------------[ cut here ]------------
kernel BUG at include/linux/scatterlist.h:187!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 1 PID: 5986 Comm: syz-executor.0 Not tainted 6.9.0-rc1-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at sg_set_buf include/linux/scatterlist.h:187 [inline]
PC is at sg_init_one+0x9c/0xa8 lib/scatterlist.c:143
LR is at sg_init_table+0x2c/0x40 lib/scatterlist.c:128
pc : [<807e8648>]    lr : [<807e6a3c>]    psr: 80000113
sp : dfa4dab8  ip : dfa4daf0  fp : dfa4dad4
r10: 00000000  r9 : ffedc004  r8 : ff7fbf1c
r7 : 00000048  r6 : dfa4dad8  r5 : 84418bb8  r4 : ffedc004
r3 : df000000  r2 : ffffffd8  r1 : 00000000  r0 : dfa4dad8
Flags: Nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 30c5387d  Table: 84d39a40  DAC: 00000000
Register r0 information: 2-page vmalloc region starting at 0xdfa4c000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r1 information: NULL pointer
Register r2 information: non-paged memory
Register r3 information: non-paged memory
Register r4 information: non-paged memory
Register r5 information: slab vmap_area start 84418bb8 pointer offset 0 size 40
Register r6 information: 2-page vmalloc region starting at 0xdfa4c000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r7 information: non-paged memory
Register r8 information: 0-page vmalloc region starting at 0xff7d8000 allocated at pcpu_get_vm_areas+0x0/0x12c8 mm/vmalloc.c:3064
Register r9 information: non-paged memory
Register r10 information: NULL pointer
Register r11 information: 2-page vmalloc region starting at 0xdfa4c000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r12 information: 2-page vmalloc region starting at 0xdfa4c000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Process syz-executor.0 (pid: 5986, stack limit = 0xdfa4c000)
Stack: (0xdfa4dab8 to 0xdfa4e000)
daa0:                                                       ff7fbefc 84418bb8
dac0: dee1caf8 82f83e40 dfa4db34 dfa4dad8 804c3dd4 807e85b8 00000002 00000000
dae0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
db00: 00000000 00000000 00000001 3b3b9f61 84418bb8 00000001 dee1caf8 82c9be84
db20: 82c9be80 82c9be80 dfa4db5c dfa4db38 804c6a18 804c3d24 dee1caf8 00000001
db40: dfa4dbcc 00000000 8466b000 84028b00 dfa4dbac dfa4db60 804bbbf4 804c68c8
db60: 804bd118 802e2798 818a3788 00000000 00100cca 00000000 00000000 3b3b9f61
db80: 83775400 00000001 00100cca 00000000 00000000 dfa4dbcb 00000007 00000000
dba0: dfa4dc24 dfa4dbb0 804bd614 804bbb58 dfa4dbcb 00000000 dfa4dc34 dee1caf8
dbc0: 00000001 00000001 01000000 00000000 00000000 00000000 00000000 00000000
dbe0: 00000001 00000000 dfa4dbe8 dfa4dbe8 818753b0 3b3b9f61 00000406 00000001
dc00: 00000000 00000001 84e0fcc0 00100cca 00000000 dfa4dd38 dfa4dc9c dfa4dc28
dc20: 804bd968 804bd45c 00000000 3b3b9f61 8189b8c4 dfa4dd38 00000000 00000000
dc40: dfa4dc74 dfa4dc50 8042e9b0 8042e804 dfa4dd38 8260cac8 84e0fcc0 20000000
dc60: 84028b00 00000000 dfa4dc9c 3b3b9f61 804bcde8 dfa4dd38 00000000 00000001
dc80: 84e0fcc0 84028b00 00000000 00000000 dfa4dcfc dfa4dca0 8047f368 804bd90c
dca0: 8049445c 80479d1c dfa4dd6c 8466b000 00000000 00000000 20000000 83f78600
dcc0: dfa4dcfc dfa4dcd0 84028b00 804943e4 fe7db003 00000215 8466b000 20000000
dce0: 84e0fcc0 20000000 83f78600 00000000 dfa4ddac dfa4dd00 80480c4c 8047f174
dd00: 83f78640 ffffffff dfa4dd70 20000140 81c66394 843a5c0c 83f78640 20000000
dd20: 20ffffff 843a5c0c 00000000 ffffffff dfa4dd38 dfa4de30 84e0fcc0 00000cc0
dd40: 00020000 20000000 20000000 00000a15 8446c800 84d39a40 00000180 00000000
dd60: 00000000 00000000 00000000 defc2ae0 00000000 00000000 dfa4ddac 3b3b9f61
dd80: 80480308 dfa4de30 20000140 00000215 00000a07 20000000 83f78600 00000002
dda0: dfa4ddf4 dfa4ddb0 80215d94 80480880 00000000 00000001 818a33d0 20000140
ddc0: dfa4de0c 8466b000 8020d1c0 8261d0e0 00000a07 20000140 dfa4de30 80215c4c
dde0: 8466b000 00000000 dfa4de2c dfa4ddf8 802161dc 80215c58 8020d1c0 8466b000
de00: dfa4de34 dfa4de10 8027cb0c 8184b328 80000013 ffffffff dfa4de64 20000140
de20: dfa4df14 dfa4de30 80200ae4 802161b0 20000140 7effffff 00000010 a0000018
de40: 82ea2f00 82ea2f0c 00000000 00000000 20000140 dfa4deb4 00000000 dfa4df14
de60: a1000143 dfa4de80 8055a7ac 8184b328 80000013 ffffffff 8055a864 80559f50
de80: dfa4dee0 dfa4dfb0 00000000 00000000 84f8f780 80559998 84f8f781 8466b000
dea0: 00000000 20000140 00000001 84e1f62c 84e1f600 00000001 00000000 00000000
dec0: dfa4dec0 dfa4dec0 00000000 a0000018 00000000 00000000 00000000 00000000
dee0: 00000000 3b3b9f61 00000000 dfa4df58 00000004 20000140 00000001 dfa4df68
df00: 8466b000 0000015a dfa4df2c dfa4df18 8055ac98 8055a528 dfa4df58 00000004
df20: dfa4dfa4 dfa4df30 8055c168 8055ac94 81897c90 81897b5c dfa4df5c dfa4df48
df40: 8024c880 8027b094 40000000 dfa4dfb0 dfa4df84 dfa4df60 00000000 00000000
df60: 00000000 00000000 00000000 00000000 00000000 00000000 dfa4dfac 3b3b9f61
df80: 00000000 00000000 0014c364 0000015a 80200288 8466b000 00000000 dfa4dfa8
dfa0: 80200060 8055c0dc 00000000 00000000 00000004 20000140 00000001 00000000
dfc0: 00000000 00000000 0014c364 0000015a 7ea4a32e 7ea4a32f 003d0f00 76b580fc
dfe0: 76b57f08 76b57ef8 000167f8 00050bc0 60000010 00000004 00000000 00000000
Call trace: 
[<807e85ac>] (sg_init_one) from [<804c3dd4>] (zswap_decompress+0xbc/0x208 mm/zswap.c:1089)
 r7:82f83e40 r6:dee1caf8 r5:84418bb8 r4:ff7fbefc
[<804c3d18>] (zswap_decompress) from [<804c6a18>] (zswap_load+0x15c/0x198 mm/zswap.c:1637)
 r9:82c9be80 r8:82c9be80 r7:82c9be84 r6:dee1caf8 r5:00000001 r4:84418bb8
[<804c68bc>] (zswap_load) from [<804bbbf4>] (swap_read_folio+0xa8/0x498 mm/page_io.c:518)
 r9:84028b00 r8:8466b000 r7:00000000 r6:dfa4dbcc r5:00000001 r4:dee1caf8
[<804bbb4c>] (swap_read_folio) from [<804bd614>] (swap_cluster_readahead+0x1c4/0x34c mm/swap_state.c:684)
 r10:00000000 r9:00000007 r8:dfa4dbcb r7:00000000 r6:00000000 r5:00100cca
 r4:00000001
[<804bd450>] (swap_cluster_readahead) from [<804bd968>] (swapin_readahead+0x68/0x4a8 mm/swap_state.c:904)
 r10:dfa4dd38 r9:00000000 r8:00100cca r7:84e0fcc0 r6:00000001 r5:00000000
 r4:00000001
[<804bd900>] (swapin_readahead) from [<8047f368>] (do_swap_page+0x200/0xcc4 mm/memory.c:4046)
 r10:00000000 r9:00000000 r8:84028b00 r7:84e0fcc0 r6:00000001 r5:00000000
 r4:dfa4dd38
[<8047f168>] (do_swap_page) from [<80480c4c>] (handle_pte_fault mm/memory.c:5301 [inline])
[<8047f168>] (do_swap_page) from [<80480c4c>] (__handle_mm_fault mm/memory.c:5439 [inline])
[<8047f168>] (do_swap_page) from [<80480c4c>] (handle_mm_fault+0x3d8/0x12b8 mm/memory.c:5604)
 r10:00000000 r9:83f78600 r8:20000000 r7:84e0fcc0 r6:20000000 r5:8466b000
 r4:00000215
[<80480874>] (handle_mm_fault) from [<80215d94>] (do_page_fault+0x148/0x3a8 arch/arm/mm/fault.c:333)
 r10:00000002 r9:83f78600 r8:20000000 r7:00000a07 r6:00000215 r5:20000140
 r4:dfa4de30
[<80215c4c>] (do_page_fault) from [<802161dc>] (do_DataAbort+0x38/0xa8 arch/arm/mm/fault.c:565)
 r10:00000000 r9:8466b000 r8:80215c4c r7:dfa4de30 r6:20000140 r5:00000a07
 r4:8261d0e0
[<802161a4>] (do_DataAbort) from [<80200ae4>] (__dabt_svc+0x44/0x60 arch/arm/kernel/entry-armv.S:212)
Exception stack(0xdfa4de30 to 0xdfa4de78)
de20:                                     20000140 7effffff 00000010 a0000018
de40: 82ea2f00 82ea2f0c 00000000 00000000 20000140 dfa4deb4 00000000 dfa4df14
de60: a1000143 dfa4de80 8055a7ac 8184b328 80000013 ffffffff
 r8:20000140 r7:dfa4de64 r6:ffffffff r5:80000013 r4:8184b328
[<8055a51c>] (do_epoll_wait) from [<8055ac98>] (do_epoll_pwait.part.0+0x10/0x84 fs/eventpoll.c:2462)
 r10:0000015a r9:8466b000 r8:dfa4df68 r7:00000001 r6:20000140 r5:00000004
 r4:dfa4df58
[<8055ac88>] (do_epoll_pwait.part.0) from [<8055c168>] (do_epoll_pwait fs/eventpoll.c:2459 [inline])
[<8055ac88>] (do_epoll_pwait.part.0) from [<8055c168>] (__do_sys_epoll_pwait fs/eventpoll.c:2475 [inline])
[<8055ac88>] (do_epoll_pwait.part.0) from [<8055c168>] (sys_epoll_pwait+0x98/0x130 fs/eventpoll.c:2469)
 r5:00000004 r4:dfa4df58
[<8055c0d0>] (sys_epoll_pwait) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:66)
Exception stack(0xdfa4dfa8 to 0xdfa4dff0)
dfa0:                   00000000 00000000 00000004 20000140 00000001 00000000
dfc0: 00000000 00000000 0014c364 0000015a 7ea4a32e 7ea4a32f 003d0f00 76b580fc
dfe0: 76b57f08 76b57ef8 000167f8 00050bc0
 r9:8466b000 r8:80200288 r7:0000015a r6:0014c364 r5:00000000 r4:00000000
Code: 1a000004 e1822003 e8860094 e89da8f0 (e7f001f2) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	1a000004 	bne	0x18
   4:	e1822003 	orr	r2, r2, r3
   8:	e8860094 	stm	r6, {r2, r4, r7}
   c:	e89da8f0 	ldm	sp, {r4, r5, r6, r7, fp, sp, pc}
* 10:	e7f001f2 	udf	#18 <-- trapping instruction