===================================================== BUG: KMSAN: uninit-value in arch_atomic_read arch/x86/include/asm/atomic.h:23 [inline] BUG: KMSAN: uninit-value in raw_atomic_read include/linux/atomic/atomic-arch-fallback.h:457 [inline] BUG: KMSAN: uninit-value in atomic_read include/linux/atomic/atomic-instrumented.h:33 [inline] BUG: KMSAN: uninit-value in pfkey_send_notify+0x291/0xe60 net/key/af_key.c:3079 arch_atomic_read arch/x86/include/asm/atomic.h:23 [inline] raw_atomic_read include/linux/atomic/atomic-arch-fallback.h:457 [inline] atomic_read include/linux/atomic/atomic-instrumented.h:33 [inline] pfkey_send_notify+0x291/0xe60 net/key/af_key.c:3079 km_state_notify net/xfrm/xfrm_state.c:2738 [inline] km_state_expired net/xfrm/xfrm_state.c:2752 [inline] xfrm_timer_handler+0x467/0x1320 net/xfrm/xfrm_state.c:718 __run_hrtimer kernel/time/hrtimer.c:1761 [inline] __hrtimer_run_queues+0x556/0xd80 kernel/time/hrtimer.c:1825 hrtimer_run_softirq+0x18e/0x760 kernel/time/hrtimer.c:1842 handle_softirqs+0x166/0x6e0 kernel/softirq.c:579 __do_softirq kernel/softirq.c:613 [inline] invoke_softirq kernel/softirq.c:453 [inline] __irq_exit_rcu+0x66/0x180 kernel/softirq.c:680 irq_exit_rcu+0x12/0x20 kernel/softirq.c:696 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline] sysvec_apic_timer_interrupt+0x84/0x90 arch/x86/kernel/apic/apic.c:1050 asm_sysvec_apic_timer_interrupt+0x1f/0x30 arch/x86/include/asm/idtentry.h:702 kmsan_metadata_is_contiguous+0xc/0x1e0 mm/kmsan/core.c:329 kmsan_get_shadow_origin_ptr+0x27/0xb0 mm/kmsan/shadow.c:96 get_shadow_origin_ptr mm/kmsan/instrumentation.c:38 [inline] __msan_metadata_ptr_for_load_4+0x24/0x40 mm/kmsan/instrumentation.c:93 unwind_done+0x1f/0x60 arch/x86/include/asm/unwind.h:50 unwind_next_frame+0x2c/0x350 arch/x86/kernel/unwind_frame.c:269 arch_stack_walk+0x1b1/0x280 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0xc3/0x100 kernel/stacktrace.c:122 kmsan_save_stack_with_flags mm/kmsan/core.c:73 [inline] kmsan_internal_poison_memory+0x4a/0xa0 mm/kmsan/core.c:57 kmsan_slab_free+0xd0/0x140 mm/kmsan/hooks.c:87 slab_free_hook mm/slub.c:2343 [inline] slab_free mm/slub.c:4680 [inline] kmem_cache_free+0x2a1/0xec0 mm/slub.c:4782 skb_kfree_head net/core/skbuff.c:1045 [inline] skb_free_head+0x13c/0x3a0 net/core/skbuff.c:1059 skb_release_data+0x9f7/0xac0 net/core/skbuff.c:1086 skb_release_all net/core/skbuff.c:1151 [inline] __kfree_skb+0x6b/0x260 net/core/skbuff.c:1165 sk_skb_reason_drop+0x126/0x440 net/core/skbuff.c:1203 kfree_skb_reason include/linux/skbuff.h:1275 [inline] kfree_skb include/linux/skbuff.h:1284 [inline] ieee80211_iface_work+0x1631/0x1e70 net/mac80211/iface.c:1755 cfg80211_wiphy_work+0x341/0x850 net/wireless/core.c:435 process_one_work kernel/workqueue.c:3236 [inline] process_scheduled_works+0xb91/0x1d80 kernel/workqueue.c:3319 worker_thread+0xedf/0x1590 kernel/workqueue.c:3400 kthread+0xd59/0xf00 kernel/kthread.c:463 ret_from_fork+0x1e3/0x310 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 Uninit was created at: slab_post_alloc_hook mm/slub.c:4186 [inline] slab_alloc_node mm/slub.c:4229 [inline] __do_kmalloc_node mm/slub.c:4364 [inline] __kvmalloc_node_noprof+0xa36/0x1530 mm/slub.c:5052 kvmalloc_array_node_noprof include/linux/slab.h:1065 [inline] io_alloc_cache_init+0x53/0x150 io_uring/alloc_cache.c:25 io_ring_ctx_alloc+0x617/0x14f0 io_uring/io_uring.c:337 io_uring_create+0x32f/0x1400 io_uring/io_uring.c:3743 io_uring_setup io_uring/io_uring.c:3890 [inline] __do_sys_io_uring_setup io_uring/io_uring.c:3924 [inline] __se_sys_io_uring_setup+0x572/0x590 io_uring/io_uring.c:3915 __ia32_sys_io_uring_setup+0x76/0xb0 io_uring/io_uring.c:3915 ia32_sys_call+0x38f0/0x4310 arch/x86/include/generated/asm/syscalls_32.h:426 do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline] __do_fast_syscall_32+0xb0/0x150 arch/x86/entry/syscall_32.c:306 do_fast_syscall_32+0x38/0x80 arch/x86/entry/syscall_32.c:331 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/syscall_32.c:369 entry_SYSENTER_compat_after_hwframe+0x84/0x8e CPU: 0 UID: 0 PID: 57 Comm: kworker/u8:3 Tainted: G W 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(none) Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 Workqueue: events_unbound cfg80211_wiphy_work =====================================================