------------[ cut here ]------------
kernel BUG at include/linux/scatterlist.h:187!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 1 PID: 28503 Comm: syz-executor.0 Not tainted 6.9.0-rc1-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at sg_set_buf include/linux/scatterlist.h:187 [inline]
PC is at sg_init_one+0x9c/0xa8 lib/scatterlist.c:143
LR is at sg_init_table+0x2c/0x40 lib/scatterlist.c:128
pc : [<807e8518>]    lr : [<807e690c>]    psr: 80000113
sp : e09fdad0  ip : e09fdb08  fp : e09fdaec
r10: 00000000  r9 : ffedc004  r8 : ff7fbf1c
r7 : 0000009c  r6 : e09fdaf0  r5 : 9d28e2a8  r4 : ffedc004
r3 : df000000  r2 : ffffffd8  r1 : 00000000  r0 : e09fdaf0
Flags: Nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 30c5387d  Table: 89a2dcc0  DAC: 00000000
Register r0 information: 2-page vmalloc region starting at 0xe09fc000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r1 information: NULL pointer
Register r2 information: non-paged memory
Register r3 information: non-paged memory
Register r4 information: non-paged memory
Register r5 information: slab vmap_area start 9d28e2a8 pointer offset 0 size 40
Register r6 information: 2-page vmalloc region starting at 0xe09fc000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r7 information: non-paged memory
Register r8 information: 0-page vmalloc region starting at 0xff7d8000 allocated at pcpu_get_vm_areas+0x0/0x12c8 mm/vmalloc.c:3064
Register r9 information: non-paged memory
Register r10 information: NULL pointer
Register r11 information: 2-page vmalloc region starting at 0xe09fc000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r12 information: 2-page vmalloc region starting at 0xe09fc000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Process syz-executor.0 (pid: 28503, stack limit = 0xe09fc000)
Stack: (0xe09fdad0 to 0xe09fe000)
dac0:                                     ff7fbefc 9d28e2a8 deb871b4 83e1c8c0
dae0: e09fdb4c e09fdaf0 804c3dd4 807e8488 00000002 00000000 00000000 00000000
db00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
db20: 000000f0 c3964dcd 9d28e2a8 000000f0 deb871b4 84413504 84413500 84413500
db40: e09fdb74 e09fdb50 804c6a18 804c3d24 deb871b4 00000000 e09fdbe4 00000000
db60: 89632400 84516c00 e09fdbc4 e09fdb78 804bbbf4 804c68c8 804bd118 802e2798
db80: 00000598 00000000 00100cca 00000000 00000000 c3964dcd 89632400 000000f0
dba0: 00100cca 00000000 00000000 e09fdbe3 000000f7 00000000 e09fdc3c e09fdbc8
dbc0: 804bd614 804bbb58 e09fdbe3 00000000 00000004 deb871b4 000000f6 000000f6
dbe0: 019fdc0c 00000000 00000000 00000000 00000000 00000000 00000001 00000000
dc00: e09fdc00 e09fdc00 81875270 c3964dcd 00000406 00000001 00000000 000000f6
dc20: 844dbea0 00100cca 00000000 e09fdd50 e09fdcb4 e09fdc40 804bd968 804bd45c
dc40: 00000000 c3964dcd 00000001 e09fdd50 00000000 00000000 e09fdc8c e09fdc68
dc60: 8042e9b0 8042e804 e09fdd50 8260cac8 844dbea0 76b02000 84516c00 00000000
dc80: e09fdcb4 c3964dcd 804bcde8 e09fdd50 00000000 000000f6 844dbea0 84516c00
dca0: 00000000 00000000 e09fdd14 e09fdcb8 8047f368 804bd90c 8049445c 80479d1c
dcc0: e09fdd84 89632400 00000000 00000000 76b02000 89957900 e09fdd14 e09fdce8
dce0: 84516c00 804943e4 fe701003 00000214 89632400 76b02000 844dbea0 76b02000
dd00: 89957900 00000000 e09fddc4 e09fdd18 80480c4c 8047f174 89957940 ffffffff
dd20: e09fdd88 76b02ae8 81c66394 843a680c 89957940 76ae3000 76b02fff 843a680c
dd40: 00000000 ffffffff e09fdd50 e09fde48 844dbea0 00000cc0 00076b02 76b02000
dd60: 76b02000 00000a14 a2ff1da8 89a2dcc8 0000f680 00000000 00000000 00000000
dd80: 00000000 defc0c38 00000000 00000000 e09fddc4 c3964dcd 80480308 e09fde48
dda0: 76b02ae8 00000214 00000207 76b02000 89957900 00000007 e09fde0c e09fddc8
ddc0: 80215d94 80480880 802e03b8 81897b1c 8089b028 ddde43c0 60000013 89632400
dde0: e09fde04 8261d0e0 00000207 76b02ae8 e09fde48 80215c4c 89632400 003d0f00
de00: e09fde44 e09fde10 802161dc 80215c58 e09fde34 e09fde20 8023ff84 802e0ad8
de20: 00000000 81848bcc 00000013 ffffffff e09fde7c 00000000 e09fdf44 e09fde48
de40: 80200ae4 802161b0 e09fded0 76b02ae8 ffffffe8 00000000 89632400 e09fdee0
de60: e09fdfb0 76b02ae0 00000000 89632400 003d0f00 e09fdf44 00000018 e09fde94
de80: 80426ddc 81848bcc 00000013 ffffffff 8089c028 e09fdee0 e09fdfb0 00000000
dea0: 89632400 e09fded0 00000008 00000000 89632400 80426ddc 00000002 c3964dcd
dec0: e09fdf20 818a3708 00016910 00000000 00000000 00000000 89632400 05f5e100
dee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
df00: 89632400 8285962c 89632400 003d0f00 e09fdf44 c3964dcd 8026c690 89632400
df20: e09fdfb0 00000000 89632400 00000000 89632400 003d0f00 e09fdfac e09fdf48
df40: 8020bc18 80426c54 80307668 802fd80c 00000000 81a04f98 e09fdfa4 e09fdf68
df60: 803097bc 80307618 00000001 00000000 1dcd6500 00000000 80255e5c c3964dcd
df80: 89632400 c3964dcd 00016910 20000010 ffffffff 89632400 00000000 89632400
dfa0: 00000000 e09fdfb0 80200088 8020bb2c ffffffff 00000004 000001b0 00000000
dfc0: 00000000 00000000 00000000 00000000 7ede432e 7ede432f 003d0f00 76b020fc
dfe0: 200000d0 200000d0 00016910 00016910 20000010 ffffffff 00000000 00000000
Call trace: 
[<807e847c>] (sg_init_one) from [<804c3dd4>] (zswap_decompress+0xbc/0x208 mm/zswap.c:1089)
 r7:83e1c8c0 r6:deb871b4 r5:9d28e2a8 r4:ff7fbefc
[<804c3d18>] (zswap_decompress) from [<804c6a18>] (zswap_load+0x15c/0x198 mm/zswap.c:1637)
 r9:84413500 r8:84413500 r7:84413504 r6:deb871b4 r5:000000f0 r4:9d28e2a8
[<804c68bc>] (zswap_load) from [<804bbbf4>] (swap_read_folio+0xa8/0x498 mm/page_io.c:518)
 r9:84516c00 r8:89632400 r7:00000000 r6:e09fdbe4 r5:00000000 r4:deb871b4
[<804bbb4c>] (swap_read_folio) from [<804bd614>] (swap_cluster_readahead+0x1c4/0x34c mm/swap_state.c:684)
 r10:00000000 r9:000000f7 r8:e09fdbe3 r7:00000000 r6:00000000 r5:00100cca
 r4:000000f0
[<804bd450>] (swap_cluster_readahead) from [<804bd968>] (swapin_readahead+0x68/0x4a8 mm/swap_state.c:904)
 r10:e09fdd50 r9:00000000 r8:00100cca r7:844dbea0 r6:000000f6 r5:00000000
 r4:00000001
[<804bd900>] (swapin_readahead) from [<8047f368>] (do_swap_page+0x200/0xcc4 mm/memory.c:4046)
 r10:00000000 r9:00000000 r8:84516c00 r7:844dbea0 r6:000000f6 r5:00000000
 r4:e09fdd50
[<8047f168>] (do_swap_page) from [<80480c4c>] (handle_pte_fault mm/memory.c:5301 [inline])
[<8047f168>] (do_swap_page) from [<80480c4c>] (__handle_mm_fault mm/memory.c:5439 [inline])
[<8047f168>] (do_swap_page) from [<80480c4c>] (handle_mm_fault+0x3d8/0x12b8 mm/memory.c:5604)
 r10:00000000 r9:89957900 r8:76b02000 r7:844dbea0 r6:76b02000 r5:89632400
 r4:00000214
[<80480874>] (handle_mm_fault) from [<80215d94>] (do_page_fault+0x148/0x3a8 arch/arm/mm/fault.c:333)
 r10:00000007 r9:89957900 r8:76b02000 r7:00000207 r6:00000214 r5:76b02ae8
 r4:e09fde48
[<80215c4c>] (do_page_fault) from [<802161dc>] (do_DataAbort+0x38/0xa8 arch/arm/mm/fault.c:565)
 r10:003d0f00 r9:89632400 r8:80215c4c r7:e09fde48 r6:76b02ae8 r5:00000207
 r4:8261d0e0
[<802161a4>] (do_DataAbort) from [<80200ae4>] (__dabt_svc+0x44/0x60 arch/arm/kernel/entry-armv.S:212)
Exception stack(0xe09fde48 to 0xe09fde90)
de40:                   e09fded0 76b02ae8 ffffffe8 00000000 89632400 e09fdee0
de60: e09fdfb0 76b02ae0 00000000 89632400 003d0f00 e09fdf44 00000018 e09fde94
de80: 80426ddc 81848bcc 00000013 ffffffff
 r8:00000000 r7:e09fde7c r6:ffffffff r5:00000013 r4:81848bcc
[<80426c48>] (__rseq_handle_notify_resume) from [<8020bc18>] (rseq_handle_notify_resume include/linux/rseq.h:38 [inline])
[<80426c48>] (__rseq_handle_notify_resume) from [<8020bc18>] (resume_user_mode_work include/linux/resume_user_mode.h:62 [inline])
[<80426c48>] (__rseq_handle_notify_resume) from [<8020bc18>] (do_work_pending+0xf8/0x4c0 arch/arm/kernel/signal.c:631)
 r10:003d0f00 r9:89632400 r8:00000000 r7:89632400 r6:00000000 r5:e09fdfb0
 r4:89632400
[<8020bb20>] (do_work_pending) from [<80200088>] (slow_work_pending+0xc/0x24)
Exception stack(0xe09fdfb0 to 0xe09fdff8)
dfa0:                                     ffffffff 00000004 000001b0 00000000
dfc0: 00000000 00000000 00000000 00000000 7ede432e 7ede432f 003d0f00 76b020fc
dfe0: 200000d0 200000d0 00016910 00016910 20000010 ffffffff
 r9:89632400 r8:00000000 r7:89632400 r6:ffffffff r5:20000010 r4:00016910
Code: 1a000004 e1822003 e8860094 e89da8f0 (e7f001f2) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	1a000004 	bne	0x18
   4:	e1822003 	orr	r2, r2, r3
   8:	e8860094 	stm	r6, {r2, r4, r7}
   c:	e89da8f0 	ldm	sp, {r4, r5, r6, r7, fp, sp, pc}
* 10:	e7f001f2 	udf	#18 <-- trapping instruction