------------[ cut here ]------------
kernel BUG at include/linux/scatterlist.h:187!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 1 PID: 8586 Comm: syz-executor.0 Not tainted 6.9.0-rc1-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at sg_set_buf include/linux/scatterlist.h:187 [inline]
PC is at sg_init_one+0x9c/0xa8 lib/scatterlist.c:143
LR is at sg_init_table+0x2c/0x40 lib/scatterlist.c:128
pc : [<807e8648>]    lr : [<807e6a3c>]    psr: 80000113
sp : dfdddc38  ip : dfdddc70  fp : dfdddc54
r10: 00000000  r9 : ffedc004  r8 : ff7fbf1c
r7 : 00000052  r6 : dfdddc58  r5 : 83e0f6b8  r4 : ffedc004
r3 : df000000  r2 : ffffffd8  r1 : 00000000  r0 : dfdddc58
Flags: Nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 30c5387d  Table: 84ef9340  DAC: 00000000
Register r0 information: 2-page vmalloc region starting at 0xdfddc000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r1 information: NULL pointer
Register r2 information: non-paged memory
Register r3 information: non-paged memory
Register r4 information: non-paged memory
Register r5 information: slab vmap_area start 83e0f6b8 pointer offset 0 size 40
Register r6 information: 2-page vmalloc region starting at 0xdfddc000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r7 information: non-paged memory
Register r8 information: 0-page vmalloc region starting at 0xff7d8000 allocated at pcpu_get_vm_areas+0x0/0x12c8 mm/vmalloc.c:3064
Register r9 information: non-paged memory
Register r10 information: NULL pointer
Register r11 information: 2-page vmalloc region starting at 0xdfddc000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r12 information: 2-page vmalloc region starting at 0xdfddc000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Process syz-executor.0 (pid: 8586, stack limit = 0xdfddc000)
Stack: (0xdfdddc38 to 0xdfdde000)
dc20:                                                       ff7fbefc 83e0f6b8
dc40: dee0a774 83e30700 dfdddcb4 dfdddc58 804c3dd4 807e85b8 00000002 00000000
dc60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
dc80: 00000000 00000000 00000003 668e8410 83e0f6b8 00000003 dee0a774 84970984
dca0: 84970980 84970980 dfdddcdc dfdddcb8 804c6a18 804c3d24 dee0a774 00000001
dcc0: dfdddd4c 00000000 8418b000 8432be00 dfdddd2c dfdddce0 804bbbf4 804c68c8
dce0: 804bd118 802e2798 ffffffe0 00000000 00100cca 00000000 00000000 668e8410
dd00: 8432be00 00000003 00100cca 00000000 00000000 dfdddd4b 00000007 00000000
dd20: dfdddda4 dfdddd30 804bd614 804bbb58 dfdddd4b 00000000 dfdddd6c dee0a774
dd40: 00000003 00000003 01de4280 00000000 00000000 00000000 00000000 00000000
dd60: 00000001 00000000 dfdddd68 dfdddd68 818753b0 668e8410 00000406 00000001
dd80: 00000000 00000003 8511f8a0 00100cca 00000000 dfdddeb8 dfddde1c dfdddda8
dda0: 804bd968 804bd45c 00000000 668e8410 00000001 dfdddeb8 00000000 00000000
ddc0: dfddddf4 dfddddd0 8042e9b0 8042e804 dfdddeb8 8260cac8 8511f8a0 20000000
dde0: 8432be00 00000000 dfddde1c 668e8410 804bcde8 dfdddeb8 00000000 00000003
de00: 8511f8a0 8432be00 00000000 00000040 dfddde7c dfddde20 8047f368 804bd90c
de20: 8049445c 80479d1c dfdddeec 8418b000 00000000 00000000 8418b000 8421d200
de40: dfddde7c dfddde50 8432be00 804943e4 feb7f003 00001254 8418b000 20000300
de60: 8511f8a0 8418b000 8421d200 00000040 dfdddf2c dfddde80 80480c4c 8047f174
de80: dfdddee0 dfdddfb0 dfdddea4 dfddde98 8089c158 dfdddee0 dfdddecc dfdddea8
dea0: 8027caf4 802ac7ac 00000008 81c66394 dfdddeb8 dfdddfb0 8511f8a0 00000cc0
dec0: 00020000 20000000 20000300 00001a54 85159800 84ef9340 00000380 00000000
dee0: 00000000 00000000 00000000 defcadf0 00000000 00000000 20ffffff 668e8410
df00: 00000000 dfdddfb0 20000300 00000254 00000207 8418b000 8421d200 00000007
df20: dfdddf74 dfdddf30 80215e14 80480880 81897c90 81897b5c dfdddf5c dfdddf48
df40: 8024c880 8511f8a0 40000000 8261d0e0 00000207 20000300 dfdddfb0 80215c4c
df60: 0014c29c 7ecba4dc dfdddfac dfdddf78 802161dc 80215c58 dfdddfac dfdddf88
df80: 8020ca6c 80203060 0006b3f4 0001d2a8 40000010 ffffffff 8418b000 824a9044
dfa0: 00000000 dfdddfb0 80200e3c 802161b0 00000000 0000001d 00000000 20000300
dfc0: 00000004 00000000 00000000 000001f4 fffffffe 0014c29c 7ecba4dc 0006b118
dfe0: 01bb8590 7ecba3a8 0001d150 0001d2a8 40000010 ffffffff 00000000 00000000
Call trace: 
[<807e85ac>] (sg_init_one) from [<804c3dd4>] (zswap_decompress+0xbc/0x208 mm/zswap.c:1089)
 r7:83e30700 r6:dee0a774 r5:83e0f6b8 r4:ff7fbefc
[<804c3d18>] (zswap_decompress) from [<804c6a18>] (zswap_load+0x15c/0x198 mm/zswap.c:1637)
 r9:84970980 r8:84970980 r7:84970984 r6:dee0a774 r5:00000003 r4:83e0f6b8
[<804c68bc>] (zswap_load) from [<804bbbf4>] (swap_read_folio+0xa8/0x498 mm/page_io.c:518)
 r9:8432be00 r8:8418b000 r7:00000000 r6:dfdddd4c r5:00000001 r4:dee0a774
[<804bbb4c>] (swap_read_folio) from [<804bd614>] (swap_cluster_readahead+0x1c4/0x34c mm/swap_state.c:684)
 r10:00000000 r9:00000007 r8:dfdddd4b r7:00000000 r6:00000000 r5:00100cca
 r4:00000003
[<804bd450>] (swap_cluster_readahead) from [<804bd968>] (swapin_readahead+0x68/0x4a8 mm/swap_state.c:904)
 r10:dfdddeb8 r9:00000000 r8:00100cca r7:8511f8a0 r6:00000003 r5:00000000
 r4:00000001
[<804bd900>] (swapin_readahead) from [<8047f368>] (do_swap_page+0x200/0xcc4 mm/memory.c:4046)
 r10:00000040 r9:00000000 r8:8432be00 r7:8511f8a0 r6:00000003 r5:00000000
 r4:dfdddeb8
[<8047f168>] (do_swap_page) from [<80480c4c>] (handle_pte_fault mm/memory.c:5301 [inline])
[<8047f168>] (do_swap_page) from [<80480c4c>] (__handle_mm_fault mm/memory.c:5439 [inline])
[<8047f168>] (do_swap_page) from [<80480c4c>] (handle_mm_fault+0x3d8/0x12b8 mm/memory.c:5604)
 r10:00000040 r9:8421d200 r8:8418b000 r7:8511f8a0 r6:20000300 r5:8418b000
 r4:00001254
[<80480874>] (handle_mm_fault) from [<80215e14>] (do_page_fault+0x1c8/0x3a8 arch/arm/mm/fault.c:299)
 r10:00000007 r9:8421d200 r8:8418b000 r7:00000207 r6:00000254 r5:20000300
 r4:dfdddfb0
[<80215c4c>] (do_page_fault) from [<802161dc>] (do_DataAbort+0x38/0xa8 arch/arm/mm/fault.c:565)
 r10:7ecba4dc r9:0014c29c r8:80215c4c r7:dfdddfb0 r6:20000300 r5:00000207
 r4:8261d0e0
[<802161a4>] (do_DataAbort) from [<80200e3c>] (__dabt_usr+0x5c/0x60 arch/arm/kernel/entry-armv.S:427)
Exception stack(0xdfdddfb0 to 0xdfdddff8)
dfa0:                                     00000000 0000001d 00000000 20000300
dfc0: 00000004 00000000 00000000 000001f4 fffffffe 0014c29c 7ecba4dc 0006b118
dfe0: 01bb8590 7ecba3a8 0001d150 0001d2a8 40000010 ffffffff
 r8:824a9044 r7:8418b000 r6:ffffffff r5:40000010 r4:0001d2a8
Code: 1a000004 e1822003 e8860094 e89da8f0 (e7f001f2) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	1a000004 	bne	0x18
   4:	e1822003 	orr	r2, r2, r3
   8:	e8860094 	stm	r6, {r2, r4, r7}
   c:	e89da8f0 	ldm	sp, {r4, r5, r6, r7, fp, sp, pc}
* 10:	e7f001f2 	udf	#18 <-- trapping instruction