------------[ cut here ]------------
kernel BUG at include/linux/scatterlist.h:187!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 0 PID: 20985 Comm: syz-executor.1 Not tainted 6.8.0-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at sg_set_buf include/linux/scatterlist.h:187 [inline]
PC is at sg_init_one+0x9c/0xa8 lib/scatterlist.c:143
LR is at sg_init_table+0x2c/0x40 lib/scatterlist.c:128
pc : [<807e8518>]    lr : [<807e690c>]    psr: 80000113
sp : eb2b1ad0  ip : eb2b1b08  fp : eb2b1aec
r10: 00000000  r9 : ffefd804  r8 : ff7e7f1c
r7 : 0000027f  r6 : eb2b1af0  r5 : 8e20e3e8  r4 : ffefd804
r3 : df000000  r2 : ffffffd8  r1 : 00000000  r0 : eb2b1af0
Flags: Nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 30c5387d  Table: 90b9f7c0  DAC: fffffffd
Register r0 information: 2-page vmalloc region starting at 0xeb2b0000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r1 information: NULL pointer
Register r2 information: non-paged memory
Register r3 information: non-paged memory
Register r4 information: non-paged memory
Register r5 information: slab vmap_area start 8e20e3e8 pointer offset 0 size 40
Register r6 information: 2-page vmalloc region starting at 0xeb2b0000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r7 information: non-paged memory
Register r8 information: 0-page vmalloc region starting at 0xff7d8000 allocated at pcpu_get_vm_areas+0x0/0x12c8 mm/vmalloc.c:3064
Register r9 information: non-paged memory
Register r10 information: NULL pointer
Register r11 information: 2-page vmalloc region starting at 0xeb2b0000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r12 information: 2-page vmalloc region starting at 0xeb2b0000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Process syz-executor.1 (pid: 20985, stack limit = 0xeb2b0000)
Stack: (0xeb2b1ad0 to 0xeb2b2000)
1ac0:                                     ff7e7efc 8e20e3e8 deb7192c 83fdd540
1ae0: eb2b1b4c eb2b1af0 804c3dd4 807e8488 00000002 00000000 00000000 00000000
1b00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
1b20: 000000c4 6988102f 8e20e3e8 000000c4 deb7192c 844123c4 844123c0 844123c0
1b40: eb2b1b74 eb2b1b50 804c6a18 804c3d24 deb7192c 00000001 eb2b1be4 00000000
1b60: 84513c00 84258f00 eb2b1bc4 eb2b1b78 804bbbf4 804c68c8 804bd118 802e2798
1b80: eb2b1ba8 00000000 00100cca 00000000 00000000 6988102f eb2b1c04 000000c4
1ba0: 00100cca 00000000 00000000 eb2b1be3 000000c7 00000000 eb2b1c3c eb2b1bc8
1bc0: 804bd614 804bbb58 eb2b1be3 00000000 eb2b1bf8 deb7192c 000000c4 000000c4
1be0: 01000001 00000000 00000000 00000000 00000000 00000000 00000001 00000000
1c00: eb2b1c00 eb2b1c00 81875270 6988102f 00000406 00000001 00000000 000000c4
1c20: 89d80180 00100cca 00000000 eb2b1d50 eb2b1cb4 eb2b1c40 804bd968 804bd45c
1c40: 00000000 6988102f 00000001 eb2b1d50 00000000 00000000 eb2b1c8c eb2b1c68
1c60: 8042e9b0 8042e804 eb2b1d50 8260cac8 89d80180 0286a000 84258f00 00000000
1c80: eb2b1cb4 6988102f 804bcde8 eb2b1d50 00000000 000000c4 89d80180 84258f00
1ca0: 00000000 00000000 eb2b1d14 eb2b1cb8 8047f368 804bd90c 8049445c 80479d1c
1cc0: eb2b1d84 84513c00 00000000 00000000 0286a000 84155e00 eb2b1d14 eb2b1ce8
1ce0: 84258f00 804943e4 e6b32003 00000214 84513c00 0286a000 89d80180 0286a000
1d00: 84155e00 00000000 eb2b1dc4 eb2b1d18 80480c4c 8047f174 84155e40 ffffffff
1d20: eb2b1d88 0286a4e8 81c66394 8444ed0c 84155e40 0286a000 0288afff 8444ed0c
1d40: 00000000 ffffffff eb2b1d50 eb2b1e48 89d80180 00000cc0 0000286a 0286a000
1d60: 0286a000 00000a14 9074e0a0 90b9f7c0 0000c480 00000000 00000000 00000000
1d80: 00000000 dec6a31c 00000000 00000000 eb2b1dc4 6988102f 80480308 eb2b1e48
1da0: 0286a4e8 00000214 00000207 0286a000 84155e00 00000007 eb2b1e0c eb2b1dc8
1dc0: 80215d94 80480880 eb2b1dfc eb2b1dd8 8028685c 8027b094 84514190 84513c00
1de0: 00000004 8261d0e0 00000207 0286a4e8 eb2b1e48 80215c4c 84513c00 7eea8670
1e00: eb2b1e44 eb2b1e10 802161dc 80215c58 eb2b1e7c eb2b1e20 8047f320 802e2798
1e20: f0dd075f 81848bcc 00000013 ffffffff eb2b1e7c 00000000 eb2b1f44 eb2b1e48
1e40: 80200ae4 802161b0 eb2b1ed0 0286a4e8 ffffffe8 00000000 84513c00 eb2b1ee0
1e60: eb2b1fb0 0286a4e0 00000000 84513c00 7eea8670 eb2b1f44 00000018 eb2b1e94
1e80: 80426ddc 81848bcc 00000013 ffffffff 8089c028 eb2b1ee0 eb2b1fb0 00000000
1ea0: 84513c00 eb2b1ed0 00000008 00000000 84513c00 80426ddc 84278cc0 00000cc0
1ec0: 00000140 00140000 00021804 00000000 00000000 00000000 f0dd075f 04600000
1ee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
1f00: 001403b8 00000000 eb2b1f2c eb2b1f18 802ac2cc 6988102f eb2b1fb0 84513c00
1f20: eb2b1fb0 00000000 84513c00 00000000 84513c00 7eea8670 eb2b1fac eb2b1f48
1f40: 8020bc18 80426c54 80307668 8261d0e0 00000207 001403b8 eb2b1fb0 80215c4c
1f60: 00000000 7eea8670 eb2b1fac eb2b1f78 802161dc 80215c58 00000000 6988102f
1f80: 00000000 6988102f 00021804 60000010 ffffffff 84513c00 00000000 84513c00
1fa0: 00000000 eb2b1fb0 80200088 8020bb2c 00000000 00000000 00000000 00000000
1fc0: 0000099c 7eea861c 00000000 000001f4 00140000 00000000 7eea8670 000015ab
1fe0: 00000000 7eea85a8 00000001 00021804 60000010 ffffffff 00000000 00000000
Call trace: 
[<807e847c>] (sg_init_one) from [<804c3dd4>] (zswap_decompress+0xbc/0x208 mm/zswap.c:1089)
 r7:83fdd540 r6:deb7192c r5:8e20e3e8 r4:ff7e7efc
[<804c3d18>] (zswap_decompress) from [<804c6a18>] (zswap_load+0x15c/0x198 mm/zswap.c:1637)
 r9:844123c0 r8:844123c0 r7:844123c4 r6:deb7192c r5:000000c4 r4:8e20e3e8
[<804c68bc>] (zswap_load) from [<804bbbf4>] (swap_read_folio+0xa8/0x498 mm/page_io.c:518)
 r9:84258f00 r8:84513c00 r7:00000000 r6:eb2b1be4 r5:00000001 r4:deb7192c
[<804bbb4c>] (swap_read_folio) from [<804bd614>] (swap_cluster_readahead+0x1c4/0x34c mm/swap_state.c:684)
 r10:00000000 r9:000000c7 r8:eb2b1be3 r7:00000000 r6:00000000 r5:00100cca
 r4:000000c4
[<804bd450>] (swap_cluster_readahead) from [<804bd968>] (swapin_readahead+0x68/0x4a8 mm/swap_state.c:904)
 r10:eb2b1d50 r9:00000000 r8:00100cca r7:89d80180 r6:000000c4 r5:00000000
 r4:00000001
[<804bd900>] (swapin_readahead) from [<8047f368>] (do_swap_page+0x200/0xcc4 mm/memory.c:4046)
 r10:00000000 r9:00000000 r8:84258f00 r7:89d80180 r6:000000c4 r5:00000000
 r4:eb2b1d50
[<8047f168>] (do_swap_page) from [<80480c4c>] (handle_pte_fault mm/memory.c:5301 [inline])
[<8047f168>] (do_swap_page) from [<80480c4c>] (__handle_mm_fault mm/memory.c:5439 [inline])
[<8047f168>] (do_swap_page) from [<80480c4c>] (handle_mm_fault+0x3d8/0x12b8 mm/memory.c:5604)
 r10:00000000 r9:84155e00 r8:0286a000 r7:89d80180 r6:0286a000 r5:84513c00
 r4:00000214
[<80480874>] (handle_mm_fault) from [<80215d94>] (do_page_fault+0x148/0x3a8 arch/arm/mm/fault.c:333)
 r10:00000007 r9:84155e00 r8:0286a000 r7:00000207 r6:00000214 r5:0286a4e8
 r4:eb2b1e48
[<80215c4c>] (do_page_fault) from [<802161dc>] (do_DataAbort+0x38/0xa8 arch/arm/mm/fault.c:565)
 r10:7eea8670 r9:84513c00 r8:80215c4c r7:eb2b1e48 r6:0286a4e8 r5:00000207
 r4:8261d0e0
[<802161a4>] (do_DataAbort) from [<80200ae4>] (__dabt_svc+0x44/0x60 arch/arm/kernel/entry-armv.S:212)
Exception stack(0xeb2b1e48 to 0xeb2b1e90)
1e40:                   eb2b1ed0 0286a4e8 ffffffe8 00000000 84513c00 eb2b1ee0
1e60: eb2b1fb0 0286a4e0 00000000 84513c00 7eea8670 eb2b1f44 00000018 eb2b1e94
1e80: 80426ddc 81848bcc 00000013 ffffffff
 r8:00000000 r7:eb2b1e7c r6:ffffffff r5:00000013 r4:81848bcc
[<80426c48>] (__rseq_handle_notify_resume) from [<8020bc18>] (rseq_handle_notify_resume include/linux/rseq.h:38 [inline])
[<80426c48>] (__rseq_handle_notify_resume) from [<8020bc18>] (resume_user_mode_work include/linux/resume_user_mode.h:62 [inline])
[<80426c48>] (__rseq_handle_notify_resume) from [<8020bc18>] (do_work_pending+0xf8/0x4c0 arch/arm/kernel/signal.c:631)
 r10:7eea8670 r9:84513c00 r8:00000000 r7:84513c00 r6:00000000 r5:eb2b1fb0
 r4:84513c00
[<8020bb20>] (do_work_pending) from [<80200088>] (slow_work_pending+0xc/0x24)
Exception stack(0xeb2b1fb0 to 0xeb2b1ff8)
1fa0:                                     00000000 00000000 00000000 00000000
1fc0: 0000099c 7eea861c 00000000 000001f4 00140000 00000000 7eea8670 000015ab
1fe0: 00000000 7eea85a8 00000001 00021804 60000010 ffffffff
 r9:84513c00 r8:00000000 r7:84513c00 r6:ffffffff r5:60000010 r4:00021804
Code: 1a000004 e1822003 e8860094 e89da8f0 (e7f001f2) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	1a000004 	bne	0x18
   4:	e1822003 	orr	r2, r2, r3
   8:	e8860094 	stm	r6, {r2, r4, r7}
   c:	e89da8f0 	ldm	sp, {r4, r5, r6, r7, fp, sp, pc}
* 10:	e7f001f2 	udf	#18 <-- trapping instruction