=====================================================
BUG: KMSAN: uninit-value in __flush_smp_call_function_queue+0x362/0x18e0 kernel/smp.c:535
 __flush_smp_call_function_queue+0x362/0x18e0 kernel/smp.c:535
 generic_smp_call_function_single_interrupt+0x1c/0x30 kernel/smp.c:463
 __sysvec_call_function_single+0x4b/0x3e0 arch/x86/kernel/smp.c:271
 instr_sysvec_call_function_single arch/x86/kernel/smp.c:266 [inline]
 sysvec_call_function_single+0x7c/0x90 arch/x86/kernel/smp.c:266
 asm_sysvec_call_function_single+0x1f/0x30 arch/x86/include/asm/idtentry.h:704
 __preempt_count_sub arch/x86/include/asm/preempt.h:85 [inline]
 kmsan_virt_addr_valid arch/x86/include/asm/kmsan.h:95 [inline]
 virt_to_page_or_null+0xd7/0x170 mm/kmsan/shadow.c:75
 kmsan_get_metadata+0xf1/0x160 mm/kmsan/shadow.c:141
 kmsan_get_shadow_origin_ptr+0x4a/0xb0 mm/kmsan/shadow.c:102
 get_shadow_origin_ptr mm/kmsan/instrumentation.c:38 [inline]
 __msan_metadata_ptr_for_load_8+0x24/0x40 mm/kmsan/instrumentation.c:94
 on_stack+0x33/0x1f0 arch/x86/include/asm/stacktrace.h:55
 update_stack_state+0xa7/0x1c0 arch/x86/kernel/unwind_frame.c:228
 unwind_next_frame+0x116/0x350 arch/x86/kernel/unwind_frame.c:315
 arch_stack_walk+0x1b0/0x280 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0xc2/0x100 kernel/stacktrace.c:122
 kmsan_save_stack_with_flags mm/kmsan/core.c:73 [inline]
 kmsan_internal_poison_memory+0x4a/0x90 mm/kmsan/core.c:57
 kmsan_slab_free+0xce/0x140 mm/kmsan/hooks.c:87
 slab_free_hook mm/slub.c:2596 [inline]
 slab_free mm/slub.c:6082 [inline]
 kmem_cache_free+0x247/0xeb0 mm/slub.c:6212
 skb_kfree_head net/core/skbuff.c:1087 [inline]
 skb_free_head net/core/skbuff.c:1101 [inline]
 skb_release_data+0xe7b/0x11b0 net/core/skbuff.c:1128
 skb_release_all net/core/skbuff.c:1203 [inline]
 __kfree_skb+0x6b/0x260 net/core/skbuff.c:1217
 consume_skb+0x86/0x2a0 net/core/skbuff.c:1450
 netlink_broadcast_filtered+0x265f/0x2820 net/netlink/af_netlink.c:1535
 nlmsg_multicast_filtered include/net/netlink.h:1165 [inline]
 nlmsg_multicast include/net/netlink.h:1184 [inline]
 nlmsg_notify+0x15b/0x2f0 net/netlink/af_netlink.c:2593
 rtnl_notify+0xba/0x100 net/core/rtnetlink.c:958
 inet6_ifmcaddr_notify+0x207/0x3a0 net/ipv6/mcast.c:923
 __ipv6_dev_mc_inc+0xf9c/0x11e0 net/ipv6/mcast.c:973
 ipv6_dev_mc_inc+0x38/0x50 net/ipv6/mcast.c:981
 addrconf_join_solict net/ipv6/addrconf.c:2246 [inline]
 addrconf_dad_begin net/ipv6/addrconf.c:4104 [inline]
 addrconf_dad_work+0x401/0x1cf0 net/ipv6/addrconf.c:4232
 process_one_work kernel/workqueue.c:3275 [inline]
 process_scheduled_works+0xb21/0x1e30 kernel/workqueue.c:3358
 worker_thread+0xede/0x1580 kernel/workqueue.c:3439
 kthread+0x53f/0x600 kernel/kthread.c:467
 ret_from_fork+0x20f/0x910 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

Local variable pflags created at:
 try_charge_memcg+0x63/0x1c20 mm/memcontrol.c:2367
 try_charge mm/memcontrol.c:2556 [inline]
 charge_memcg mm/memcontrol.c:4745 [inline]
 __mem_cgroup_charge+0x114/0x5c0 mm/memcontrol.c:4762

CPU: 0 UID: 0 PID: 8749 Comm: kworker/u8:14 Tainted: G        W           syzkaller #0 PREEMPT(full) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Workqueue: ipv6_addrconf addrconf_dad_work
=====================================================