dec0: ff7bda58 83f20c00 00016910 00000000 00000000 00000000 845a8c00 05f5e100
dee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
df00: 845a8c00 8285962c 845a8c00 003d0f00 eb03df44 46bd90c1 8026c690 845a8c00
df20: eb03dfb0 00000000 845a8c00 00000000 845a8c00 003d0f00 eb03dfac eb03df48
df40: 8020bc18 80426c5c 80307670 802fd814 00000000 81a04f98 eb03dfa4 eb03df68
df60: 803097c4 80307620 00000001 00000000 1dcd6500 00000000 80255e5c 46bd90c1
df80: 845a8c00 46bd90c1 00016910 20000010 ffffffff 845a8c00 00000000 845a8c00
dfa0: 00000000 eb03dfb0 80200088 8020bb2c ffffffff 00000004 000001b0 00000000
dfc0: 00000000 d7206365 00000000 00000000 7ee4a32e 7ee4a32f 003d0f00 76bb90fc
dfe0: 20000a30 20000a30 00016910 00016910 20000010 ffffffff 00000000 00000000
Call trace: 
[<807e85b4>] (sg_init_one) from [<804c3ddc>] (zswap_decompress+0xbc/0x208 mm/zswap.c:1089)
 r7:83d41580 r6:dedc2948 r5:83f34bb8 r4:ff7fbefc
[<804c3d20>] (zswap_decompress) from [<804c6a20>] (zswap_load+0x15c/0x198 mm/zswap.c:1637)
 r9:84439ac0 r8:84439ac0 r7:84439ac4 r6:dedc2948 r5:00000004 r4:83f34bb8
[<804c68c4>] (zswap_load) from [<804bbbfc>] (swap_read_folio+0xa8/0x498 mm/page_io.c:518)
 r9:84425600 r8:845a8c00 r7:00000000 r6:eb03dbe4 r5:00000000 r4:dedc2948
[<804bbb54>] (swap_read_folio) from [<804bd61c>] (swap_cluster_readahead+0x1c4/0x34c mm/swap_state.c:684)
 r10:00000000 r9:00000007 r8:eb03dbe3 r7:00000000 r6:00000000 r5:00100cca
 r4:00000004
[<804bd458>] (swap_cluster_readahead) from [<804bd970>] (swapin_readahead+0x68/0x4a8 mm/swap_state.c:904)
 r10:eb03dd50 r9:00000000 r8:00100cca r7:83ffad20 r6:00000005 r5:00000000
 r4:00000001
[<804bd908>] (swapin_readahead) from [<8047f370>] (do_swap_page+0x200/0xcc4 mm/memory.c:4046)
 r10:00000000 r9:00000000 r8:84425600 r7:83ffad20 r6:00000005 r5:00000000
 r4:eb03dd50
[<8047f170>] (do_swap_page) from [<80480c54>] (handle_pte_fault mm/memory.c:5301 [inline])
[<8047f170>] (do_swap_page) from [<80480c54>] (__handle_mm_fault mm/memory.c:5439 [inline])
[<8047f170>] (do_swap_page) from [<80480c54>] (handle_mm_fault+0x3d8/0x12b8 mm/memory.c:5604)
 r10:00000000 r9:83f20c00 r8:76bb9000 r7:83ffad20 r6:76bb9000 r5:845a8c00
 r4:00000214
[<8048087c>] (handle_mm_fault) from [<80215d94>] (do_page_fault+0x148/0x3a8 arch/arm/mm/fault.c:333)
 r10:00000007 r9:83f20c00 r8:76bb9000 r7:00000207 r6:00000214 r5:76bb9ae8
 r4:eb03de48
[<80215c4c>] (do_page_fault) from [<802161dc>] (do_DataAbort+0x38/0xa8 arch/arm/mm/fault.c:565)
 r10:003d0f00 r9:845a8c00 r8:80215c4c r7:eb03de48 r6:76bb9ae8 r5:00000207
 r4:8261d0e0
[<802161a4>] (do_DataAbort) from [<80200ae4>] (__dabt_svc+0x44/0x60 arch/arm/kernel/entry-armv.S:212)
Exception stack(0xeb03de48 to 0xeb03de90)
de40:                   eb03ded0 76bb9ae8 ffffffe8 00000000 845a8c00 eb03dee0
de60: eb03dfb0 76bb9ae0 00000000 845a8c00 003d0f00 eb03df44 00000018 eb03de94
de80: 80426de4 81848d04 00000113 ffffffff
 r8:00000000 r7:eb03de7c r6:ffffffff r5:00000113 r4:81848d04
[<80426c50>] (__rseq_handle_notify_resume) from [<8020bc18>] (rseq_handle_notify_resume include/linux/rseq.h:38 [inline])
[<80426c50>] (__rseq_handle_notify_resume) from [<8020bc18>] (resume_user_mode_work include/linux/resume_user_mode.h:62 [inline])
[<80426c50>] (__rseq_handle_notify_resume) from [<8020bc18>] (do_work_pending+0xf8/0x4c0 arch/arm/kernel/signal.c:631)
 r10:003d0f00 r9:845a8c00 r8:00000000 r7:845a8c00 r6:00000000 r5:eb03dfb0
 r4:845a8c00
[<8020bb20>] (do_work_pending) from [<80200088>] (slow_work_pending+0xc/0x24)
Exception stack(0xeb03dfb0 to 0xeb03dff8)
dfa0:                                     ffffffff 00000004 000001b0 00000000
dfc0: 00000000 d7206365 00000000 00000000 7ee4a32e 7ee4a32f 003d0f00 76bb90fc
dfe0: 20000a30 20000a30 00016910 00016910 20000010 ffffffff
 r9:845a8c00 r8:00000000 r7:845a8c00 r6:ffffffff r5:20000010 r4:00016910
Code: 1a000004 e1822003 e8860094 e89da8f0 (e7f001f2) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	1a000004 	bne	0x18
   4:	e1822003 	orr	r2, r2, r3
   8:	e8860094 	stm	r6, {r2, r4, r7}
   c:	e89da8f0 	ldm	sp, {r4, r5, r6, r7, fp, sp, pc}
* 10:	e7f001f2 	udf	#18 <-- trapping instruction