Re: [syzbot] [kernel?] KMSAN: uninit-value in __flush_smp_call_function_queue

[syzbot]

syzbot has found a reproducer for the following issue on:

HEAD commit:    ca4ee40bf13d Partly revert "drm/hyperv: Remove reference t..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=177aec02580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=4b4f2aab682301f1
dashboard link: https://syzkaller.appspot.com/bug?extid=4b1bd55fba6260160779
compiler:       Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=120fc722580000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=10faec02580000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/68f5e4558a91/disk-ca4ee40b.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/ea1eab60444d/vmlinux-ca4ee40b.xz
kernel image: https://storage.googleapis.com/syzbot-assets/cc7e3debdec4/bzImage-ca4ee40b.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4b1bd55fba6260160779@xxxxxxxxxxxxxxxxxxxxxxxxx

=====================================================
BUG: KMSAN: uninit-value in __flush_smp_call_function_queue+0x362/0x18e0 kernel/smp.c:535
 __flush_smp_call_function_queue+0x362/0x18e0 kernel/smp.c:535
 generic_smp_call_function_single_interrupt+0x1c/0x30 kernel/smp.c:463
 __sysvec_call_function_single+0x4b/0x3e0 arch/x86/kernel/smp.c:271
 instr_sysvec_call_function_single arch/x86/kernel/smp.c:266 [inline]
 sysvec_call_function_single+0x7c/0x90 arch/x86/kernel/smp.c:266
 asm_sysvec_call_function_single+0x1f/0x30 arch/x86/include/asm/idtentry.h:704
 native_irq_enable arch/x86/include/asm/irqflags.h:42 [inline]
 arch_local_irq_enable arch/x86/include/asm/irqflags.h:119 [inline]
 raw_spin_rq_unlock_irq kernel/sched/sched.h:1629 [inline]
 finish_lock_switch kernel/sched/core.c:5032 [inline]
 finish_task_switch+0x11b/0x8b0 kernel/sched/core.c:5150
 context_switch kernel/sched/core.c:5298 [inline]
 __schedule+0x273e/0x8650 kernel/sched/core.c:6907
 schedule_idle+0x5a/0x90 kernel/sched/core.c:7030
 do_idle+0x748/0x760 kernel/sched/idle.c:360
 cpu_startup_entry+0x5f/0x80 kernel/sched/idle.c:430
 start_secondary+0xcc/0xd0 arch/x86/kernel/smpboot.c:312
 common_startup_64+0x13e/0x147

Local variable reuse.i created at:
 mas_wr_node_store lib/maple_tree.c:3495 [inline]
 mas_wr_store_entry+0x14bd/0x96d0 lib/maple_tree.c:3764
 mas_store_prealloc+0x1834/0x1e60 lib/maple_tree.c:5169

CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
=====================================================


---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.