=====================================================
BUG: KMSAN: uninit-value in __flush_smp_call_function_queue+0x343/0x1810 kernel/smp.c:549
 __flush_smp_call_function_queue+0x343/0x1810 kernel/smp.c:549
 generic_smp_call_function_single_interrupt+0x1c/0x30 kernel/smp.c:477
 __sysvec_call_function_single+0x48/0x350 arch/x86/kernel/smp.c:272
 instr_sysvec_call_function_single arch/x86/kernel/smp.c:267 [inline]
 sysvec_call_function_single+0x7c/0x90 arch/x86/kernel/smp.c:267
 asm_sysvec_call_function_single+0x1f/0x30 arch/x86/include/asm/idtentry.h:704
 __preempt_count_dec_and_test arch/x86/include/asm/preempt.h:95 [inline]
 rcu_read_unlock_sched include/linux/rcupdate.h:963 [inline]
 pfn_valid include/linux/mmzone.h:2291 [inline]
 kmsan_virt_addr_valid arch/x86/include/asm/kmsan.h:94 [inline]
 virt_to_page_or_null+0x14c/0x170 mm/kmsan/shadow.c:75
 kmsan_get_metadata+0xf1/0x160 mm/kmsan/shadow.c:141
 kmsan_get_shadow_origin_ptr+0x4a/0xb0 mm/kmsan/shadow.c:102
 get_shadow_origin_ptr mm/kmsan/instrumentation.c:38 [inline]
 __msan_metadata_ptr_for_load_8+0x24/0x40 mm/kmsan/instrumentation.c:94
 unwind_get_return_address_ptr+0x9b/0xd0 arch/x86/kernel/unwind_frame.c:28
 update_stack_state+0x174/0x1c0 arch/x86/kernel/unwind_frame.c:251
 unwind_next_frame+0x116/0x350 arch/x86/kernel/unwind_frame.c:315
 arch_stack_walk+0x1b0/0x280 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0xc2/0x100 kernel/stacktrace.c:122
 kmsan_save_stack_with_flags mm/kmsan/core.c:73 [inline]
 kmsan_internal_poison_memory+0x4a/0x90 mm/kmsan/core.c:57
 kmsan_slab_free+0xce/0x140 mm/kmsan/hooks.c:87
 slab_free_hook mm/slub.c:2615 [inline]
 slab_free mm/slub.c:6251 [inline]
 kfree+0x315/0x1100 mm/slub.c:6566
 tomoyo_realpath_from_path+0x952/0x9f0 security/tomoyo/realpath.c:286
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_perm+0x249/0x9a0 security/tomoyo/file.c:827
 tomoyo_inode_getattr+0x35/0x40 security/tomoyo/tomoyo.c:123
 security_inode_getattr+0x16e/0x590 security/security.c:1895
 vfs_getattr+0x41/0xf0 fs/stat.c:259
 vfs_statx_path+0x49/0x380 fs/stat.c:299
 vfs_statx+0x142/0x290 fs/stat.c:356
 do_statx fs/stat.c:761 [inline]
 __do_sys_statx fs/stat.c:814 [inline]
 __se_sys_statx+0x298/0x340 fs/stat.c:804
 __ia32_sys_statx+0xe2/0x150 fs/stat.c:804
 ia32_sys_call+0x4067/0x4360 arch/x86/include/generated/asm/syscalls_32.h:384
 do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline]
 __do_fast_syscall_32+0x195/0x470 arch/x86/entry/syscall_32.c:307
 do_fast_syscall_32+0x37/0x80 arch/x86/entry/syscall_32.c:332
 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/syscall_32.c:370
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e

Local variable warn created at:
 __dquot_alloc_space+0x4d/0x1cd0 fs/quota/dquot.c:1709
 dquot_alloc_space_nodirty include/linux/quotaops.h:292 [inline]
 dquot_alloc_block_nodirty include/linux/quotaops.h:319 [inline]
 shmem_inode_acct_blocks+0x376/0x5d0 mm/shmem.c:242

CPU: 0 UID: 0 PID: 5590 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(lazy) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
=====================================================