------------[ cut here ]------------
kernel BUG at include/linux/scatterlist.h:187!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 0 PID: 5068 Comm: syz-executor.1 Not tainted 6.9.0-rc1-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at sg_set_buf include/linux/scatterlist.h:187 [inline]
PC is at sg_init_one+0x9c/0xa8 lib/scatterlist.c:143
LR is at sg_init_table+0x2c/0x40 lib/scatterlist.c:128
pc : [<807e8648>]    lr : [<807e6a3c>]    psr: 80000113
sp : dfe4dad0  ip : dfe4db08  fp : dfe4daec
r10: 00000000  r9 : ffefd004  r8 : ff7e7f1c
r7 : 00000105  r6 : dfe4daf0  r5 : 8506ef50  r4 : ffefd004
r3 : df000000  r2 : ffffffd8  r1 : 00000000  r0 : dfe4daf0
Flags: Nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 30c5387d  Table: 84465680  DAC: fffffffd
Register r0 information: 2-page vmalloc region starting at 0xdfe4c000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r1 information: NULL pointer
Register r2 information: non-paged memory
Register r3 information: non-paged memory
Register r4 information: non-paged memory
Register r5 information: slab vmap_area start 8506ef50 pointer offset 0 size 40
Register r6 information: 2-page vmalloc region starting at 0xdfe4c000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r7 information: non-paged memory
Register r8 information: 0-page vmalloc region starting at 0xff7d8000 allocated at pcpu_get_vm_areas+0x0/0x12c8 mm/vmalloc.c:3064
Register r9 information: non-paged memory
Register r10 information: NULL pointer
Register r11 information: 2-page vmalloc region starting at 0xdfe4c000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r12 information: 2-page vmalloc region starting at 0xdfe4c000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Process syz-executor.1 (pid: 5068, stack limit = 0xdfe4c000)
Stack: (0xdfe4dad0 to 0xdfe4e000)
dac0:                                     ff7e7efc 8506ef50 dee33538 83553440
dae0: dfe4db4c dfe4daf0 804c3dd4 807e85b8 00000002 00000000 00000000 00000000
db00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
db20: 00000098 395aa1c6 8506ef50 00000098 dee33538 844f2e04 844f2e00 844f2e00
db40: dfe4db74 dfe4db50 804c6a18 804c3d24 dee33538 00000000 dfe4dbe4 00000000
db60: 8370d400 8460a800 dfe4dbc4 dfe4db78 804bbbf4 804c68c8 804bd118 802e2798
db80: 00000598 00000000 00100cca 00000000 00000000 395aa1c6 8370d400 00000098
dba0: 00100cca 00000000 00000000 dfe4dbe3 0000009f 00000000 dfe4dc3c dfe4dbc8
dbc0: 804bd614 804bbb58 dfe4dbe3 00000000 00000004 dee33538 0000009a 0000009a
dbe0: 01000113 00000000 00000000 00000000 00000000 00000000 00000001 00000000
dc00: dfe4dc00 dfe4dc00 818753b0 395aa1c6 00000406 00000001 00000000 0000009a
dc20: 85059a20 00100cca 00000000 dfe4dd50 dfe4dcb4 dfe4dc40 804bd968 804bd45c
dc40: 00000000 395aa1c6 00000001 dfe4dd50 00000000 00000000 dfe4dc8c dfe4dc68
dc60: 8042e9b0 8042e804 dfe4dd50 8260cac8 85059a20 02376000 8460a800 00000000
dc80: dfe4dcb4 395aa1c6 804bcde8 dfe4dd50 00000000 0000009a 85059a20 8460a800
dca0: 00000000 00000000 dfe4dd14 dfe4dcb8 8047f368 804bd90c 8049445c 80479d1c
dcc0: dfe4dd84 8370d400 00000000 00000000 02376000 850cc000 dfe4dd14 dfe4dce8
dce0: 8460a800 804943e4 febcf003 00000214 8370d400 02376000 85059a20 02376000
dd00: 850cc000 00000000 dfe4ddc4 dfe4dd18 80480c4c 8047f174 850cc040 ffffffff
dd20: dfe4dd88 023764e8 81c66394 8444c20c 850cc040 02376000 02396fff 8444c20c
dd40: 00000000 ffffffff dfe4dd50 dfe4de48 85059a20 00000cc0 00002376 02376000
dd60: 02376000 00000a14 8505d088 84465680 00009a80 00000000 00000000 00000000
dd80: 00000000 defcb930 00000000 00000000 dfe4ddc4 395aa1c6 80480308 dfe4de48
dda0: 023764e8 00000214 00000207 02376000 850cc000 00000007 dfe4de0c dfe4ddc8
ddc0: 80215d94 80480880 01d6e922 01ffffff dfe4de2c 00000000 83714800 8370d400
dde0: 8370d400 8261d0e0 00000207 023764e8 dfe4de48 80215c4c 8370d400 00000109
de00: dfe4de44 dfe4de10 802161dc 80215c58 818a3788 8027b094 dfe4de6c dfe4de28
de20: 8027cbb8 81848cfc 00000013 ffffffff dfe4de7c 80200288 dfe4df44 dfe4de48
de40: 80200ae4 802161b0 dfe4ded0 023764e8 ffffffe8 00000000 8370d400 dfe4dee0
de60: dfe4dfb0 023764e0 80200288 8370d400 00000109 dfe4df44 00000018 dfe4de94
de80: 80426ddc 81848cfc 00000013 ffffffff 8089c158 dfe4dee0 dfe4dfb0 80200288
dea0: 8370d400 dfe4ded0 00000008 00000000 8370d400 80426ddc 8370d400 ffffffff
dec0: dfe4df2c 80200b9c 0007ad28 00000000 00000000 00000000 8189b8c4 8027b094
dee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
df00: 00400140 00000000 8370d400 dfe4dfb0 80200288 395aa1c6 80200288 8370d400
df20: dfe4dfb0 80200288 00000109 80200288 8370d400 00000109 dfe4dfac dfe4df48
df40: 8020bc18 80426c54 80307668 802fd80c 00000000 81a04f98 dfe4dfa4 dfe4df68
df60: 803097bc 80307618 00000000 00000000 000f4240 00000000 00000000 395aa1c6
df80: 00000000 395aa1c6 00000000 7ec68534 00000000 00000109 80200288 8370d400
dfa0: 00000000 dfe4dfb0 80200088 8020bb2c 00000000 00000000 7ec6853c 7ec68534
dfc0: 00000000 7ec68534 00000000 00000109 00000000 00000000 7ec68670 00001cbf
dfe0: 00000000 7ec68530 00000001 0007ad28 20000010 00000000 00000000 00000000
Call trace: 
[<807e85ac>] (sg_init_one) from [<804c3dd4>] (zswap_decompress+0xbc/0x208 mm/zswap.c:1089)
 r7:83553440 r6:dee33538 r5:8506ef50 r4:ff7e7efc
[<804c3d18>] (zswap_decompress) from [<804c6a18>] (zswap_load+0x15c/0x198 mm/zswap.c:1637)
 r9:844f2e00 r8:844f2e00 r7:844f2e04 r6:dee33538 r5:00000098 r4:8506ef50
[<804c68bc>] (zswap_load) from [<804bbbf4>] (swap_read_folio+0xa8/0x498 mm/page_io.c:518)
 r9:8460a800 r8:8370d400 r7:00000000 r6:dfe4dbe4 r5:00000000 r4:dee33538
[<804bbb4c>] (swap_read_folio) from [<804bd614>] (swap_cluster_readahead+0x1c4/0x34c mm/swap_state.c:684)
 r10:00000000 r9:0000009f r8:dfe4dbe3 r7:00000000 r6:00000000 r5:00100cca
 r4:00000098
[<804bd450>] (swap_cluster_readahead) from [<804bd968>] (swapin_readahead+0x68/0x4a8 mm/swap_state.c:904)
 r10:dfe4dd50 r9:00000000 r8:00100cca r7:85059a20 r6:0000009a r5:00000000
 r4:00000001
[<804bd900>] (swapin_readahead) from [<8047f368>] (do_swap_page+0x200/0xcc4 mm/memory.c:4046)
 r10:00000000 r9:00000000 r8:8460a800 r7:85059a20 r6:0000009a r5:00000000
 r4:dfe4dd50
[<8047f168>] (do_swap_page) from [<80480c4c>] (handle_pte_fault mm/memory.c:5301 [inline])
[<8047f168>] (do_swap_page) from [<80480c4c>] (__handle_mm_fault mm/memory.c:5439 [inline])
[<8047f168>] (do_swap_page) from [<80480c4c>] (handle_mm_fault+0x3d8/0x12b8 mm/memory.c:5604)
 r10:00000000 r9:850cc000 r8:02376000 r7:85059a20 r6:02376000 r5:8370d400
 r4:00000214
[<80480874>] (handle_mm_fault) from [<80215d94>] (do_page_fault+0x148/0x3a8 arch/arm/mm/fault.c:333)
 r10:00000007 r9:850cc000 r8:02376000 r7:00000207 r6:00000214 r5:023764e8
 r4:dfe4de48
[<80215c4c>] (do_page_fault) from [<802161dc>] (do_DataAbort+0x38/0xa8 arch/arm/mm/fault.c:565)
 r10:00000109 r9:8370d400 r8:80215c4c r7:dfe4de48 r6:023764e8 r5:00000207
 r4:8261d0e0
[<802161a4>] (do_DataAbort) from [<80200ae4>] (__dabt_svc+0x44/0x60 arch/arm/kernel/entry-armv.S:212)
Exception stack(0xdfe4de48 to 0xdfe4de90)
de40:                   dfe4ded0 023764e8 ffffffe8 00000000 8370d400 dfe4dee0
de60: dfe4dfb0 023764e0 80200288 8370d400 00000109 dfe4df44 00000018 dfe4de94
de80: 80426ddc 81848cfc 00000013 ffffffff
 r8:80200288 r7:dfe4de7c r6:ffffffff r5:00000013 r4:81848cfc
[<80426c48>] (__rseq_handle_notify_resume) from [<8020bc18>] (rseq_handle_notify_resume include/linux/rseq.h:38 [inline])
[<80426c48>] (__rseq_handle_notify_resume) from [<8020bc18>] (resume_user_mode_work include/linux/resume_user_mode.h:62 [inline])
[<80426c48>] (__rseq_handle_notify_resume) from [<8020bc18>] (do_work_pending+0xf8/0x4c0 arch/arm/kernel/signal.c:631)
 r10:00000109 r9:8370d400 r8:80200288 r7:00000109 r6:80200288 r5:dfe4dfb0
 r4:8370d400
[<8020bb20>] (do_work_pending) from [<80200088>] (slow_work_pending+0xc/0x24)
Exception stack(0xdfe4dfb0 to 0xdfe4dff8)
dfa0:                                     00000000 00000000 7ec6853c 7ec68534
dfc0: 00000000 7ec68534 00000000 00000109 00000000 00000000 7ec68670 00001cbf
dfe0: 00000000 7ec68530 00000001 0007ad28 20000010 00000000
 r9:8370d400 r8:80200288 r7:00000109 r6:00000000 r5:7ec68534 r4:00000000
Code: 1a000004 e1822003 e8860094 e89da8f0 (e7f001f2) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	1a000004 	bne	0x18
   4:	e1822003 	orr	r2, r2, r3
   8:	e8860094 	stm	r6, {r2, r4, r7}
   c:	e89da8f0 	ldm	sp, {r4, r5, r6, r7, fp, sp, pc}
* 10:	e7f001f2 	udf	#18 <-- trapping instruction