===================================================== BUG: KMSAN: uninit-value in __flush_smp_call_function_queue+0x362/0x18e0 kernel/smp.c:535 __flush_smp_call_function_queue+0x362/0x18e0 kernel/smp.c:535 generic_smp_call_function_single_interrupt+0x1c/0x30 kernel/smp.c:463 __sysvec_call_function_single+0x4b/0x3e0 arch/x86/kernel/smp.c:271 instr_sysvec_call_function_single arch/x86/kernel/smp.c:266 [inline] sysvec_call_function_single+0x7c/0x90 arch/x86/kernel/smp.c:266 asm_sysvec_call_function_single+0x1f/0x30 arch/x86/include/asm/idtentry.h:704 smap_restore arch/x86/include/asm/smap.h:90 [inline] get_shadow_origin_ptr mm/kmsan/instrumentation.c:39 [inline] __msan_metadata_ptr_for_store_8+0x2f/0x40 mm/kmsan/instrumentation.c:94 update_stack_state+0x152/0x1c0 arch/x86/kernel/unwind_frame.c:244 unwind_next_frame+0x116/0x350 arch/x86/kernel/unwind_frame.c:315 arch_stack_walk+0x1b0/0x280 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0xc2/0x100 kernel/stacktrace.c:122 kmsan_save_stack_with_flags mm/kmsan/core.c:73 [inline] kmsan_internal_poison_memory+0x4a/0x90 mm/kmsan/core.c:57 kmsan_slab_free+0xce/0x140 mm/kmsan/hooks.c:87 slab_free_hook mm/slub.c:2611 [inline] slab_free mm/slub.c:6165 [inline] kfree+0x2e4/0x1130 mm/slub.c:6483 skb_kfree_head net/core/skbuff.c:1089 [inline] skb_free_head net/core/skbuff.c:1101 [inline] skb_release_data+0x1061/0x11b0 net/core/skbuff.c:1128 skb_release_all net/core/skbuff.c:1203 [inline] __kfree_skb+0x6b/0x260 net/core/skbuff.c:1217 consume_skb+0x86/0x2a0 net/core/skbuff.c:1450 nsim_dev_trap_report drivers/net/netdevsim/dev.c:892 [inline] nsim_dev_trap_report_work+0x1063/0x1430 drivers/net/netdevsim/dev.c:922 process_one_work kernel/workqueue.c:3276 [inline] process_scheduled_works+0xb82/0x1e80 kernel/workqueue.c:3359 worker_thread+0xee4/0x1590 kernel/workqueue.c:3440 kthread+0x53f/0x600 kernel/kthread.c:436 ret_from_fork+0x20f/0x910 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 Uninit was stored to memory at: mas_topiary_replace lib/maple_tree.c:2411 [inline] mas_wmb_replace+0x369d/0x4260 lib/maple_tree.c:2433 mas_split lib/maple_tree.c:3052 [inline] mas_commit_b_node lib/maple_tree.c:3072 [inline] mas_wr_bnode lib/maple_tree.c:3739 [inline] mas_wr_store_entry+0x30fe/0x96d0 lib/maple_tree.c:3771 mas_store_prealloc+0x1834/0x1e60 lib/maple_tree.c:5169 vma_iter_store_overwrite mm/vma.h:607 [inline] vma_iter_store_new mm/vma.h:614 [inline] vma_complete+0xbea/0x1950 mm/vma.c:356 __split_vma+0x120c/0x1330 mm/vma.c:566 vms_gather_munmap_vmas+0x5e3/0x1ab0 mm/vma.c:1429 __mmap_setup mm/vma.c:2411 [inline] __mmap_region mm/vma.c:2741 [inline] mmap_region+0xcaa/0x6220 mm/vma.c:2837 do_mmap+0x17aa/0x1d70 mm/mmap.c:559 vm_mmap_pgoff+0x40c/0x760 mm/util.c:581 ksys_mmap_pgoff+0x524/0x7d0 mm/mmap.c:605 __do_sys_mmap_pgoff mm/mmap.c:616 [inline] __se_sys_mmap_pgoff mm/mmap.c:612 [inline] __ia32_sys_mmap_pgoff+0x11a/0x1d0 mm/mmap.c:612 ia32_sys_call+0x3743/0x4360 arch/x86/include/generated/asm/syscalls_32.h:193 do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline] __do_fast_syscall_32+0x17f/0x3f0 arch/x86/entry/syscall_32.c:307 do_fast_syscall_32+0x37/0x80 arch/x86/entry/syscall_32.c:332 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/syscall_32.c:370 entry_SYSENTER_compat_after_hwframe+0x84/0x8e Local variable tmp_next.i created at: mas_topiary_replace lib/maple_tree.c:2335 [inline] mas_wmb_replace+0x66/0x4260 lib/maple_tree.c:2433 mas_split lib/maple_tree.c:3052 [inline] mas_commit_b_node lib/maple_tree.c:3072 [inline] mas_wr_bnode lib/maple_tree.c:3739 [inline] mas_wr_store_entry+0x30fe/0x96d0 lib/maple_tree.c:3771 CPU: 0 UID: 0 PID: 7733 Comm: kworker/u8:12 Tainted: G L syzkaller #0 PREEMPT(full) Tainted: [L]=SOFTLOCKUP Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 Workqueue: events_unbound nsim_dev_trap_report_work =====================================================