------------[ cut here ]------------
kernel BUG at include/linux/scatterlist.h:187!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 0 PID: 5954 Comm: syz-executor.1 Not tainted 6.9.0-rc1-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at sg_set_buf include/linux/scatterlist.h:187 [inline]
PC is at sg_init_one+0x9c/0xa8 lib/scatterlist.c:143
LR is at sg_init_table+0x2c/0x40 lib/scatterlist.c:128
pc : [<807e8518>]    lr : [<807e690c>]    psr: 80000113
sp : ebaa9ad0  ip : ebaa9b08  fp : ebaa9aec
r10: ebaa9d50  r9 : ffefd804  r8 : ff7e7f1c
r7 : 000000f2  r6 : ebaa9af0  r5 : 835703e8  r4 : ffefd804
r3 : df000000  r2 : ffffffd8  r1 : 00000000  r0 : ebaa9af0
Flags: Nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 30c5387d  Table: 847f0600  DAC: fffffffd
Register r0 information:
 2-page vmalloc region starting at 0xebaa8000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r1 information:
 NULL pointer
Register r2 information:
 non-paged memory
Register r3 information: non-paged memory
Register r4 information:
 non-paged memory
Register r5 information: slab vmap_area start 835703e8
 pointer offset 0
 size 40

Register r6 information:
 2-page vmalloc region starting at 0xebaa8000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r7 information:
 non-paged memory
Register r8 information:
 0-page vmalloc region starting at 0xff7d8000 allocated at pcpu_get_vm_areas+0x0/0x12c8 mm/vmalloc.c:3064
Register r9 information:
 non-paged memory
Register r10 information:
 2-page vmalloc region starting at 0xebaa8000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r11 information:
 2-page vmalloc region starting at 0xebaa8000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r12 information:
 2-page vmalloc region starting at 0xebaa8000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Process syz-executor.1 (pid: 5954, stack limit = 0xebaa8000)
Stack: (0xebaa9ad0 to 0xebaaa000)
9ac0:                                     ff7e7efc 835703e8 ded6c770 82f86f80
9ae0: ebaa9b4c ebaa9af0 804c3dd4 807e8488 00000002 00000000 00000000 00000000
9b00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
9b20: 00000098 8a359738 835703e8 00000098 ded6c770 84299104 84299100 84299100
9b40: ebaa9b74 ebaa9b50 804c6a18 804c3d24 ded6c770 00000000 00000000 00000000
9b60: 8ba68c00 842c4000 ebaa9bc4 ebaa9b78 804bbbf4 804c68c8 804bd118 802e2798
9b80: 00000598 00000000 00100cca 00000000 00000000 8a359738 ebaa9bc4 ded6c770
9ba0: 00000000 00000000 00000000 ebaa9be3 00000000 ebaa9d50 ebaa9c3c ebaa9bc8
9bc0: 804bd76c 804bbb58 ebaa9be3 00000000 00000004 8a359738 00000098 00000098
9be0: 01aa9c0c 00000000 00000000 00000000 00000000 00000000 00000000 00000000
9c00: 00000000 00000000 81875270 8a359738 00000406 00000001 00000000 00000098
9c20: 8b8293c0 00100cca 00000000 ebaa9d50 ebaa9cb4 ebaa9c40 804bd968 804bd45c
9c40: 00000000 8a359738 ebaa9cb8 ebaa9d50 00000000 00000000 ebaa9c8c ebaa9c68
9c60: 8042e9b0 8042e804 ebaa9d50 8260cac8 8b8293c0 76b9e000 842c4000 00000000
9c80: ebaa9cb4 8a359738 804bcde8 ebaa9d50 00000000 00000098 8b8293c0 842c4000
9ca0: 00000000 00000000 ebaa9d14 ebaa9cb8 8047f368 804bd90c 8049445c 80479d1c
9cc0: ebaa9d84 8ba68c00 00000000 00000000 76b9e000 83fbb000 ebaa9d14 ebaa9ce8
9ce0: 842c4000 804943e4 862d8003 00000214 8ba68c00 76b9e000 8b8293c0 76b9e000
9d00: 83fbb000 00000000 ebaa9dc4 ebaa9d18 80480c4c 8047f174 83fbb040 ffffffff
9d20: ebaa9d88 76b9eae8 81c66394 8426cf0c 83fbb040 76b7f000 76b9efff 8426cf0c
9d40: 00000000 ffffffff ebaa9d50 ebaa9e48 8b8293c0 00000cc0 00076b9e 76b9e000
9d60: 76b9e000 00000a14 8605eda8 847f0608 00009880 00000000 00000000 00000000
9d80: 00000000 dded7674 00000000 00000000 ebaa9dc4 8a359738 80480308 ebaa9e48
9da0: 76b9eae8 00000214 00000207 76b9e000 83fbb000 00000007 ebaa9e0c ebaa9dc8
9dc0: 80215d94 80480880 ebaa9e0c ebaa9dd8 81897018 81898398 00e4e4d3 8ba68c00
9de0: ebaa9e3c 8261d0e0 00000207 76b9eae8 ebaa9e48 80215c4c 8ba68c00 003d0f00
9e00: ebaa9e44 ebaa9e10 802161dc 80215c58 8189a8e8 a3ea21c0 ebaa9e34 ebaa9e28
9e20: 818a3648 81848bcc 00000013 ffffffff ebaa9e7c 00000000 ebaa9f44 ebaa9e48
9e40: 80200ae4 802161b0 ebaa9ed0 76b9eae8 ffffffe8 00000000 8ba68c00 ebaa9ee0
9e60: ebaa9fb0 76b9eae0 00000000 8ba68c00 003d0f00 ebaa9f44 00000018 ebaa9e94
9e80: 80426ddc 81848bcc 00000013 ffffffff 8089c028 ebaa9ee0 ebaa9fb0 00000000
9ea0: 8ba68c00 ebaa9ed0 00000008 00000000 8ba68c00 80426ddc fb532da3 0000009d
9ec0: ff7d21c0 83fbb000 000153f0 00000000 00000000 00000000 8ba68c00 05f5e100
9ee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
9f00: 8ba68c00 8285962c 8ba68c00 003d0f00 ebaa9f44 8a359738 8026c690 8ba68c00
9f20: ebaa9fb0 00000000 8ba68c00 00000000 8ba68c00 003d0f00 ebaa9fac ebaa9f48
9f40: 8020bc18 80426c54 80307668 802fd80c 00000000 81a04f98 ebaa9fa4 ebaa9f68
9f60: 803097bc 80307618 00000001 00000000 1dcd6500 00000000 80255e5c 8a359738
9f80: 8ba68c00 8a359738 000153f0 20000010 ffffffff 8ba68c00 00000000 8ba68c00
9fa0: 00000000 ebaa9fb0 80200088 8020bb2c ffffffff 00000004 000001b0 00000000
9fc0: 00000000 00000000 00000000 00000000 7eb5632e 7eb5632f 003d0f00 76b9e0fc
9fe0: 20001bd0 20001bd0 000153f0 000153f0 20000010 ffffffff 00000000 00000000
Call trace: 
[<807e847c>] (sg_init_one) from [<804c3dd4>] (zswap_decompress+0xbc/0x208 mm/zswap.c:1089)
 r7:82f86f80 r6:ded6c770 r5:835703e8 r4:ff7e7efc
[<804c3d18>] (zswap_decompress) from [<804c6a18>] (zswap_load+0x15c/0x198 mm/zswap.c:1637)
 r9:84299100 r8:84299100 r7:84299104 r6:ded6c770 r5:00000098 r4:835703e8
[<804c68bc>] (zswap_load) from [<804bbbf4>] (swap_read_folio+0xa8/0x498 mm/page_io.c:518)
 r9:842c4000 r8:8ba68c00 r7:00000000 r6:00000000 r5:00000000 r4:ded6c770
[<804bbb4c>] (swap_read_folio) from [<804bd76c>] (swap_cluster_readahead+0x31c/0x34c mm/swap_state.c:701)
 r10:ebaa9d50 r9:00000000 r8:ebaa9be3 r7:00000000 r6:00000000 r5:00000000
 r4:ded6c770
[<804bd450>] (swap_cluster_readahead) from [<804bd968>] (swapin_readahead+0x68/0x4a8 mm/swap_state.c:904)
 r10:ebaa9d50 r9:00000000 r8:00100cca r7:8b8293c0 r6:00000098 r5:00000000
 r4:00000001
[<804bd900>] (swapin_readahead) from [<8047f368>] (do_swap_page+0x200/0xcc4 mm/memory.c:4046)
 r10:00000000 r9:00000000 r8:842c4000 r7:8b8293c0 r6:00000098 r5:00000000
 r4:ebaa9d50
[<8047f168>] (do_swap_page) from [<80480c4c>] (handle_pte_fault mm/memory.c:5301 [inline])
[<8047f168>] (do_swap_page) from [<80480c4c>] (__handle_mm_fault mm/memory.c:5439 [inline])
[<8047f168>] (do_swap_page) from [<80480c4c>] (handle_mm_fault+0x3d8/0x12b8 mm/memory.c:5604)
 r10:00000000 r9:83fbb000 r8:76b9e000 r7:8b8293c0 r6:76b9e000 r5:8ba68c00
 r4:00000214
[<80480874>] (handle_mm_fault) from [<80215d94>] (do_page_fault+0x148/0x3a8 arch/arm/mm/fault.c:333)
 r10:00000007 r9:83fbb000 r8:76b9e000 r7:00000207 r6:00000214 r5:76b9eae8
 r4:ebaa9e48
[<80215c4c>] (do_page_fault) from [<802161dc>] (do_DataAbort+0x38/0xa8 arch/arm/mm/fault.c:565)
 r10:003d0f00 r9:8ba68c00 r8:80215c4c r7:ebaa9e48 r6:76b9eae8 r5:00000207
 r4:8261d0e0
[<802161a4>] (do_DataAbort) from [<80200ae4>] (__dabt_svc+0x44/0x60 arch/arm/kernel/entry-armv.S:212)
Exception stack(0xebaa9e48 to 0xebaa9e90)
9e40:                   ebaa9ed0 76b9eae8 ffffffe8 00000000 8ba68c00 ebaa9ee0
9e60: ebaa9fb0 76b9eae0 00000000 8ba68c00 003d0f00 ebaa9f44 00000018 ebaa9e94
9e80: 80426ddc 81848bcc 00000013 ffffffff
 r8:00000000 r7:ebaa9e7c r6:ffffffff r5:00000013 r4:81848bcc
[<80426c48>] (__rseq_handle_notify_resume) from [<8020bc18>] (rseq_handle_notify_resume include/linux/rseq.h:38 [inline])
[<80426c48>] (__rseq_handle_notify_resume) from [<8020bc18>] (resume_user_mode_work include/linux/resume_user_mode.h:62 [inline])
[<80426c48>] (__rseq_handle_notify_resume) from [<8020bc18>] (do_work_pending+0xf8/0x4c0 arch/arm/kernel/signal.c:631)
 r10:003d0f00 r9:8ba68c00 r8:00000000 r7:8ba68c00 r6:00000000 r5:ebaa9fb0
 r4:8ba68c00
[<8020bb20>] (do_work_pending) from [<80200088>] (slow_work_pending+0xc/0x24)
Exception stack(0xebaa9fb0 to 0xebaa9ff8)
9fa0:                                     ffffffff 00000004 000001b0 00000000
9fc0: 00000000 00000000 00000000 00000000 7eb5632e 7eb5632f 003d0f00 76b9e0fc
9fe0: 20001bd0 20001bd0 000153f0 000153f0 20000010 ffffffff
 r9:8ba68c00 r8:00000000 r7:8ba68c00 r6:ffffffff r5:20000010 r4:000153f0
Code: 1a000004 e1822003 e8860094 e89da8f0 (e7f001f2) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	1a000004 	bne	0x18
   4:	e1822003 	orr	r2, r2, r3
   8:	e8860094 	stm	r6, {r2, r4, r7}
   c:	e89da8f0 	ldm	sp, {r4, r5, r6, r7, fp, sp, pc}
* 10:	e7f001f2 	udf	#18 <-- trapping instruction