=====================================================
BUG: KMSAN: uninit-value in __flush_smp_call_function_queue+0x362/0x18e0 kernel/smp.c:535
 __flush_smp_call_function_queue+0x362/0x18e0 kernel/smp.c:535
 generic_smp_call_function_single_interrupt+0x1c/0x30 kernel/smp.c:463
 __sysvec_call_function_single+0x4b/0x3e0 arch/x86/kernel/smp.c:271
 instr_sysvec_call_function_single arch/x86/kernel/smp.c:266 [inline]
 sysvec_call_function_single+0x7c/0x90 arch/x86/kernel/smp.c:266
 asm_sysvec_call_function_single+0x1f/0x30 arch/x86/include/asm/idtentry.h:704
 __preempt_count_add arch/x86/include/asm/preempt.h:80 [inline]
 kmsan_virt_addr_valid arch/x86/include/asm/kmsan.h:93 [inline]
 virt_to_page_or_null+0x51/0x170 mm/kmsan/shadow.c:75
 kmsan_get_metadata+0xf1/0x160 mm/kmsan/shadow.c:141
 kmsan_get_shadow_origin_ptr+0x35/0xb0 mm/kmsan/shadow.c:97
 get_shadow_origin_ptr mm/kmsan/instrumentation.c:38 [inline]
 __msan_metadata_ptr_for_store_8+0x27/0x40 mm/kmsan/instrumentation.c:94
 update_stack_state+0x180/0x1c0 arch/x86/kernel/unwind_frame.c:-1
 unwind_next_frame+0x116/0x350 arch/x86/kernel/unwind_frame.c:315
 arch_stack_walk+0x1b0/0x280 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0xc2/0x100 kernel/stacktrace.c:122
 kmsan_save_stack_with_flags mm/kmsan/core.c:73 [inline]
 kmsan_internal_poison_memory+0x4a/0x90 mm/kmsan/core.c:57
 kmsan_slab_alloc+0xdc/0x160 mm/kmsan/hooks.c:66
 slab_post_alloc_hook mm/slub.c:4545 [inline]
 slab_alloc_node mm/slub.c:4866 [inline]
 kmem_cache_alloc_noprof+0x37b/0x1270 mm/slub.c:4873
 mt_alloc_one lib/maple_tree.c:174 [inline]
 mas_alloc_nodes+0x4ef/0x5a0 lib/maple_tree.c:1110
 mas_preallocate+0x716/0xca0 lib/maple_tree.c:5194
 vma_iter_prealloc mm/vma.h:568 [inline]
 __split_vma+0x684/0x1330 mm/vma.c:526
 vms_gather_munmap_vmas+0x167b/0x1ab0 mm/vma.c:1408
 __mmap_setup mm/vma.c:2411 [inline]
 __mmap_region mm/vma.c:2741 [inline]
 mmap_region+0xc9d/0x62b0 mm/vma.c:2844
 do_mmap+0x17aa/0x1d70 mm/mmap.c:559
 vm_mmap_pgoff+0x40c/0x760 mm/util.c:581
 ksys_mmap_pgoff+0x524/0x7d0 mm/mmap.c:605
 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline]
 __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline]
 __x64_sys_mmap+0x19c/0x260 arch/x86/kernel/sys_x86_64.c:82
 x64_sys_call+0x18cd/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:10
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was stored to memory at:
 mas_topiary_replace lib/maple_tree.c:2411 [inline]
 mas_wmb_replace+0x369d/0x4260 lib/maple_tree.c:2433
 mas_split lib/maple_tree.c:3052 [inline]
 mas_commit_b_node lib/maple_tree.c:3072 [inline]
 mas_wr_bnode lib/maple_tree.c:3739 [inline]
 mas_wr_store_entry+0x30fe/0x96d0 lib/maple_tree.c:3771
 mas_store_prealloc+0x1834/0x1e60 lib/maple_tree.c:5169
 vma_iter_store_overwrite mm/vma.h:607 [inline]
 vma_iter_store_new mm/vma.h:614 [inline]
 __mmap_new_vma mm/vma.c:2553 [inline]
 __mmap_region mm/vma.c:2759 [inline]
 mmap_region+0x4ab9/0x62b0 mm/vma.c:2844
 do_mmap+0x17aa/0x1d70 mm/mmap.c:559
 vm_mmap_pgoff+0x40c/0x760 mm/util.c:581
 vm_mmap+0xdb/0x120 mm/util.c:617
 __x86_set_memory_region+0x52c/0x830 arch/x86/kvm/x86.c:13335
 kvm_alloc_apic_access_page+0xc0/0x1c0 arch/x86/kvm/lapic.c:2861
 vmx_vcpu_create+0x5ef/0x1470 arch/x86/kvm/vmx/vmx.c:7830
 kvm_arch_vcpu_create+0x9d1/0xc60 arch/x86/kvm/x86.c:12803
 kvm_vm_ioctl_create_vcpu+0x525/0xdf0 virt/kvm/kvm_main.c:4207
 kvm_vm_ioctl+0xaa4/0x1680 virt/kvm/kvm_main.c:5165
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl+0x23c/0x400 fs/ioctl.c:583
 __x64_sys_ioctl+0x97/0xe0 fs/ioctl.c:583
 x64_sys_call+0x1975/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Local variable tmp_next.i created at:
 mas_topiary_replace lib/maple_tree.c:2335 [inline]
 mas_wmb_replace+0x66/0x4260 lib/maple_tree.c:2433
 mas_split lib/maple_tree.c:3052 [inline]
 mas_commit_b_node lib/maple_tree.c:3072 [inline]
 mas_wr_bnode lib/maple_tree.c:3739 [inline]
 mas_wr_store_entry+0x30fe/0x96d0 lib/maple_tree.c:3771

CPU: 1 UID: 0 PID: 11296 Comm: modprobe Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
=====================================================