=====================================================
BUG: KMSAN: uninit-value in __flush_smp_call_function_queue+0x362/0x18e0 kernel/smp.c:535
 __flush_smp_call_function_queue+0x362/0x18e0 kernel/smp.c:535
 generic_smp_call_function_single_interrupt+0x1c/0x30 kernel/smp.c:463
 __sysvec_call_function_single+0x4b/0x3e0 arch/x86/kernel/smp.c:271
 instr_sysvec_call_function_single arch/x86/kernel/smp.c:266 [inline]
 sysvec_call_function_single+0x7c/0x90 arch/x86/kernel/smp.c:266
 asm_sysvec_call_function_single+0x1f/0x30 arch/x86/include/asm/idtentry.h:704
 smap_save mm/kmsan/instrumentation.c:94 [inline]
 get_shadow_origin_ptr mm/kmsan/instrumentation.c:35 [inline]
 __msan_metadata_ptr_for_load_8+0x14/0x40 mm/kmsan/instrumentation.c:94
 unwind_get_return_address+0x45/0xe0 arch/x86/kernel/unwind_frame.c:19
 arch_stack_walk+0x14a/0x280 arch/x86/kernel/stacktrace.c:26
 stack_trace_save+0xc2/0x100 kernel/stacktrace.c:122
 kmsan_save_stack_with_flags mm/kmsan/core.c:73 [inline]
 kmsan_internal_poison_memory+0x4a/0x90 mm/kmsan/core.c:57
 kmsan_slab_free+0xce/0x140 mm/kmsan/hooks.c:87
 slab_free_hook mm/slub.c:2611 [inline]
 slab_free mm/slub.c:6165 [inline]
 kmem_cache_free+0x247/0xeb0 mm/slub.c:6295
 btrfs_free_extent_state+0x101/0x340 fs/btrfs/extent-io-tree.c:182
 set_extent_bit+0x3a8f/0x46b0 fs/btrfs/extent-io-tree.c:1285
 btrfs_set_extent_bit+0x55/0x70 fs/btrfs/extent-io-tree.c:1294
 btrfs_set_extent_delalloc+0x602/0x650 fs/btrfs/inode.c:2840
 btrfs_page_mkwrite+0x159f/0x35b0 fs/btrfs/file.c:1975
 do_page_mkwrite mm/memory.c:3589 [inline]
 wp_page_shared mm/memory.c:3990 [inline]
 do_wp_page+0x3ab3/0x84b0 mm/memory.c:4209
 handle_pte_fault mm/memory.c:6333 [inline]
 __handle_mm_fault mm/memory.c:6455 [inline]
 handle_mm_fault+0x358d/0x6fc0 mm/memory.c:6624
 do_user_addr_fault+0xfd1/0x2510 arch/x86/mm/fault.c:1385
 handle_page_fault arch/x86/mm/fault.c:1474 [inline]
 exc_page_fault+0x70/0xb0 arch/x86/mm/fault.c:1527
 asm_exc_page_fault+0x2b/0x30 arch/x86/include/asm/idtentry.h:618
 rep_movs_alternative+0x4a/0x90 arch/x86/lib/copy_user_64.S:68
 copy_page_to_iter+0x482/0x900 lib/iov_iter.c:374
 copy_folio_to_iter include/linux/uio.h:204 [inline]
 filemap_read+0x1cd6/0x2300 mm/filemap.c:2856
 btrfs_file_read_iter+0x15b/0x430 fs/btrfs/file.c:3837
 do_iter_readv_writev+0x9e0/0xc10 fs/read_write.c:-1
 vfs_readv+0x34a/0xf30 fs/read_write.c:1020
 do_preadv fs/read_write.c:1134 [inline]
 __do_sys_preadv fs/read_write.c:1181 [inline]
 __se_sys_preadv fs/read_write.c:1176 [inline]
 __x64_sys_preadv+0x2a3/0x510 fs/read_write.c:1176
 x64_sys_call+0x3220/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:296
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Local variable ticket created at:
 reserve_bytes+0x62/0x2490 fs/btrfs/space-info.c:1761
 btrfs_reserve_metadata_bytes+0x47/0x3f0 fs/btrfs/space-info.c:1908

CPU: 0 UID: 0 PID: 7700 Comm: syz.0.458 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
=====================================================