=====================================================
BUG: KMSAN: uninit-value in io_req_caches_free+0x2e6/0x640 fs/io_uring.c:9402
 io_req_caches_free+0x2e6/0x640 fs/io_uring.c:9402
 io_ring_exit_work+0x242/0xce2 fs/io_uring.c:9584
 process_one_work+0xdb6/0x1820 kernel/workqueue.c:2307
 worker_thread+0x10b3/0x21e0 kernel/workqueue.c:2454
 kthread+0x3c7/0x500 kernel/kthread.c:377
 ret_from_fork+0x1f/0x30

Uninit was stored to memory at:
 wq_stack_extract fs/io-wq.h:151 [inline]
 io_req_caches_free+0x300/0x640 fs/io_uring.c:9406
 io_ring_exit_work+0x242/0xce2 fs/io_uring.c:9584
 process_one_work+0xdb6/0x1820 kernel/workqueue.c:2307
 worker_thread+0x10b3/0x21e0 kernel/workqueue.c:2454
 kthread+0x3c7/0x500 kernel/kthread.c:377
 ret_from_fork+0x1f/0x30

Uninit was stored to memory at:
 __wq_list_splice fs/io-wq.h:117 [inline]
 wq_list_splice fs/io-wq.h:126 [inline]
 io_flush_cached_locked_reqs fs/io_uring.c:2034 [inline]
 io_req_caches_free+0x4b4/0x640 fs/io_uring.c:9400
 io_ring_exit_work+0x242/0xce2 fs/io_uring.c:9584
 process_one_work+0xdb6/0x1820 kernel/workqueue.c:2307
 worker_thread+0x10b3/0x21e0 kernel/workqueue.c:2454
 kthread+0x3c7/0x500 kernel/kthread.c:377
 ret_from_fork+0x1f/0x30

Uninit was stored to memory at:
 wq_stack_add_head fs/io-wq.h:136 [inline]
 io_free_batch_list+0x9c3/0x10e0 fs/io_uring.c:2513
 __io_submit_flush_completions+0x11e7/0x1530 fs/io_uring.c:2543
 io_submit_flush_completions fs/io_uring.c:1205 [inline]
 tctx_task_work+0x23f/0x21d0 fs/io_uring.c:2345
 task_work_run+0x154/0x290 kernel/task_work.c:164
 exit_task_work include/linux/task_work.h:32 [inline]
 do_exit+0xf72/0x4010 kernel/exit.c:808
 do_group_exit+0x3cc/0x420 kernel/exit.c:937
 get_signal+0x17d0/0x2c70 kernel/signal.c:2863
 arch_do_signal_or_restart+0x9d/0xdd0 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:149 [inline]
 exit_to_user_mode_loop+0x1f6/0x490 kernel/entry/common.c:173
 exit_to_user_mode_prepare kernel/entry/common.c:208 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline]
 syscall_exit_to_user_mode+0x7e/0xc0 kernel/entry/common.c:302
 do_syscall_64+0x60/0xd0 arch/x86/entry/common.c:88
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Uninit was stored to memory at:
 wq_list_add_tail fs/io-wq.h:83 [inline]
 io_req_add_compl_list fs/io_uring.c:1588 [inline]
 io_req_task_complete+0x65d/0x6c0 fs/io_uring.c:2837
 handle_tw_list fs/io_uring.c:2328 [inline]
 tctx_task_work+0x1a21/0x21d0 fs/io_uring.c:2362
 task_work_run+0x154/0x290 kernel/task_work.c:164
 exit_task_work include/linux/task_work.h:32 [inline]
 do_exit+0xf72/0x4010 kernel/exit.c:808
 do_group_exit+0x3cc/0x420 kernel/exit.c:937
 get_signal+0x17d0/0x2c70 kernel/signal.c:2863
 arch_do_signal_or_restart+0x9d/0xdd0 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:149 [inline]
 exit_to_user_mode_loop+0x1f6/0x490 kernel/entry/common.c:173
 exit_to_user_mode_prepare kernel/entry/common.c:208 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline]
 syscall_exit_to_user_mode+0x7e/0xc0 kernel/entry/common.c:302
 do_syscall_64+0x60/0xd0 arch/x86/entry/common.c:88
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Uninit was created at:
 slab_post_alloc_hook mm/slab.h:737 [inline]
 kmem_cache_alloc_bulk+0xec5/0x1560 mm/slub.c:3747
 __io_alloc_req_refill+0x482/0x867 fs/io_uring.c:2072
 io_alloc_req_refill fs/io_uring.c:2098 [inline]
 io_submit_sqes+0x7d4/0x1a00 fs/io_uring.c:7440
 __do_sys_io_uring_enter fs/io_uring.c:10152 [inline]
 __se_sys_io_uring_enter+0x62f/0x23a0 fs/io_uring.c:10094
 __x64_sys_io_uring_enter+0x19d/0x200 fs/io_uring.c:10094
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x44/0xae

CPU: 0 PID: 3295 Comm: kworker/u4:37 Not tainted 5.17.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events_unbound io_ring_exit_work
=====================================================