=====================================================
BUG: KMSAN: uninit-value in __flush_smp_call_function_queue+0x362/0x18e0 kernel/smp.c:535
 __flush_smp_call_function_queue+0x362/0x18e0 kernel/smp.c:535
 generic_smp_call_function_single_interrupt+0x1c/0x30 kernel/smp.c:463
 __sysvec_call_function_single+0x4b/0x3e0 arch/x86/kernel/smp.c:271
 instr_sysvec_call_function_single arch/x86/kernel/smp.c:266 [inline]
 sysvec_call_function_single+0x7c/0x90 arch/x86/kernel/smp.c:266
 asm_sysvec_call_function_single+0x1f/0x30 arch/x86/include/asm/idtentry.h:704
 smap_restore arch/x86/include/asm/smap.h:90 [inline]
 get_shadow_origin_ptr mm/kmsan/instrumentation.c:39 [inline]
 __msan_metadata_ptr_for_load_8+0x2b/0x40 mm/kmsan/instrumentation.c:94
 netdev_notifier_info_to_dev include/linux/netdevice.h:3284 [inline]
 netdev_debug_event+0x31/0x7e0 net/core/lock_debug.c:15
 call_netdevice_notifier net/core/dev.c:1890 [inline]
 call_netdevice_unregister_notifiers net/core/dev.c:1916 [inline]
 call_netdevice_unregister_net_notifiers net/core/dev.c:1948 [inline]
 __unregister_netdevice_notifier_net net/core/dev.c:2079 [inline]
 unregister_netdevice_notifier_dev_net+0x400/0x6d0 net/core/dev.c:2209
 nsim_destroy+0xfe/0xae0 drivers/net/netdevsim/netdev.c:1172
 __nsim_dev_port_del+0x1df/0x310 drivers/net/netdevsim/dev.c:1528
 nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1540 [inline]
 nsim_dev_reload_destroy+0x446/0x7d0 drivers/net/netdevsim/dev.c:1764
 nsim_drv_remove+0x97/0x310 drivers/net/netdevsim/dev.c:1779
 nsim_bus_remove+0x1e/0x30 drivers/net/netdevsim/bus.c:427
 device_remove drivers/base/dd.c:571 [inline]
 __device_release_driver drivers/base/dd.c:1284 [inline]
 device_release_driver_internal+0x4ce/0x970 drivers/base/dd.c:1307
 device_release_driver+0x22/0x30 drivers/base/dd.c:1330
 bus_remove_device+0x6b6/0x790 drivers/base/bus.c:616
 device_del+0x7af/0xd80 drivers/base/core.c:3878
 device_unregister+0x1e/0x40 drivers/base/core.c:3919
 nsim_bus_dev_del drivers/net/netdevsim/bus.c:491 [inline]
 del_device_store+0x3c6/0x610 drivers/net/netdevsim/bus.c:244
 bus_attr_store+0x92/0xf0 drivers/base/bus.c:172
 sysfs_kf_write+0x208/0x2f0 fs/sysfs/file.c:142
 kernfs_fop_write_iter+0x5f9/0xa90 fs/kernfs/file.c:352
 new_sync_write fs/read_write.c:595 [inline]
 vfs_write+0xbe1/0x15c0 fs/read_write.c:688
 ksys_write+0x1d9/0x470 fs/read_write.c:740
 __do_sys_write fs/read_write.c:751 [inline]
 __se_sys_write fs/read_write.c:748 [inline]
 __ia32_sys_write+0x9a/0xf0 fs/read_write.c:748
 ia32_sys_call+0x37a7/0x4360 arch/x86/include/generated/asm/syscalls_32.h:5
 do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline]
 do_int80_emulation+0x15a/0x330 arch/x86/entry/syscall_32.c:172
 asm_int80_emulation+0x1f/0x30 arch/x86/include/asm/idtentry.h:621

Uninit was stored to memory at:
 mas_topiary_replace lib/maple_tree.c:2411 [inline]
 mas_wmb_replace+0x369d/0x4260 lib/maple_tree.c:2433
 mas_split lib/maple_tree.c:3052 [inline]
 mas_commit_b_node lib/maple_tree.c:3072 [inline]
 mas_wr_bnode lib/maple_tree.c:3739 [inline]
 mas_wr_store_entry+0x30fe/0x96d0 lib/maple_tree.c:3771
 mas_store_prealloc+0x1834/0x1e60 lib/maple_tree.c:5169
 vma_iter_store_overwrite mm/vma.h:607 [inline]
 vma_iter_store_new mm/vma.h:614 [inline]
 __mmap_new_vma mm/vma.c:2553 [inline]
 __mmap_region mm/vma.c:2759 [inline]
 mmap_region+0x4433/0x6220 mm/vma.c:2837
 do_mmap+0x17aa/0x1d70 mm/mmap.c:559
 vm_mmap_pgoff+0x40c/0x760 mm/util.c:581
 vm_mmap+0xdb/0x120 mm/util.c:617
 __x86_set_memory_region+0x52c/0x830 arch/x86/kvm/x86.c:13336
 kvm_alloc_apic_access_page+0xc0/0x1c0 arch/x86/kvm/lapic.c:2861
 vmx_vcpu_create+0x5ef/0x1470 arch/x86/kvm/vmx/vmx.c:7830
 kvm_arch_vcpu_create+0x9d1/0xc60 arch/x86/kvm/x86.c:12804
 kvm_vm_ioctl_create_vcpu+0x525/0xdf0 virt/kvm/kvm_main.c:4223
 kvm_vm_ioctl+0xaa4/0x1680 virt/kvm/kvm_main.c:5180
 kvm_vm_compat_ioctl+0x347/0x630 virt/kvm/kvm_main.c:5482
 __do_compat_sys_ioctl fs/ioctl.c:695 [inline]
 __se_compat_sys_ioctl fs/ioctl.c:638 [inline]
 __ia32_compat_sys_ioctl+0x7f9/0x1270 fs/ioctl.c:638
 ia32_sys_call+0x2854/0x4360 arch/x86/include/generated/asm/syscalls_32.h:55
 do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline]
 __do_fast_syscall_32+0x17f/0x3f0 arch/x86/entry/syscall_32.c:307
 do_fast_syscall_32+0x37/0x80 arch/x86/entry/syscall_32.c:332
 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/syscall_32.c:370
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e

Local variable tmp_next.i created at:
 mas_topiary_replace lib/maple_tree.c:2335 [inline]
 mas_wmb_replace+0x66/0x4260 lib/maple_tree.c:2433
 mas_split lib/maple_tree.c:3052 [inline]
 mas_commit_b_node lib/maple_tree.c:3072 [inline]
 mas_wr_bnode lib/maple_tree.c:3739 [inline]
 mas_wr_store_entry+0x30fe/0x96d0 lib/maple_tree.c:3771

CPU: 0 UID: 0 PID: 10781 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
=====================================================