=====================================================
BUG: KMSAN: uninit-value in __hlist_del include/linux/list.h:993 [inline]
BUG: KMSAN: uninit-value in detach_timer kernel/time/timer.c:891 [inline]
BUG: KMSAN: uninit-value in expire_timers kernel/time/timer.c:1782 [inline]
BUG: KMSAN: uninit-value in __run_timers kernel/time/timer.c:2373 [inline]
BUG: KMSAN: uninit-value in __run_timer_base+0x6cc/0xd90 kernel/time/timer.c:2385
 __hlist_del include/linux/list.h:993 [inline]
 detach_timer kernel/time/timer.c:891 [inline]
 expire_timers kernel/time/timer.c:1782 [inline]
 __run_timers kernel/time/timer.c:2373 [inline]
 __run_timer_base+0x6cc/0xd90 kernel/time/timer.c:2385
 run_timer_base kernel/time/timer.c:2394 [inline]
 run_timer_softirq+0x3a/0x70 kernel/time/timer.c:2404
 handle_softirqs+0x168/0x6e0 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x65/0x170 kernel/softirq.c:723
 irq_exit_rcu+0x12/0x20 kernel/softirq.c:739
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0x84/0x90 arch/x86/kernel/apic/apic.c:1056
 asm_sysvec_apic_timer_interrupt+0x1f/0x30 arch/x86/include/asm/idtentry.h:697
 kmsan_internal_set_shadow_origin+0xa3/0x110 mm/kmsan/core.c:234
 kmsan_internal_unpoison_memory+0x14/0x20 mm/kmsan/core.c:63
 kmsan_unpoison_memory+0x28/0x40 mm/kmsan/hooks.c:407
 clear_page arch/x86/include/asm/page_64.h:64 [inline]
 clear_highpage_kasan_tagged include/linux/highmem.h:248 [inline]
 kernel_init_pages mm/page_alloc.c:1266 [inline]
 post_alloc_hook mm/page_alloc.c:1882 [inline]
 prep_new_page+0x4bd/0x560 mm/page_alloc.c:1892
 get_page_from_freelist+0x18e0/0x1990 mm/page_alloc.c:3945
 __alloc_frozen_pages_noprof+0x2ef/0xaa0 mm/page_alloc.c:5240
 alloc_pages_mpol+0x328/0x860 mm/mempolicy.c:2486
 alloc_frozen_pages_noprof mm/mempolicy.c:2557 [inline]
 alloc_pages_noprof+0x101/0x280 mm/mempolicy.c:2577
 io_mem_alloc_compound io_uring/memmap.c:30 [inline]
 io_region_allocate_pages+0x164/0x900 io_uring/memmap.c:165
 io_create_region+0x6d0/0x830 io_uring/memmap.c:220
 io_allocate_scq_urings+0x457/0x8a0 io_uring/io_uring.c:3397
 io_uring_create+0x7b4/0x1040 io_uring/io_uring.c:3648
 io_uring_setup io_uring/io_uring.c:3723 [inline]
 __do_sys_io_uring_setup io_uring/io_uring.c:3757 [inline]
 __se_sys_io_uring_setup+0x3f0/0x410 io_uring/io_uring.c:3748
 __x64_sys_io_uring_setup+0x78/0xb0 io_uring/io_uring.c:3748
 x64_sys_call+0x2be4/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:426
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was stored to memory at:
 ext4_xattr_set_entry+0x1312/0x3430 fs/ext4/xattr.c:1740
 ext4_xattr_block_set+0xc74/0x5030 fs/ext4/xattr.c:2030
 ext4_xattr_set_handle+0x1e20/0x2b00 fs/ext4/xattr.c:2457
 ext4_xattr_set+0x2ff/0x5b0 fs/ext4/xattr.c:2559
 ext4_xattr_trusted_set+0x51/0x70 fs/ext4/xattr_trusted.c:38
 __vfs_setxattr+0x742/0x850 fs/xattr.c:200
 __vfs_setxattr_noperm+0x224/0xad0 fs/xattr.c:234
 __vfs_setxattr_locked+0x43c/0x480 fs/xattr.c:295
 vfs_setxattr+0x28d/0x650 fs/xattr.c:321
 do_setxattr fs/xattr.c:636 [inline]
 filename_setxattr+0x3a4/0xcc0 fs/xattr.c:665
 path_setxattrat+0x6c8/0x7c0 fs/xattr.c:713
 __do_sys_lsetxattr fs/xattr.c:754 [inline]
 __se_sys_lsetxattr fs/xattr.c:750 [inline]
 __x64_sys_lsetxattr+0x103/0x1c0 fs/xattr.c:750
 x64_sys_call+0x3c8b/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:190
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:4960 [inline]
 slab_alloc_node mm/slub.c:5263 [inline]
 __do_kmalloc_node mm/slub.c:5656 [inline]
 __kvmalloc_node_noprof+0xc38/0x1e80 mm/slub.c:7140
 kvmalloc_array_node_noprof include/linux/slab.h:1122 [inline]
 io_alloc_cache_init+0x58/0x160 io_uring/alloc_cache.c:25
 io_rsrc_cache_init+0x74/0xd0 io_uring/rsrc.c:178
 io_ring_ctx_alloc+0x6b1/0x1440 io_uring/io_uring.c:327
 io_uring_create+0xb5/0x1040 io_uring/io_uring.c:3591
 io_uring_setup io_uring/io_uring.c:3723 [inline]
 __do_sys_io_uring_setup io_uring/io_uring.c:3757 [inline]
 __se_sys_io_uring_setup+0x3f0/0x410 io_uring/io_uring.c:3748
 __x64_sys_io_uring_setup+0x78/0xb0 io_uring/io_uring.c:3748
 x64_sys_call+0x2be4/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:426
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

CPU: 0 UID: 0 PID: 18339 Comm: syz.0.3500 Tainted: G             L      syzkaller #0 PREEMPT(voluntary) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
=====================================================