=====================================================
BUG: KMSAN: use-after-free in obj_malloc+0x5e4/0x670 mm/zsmalloc.c:1264
 obj_malloc+0x5e4/0x670 mm/zsmalloc.c:1264
 zs_malloc+0xcdb/0x1c30 mm/zsmalloc.c:1323
 zswap_compress mm/zswap.c:908 [inline]
 zswap_store_page mm/zswap.c:1416 [inline]
 zswap_store+0x2099/0x4b20 mm/zswap.c:1527
 swap_writeout+0x8bd/0x1380 mm/page_io.c:275
 writeout mm/vmscan.c:652 [inline]
 pageout mm/vmscan.c:699 [inline]
 shrink_folio_list+0x5acc/0x80f0 mm/vmscan.c:1425
 evict_folios+0x9a18/0xbfd0 mm/vmscan.c:4718
 try_to_shrink_lruvec+0x16f1/0x1da0 mm/vmscan.c:4881
 shrink_one+0x4bd/0xbc0 mm/vmscan.c:4926
 shrink_many mm/vmscan.c:4989 [inline]
 lru_gen_shrink_node mm/vmscan.c:5067 [inline]
 shrink_node+0x4624/0x5330 mm/vmscan.c:6047
 kswapd_shrink_node mm/vmscan.c:6894 [inline]
 balance_pgdat mm/vmscan.c:7070 [inline]
 kswapd+0x2ff8/0x54f0 mm/vmscan.c:7343
 kthread+0x53f/0x600 kernel/kthread.c:467
 ret_from_fork+0x20f/0x910 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

Uninit was stored to memory at:
 set_freeobj mm/zsmalloc.c:454 [inline]
 obj_malloc+0x605/0x670 mm/zsmalloc.c:1269
 zs_malloc+0xcdb/0x1c30 mm/zsmalloc.c:1323
 zswap_compress mm/zswap.c:908 [inline]
 zswap_store_page mm/zswap.c:1416 [inline]
 zswap_store+0x2099/0x4b20 mm/zswap.c:1527
 swap_writeout+0x8bd/0x1380 mm/page_io.c:275
 writeout mm/vmscan.c:652 [inline]
 pageout mm/vmscan.c:699 [inline]
 shrink_folio_list+0x5acc/0x80f0 mm/vmscan.c:1425
 evict_folios+0x9a18/0xbfd0 mm/vmscan.c:4718
 try_to_shrink_lruvec+0x16f1/0x1da0 mm/vmscan.c:4881
 shrink_one+0x4bd/0xbc0 mm/vmscan.c:4926
 shrink_many mm/vmscan.c:4989 [inline]
 lru_gen_shrink_node mm/vmscan.c:5067 [inline]
 shrink_node+0x4624/0x5330 mm/vmscan.c:6047
 shrink_zones mm/vmscan.c:6300 [inline]
 do_try_to_free_pages+0x956/0x2620 mm/vmscan.c:6362
 try_to_free_pages+0x920/0x1730 mm/vmscan.c:6601
 __perform_reclaim mm/page_alloc.c:4424 [inline]
 __alloc_pages_direct_reclaim+0x10c/0x340 mm/page_alloc.c:4446
 __alloc_pages_slowpath+0x9bf/0x18c0 mm/page_alloc.c:4846
 __alloc_frozen_pages_noprof+0xafd/0x1020 mm/page_alloc.c:5263
 alloc_pages_mpol+0x328/0x860 mm/mempolicy.c:2484
 folio_alloc_mpol_noprof+0x56/0x1d0 mm/mempolicy.c:2503
 shmem_alloc_folio mm/shmem.c:1930 [inline]
 shmem_alloc_and_add_folio+0xc54/0x1bd0 mm/shmem.c:1972
 shmem_get_folio_gfp+0xad3/0x1fc0 mm/shmem.c:2567
 shmem_read_folio_gfp+0xac/0x1a0 mm/shmem.c:5989
 drm_gem_get_pages+0x3ba/0x14c0 drivers/gpu/drm/drm_gem.c:696
 drm_gem_shmem_get_pages_locked+0x1d2/0x4e0 drivers/gpu/drm/drm_gem_shmem_helper.c:222
 drm_gem_shmem_pin_locked+0x2b4/0x580 drivers/gpu/drm/drm_gem_shmem_helper.c:283
 drm_gem_shmem_vmap_locked+0x4cd/0x800 drivers/gpu/drm/drm_gem_shmem_helper.c:387
 drm_gem_shmem_object_vmap+0x36/0x50 include/drm/drm_gem_shmem_helper.h:242
 drm_gem_vmap_locked drivers/gpu/drm/drm_gem.c:1387 [inline]
 drm_gem_vmap+0xbd/0x1e0 drivers/gpu/drm/drm_gem.c:1429
 drm_gem_fb_vmap+0x104/0x560 drivers/gpu/drm/drm_gem_framebuffer_helper.c:369
 vkms_prepare_fb+0x119/0x170 drivers/gpu/drm/vkms/vkms_plane.c:197
 drm_atomic_helper_prepare_planes+0x4b5/0x1290 drivers/gpu/drm/drm_atomic_helper.c:2838
 drm_atomic_helper_commit+0x1f4/0x1020 drivers/gpu/drm/drm_atomic_helper.c:2268
 drm_atomic_commit+0x319/0x390 drivers/gpu/drm/drm_atomic.c:1775
 drm_atomic_helper_update_plane+0x3c2/0x650 drivers/gpu/drm/drm_atomic_helper.c:3438
 __setplane_atomic drivers/gpu/drm/drm_plane.c:1101 [inline]
 drm_mode_cursor_universal drivers/gpu/drm/drm_plane.c:1256 [inline]
 drm_mode_cursor_common+0x1cbf/0x24f0 drivers/gpu/drm/drm_plane.c:1315
 drm_mode_cursor_ioctl+0xa2/0xd0 drivers/gpu/drm/drm_plane.c:1365
 drm_ioctl_kernel+0x469/0x580 drivers/gpu/drm/drm_ioctl.c:804
 drm_ioctl+0xf02/0x1760 drivers/gpu/drm/drm_ioctl.c:901
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl+0x23c/0x400 fs/ioctl.c:583
 __x64_sys_ioctl+0x97/0xe0 fs/ioctl.c:583
 x64_sys_call+0x1975/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was created at:
 __free_pages_prepare mm/page_alloc.c:1354 [inline]
 free_pages_prepare+0x10c/0xee0 mm/page_alloc.c:1478
 compaction_free+0x133/0x4b0 mm/compaction.c:1862
 migrate_folio_undo_dst mm/migrate.c:1184 [inline]
 migrate_folios_undo mm/migrate.c:1768 [inline]
 migrate_pages_batch+0x8155/0x8900 mm/migrate.c:1989
 migrate_pages_sync mm/migrate.c:2007 [inline]
 migrate_pages+0x3560/0x5440 mm/migrate.c:2116
 compact_zone+0x3f4e/0x7820 mm/compaction.c:2647
 kcompactd_do_work mm/compaction.c:3098 [inline]
 kcompactd+0x102c/0x24c0 mm/compaction.c:3192
 kthread+0x53f/0x600 kernel/kthread.c:467
 ret_from_fork+0x20f/0x910 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

CPU: 1 UID: 0 PID: 84 Comm: kswapd0 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
=====================================================