------------[ cut here ]------------
kernel BUG at include/linux/scatterlist.h:187!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 1 PID: 8269 Comm: syz-executor.0 Not tainted 6.9.0-rc1-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at sg_set_buf include/linux/scatterlist.h:187 [inline]
PC is at sg_init_one+0x9c/0xa8 lib/scatterlist.c:143
LR is at sg_init_table+0x2c/0x40 lib/scatterlist.c:128
pc : [<807e8648>]    lr : [<807e6a3c>]    psr: 80000113
sp : dfff1b68  ip : dfff1ba0  fp : dfff1b84
r10: 00000000  r9 : ffedc004  r8 : ff7fbf1c
r7 : 00000095  r6 : dfff1b88  r5 : 837bff28  r4 : ffedc004
r3 : df000000  r2 : ffffffd8  r1 : 00000000  r0 : dfff1b88
Flags: Nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 30c5387d  Table: 84b93000  DAC: 00000000
Register r0 information: 2-page vmalloc region starting at 0xdfff0000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r1 information: NULL pointer
Register r2 information: non-paged memory
Register r3 information: non-paged memory
Register r4 information: non-paged memory
Register r5 information: slab vmap_area start 837bff28 pointer offset 0 size 40
Register r6 information: 2-page vmalloc region starting at 0xdfff0000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r7 information: non-paged memory
Register r8 information: 0-page vmalloc region starting at 0xff7d8000 allocated at pcpu_get_vm_areas+0x0/0x12c8 mm/vmalloc.c:3064
Register r9 information: non-paged memory
Register r10 information: NULL pointer
Register r11 information: 2-page vmalloc region starting at 0xdfff0000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r12 information: 2-page vmalloc region starting at 0xdfff0000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Process syz-executor.0 (pid: 8269, stack limit = 0xdfff0000)
Stack: (0xdfff1b68 to 0xdfff2000)
1b60:                   ff7fbefc 837bff28 dee0c34c 82f62a00 dfff1be4 dfff1b88
1b80: 804c3dd4 807e85b8 00000002 00000000 00000000 00000000 00000000 00000000
1ba0: 00000000 00000000 00000000 00000000 00000000 00000000 00000002 f5594eed
1bc0: 837bff28 00000002 dee0c34c 8460d044 8460d040 8460d040 dfff1c0c dfff1be8
1be0: 804c6a18 804c3d24 dee0c34c 00000001 dfff1c7c 00000000 84ab0c00 8439e700
1c00: dfff1c5c dfff1c10 804bbbf4 804c68c8 804bd118 802e2798 00000000 00000000
1c20: 00100cca 00000000 00000000 f5594eed dfff1c7b 00000002 00100cca 00000000
1c40: 00000000 dfff1c7b 00000007 00000000 dfff1cd4 dfff1c60 804bd614 804bbb58
1c60: dfff1c7b 00000000 00000000 dee0c34c 00000002 00000002 01000000 00000000
1c80: 00000000 00000000 00000000 00000000 00000001 00000000 dfff1c98 dfff1c98
1ca0: 818753b0 f5594eed 00000406 00000001 00000000 00000002 85224f00 00100cca
1cc0: 00000000 dfff1de8 dfff1d4c dfff1cd8 804bd968 804bd45c 00000000 f5594eed
1ce0: 80200bb4 dfff1de8 00000000 00000000 dfff1d24 dfff1d00 8042e9b0 8042e804
1d00: dfff1de8 8260cac8 85224f00 20000000 8439e700 00000000 dfff1d4c f5594eed
1d20: 804bcde8 dfff1de8 00000000 00000002 85224f00 8439e700 00000000 00000000
1d40: dfff1dac dfff1d50 8047f368 804bd90c 8049445c 80479d1c dfff1e1c 84ab0c00
1d60: 00000000 00000000 20000000 83fbea00 dfff1dac dfff1d80 8439e700 804943e4
1d80: fed48003 00000214 84ab0c00 20000000 85224f00 20000000 83fbea00 00000000
1da0: dfff1e5c dfff1db0 80480c4c 8047f174 83fbea40 ffffffff dfff1e20 20000080
1dc0: 81c66394 8437f20c 83fbea40 20000000 20ffffff 8437f20c 00000000 ffffffff
1de0: dfff1de8 dfff1ee0 85224f00 00000cc0 00020000 20000000 20000000 00000a14
1e00: 8515f800 84b93000 00000280 00000000 00000000 00000000 00000000 defcee34
1e20: 00000000 00000000 dfff1e5c f5594eed 80480308 dfff1ee0 20000080 00000214
1e40: 00000207 20000000 83fbea00 00000007 dfff1ea4 dfff1e60 80215d94 80480880
1e60: 00000007 00000000 00000000 00000000 dffc9000 84ab0c00 8037e594 8261d0e0
1e80: 00000207 20000080 dfff1ee0 80215c4c 84ab0c00 84ab0c00 dfff1edc dfff1ea8
1ea0: 802161dc 80215c58 00000000 00000000 00000008 80426d70 00000000 8184a144
1ec0: 80000013 ffffffff dfff1f14 20000080 dfff1fa4 dfff1ee0 80200ae4 802161b0
1ee0: 20000080 7effffff a1000083 00000000 00000000 00000000 0014c2c4 000000f3
1f00: 20000080 84ab0c00 84ab0c00 dfff1fa4 dfff1fa8 dfff1f30 80565f38 8184a144
1f20: 80000013 ffffffff dfff1fb0 00000000 000000f3 00000000 dfff1f5c f5594eed
1f40: 8024c880 84ab0c00 dfff1fb0 000000f3 8523fb48 80200288 dfff1f7c dfff1f68
1f60: 802097c4 8037d5e4 000000f3 00000000 dfff1fa4 f5594eed 8020a914 00000000
1f80: 00000000 0014c2c4 000000f3 80200288 84ab0c00 000000f3 00000000 dfff1fa8
1fa0: 80200278 80565f10 00000000 00000000 00000000 20000080 00000000 00000000
1fc0: 00000000 00000000 0014c2c4 000000f3 7eab832e 7eab832f 003d0f00 76b470fc
1fe0: 76b46f08 76b46ef8 000167f8 00050bc0 60000010 00000000 00000000 00000000
Call trace: 
[<807e85ac>] (sg_init_one) from [<804c3dd4>] (zswap_decompress+0xbc/0x208 mm/zswap.c:1089)
 r7:82f62a00 r6:dee0c34c r5:837bff28 r4:ff7fbefc
[<804c3d18>] (zswap_decompress) from [<804c6a18>] (zswap_load+0x15c/0x198 mm/zswap.c:1637)
 r9:8460d040 r8:8460d040 r7:8460d044 r6:dee0c34c r5:00000002 r4:837bff28
[<804c68bc>] (zswap_load) from [<804bbbf4>] (swap_read_folio+0xa8/0x498 mm/page_io.c:518)
 r9:8439e700 r8:84ab0c00 r7:00000000 r6:dfff1c7c r5:00000001 r4:dee0c34c
[<804bbb4c>] (swap_read_folio) from [<804bd614>] (swap_cluster_readahead+0x1c4/0x34c mm/swap_state.c:684)
 r10:00000000 r9:00000007 r8:dfff1c7b r7:00000000 r6:00000000 r5:00100cca
 r4:00000002
[<804bd450>] (swap_cluster_readahead) from [<804bd968>] (swapin_readahead+0x68/0x4a8 mm/swap_state.c:904)
 r10:dfff1de8 r9:00000000 r8:00100cca r7:85224f00 r6:00000002 r5:00000000
 r4:00000001
[<804bd900>] (swapin_readahead) from [<8047f368>] (do_swap_page+0x200/0xcc4 mm/memory.c:4046)
 r10:00000000 r9:00000000 r8:8439e700 r7:85224f00 r6:00000002 r5:00000000
 r4:dfff1de8
[<8047f168>] (do_swap_page) from [<80480c4c>] (handle_pte_fault mm/memory.c:5301 [inline])
[<8047f168>] (do_swap_page) from [<80480c4c>] (__handle_mm_fault mm/memory.c:5439 [inline])
[<8047f168>] (do_swap_page) from [<80480c4c>] (handle_mm_fault+0x3d8/0x12b8 mm/memory.c:5604)
 r10:00000000 r9:83fbea00 r8:20000000 r7:85224f00 r6:20000000 r5:84ab0c00
 r4:00000214
[<80480874>] (handle_mm_fault) from [<80215d94>] (do_page_fault+0x148/0x3a8 arch/arm/mm/fault.c:333)
 r10:00000007 r9:83fbea00 r8:20000000 r7:00000207 r6:00000214 r5:20000080
 r4:dfff1ee0
[<80215c4c>] (do_page_fault) from [<802161dc>] (do_DataAbort+0x38/0xa8 arch/arm/mm/fault.c:565)
 r10:84ab0c00 r9:84ab0c00 r8:80215c4c r7:dfff1ee0 r6:20000080 r5:00000207
 r4:8261d0e0
[<802161a4>] (do_DataAbort) from [<80200ae4>] (__dabt_svc+0x44/0x60 arch/arm/kernel/entry-armv.S:212)
Exception stack(0xdfff1ee0 to 0xdfff1f28)
1ee0: 20000080 7effffff a1000083 00000000 00000000 00000000 0014c2c4 000000f3
1f00: 20000080 84ab0c00 84ab0c00 dfff1fa4 dfff1fa8 dfff1f30 80565f38 8184a144
1f20: 80000013 ffffffff
 r8:20000080 r7:dfff1f14 r6:ffffffff r5:80000013 r4:8184a144
[<80565f04>] (sys_io_setup) from [<80200278>] (__sys_trace_return+0x0/0x10)
Exception stack(0xdfff1fa8 to 0xdfff1ff0)
1fa0:                   00000000 00000000 00000000 20000080 00000000 00000000
1fc0: 00000000 00000000 0014c2c4 000000f3 7eab832e 7eab832f 003d0f00 76b470fc
1fe0: 76b46f08 76b46ef8 000167f8 00050bc0
 r10:000000f3 r9:84ab0c00 r8:80200288 r7:000000f3 r6:0014c2c4 r5:00000000
 r4:00000000
Code: 1a000004 e1822003 e8860094 e89da8f0 (e7f001f2) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	1a000004 	bne	0x18
   4:	e1822003 	orr	r2, r2, r3
   8:	e8860094 	stm	r6, {r2, r4, r7}
   c:	e89da8f0 	ldm	sp, {r4, r5, r6, r7, fp, sp, pc}
* 10:	e7f001f2 	udf	#18 <-- trapping instruction