------------[ cut here ]------------
kernel BUG at include/linux/scatterlist.h:187!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 0 PID: 6506 Comm: syz-executor.1 Not tainted 6.9.0-rc1-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at sg_set_buf include/linux/scatterlist.h:187 [inline]
PC is at sg_init_one+0x9c/0xa8 lib/scatterlist.c:143
LR is at sg_init_table+0x2c/0x40 lib/scatterlist.c:128
pc : [<807e8658>]    lr : [<807e6a4c>]    psr: 80000113
sp : dfb21b68  ip : dfb21ba0  fp : dfb21b84
r10: 00000000  r9 : ffefd004  r8 : ff7e7f1c
r7 : 00000046  r6 : dfb21b88  r5 : 851875a0  r4 : ffefd004
r3 : df000000  r2 : ffffffd8  r1 : 00000000  r0 : dfb21b88
Flags: Nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 30c5387d  Table: 84b9c280  DAC: fffffffd
Register r0 information: 2-page vmalloc region starting at 0xdfb20000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r1 information: NULL pointer
Register r2 information: non-paged memory
Register r3 information: non-paged memory
Register r4 information: non-paged memory
Register r5 information: slab vmap_area start 851875a0 pointer offset 0 size 40
Register r6 information: 2-page vmalloc region starting at 0xdfb20000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r7 information: non-paged memory
Register r8 information: 0-page vmalloc region starting at 0xff7d8000 allocated at pcpu_get_vm_areas+0x0/0x12c8 mm/vmalloc.c:3064
Register r9 information: non-paged memory
Register r10 information: NULL pointer
Register r11 information: 2-page vmalloc region starting at 0xdfb20000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r12 information: 2-page vmalloc region starting at 0xdfb20000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Process syz-executor.1 (pid: 6506, stack limit = 0xdfb20000)
Stack: (0xdfb21b68 to 0xdfb22000)
1b60:                   ff7e7efc 851875a0 ded71af8 8418ae00 dfb21be4 dfb21b88
1b80: 804c3de4 807e85c8 00000002 00000000 00000000 00000000 00000000 00000000
1ba0: 00000000 00000000 00000000 00000000 00000000 00000000 00000003 f509ed14
1bc0: 851875a0 00000003 ded71af8 84320984 84320980 84320980 dfb21c0c dfb21be8
1be0: 804c6a28 804c3d34 ded71af8 00000001 dfb21c7c 00000000 849c2400 8482e400
1c00: dfb21c5c dfb21c10 804bbc04 804c68d8 804bd128 802e27a0 00000000 00000000
1c20: 00100cca 00000000 00000000 f509ed14 00000cc0 00000003 00100cca 00000000
1c40: 00000000 dfb21c7b 00000007 00000000 dfb21cd4 dfb21c60 804bd624 804bbb68
1c60: dfb21c7b 00000000 849c2680 ded71af8 00000003 00000003 01b20000 00000000
1c80: 00000000 00000000 00000000 00000000 00000001 00000000 dfb21c98 dfb21c98
1ca0: 818753b0 f509ed14 00000406 00000001 00000000 00000003 84897e40 00100cca
1cc0: 00000000 dfb21de8 dfb21d4c dfb21cd8 804bd978 804bd46c 00000000 f509ed14
1ce0: 00000001 dfb21de8 00000000 00000000 dfb21d24 dfb21d00 8042e9c0 8042e814
1d00: dfb21de8 8260cac8 84897e40 20000000 8482e400 00000000 dfb21d4c f509ed14
1d20: 804bcdf8 dfb21de8 00000000 00000003 84897e40 8482e400 00000000 00000000
1d40: dfb21dac dfb21d50 8047f378 804bd91c dfb21e5c dfb21d60 80200b84 81848b78
1d60: ffefd000 00000a15 00000000 00000000 00000215 849c2400 8482e400 84897e40
1d80: 20000000 00000215 849c2400 20000000 84897e40 20000000 85366400 00000000
1da0: dfb21e5c dfb21db0 80480c5c 8047f184 85366440 ffffffff dfb21e20 20000040
1dc0: 81c66394 8620870c 85366440 20000000 20ffffff 8620870c 00000000 ffffffff
1de0: dfb21de8 dfb21ee0 84897e40 00000cc0 00020000 20000000 20000000 00000a15
1e00: 8610f800 84b9c280 00000380 00000000 00000000 00000000 00000000 defc26f0
1e20: 00000000 00000000 dfb21e5c f509ed14 80480318 dfb21ee0 20000040 00000215
1e40: 00000a07 20000000 85366400 00000002 dfb21ea4 dfb21e60 80215d94 80480890
1e60: 00000000 00000000 00000000 ffffffff 00000000 849c2400 8020c17c 8261d0e0
1e80: 00000a07 20000040 dfb21ee0 80215c4c 849c2400 00000107 dfb21edc dfb21ea8
1ea0: 802161dc 80215c58 00000008 00000000 00000008 80426d80 00000000 81849120
1ec0: 00000013 ffffffff dfb21f14 80200288 dfb21f74 dfb21ee0 80200ae4 802161b0
1ee0: 20000040 dfb21f5c ffffffe8 00000000 20000040 00000000 0014c2c4 00000107
1f00: 80200288 10005289 00000107 dfb21f74 00000018 dfb21f2c 23446244 81849120
1f20: 00000013 ffffffff 8089c168 00000000 0014c2c4 80200288 849c2400 20000040
1f40: 00000008 00000000 20000040 802f5868 849c2400 10005289 23446244 f509ed14
1f60: 80307ba0 20000040 dfb21fa4 dfb21f78 8030943c 802f57f4 10005289 00000000
1f80: 23446244 00000000 0006b3f4 f509ed14 ffffffff 00000000 00000000 dfb21fa8
1fa0: 80200060 80309398 00000000 00000000 00000000 20000040 00000000 00000000
1fc0: 00000000 00000000 0014c2c4 00000107 7ed1032e 7ed1032f 003d0f00 76be90fc
1fe0: 76be8f08 76be8ef8 000167f8 00050bc0 60000010 00000000 00000000 00000000
Call trace: 
[<807e85bc>] (sg_init_one) from [<804c3de4>] (zswap_decompress+0xbc/0x208 mm/zswap.c:1089)
 r7:8418ae00 r6:ded71af8 r5:851875a0 r4:ff7e7efc
[<804c3d28>] (zswap_decompress) from [<804c6a28>] (zswap_load+0x15c/0x198 mm/zswap.c:1637)
 r9:84320980 r8:84320980 r7:84320984 r6:ded71af8 r5:00000003 r4:851875a0
[<804c68cc>] (zswap_load) from [<804bbc04>] (swap_read_folio+0xa8/0x498 mm/page_io.c:518)
 r9:8482e400 r8:849c2400 r7:00000000 r6:dfb21c7c r5:00000001 r4:ded71af8
[<804bbb5c>] (swap_read_folio) from [<804bd624>] (swap_cluster_readahead+0x1c4/0x34c mm/swap_state.c:684)
 r10:00000000 r9:00000007 r8:dfb21c7b r7:00000000 r6:00000000 r5:00100cca
 r4:00000003
[<804bd460>] (swap_cluster_readahead) from [<804bd978>] (swapin_readahead+0x68/0x4a8 mm/swap_state.c:904)
 r10:dfb21de8 r9:00000000 r8:00100cca r7:84897e40 r6:00000003 r5:00000000
 r4:00000001
[<804bd910>] (swapin_readahead) from [<8047f378>] (do_swap_page+0x200/0xcc4 mm/memory.c:4046)
 r10:00000000 r9:00000000 r8:8482e400 r7:84897e40 r6:00000003 r5:00000000
 r4:dfb21de8
[<8047f178>] (do_swap_page) from [<80480c5c>] (handle_pte_fault mm/memory.c:5301 [inline])
[<8047f178>] (do_swap_page) from [<80480c5c>] (__handle_mm_fault mm/memory.c:5439 [inline])
[<8047f178>] (do_swap_page) from [<80480c5c>] (handle_mm_fault+0x3d8/0x12b8 mm/memory.c:5604)
 r10:00000000 r9:85366400 r8:20000000 r7:84897e40 r6:20000000 r5:849c2400
 r4:00000215
[<80480884>] (handle_mm_fault) from [<80215d94>] (do_page_fault+0x148/0x3a8 arch/arm/mm/fault.c:333)
 r10:00000002 r9:85366400 r8:20000000 r7:00000a07 r6:00000215 r5:20000040
 r4:dfb21ee0
[<80215c4c>] (do_page_fault) from [<802161dc>] (do_DataAbort+0x38/0xa8 arch/arm/mm/fault.c:565)
 r10:00000107 r9:849c2400 r8:80215c4c r7:dfb21ee0 r6:20000040 r5:00000a07
 r4:8261d0e0
[<802161a4>] (do_DataAbort) from [<80200ae4>] (__dabt_svc+0x44/0x60 arch/arm/kernel/entry-armv.S:212)
Exception stack(0xdfb21ee0 to 0xdfb21f28)
1ee0: 20000040 dfb21f5c ffffffe8 00000000 20000040 00000000 0014c2c4 00000107
1f00: 80200288 10005289 00000107 dfb21f74 00000018 dfb21f2c 23446244 81849120
1f20: 00000013 ffffffff
 r8:80200288 r7:dfb21f14 r6:ffffffff r5:00000013 r4:81849120
[<802f57e8>] (put_old_timespec32) from [<8030943c>] (__do_sys_clock_gettime32 kernel/time/posix-timers.c:1299 [inline])
[<802f57e8>] (put_old_timespec32) from [<8030943c>] (sys_clock_gettime32+0xb0/0xe8 kernel/time/posix-timers.c:1287)
 r4:20000040
[<8030938c>] (sys_clock_gettime32) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:66)
Exception stack(0xdfb21fa8 to 0xdfb21ff0)
1fa0:                   00000000 00000000 00000000 20000040 00000000 00000000
1fc0: 00000000 00000000 0014c2c4 00000107 7ed1032e 7ed1032f 003d0f00 76be90fc
1fe0: 76be8f08 76be8ef8 000167f8 00050bc0
 r4:00000000
Code: 1a000004 e1822003 e8860094 e89da8f0 (e7f001f2) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	1a000004 	bne	0x18
   4:	e1822003 	orr	r2, r2, r3
   8:	e8860094 	stm	r6, {r2, r4, r7}
   c:	e89da8f0 	ldm	sp, {r4, r5, r6, r7, fp, sp, pc}
* 10:	e7f001f2 	udf	#18 <-- trapping instruction