=====================================================
BUG: KMSAN: uninit-value in __flush_smp_call_function_queue+0x343/0x1810 kernel/smp.c:549
 __flush_smp_call_function_queue+0x343/0x1810 kernel/smp.c:549
 generic_smp_call_function_single_interrupt+0x1c/0x30 kernel/smp.c:477
 __sysvec_call_function_single+0x48/0x350 arch/x86/kernel/smp.c:272
 instr_sysvec_call_function_single arch/x86/kernel/smp.c:267 [inline]
 sysvec_call_function_single+0x7c/0x90 arch/x86/kernel/smp.c:267
 asm_sysvec_call_function_single+0x1f/0x30 arch/x86/include/asm/idtentry.h:704
 native_irq_enable arch/x86/include/asm/irqflags.h:42 [inline]
 arch_local_irq_enable arch/x86/include/asm/irqflags.h:119 [inline]
 raw_spin_rq_unlock_irq kernel/sched/sched.h:1644 [inline]
 finish_lock_switch kernel/sched/core.c:5125 [inline]
 finish_task_switch+0x37e/0xbc0 kernel/sched/core.c:5243
 context_switch kernel/sched/core.c:5391 [inline]
 __schedule+0x2930/0x8750 kernel/sched/core.c:7189
 preempt_schedule_irq+0x50/0xa0 kernel/sched/core.c:7513
 raw_irqentry_exit_cond_resched+0x5d/0x80 kernel/entry/common.c:142
 irqentry_exit_to_kernel_mode_preempt+0x8b/0xc0 include/linux/irq-entry-common.h:468
 irqentry_exit_to_kernel_mode include/linux/irq-entry-common.h:539 [inline]
 irqentry_exit+0x7b/0x820 kernel/entry/common.c:164
 sysvec_apic_timer_interrupt+0x52/0x90 arch/x86/kernel/apic/apic.c:1061
 asm_sysvec_apic_timer_interrupt+0x1f/0x30 arch/x86/include/asm/idtentry.h:697
 __preempt_count_sub arch/x86/include/asm/preempt.h:85 [inline]
 kmsan_virt_addr_valid arch/x86/include/asm/kmsan.h:95 [inline]
 virt_to_page_or_null+0xd7/0x170 mm/kmsan/shadow.c:75
 kmsan_get_metadata+0xf1/0x160 mm/kmsan/shadow.c:141
 kmsan_get_shadow_origin_ptr+0x4a/0xb0 mm/kmsan/shadow.c:102
 get_shadow_origin_ptr mm/kmsan/instrumentation.c:38 [inline]
 __msan_metadata_ptr_for_load_8+0x24/0x40 mm/kmsan/instrumentation.c:94
 filter_irq_stacks+0x49/0x190 kernel/stacktrace.c:397
 stack_depot_save_flags+0x35/0x790 lib/stackdepot.c:667
 stack_depot_save+0x12/0x20 lib/stackdepot.c:747
 __msan_poison_alloca+0x100/0x1a0 mm/kmsan/instrumentation.c:286
 __skb_try_recv_datagram+0x53/0x6e0 net/core/datagram.c:252
 __unix_dgram_recvmsg+0x485/0x1750 net/unix/af_unix.c:2587
 unix_dgram_recvmsg+0x112/0x180 net/unix/af_unix.c:2686
 sock_recvmsg_nosec+0x1e2/0x270 net/socket.c:1137
 ____sys_recvmsg+0x4e5/0x620 net/socket.c:2916
 ___sys_recvmsg+0x20b/0x850 net/socket.c:2960
 do_recvmmsg+0x40e/0xdf0 net/socket.c:3055
 __sys_recvmmsg net/socket.c:3129 [inline]
 __do_sys_recvmmsg net/socket.c:3152 [inline]
 __se_sys_recvmmsg net/socket.c:3145 [inline]
 __x64_sys_recvmmsg+0x383/0x500 net/socket.c:3145
 x64_sys_call+0x96d/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:300
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Local variable iter created at:
 tdp_mmu_zap_leafs+0x52/0x6e0 arch/x86/kvm/mmu/tdp_mmu.c:983
 kvm_tdp_mmu_unmap_gfn_range+0x910/0xb50 arch/x86/kvm/mmu/tdp_mmu.c:1362

CPU: 0 UID: 0 PID: 6012 Comm: syz.0.49 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
=====================================================