syzbot

sshd (6632) used greatest stack depth: 53600 bytes left
PANIC: double fault, error_code: 0x0
CPU: 1 PID: 6731 Comm: syz-executor377 Not tainted 4.20.0-rc2+ #85
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================
BUG: KMSAN: uninit-value in atomic_try_cmpxchg include/asm-generic/atomic-instrumented.h:106 [inline]
BUG: KMSAN: uninit-value in queued_spin_lock include/asm-generic/qspinlock.h:87 [inline]
BUG: KMSAN: uninit-value in do_raw_spin_lock+0x130/0x410 include/linux/spinlock.h:180
CPU: 1 PID: 6731 Comm: syz-executor377 Not tainted 4.20.0-rc2+ #85
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <#DF>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x32d/0x480 lib/dump_stack.c:113
 kmsan_report+0x19f/0x300 mm/kmsan/kmsan.c:911
 kmsan_internal_check_memory+0x35b/0x3b0 mm/kmsan/kmsan.c:993
 kmsan_check_memory+0xd/0x10 mm/kmsan/kmsan.c:1000
 atomic_try_cmpxchg include/asm-generic/atomic-instrumented.h:106 [inline]
 queued_spin_lock include/asm-generic/qspinlock.h:87 [inline]
 do_raw_spin_lock+0x130/0x410 include/linux/spinlock.h:180
 __raw_spin_lock include/linux/spinlock_api_smp.h:143 [inline]
 _raw_spin_lock+0x27/0x30 kernel/locking/spinlock.c:144
 vprintk_emit+0x1d9/0x8a0 kernel/printk/printk.c:1910
 vprintk_default+0x90/0xa0 kernel/printk/printk.c:1972
 vprintk_func+0x26b/0x2a0 kernel/printk/printk_safe.c:398
 printk+0x1a3/0x1f0 kernel/printk/printk.c:2008
 show_ip arch/x86/kernel/dumpstack.c:124 [inline]
 show_iret_regs+0x13c/0x540 arch/x86/kernel/dumpstack.c:131
 __show_regs+0xc9/0x1350 arch/x86/kernel/process_64.c:71
 show_regs+0xaf/0x170 arch/x86/kernel/dumpstack.c:425
 df_debug+0x86/0xb0 arch/x86/kernel/doublefault.c:80
 do_double_fault+0x362/0x480 arch/x86/kernel/traps.c:428
 double_fault+0x1e/0x30 arch/x86/entry/entry_64.S:978
RIP: 0010:get_cea_origin_or_null mm/kmsan/kmsan.c:747 [inline]
RIP: 0010:kmsan_get_metadata_or_null mm/kmsan/kmsan.c:1066 [inline]
RIP: 0010:kmsan_get_origin_address+0x212/0x360 mm/kmsan/kmsan.c:1192
Code: 2d 01 00 00 e9 fe 00 00 00 65 44 8b 34 25 20 a1 02 00 48 b8 00 00 00 00 00 02 00 00 48 01 d8 48 3d ff 0f e8 00 77 38 44 89 f7 <e8> 19 30 4a ff 48 89 d9 48 29 c1 85 c9 78 26 48 63 c1 48 3d ff 9f
RSP: 0018:fffffe000003c000 EFLAGS: 00010093
RAX: 000000000003c150 RBX: fffffe000003c150 RCX: 000000000000002e
RDX: 0000000000000001 RSI: 0000000000000088 RDI: 0000000000000001
RBP: fffffe000003c038 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000778000000000
R13: 0000000000000000 R14: 0000000000000001 R15: fffffe008003c150
 </#DF>
 <ENTRY_TRAMPOLINE>
 kmsan_memmove_origins+0xbd/0x1c0 mm/kmsan/kmsan.c:439
 __msan_memmove+0x6c/0x80 mm/kmsan/kmsan_instr.c:196
 fixup_bad_iret+0x63/0xc0 arch/x86/kernel/traps.c:669
 error_entry+0xad/0xc0 arch/x86/entry/entry_64.S:1307
RIP: 440e59:0xffd5
Code: Bad RIP value.
RSP: 0003:00000000200001c0 EFLAGS: 0000ffd5 ORIG_RAX: 00000000200000c0
RAX: 0000000000000000 RBX: ffffffff8b000e58 RCX: 0000000000000000
RDX: 0000000000000216 RSI: 0000000000000000 RDI: 000000000000001c
RBP: 0000000000000000 R08: 0000000000401cf0 R09: 0000000000401d80
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000401cf0
R13: 0000000000401d80 R14: 0000000000000000 R15: 0000000000000000
 </ENTRY_TRAMPOLINE>

Local variable description: ----v.addr.i.i@do_raw_spin_lock
Variable was created at:
 do_raw_spin_lock+0x62/0x410 include/linux/spinlock.h:178
 __raw_spin_lock include/linux/spinlock_api_smp.h:143 [inline]
 _raw_spin_lock+0x27/0x30 kernel/locking/spinlock.c:144

Bytes 0-7 of 8 are uninitialized
Memory access of size 8 starts at fffffe00000439f8
==================================================================