=====================================================
BUG: KMSAN: uninit-value in __io_fill_cqe_req+0x9bd/0xed0 fs/io_uring.c:2470
 __io_fill_cqe_req+0x9bd/0xed0 fs/io_uring.c:2470
 __io_submit_flush_completions fs/io_uring.c:3148 [inline]
 io_submit_flush_completions+0x175/0x420 fs/io_uring.c:1571
 tctx_task_work+0x1866/0x1ab0 fs/io_uring.c:2960
 task_work_run+0x13c/0x280 kernel/task_work.c:177
 get_signal+0x152/0x2c50 kernel/signal.c:2634
 arch_do_signal_or_restart+0x56/0xae0 arch/x86/kernel/signal.c:869
 exit_to_user_mode_loop+0xea/0x320 kernel/entry/common.c:168
 exit_to_user_mode_prepare+0x16e/0x220 kernel/entry/common.c:203
 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
 syscall_exit_to_user_mode+0x23/0x40 kernel/entry/common.c:296
 __do_fast_syscall_32+0xa4/0xf0 arch/x86/entry/common.c:181
 do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203
 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246
 entry_SYSENTER_compat_after_hwframe+0x53/0x62

Uninit was stored to memory at:
 io_req_complete_state fs/io_uring.c:2588 [inline]
 __io_req_complete fs/io_uring.c:2596 [inline]
 io_recvmsg fs/io_uring.c:6407 [inline]
 io_issue_sqe+0x179e6/0x19720 fs/io_uring.c:8355
 io_queue_sqe fs/io_uring.c:8713 [inline]
 io_req_task_submit+0x135/0x510 fs/io_uring.c:3052
 io_apoll_task_func+0x286/0x320 fs/io_uring.c:6948
 handle_tw_list fs/io_uring.c:2926 [inline]
 tctx_task_work+0x1519/0x1ab0 fs/io_uring.c:2955
 task_work_run+0x13c/0x280 kernel/task_work.c:177
 get_signal+0x152/0x2c50 kernel/signal.c:2634
 arch_do_signal_or_restart+0x56/0xae0 arch/x86/kernel/signal.c:869
 exit_to_user_mode_loop+0xea/0x320 kernel/entry/common.c:168
 exit_to_user_mode_prepare+0x16e/0x220 kernel/entry/common.c:203
 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
 syscall_exit_to_user_mode+0x23/0x40 kernel/entry/common.c:296
 __do_fast_syscall_32+0xa4/0xf0 arch/x86/entry/common.c:181
 do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203
 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246
 entry_SYSENTER_compat_after_hwframe+0x53/0x62

Uninit was stored to memory at:
 io_setup_async_msg+0x1d7/0x420 fs/io_uring.c:6046
 io_issue_sqe+0x1462c/0x19720
 io_queue_sqe fs/io_uring.c:8713 [inline]
 io_submit_sqe+0x89de/0xa770 fs/io_uring.c:8977
 io_submit_sqes+0x542/0xd50 fs/io_uring.c:9088
 __do_sys_io_uring_enter fs/io_uring.c:12035 [inline]
 __se_sys_io_uring_enter+0x670/0x25c0 fs/io_uring.c:11961
 __ia32_sys_io_uring_enter+0x115/0x190 fs/io_uring.c:11961
 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
 __do_fast_syscall_32+0x95/0xf0 arch/x86/entry/common.c:178
 do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203
 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246
 entry_SYSENTER_compat_after_hwframe+0x53/0x62

Local variable iomsg.i411 created at:
 io_recvmsg fs/io_uring.c:6336 [inline]
 io_issue_sqe+0x1ae2/0x19720 fs/io_uring.c:8355
 io_queue_sqe fs/io_uring.c:8713 [inline]
 io_submit_sqe+0x89de/0xa770 fs/io_uring.c:8977

CPU: 1 PID: 6401 Comm: syz-executor.1 Not tainted 5.19.0-rc4-syzkaller-31333-g97117d69c353 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
=====================================================