------------[ cut here ]------------
kernel BUG at include/linux/scatterlist.h:187!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 1 PID: 25884 Comm: syz-executor.0 Not tainted 6.9.0-rc1-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at sg_set_buf include/linux/scatterlist.h:187 [inline]
PC is at sg_init_one+0x9c/0xa8 lib/scatterlist.c:143
LR is at sg_init_table+0x2c/0x40 lib/scatterlist.c:128
pc : [<807e8658>]    lr : [<807e6a4c>]    psr: 80000013
sp : dfb5db50  ip : dfb5db88  fp : dfb5db6c
r10: 00000000  r9 : ffedc004  r8 : ff7fbf1c
r7 : 0000003f  r6 : dfb5db70  r5 : 83f8c2a8  r4 : ffedc004
r3 : df000000  r2 : ffffffd8  r1 : 00000000  r0 : dfb5db70
Flags: Nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 30c5387d  Table: 85260f80  DAC: 00000000
Register r0 information: 2-page vmalloc region starting at 0xdfb5c000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r1 information: NULL pointer
Register r2 information: non-paged memory
Register r3 information: non-paged memory
Register r4 information: non-paged memory
Register r5 information: slab vmap_area start 83f8c2a8 pointer offset 0 size 40
Register r6 information: 2-page vmalloc region starting at 0xdfb5c000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r7 information: non-paged memory
Register r8 information: 0-page vmalloc region starting at 0xff7d8000 allocated at pcpu_get_vm_areas+0x0/0x12c8 mm/vmalloc.c:3064
Register r9 information: non-paged memory
Register r10 information: NULL pointer
Register r11 information: 2-page vmalloc region starting at 0xdfb5c000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r12 information: 2-page vmalloc region starting at 0xdfb5c000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Process syz-executor.0 (pid: 25884, stack limit = 0xdfb5c000)
Stack: (0xdfb5db50 to 0xdfb5e000)
db40:                                     ff7fbefc 83f8c2a8 dedab35c 83d27fc0
db60: dfb5dbcc dfb5db70 804c3de4 807e85c8 00000002 00000000 00000000 00000000
db80: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
dba0: 000001a1 5294fc52 83f8c2a8 000001a1 dedab35c 84248e84 84248e80 84248e80
dbc0: dfb5dbf4 dfb5dbd0 804c6a28 804c3d34 dedab35c 00000001 dfb5dc64 00000000
dbe0: 84130000 84169b00 dfb5dc44 dfb5dbf8 804bbc04 804c68d8 804bd128 802e27a0
dc00: 013d3664 00000000 00100cca 00000000 00000000 5294fc52 00000000 000001a1
dc20: 00100cca 00000000 00000000 dfb5dc63 000001a3 00000000 dfb5dcbc dfb5dc48
dc40: 804bd624 804bbb68 dfb5dc63 00000000 dfb5dc7c dedab35c 000001a1 000001a1
dc60: 01000000 00000000 00000000 00000000 00000000 00000000 00000001 00000000
dc80: dfb5dc80 dfb5dc80 818753b0 5294fc52 00000406 00000001 00000000 000001a1
dca0: 8545be40 00100cca 00000000 dfb5ddd0 dfb5dd34 dfb5dcc0 804bd978 804bd46c
dcc0: 00000000 5294fc52 00000001 dfb5ddd0 00000000 00000000 dfb5dd0c dfb5dce8
dce0: 8042e9c0 8042e814 dfb5ddd0 8260cac8 8545be40 20000000 84169b00 00000000
dd00: dfb5dd34 5294fc52 804bcdf8 dfb5ddd0 00000000 000001a1 8545be40 84169b00
dd20: 00000000 00000000 dfb5dd94 dfb5dd38 8047f378 804bd91c 8049446c 80479d2c
dd40: dfb5de04 84130000 00000000 00000000 20000000 84261500 dfb5dd94 dfb5dd68
dd60: 84169b00 804943f4 fb41a003 00000215 84130000 20000000 8545be40 20000000
dd80: 84261500 00000000 dfb5de44 dfb5dd98 80480c5c 8047f184 84261540 ffffffff
dda0: dfb5de08 20000000 81c66394 8422d00c 84261540 20000000 20ffffff 8422d00c
ddc0: 00000000 ffffffff dfb5ddd0 dfb5dec8 8545be40 00000cc0 00020000 20000000
dde0: 20000000 00000a15 8b5df800 85260f80 0001a180 00000000 00000000 00000000
de00: 00000000 def4e3bc 00000000 00000000 dfb5de44 5294fc52 80480318 dfb5dec8
de20: 20000000 00000215 00000a07 20000000 84261500 00000002 dfb5de8c dfb5de48
de40: 80215d94 80480890 ffffffef 00000001 00000000 5294fc52 00000010 84130000
de60: 82199dc0 8261d0e0 00000a07 20000000 dfb5dec8 80215c4c 84130000 8b5ff780
de80: dfb5dec4 dfb5de90 802161dc 80215c58 dfb5dee4 dfb5dea0 806d26ec 806d24e4
dea0: 00000000 8184b328 80000013 ffffffff dfb5defc 00000003 dfb5dfa4 dfb5dec8
dec0: 80200ae4 802161b0 20000000 7effffff 00000000 00000000 0000541b 00000000
dee0: 8b5ff781 20000000 00000003 84130000 8b5ff780 dfb5dfa4 a1000003 dfb5df18
df00: 8050fbf4 8184b328 80000013 ffffffff 8050fa3c 806c9024 84130000 00000001
df20: ecac8b10 84130000 dfb5df44 dfb5df38 81897c90 81897b5c dfb5df5c dfb5df48
df40: 8024c880 8027b094 40000000 dfb5dfb0 dfb5df84 dfb5df60 8020316c 8024c83c
df60: 8261ca0c dfb5dfb0 0006b3f0 ecac8b10 80203054 5294fc52 dfb5dfac 00000000
df80: 00000000 0014c2c8 00000036 80200288 84130000 00000036 00000000 dfb5dfa8
dfa0: 80200060 8050f9f8 00000000 00000000 00000003 0000541b 20000000 00000000
dfc0: 00000000 00000000 0014c2c8 00000036 7e83432e 7e83432f 003d0f00 76bed0fc
dfe0: 76becf08 76becef8 000167f8 00050bc0 60000010 00000003 00000000 00000000
Call trace: 
[<807e85bc>] (sg_init_one) from [<804c3de4>] (zswap_decompress+0xbc/0x208 mm/zswap.c:1089)
 r7:83d27fc0 r6:dedab35c r5:83f8c2a8 r4:ff7fbefc
[<804c3d28>] (zswap_decompress) from [<804c6a28>] (zswap_load+0x15c/0x198 mm/zswap.c:1637)
 r9:84248e80 r8:84248e80 r7:84248e84 r6:dedab35c r5:000001a1 r4:83f8c2a8
[<804c68cc>] (zswap_load) from [<804bbc04>] (swap_read_folio+0xa8/0x498 mm/page_io.c:518)
 r9:84169b00 r8:84130000 r7:00000000 r6:dfb5dc64 r5:00000001 r4:dedab35c
[<804bbb5c>] (swap_read_folio) from [<804bd624>] (swap_cluster_readahead+0x1c4/0x34c mm/swap_state.c:684)
 r10:00000000 r9:000001a3 r8:dfb5dc63 r7:00000000 r6:00000000 r5:00100cca
 r4:000001a1
[<804bd460>] (swap_cluster_readahead) from [<804bd978>] (swapin_readahead+0x68/0x4a8 mm/swap_state.c:904)
 r10:dfb5ddd0 r9:00000000 r8:00100cca r7:8545be40 r6:000001a1 r5:00000000
 r4:00000001
[<804bd910>] (swapin_readahead) from [<8047f378>] (do_swap_page+0x200/0xcc4 mm/memory.c:4046)
 r10:00000000 r9:00000000 r8:84169b00 r7:8545be40 r6:000001a1 r5:00000000
 r4:dfb5ddd0
[<8047f178>] (do_swap_page) from [<80480c5c>] (handle_pte_fault mm/memory.c:5301 [inline])
[<8047f178>] (do_swap_page) from [<80480c5c>] (__handle_mm_fault mm/memory.c:5439 [inline])
[<8047f178>] (do_swap_page) from [<80480c5c>] (handle_mm_fault+0x3d8/0x12b8 mm/memory.c:5604)
 r10:00000000 r9:84261500 r8:20000000 r7:8545be40 r6:20000000 r5:84130000
 r4:00000215
[<80480884>] (handle_mm_fault) from [<80215d94>] (do_page_fault+0x148/0x3a8 arch/arm/mm/fault.c:333)
 r10:00000002 r9:84261500 r8:20000000 r7:00000a07 r6:00000215 r5:20000000
 r4:dfb5dec8
[<80215c4c>] (do_page_fault) from [<802161dc>] (do_DataAbort+0x38/0xa8 arch/arm/mm/fault.c:565)
 r10:8b5ff780 r9:84130000 r8:80215c4c r7:dfb5dec8 r6:20000000 r5:00000a07
 r4:8261d0e0
[<802161a4>] (do_DataAbort) from [<80200ae4>] (__dabt_svc+0x44/0x60 arch/arm/kernel/entry-armv.S:212)
Exception stack(0xdfb5dec8 to 0xdfb5df10)
dec0:                   20000000 7effffff 00000000 00000000 0000541b 00000000
dee0: 8b5ff781 20000000 00000003 84130000 8b5ff780 dfb5dfa4 a1000003 dfb5df18
df00: 8050fbf4 8184b328 80000013 ffffffff
 r8:00000003 r7:dfb5defc r6:ffffffff r5:80000013 r4:8184b328
[<8050f9ec>] (sys_ioctl) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:66)
Exception stack(0xdfb5dfa8 to 0xdfb5dff0)
dfa0:                   00000000 00000000 00000003 0000541b 20000000 00000000
dfc0: 00000000 00000000 0014c2c8 00000036 7e83432e 7e83432f 003d0f00 76bed0fc
dfe0: 76becf08 76becef8 000167f8 00050bc0
 r10:00000036 r9:84130000 r8:80200288 r7:00000036 r6:0014c2c8 r5:00000000
 r4:00000000
Code: 1a000004 e1822003 e8860094 e89da8f0 (e7f001f2) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	1a000004 	bne	0x18
   4:	e1822003 	orr	r2, r2, r3
   8:	e8860094 	stm	r6, {r2, r4, r7}
   c:	e89da8f0 	ldm	sp, {r4, r5, r6, r7, fp, sp, pc}
* 10:	e7f001f2 	udf	#18 <-- trapping instruction