=====================================================
BUG: KMSAN: uninit-value in __flush_smp_call_function_queue+0x362/0x18e0 kernel/smp.c:535
 __flush_smp_call_function_queue+0x362/0x18e0 kernel/smp.c:535
 generic_smp_call_function_single_interrupt+0x1c/0x30 kernel/smp.c:463
 __sysvec_call_function_single+0x4b/0x3e0 arch/x86/kernel/smp.c:271
 instr_sysvec_call_function_single arch/x86/kernel/smp.c:266 [inline]
 sysvec_call_function_single+0x7c/0x90 arch/x86/kernel/smp.c:266
 asm_sysvec_call_function_single+0x1f/0x30 arch/x86/include/asm/idtentry.h:704
 smap_save mm/kmsan/instrumentation.c:93 [inline]
 get_shadow_origin_ptr mm/kmsan/instrumentation.c:35 [inline]
 __msan_metadata_ptr_for_load_4+0x14/0x40 mm/kmsan/instrumentation.c:93
 stack_trace_consume_entry+0x36/0x220 kernel/stacktrace.c:86
 arch_stack_walk+0x18e/0x280 arch/x86/kernel/stacktrace.c:27
 stack_trace_save+0xc2/0x100 kernel/stacktrace.c:122
 kmsan_save_stack_with_flags mm/kmsan/core.c:73 [inline]
 kmsan_internal_poison_memory+0x4a/0x90 mm/kmsan/core.c:57
 kmsan_slab_free+0xce/0x140 mm/kmsan/hooks.c:87
 slab_free_hook mm/slub.c:2613 [inline]
 slab_free mm/slub.c:6124 [inline]
 kmem_cache_free+0x247/0xeb0 mm/slub.c:6254
 kfree_skbmem net/core/skbuff.c:-1 [inline]
 __kfree_skb+0x20b/0x260 net/core/skbuff.c:1218
 consume_skb+0x86/0x2a0 net/core/skbuff.c:1450
 skb_free_datagram+0x1e/0x30 net/core/datagram.c:324
 __unix_dgram_recvmsg+0x14eb/0x1730 net/unix/af_unix.c:2653
 unix_dgram_recvmsg+0x115/0x180 net/unix/af_unix.c:2670
 sock_recvmsg_nosec net/socket.c:1078 [inline]
 sock_recvmsg+0x2d9/0x380 net/socket.c:1100
 sock_read_iter+0x2c8/0x360 net/socket.c:1170
 new_sync_read fs/read_write.c:493 [inline]
 vfs_read+0x8ec/0xf90 fs/read_write.c:574
 ksys_read+0x1d9/0x470 fs/read_write.c:717
 __do_sys_read fs/read_write.c:726 [inline]
 __se_sys_read fs/read_write.c:724 [inline]
 __x64_sys_read+0x97/0xf0 fs/read_write.c:724
 x64_sys_call+0x311c/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:1
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Local variable tmp created at:
 number+0x83/0x2190 lib/vsprintf.c:470
 vsnprintf+0xd0d/0x1b00 lib/vsprintf.c:2912

CPU: 0 UID: 0 PID: 5113 Comm: syslogd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
=====================================================