=====================================================
BUG: KMSAN: uninit-value in __flush_smp_call_function_queue+0x362/0x18e0 kernel/smp.c:535
 __flush_smp_call_function_queue+0x362/0x18e0 kernel/smp.c:535
 generic_smp_call_function_single_interrupt+0x1c/0x30 kernel/smp.c:463
 __sysvec_call_function_single+0x4b/0x3e0 arch/x86/kernel/smp.c:271
 instr_sysvec_call_function_single arch/x86/kernel/smp.c:266 [inline]
 sysvec_call_function_single+0x7c/0x90 arch/x86/kernel/smp.c:266
 asm_sysvec_call_function_single+0x1f/0x30 arch/x86/include/asm/idtentry.h:704
 smap_restore arch/x86/include/asm/smap.h:90 [inline]
 get_shadow_origin_ptr mm/kmsan/instrumentation.c:39 [inline]
 __msan_metadata_ptr_for_load_4+0x2c/0x40 mm/kmsan/instrumentation.c:93
 kmem_cache_alloc_lru_noprof+0x53/0x1280 mm/slub.c:4850
 __d_alloc+0x55/0xa00 fs/dcache.c:1740
 d_alloc+0x57/0x300 fs/dcache.c:1819
 lookup_one_qstr_excl+0x1a1/0x7b0 fs/namei.c:1801
 __start_dirop fs/namei.c:2925 [inline]
 start_dirop+0x70/0x120 fs/namei.c:2934
 simple_start_creating+0x13d/0x180 fs/libfs.c:2314
 debugfs_start_creating+0x19a/0x390 fs/debugfs/inode.c:394
 __debugfs_create_file+0xab/0x850 fs/debugfs/inode.c:428
 debugfs_create_file_full+0x60/0x80 fs/debugfs/inode.c:460
 ref_tracker_dir_debugfs+0x262/0x510 lib/ref_tracker.c:441
 ref_tracker_dir_init include/linux/ref_tracker.h:70 [inline]
 alloc_netdev_mqs+0x2c9/0x2270 net/core/dev.c:12019
 rtnl_create_link+0x505/0x1640 net/core/rtnetlink.c:3648
 rtnl_newlink_create+0x300/0x1250 net/core/rtnetlink.c:3830
 __rtnl_newlink net/core/rtnetlink.c:3957 [inline]
 rtnl_newlink+0x2b3c/0x39a0 net/core/rtnetlink.c:4072
 rtnetlink_rcv_msg+0x106f/0x14b0 net/core/rtnetlink.c:6958
 netlink_rcv_skb+0x54d/0x680 net/netlink/af_netlink.c:2550
 rtnetlink_rcv+0x35/0x40 net/core/rtnetlink.c:6985
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0xf04/0x12b0 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x10b2/0x1250 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg net/socket.c:742 [inline]
 __sys_sendto+0xa77/0xb90 net/socket.c:2206
 __do_sys_sendto net/socket.c:2213 [inline]
 __se_sys_sendto net/socket.c:2209 [inline]
 __x64_sys_sendto+0x130/0x200 net/socket.c:2209
 x64_sys_call+0x39a0/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:45
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Local variable iter created at:
 tdp_mmu_zap_leafs+0x52/0x6e0 arch/x86/kvm/mmu/tdp_mmu.c:983
 kvm_tdp_mmu_unmap_gfn_range+0x910/0xb50 arch/x86/kvm/mmu/tdp_mmu.c:1362

CPU: 1 UID: 0 PID: 9299 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
=====================================================