594.081775][ T6626] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 594.112786][ T6626] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 594.122157][ T6626] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 594.161562][ T6626] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 594.543930][ T5839] Bluetooth: hci0: command tx timeout [ 596.040518][ T6626] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 596.052678][ T6626] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 596.134908][ T6626] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 596.145488][ T6626] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 596.622922][ T5839] Bluetooth: hci0: command tx timeout [ 596.771157][ T7171] loop0: detected capacity change from 0 to 4096 [ 596.814667][ T7171] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). Warning: Permanently added '10.128.1.142' (ED25519) to the list of known hosts. Setting up swapspace version 1, size = 127995904 bytes [ 607.060676][ T7129] syz.0.32 (7129) used greatest stack depth: 1648 bytes left [ 607.069503][ T1094] bridge_slave_1: left allmulticast mode [ 607.078612][ T1094] bridge_slave_1: left promiscuous mode [ 607.094202][ T1094] bridge0: port 2(bridge_slave_1) entered disabled state [ 607.141277][ T1094] bridge_slave_0: left allmulticast mode [ 607.164212][ T1094] bridge_slave_0: left promiscuous mode [ 607.170865][ T1094] bridge0: port 1(bridge_slave_0) entered disabled state [ 607.726930][ T1094] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 607.750094][ T1094] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 607.778078][ T1094] bond0 (unregistering): Released all slaves [ 608.306254][ T1094] hsr_slave_0: left promiscuous mode [ 608.314695][ T1094] hsr_slave_1: left promiscuous mode [ 608.333179][ T1094] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 608.341238][ T1094] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 608.366207][ T1094] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 608.383698][ T1094] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 608.427354][ T1094] veth1_macvtap: left promiscuous mode [ 608.448990][ T1094] veth0_macvtap: left promiscuous mode [ 608.455211][ T1094] veth1_vlan: left promiscuous mode [ 608.460794][ T1094] veth0_vlan: left promiscuous mode [ 609.460739][ T1094] team0 (unregistering): Port device team_slave_1 removed [ 609.494472][ T1094] team0 (unregistering): Port device team_slave_0 removed [ 612.271705][ T7177] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 626.199660][ T1094] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 626.287784][ T1094] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 626.372312][ T1094] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 626.471510][ T1094] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 626.786588][ T1094] bridge_slave_1: left allmulticast mode [ 626.793660][ T1094] bridge_slave_1: left promiscuous mode [ 626.804331][ T1094] bridge0: port 2(bridge_slave_1) entered disabled state [ 626.821432][ T1094] bridge_slave_0: left allmulticast mode [ 626.828395][ T1094] bridge_slave_0: left promiscuous mode [ 626.836590][ T1094] bridge0: port 1(bridge_slave_0) entered disabled state [ 627.283780][ T1094] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 627.300996][ T1094] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 627.317114][ T1094] bond0 (unregistering): Released all slaves [ 627.800632][ T1094] hsr_slave_0: left promiscuous mode [ 627.808964][ T1094] hsr_slave_1: left promiscuous mode [ 627.826041][ T1094] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 627.836589][ T1094] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 627.848327][ T1094] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 627.857283][ T1094] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 627.880920][ T1094] veth1_macvtap: left promiscuous mode [ 627.888004][ T1094] veth0_macvtap: left promiscuous mode [ 627.895747][ T1094] veth1_vlan: left promiscuous mode [ 627.901276][ T1094] veth0_vlan: left promiscuous mode [ 628.855910][ T1094] team0 (unregistering): Port device team_slave_1 removed [ 628.913094][ T1094] team0 (unregistering): Port device team_slave_0 removed [ 634.162129][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 634.169111][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 677.836764][ T84] ===================================================== [ 677.845125][ T84] BUG: KMSAN: use-after-free in obj_malloc+0x5e4/0x670 [ 677.852148][ T84] obj_malloc+0x5e4/0x670 [ 677.856999][ T84] zs_malloc+0xcdb/0x1c30 [ 677.861480][ T84] zswap_store+0x2099/0x4b20 [ 677.866381][ T84] swap_writeout+0x8bd/0x1380 [ 677.871548][ T84] shrink_folio_list+0x5acc/0x80f0 [ 677.877052][ T84] evict_folios+0x9a18/0xbfd0 [ 677.881888][ T84] try_to_shrink_lruvec+0x16f1/0x1da0 [ 677.887538][ T84] shrink_one+0x4bd/0xbc0 [ 677.892059][ T84] shrink_node+0x4624/0x5330 [ 677.897070][ T84] kswapd+0x2ff8/0x54f0 [ 677.901564][ T84] kthread+0x53f/0x600 [ 677.906305][ T84] ret_from_fork+0x20f/0x910 [ 677.911237][ T84] ret_from_fork_asm+0x1a/0x30 [ 677.916523][ T84] [ 677.919089][ T84] Uninit was stored to memory at: [ 677.924537][ T84] obj_malloc+0x605/0x670 [ 677.929173][ T84] zs_malloc+0xcdb/0x1c30 [ 677.933950][ T84] zswap_store+0x2099/0x4b20 [ 677.938787][ T84] swap_writeout+0x8bd/0x1380 [ 677.943950][ T84] shrink_folio_list+0x5acc/0x80f0 [ 677.949612][ T84] evict_folios+0x9a18/0xbfd0 [ 677.954794][ T84] try_to_shrink_lruvec+0x16f1/0x1da0 [ 677.960983][ T84] shrink_one+0x4bd/0xbc0 [ 677.965851][ T84] shrink_node+0x4624/0x5330 [ 677.971235][ T84] do_try_to_free_pages+0x956/0x2620 [ 677.977563][ T84] try_to_free_pages+0x920/0x1730 [ 677.983046][ T84] __alloc_pages_direct_reclaim+0x10c/0x340 [ 677.989294][ T84] __alloc_pages_slowpath+0x9bf/0x18c0 [ 677.995708][ T84] __alloc_frozen_pages_noprof+0xafd/0x1020 [ 678.002208][ T84] alloc_pages_mpol+0x328/0x860 [ 678.007730][ T84] folio_alloc_mpol_noprof+0x56/0x1d0 [ 678.013506][ T84] shmem_alloc_and_add_folio+0xc54/0x1bd0 [ 678.019876][ T84] shmem_get_folio_gfp+0xad3/0x1fc0 [ 678.025637][ T84] shmem_read_folio_gfp+0xac/0x1a0 [ 678.031537][ T84] drm_gem_get_pages+0x3ba/0x14c0 [ 678.037173][ T84] drm_gem_shmem_get_pages_locked+0x1d2/0x4e0 [ 678.043806][ T84] drm_gem_shmem_pin_locked+0x2b4/0x580 [ 678.050465][ T84] drm_gem_shmem_vmap_locked+0x4cd/0x800 [ 678.056917][ T84] drm_gem_shmem_object_vmap+0x36/0x50 [ 678.063318][ T84] drm_gem_vmap+0xbd/0x1e0 [ 678.068031][ T84] drm_gem_fb_vmap+0x104/0x560 [ 678.073128][ T84] vkms_prepare_fb+0x119/0x170 [ 678.078540][ T84] drm_atomic_helper_prepare_planes+0x4b5/0x1290 [ 678.085203][ T84] drm_atomic_helper_commit+0x1f4/0x1020 [ 678.091351][ T84] drm_atomic_commit+0x319/0x390 [ 678.096803][ T84] drm_atomic_helper_update_plane+0x3c2/0x650 [ 678.103241][ T84] drm_mode_cursor_common+0x1cbf/0x24f0 [ 678.109440][ T84] drm_mode_cursor_ioctl+0xa2/0xd0 [ 678.114886][ T84] drm_ioctl_kernel+0x469/0x580 [ 678.120003][ T84] drm_ioctl+0xf02/0x1760 [ 678.124821][ T84] __se_sys_ioctl+0x23c/0x400 [ 678.130114][ T84] __x64_sys_ioctl+0x97/0xe0 [ 678.135136][ T84] x64_sys_call+0x1975/0x3ea0 [ 678.140194][ T84] do_syscall_64+0x134/0xf80 [ 678.145629][ T84] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 678.151951][ T84] [ 678.154534][ T84] Uninit was created at: [ 678.159237][ T84] free_pages_prepare+0x10c/0xee0 [ 678.164631][ T84] compaction_free+0x133/0x4b0 [ 678.169912][ T84] migrate_pages_batch+0x8155/0x8900 [ 678.175538][ T84] migrate_pages+0x3560/0x5440 [ 678.180534][ T84] compact_zone+0x3f4e/0x7820 [ 678.185572][ T84] kcompactd+0x102c/0x24c0 [ 678.190182][ T84] kthread+0x53f/0x600 [ 678.194550][ T84] ret_from_fork+0x20f/0x910 [ 678.199458][ T84] ret_from_fork_asm+0x1a/0x30 [ 678.204839][ T84] [ 678.207251][ T84] CPU: 1 UID: 0 PID: 84 Comm: kswapd0 Not tainted syzkaller #0 PREEMPT(full) [ 678.216545][ T84] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 678.227354][ T84] ===================================================== [ 678.234651][ T84] Disabling lock debugging due to kernel taint [ 678.241162][ T5120] ===================================================== [ 678.241179][ T84] Kernel panic - not syncing: kmsan.panic set ... [ 678.255097][ T84] CPU: 1 UID: 0 PID: 84 Comm: kswapd0 Tainted: G B syzkaller #0 PREEMPT(full) [ 678.265983][ T84] Tainted: [B]=BAD_PAGE [ 678.271246][ T84] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 678.281689][ T84] Call Trace: [ 678.285032][ T84] [ 678.288010][ T84] __dump_stack+0x26/0x30 [ 678.292563][ T84] dump_stack_lvl+0x50/0x1c0 [ 678.297452][ T84] ? dump_stack+0x12/0x25 [ 678.302516][ T84] dump_stack+0x1e/0x25 [ 678.307011][ T84] vpanic+0x7b4/0x1430 [ 678.311224][ T84] panic+0x15d/0x160 [ 678.315365][ T84] kmsan_report+0x31a/0x320 [ 678.320363][ T84] ? kmsan_slab_alloc+0xdc/0x160 [ 678.325948][ T84] ? __msan_warning+0x1b/0x30 [ 678.331117][ T84] ? obj_malloc+0x5e4/0x670 [ 678.335889][ T84] ? zs_malloc+0xcdb/0x1c30 [ 678.340661][ T84] ? zswap_store+0x2099/0x4b20 [ 678.345643][ T84] ? swap_writeout+0x8bd/0x1380 [ 678.351207][ T84] ? shrink_folio_list+0x5acc/0x80f0 [ 678.356897][ T84] ? evict_folios+0x9a18/0xbfd0 [ 678.362221][ T84] ? try_to_shrink_lruvec+0x16f1/0x1da0 [ 678.367982][ T84] ? shrink_one+0x4bd/0xbc0 [ 678.372614][ T84] ? shrink_node+0x4624/0x5330 [ 678.377739][ T84] ? kswapd+0x2ff8/0x54f0 [ 678.382151][ T84] ? kthread+0x53f/0x600 [ 678.386773][ T84] ? ret_from_fork+0x20f/0x910 [ 678.391834][ T84] ? ret_from_fork_asm+0x1a/0x30 [ 678.397161][ T84] ? kmsan_get_metadata+0xf1/0x160 [ 678.402576][ T84] ? kmsan_get_metadata+0xf1/0x160 [ 678.408003][ T84] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 678.414662][ T84] ? kmsan_get_metadata+0xf1/0x160 [ 678.420303][ T84] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 678.426610][ T84] ? should_fail_ex+0x45/0x8c0 [ 678.431734][ T84] ? kmsan_get_metadata+0xf1/0x160 [ 678.437149][ T84] ? kmsan_get_metadata+0xf1/0x160 [ 678.442924][ T84] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 678.449857][ T84] ? kmsan_get_metadata+0xf1/0x160 [ 678.455923][ T84] ? kmsan_get_metadata+0xf1/0x160 [ 678.461433][ T84] __msan_warning+0x1b/0x30 [ 678.466138][ T84] obj_malloc+0x5e4/0x670 [ 678.470564][ T84] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 678.477068][ T84] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 678.483142][ T84] zs_malloc+0xcdb/0x1c30 [ 678.487659][ T84] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 678.493959][ T84] ? kmsan_get_metadata+0xf1/0x160 [ 678.499652][ T84] zswap_store+0x2099/0x4b20 [ 678.504603][ T84] swap_writeout+0x8bd/0x1380 [ 678.509459][ T84] shrink_folio_list+0x5acc/0x80f0 [ 678.515080][ T84] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 678.521713][ T84] ? kmsan_get_metadata+0xf1/0x160 [ 678.527250][ T84] ? kmsan_get_metadata+0xd0/0x160 [ 678.532701][ T84] evict_folios+0x9a18/0xbfd0 [ 678.537847][ T84] try_to_shrink_lruvec+0x16f1/0x1da0 [ 678.543628][ T84] ? try_to_shrink_lruvec+0xfb0/0x1da0 [ 678.549711][ T84] shrink_one+0x4bd/0xbc0 [ 678.554261][ T84] ? __rcu_read_unlock+0x6c/0xd0 [ 678.559711][ T84] shrink_node+0x4624/0x5330 [ 678.564508][ T84] ? kmsan_get_metadata+0xf1/0x160 [ 678.569942][ T84] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 678.575985][ T84] ? kmsan_get_metadata+0xf1/0x160 [ 678.581571][ T84] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 678.587780][ T84] ? kmsan_get_metadata+0xf1/0x160 [ 678.593377][ T84] ? memcg1_soft_limit_reclaim+0x29/0x1680 [ 678.599527][ T84] kswapd+0x2ff8/0x54f0 [ 678.603968][ T84] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 678.610135][ T84] kthread+0x53f/0x600 [ 678.615052][ T84] ? __pfx_kswapd+0x10/0x10 [ 678.619770][ T84] ? __pfx_kthread+0x10/0x10 [ 678.624825][ T84] ret_from_fork+0x20f/0x910 [ 678.629912][ T84] ? __switch_to+0x51c/0x750 [ 678.635012][ T84] ? __pfx_kthread+0x10/0x10 [ 678.639926][ T84] ret_from_fork_asm+0x1a/0x30 [ 678.644841][ T84] [ 680.229986][ T84] Shutting down cpus with NMI [ 680.235793][ T84] Kernel Offset: disabled [ 680.240480][ T84] Rebooting in 86400 seconds..