------------[ cut here ]------------
kernel BUG at include/linux/scatterlist.h:187!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 1 PID: 21089 Comm: syz-executor.1 Not tainted 6.9.0-rc1-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at sg_set_buf include/linux/scatterlist.h:187 [inline]
PC is at sg_init_one+0x9c/0xa8 lib/scatterlist.c:143
LR is at sg_init_table+0x2c/0x40 lib/scatterlist.c:128
pc : [<807e8518>]    lr : [<807e690c>]    psr: 80000013
sp : ec7c5c38  ip : ec7c5c70  fp : ec7c5c54
r10: 00000000  r9 : ffedc004  r8 : ff7fbf1c
r7 : 000000f9  r6 : ec7c5c58  r5 : 83b43550  r4 : ffedc004
r3 : df000000  r2 : ffffffd8  r1 : 00000000  r0 : ec7c5c58
Flags: Nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 30c5387d  Table: 8bc08b00  DAC: 00000000
Register r0 information: 2-page vmalloc region starting at 0xec7c4000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r1 information: NULL pointer
Register r2 information: non-paged memory
Register r3 information: non-paged memory
Register r4 information: non-paged memory
Register r5 information: slab vmap_area start 83b43550 pointer offset 0 size 40
Register r6 information: 2-page vmalloc region starting at 0xec7c4000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r7 information: non-paged memory
Register r8 information: 0-page vmalloc region starting at 0xff7d8000 allocated at pcpu_get_vm_areas+0x0/0x12c8 mm/vmalloc.c:3064
Register r9 information: non-paged memory
Register r10 information: NULL pointer
Register r11 information: 2-page vmalloc region starting at 0xec7c4000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r12 information: 2-page vmalloc region starting at 0xec7c4000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Process syz-executor.1 (pid: 21089, stack limit = 0xec7c4000)
Stack: (0xec7c5c38 to 0xec7c6000)
5c20:                                                       ff7fbefc 83b43550
5c40: ded3be7c 83b59d40 ec7c5cb4 ec7c5c58 804c3dd4 807e8488 00000002 00000000
5c60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
5c80: 00000000 00000000 83b43550 4c439be0 83b43550 00000058 ded3be7c 845b9884
5ca0: 845b9880 845b9880 ec7c5cdc ec7c5cb8 804c6a18 804c3d24 ded3be7c 00000000
5cc0: ec7c5d4c 00000000 83646c00 84369600 ec7c5d2c ec7c5ce0 804bbbf4 804c68c8
5ce0: 804bd118 802e2798 804d9d08 00000000 00100cca 00000000 00000000 4c439be0
5d00: 00000000 00000058 00100cca 00000000 00000000 ec7c5d4b 0000005f 00000000
5d20: ec7c5da4 ec7c5d30 804bd614 804bbb58 ec7c5d4b 00000000 01628fff ded3be7c
5d40: 0000005a 0000005a 017c5d50 00000000 00000000 00000000 00000000 00000000
5d60: 00000001 00000000 ec7c5d68 ec7c5d68 81875270 4c439be0 00000406 00000001
5d80: 00000000 0000005a 8c4cb900 00100cca 00000000 ec7c5eb8 ec7c5e1c ec7c5da8
5da0: 804bd968 804bd45c 00000000 4c439be0 00000001 ec7c5eb8 00000000 00000000
5dc0: ec7c5df4 ec7c5dd0 8042e9b0 8042e804 ec7c5eb8 8260cac8 8c4cb900 00140000
5de0: 84369600 00000000 ec7c5e1c 4c439be0 804bcde8 ec7c5eb8 00000000 0000005a
5e00: 8c4cb900 84369600 00000000 00000040 ec7c5e7c ec7c5e20 8047f368 804bd90c
5e20: 8049445c 80479d1c ec7c5eec 83646c00 00000000 00000000 83646c00 84310000
5e40: ec7c5e7c ec7c5e50 84369600 804943e4 fe684003 00001254 83646c00 001403b8
5e60: 8c4cb900 83646c00 84310000 00000040 ec7c5f2c ec7c5e80 80480c4c 8047f174
5e80: e2597fdf 04600000 00000000 ffffffff 8089c028 ec7c5ee0 ec7c5ecc ec7c5ea8
5ea0: 8027caf4 802ac7ac 00000000 81c66394 ec7c5eb8 ec7c5fb0 8c4cb900 00000cc0
5ec0: 00000140 00140000 001403b8 00001a54 96df0000 8bc08b00 00005a00 00000000
5ee0: 00000000 00000000 00000000 defbfaa4 00000000 00000000 00c78fff 4c439be0
5f00: 00000000 ec7c5fb0 001403b8 00000254 00000207 83646c00 84310000 00000007
5f20: ec7c5f74 ec7c5f30 80215e14 80480880 83646c00 7eb8b670 ec7c5fac ec7c5f48
5f40: 00000000 8c4cb900 80307668 8261d0e0 00000207 001403b8 ec7c5fb0 80215c4c
5f60: 00000000 7eb8b670 ec7c5fac ec7c5f78 802161dc 80215c58 00000000 4c439be0
5f80: 20000010 4c439be0 0007ace0 00021804 60000010 ffffffff 83646c00 824a9044
5fa0: 00000000 ec7c5fb0 80200e3c 802161b0 00000000 00000000 00000000 00000000
5fc0: 00000cc0 7eb8b61c 00000000 000001f4 00140000 00000000 7eb8b670 00001aff
5fe0: 00000000 7eb8b5a8 00000001 00021804 60000010 ffffffff 00000000 00000000
Call trace: 
[<807e847c>] (sg_init_one) from [<804c3dd4>] (zswap_decompress+0xbc/0x208 mm/zswap.c:1089)
 r7:83b59d40 r6:ded3be7c r5:83b43550 r4:ff7fbefc
[<804c3d18>] (zswap_decompress) from [<804c6a18>] (zswap_load+0x15c/0x198 mm/zswap.c:1637)
 r9:845b9880 r8:845b9880 r7:845b9884 r6:ded3be7c r5:00000058 r4:83b43550
[<804c68bc>] (zswap_load) from [<804bbbf4>] (swap_read_folio+0xa8/0x498 mm/page_io.c:518)
 r9:84369600 r8:83646c00 r7:00000000 r6:ec7c5d4c r5:00000000 r4:ded3be7c
[<804bbb4c>] (swap_read_folio) from [<804bd614>] (swap_cluster_readahead+0x1c4/0x34c mm/swap_state.c:684)
 r10:00000000 r9:0000005f r8:ec7c5d4b r7:00000000 r6:00000000 r5:00100cca
 r4:00000058
[<804bd450>] (swap_cluster_readahead) from [<804bd968>] (swapin_readahead+0x68/0x4a8 mm/swap_state.c:904)
 r10:ec7c5eb8 r9:00000000 r8:00100cca r7:8c4cb900 r6:0000005a r5:00000000
 r4:00000001
[<804bd900>] (swapin_readahead) from [<8047f368>] (do_swap_page+0x200/0xcc4 mm/memory.c:4046)
 r10:00000040 r9:00000000 r8:84369600 r7:8c4cb900 r6:0000005a r5:00000000
 r4:ec7c5eb8
[<8047f168>] (do_swap_page) from [<80480c4c>] (handle_pte_fault mm/memory.c:5301 [inline])
[<8047f168>] (do_swap_page) from [<80480c4c>] (__handle_mm_fault mm/memory.c:5439 [inline])
[<8047f168>] (do_swap_page) from [<80480c4c>] (handle_mm_fault+0x3d8/0x12b8 mm/memory.c:5604)
 r10:00000040 r9:84310000 r8:83646c00 r7:8c4cb900 r6:001403b8 r5:83646c00
 r4:00001254
[<80480874>] (handle_mm_fault) from [<80215e14>] (do_page_fault+0x1c8/0x3a8 arch/arm/mm/fault.c:299)
 r10:00000007 r9:84310000 r8:83646c00 r7:00000207 r6:00000254 r5:001403b8
 r4:ec7c5fb0
[<80215c4c>] (do_page_fault) from [<802161dc>] (do_DataAbort+0x38/0xa8 arch/arm/mm/fault.c:565)
 r10:7eb8b670 r9:00000000 r8:80215c4c r7:ec7c5fb0 r6:001403b8 r5:00000207
 r4:8261d0e0
[<802161a4>] (do_DataAbort) from [<80200e3c>] (__dabt_usr+0x5c/0x60 arch/arm/kernel/entry-armv.S:427)
Exception stack(0xec7c5fb0 to 0xec7c5ff8)
5fa0:                                     00000000 00000000 00000000 00000000
5fc0: 00000cc0 7eb8b61c 00000000 000001f4 00140000 00000000 7eb8b670 00001aff
5fe0: 00000000 7eb8b5a8 00000001 00021804 60000010 ffffffff
 r8:824a9044 r7:83646c00 r6:ffffffff r5:60000010 r4:00021804
Code: 1a000004 e1822003 e8860094 e89da8f0 (e7f001f2) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	1a000004 	bne	0x18
   4:	e1822003 	orr	r2, r2, r3
   8:	e8860094 	stm	r6, {r2, r4, r7}
   c:	e89da8f0 	ldm	sp, {r4, r5, r6, r7, fp, sp, pc}
* 10:	e7f001f2 	udf	#18 <-- trapping instruction