syzbot

current->kmsan.in_runtime: -1, last_caller:           (null)
------------[ cut here ]------------
kernel BUG at mm/kmsan/kmsan_instr.c:267!
invalid opcode: 0000 [#1] SMP
CPU: 1 PID: 19670 Comm: kvm-pit/19667 Not tainted 4.20.0-rc7+ #12
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__msan_poison_alloca+0x29c/0x2a0 mm/kmsan/kmsan_instr.c:267
Code: 0b e8 e8 ee 7b ff 85 c0 75 20 48 8b 44 24 08 8b b0 88 09 00 00 48 8b 90 80 09 00 00 48 c7 c7 4e 72 5f 8b 31 c0 e8 f4 1b 7c ff <0f> 0b 66 90 55 48 89 e5 41 57 41 56 41 54 53 48 83 ec 18 65 48 8b
RSP: 0018:ffff88821fd0fb90 EFLAGS: 00010046
RAX: 000000000000003c RBX: ffff8881c24d3c00 RCX: c753807a538ece00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88821fd36abc
RBP: ffff88821fd0fc30 R08: 0000000000000000 R09: ffff88821fd38f10
R10: 0000000000000000 R11: ffffffff861d8220 R12: ffff88821fd0fd60
R13: 0000000000000246 R14: 0000000000000001 R15: ffffffff8bad7590
FS:  0000000000000000(0000) GS:ffff88821fd00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffea2505dec CR3: 000000000ba2f000 CR4: 00000000001426e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 kmem_cache_free+0xb2/0x2b70 mm/slub.c:3024
 __d_free+0x66/0x80 fs/dcache.c:257
 __rcu_reclaim kernel/rcu/rcu.h:240 [inline]
 rcu_do_batch kernel/rcu/tree.c:2437 [inline]
 invoke_rcu_callbacks kernel/rcu/tree.c:2716 [inline]
 rcu_process_callbacks+0xc44/0x1880 kernel/rcu/tree.c:2697
 __do_softirq+0x53f/0x93a kernel/softirq.c:293
 invoke_softirq kernel/softirq.c:375 [inline]
 irq_exit+0x214/0x250 kernel/softirq.c:416
 exiting_irq+0xe/0x10 arch/x86/include/asm/apic.h:536
 smp_apic_timer_interrupt+0x48/0x70 arch/x86/kernel/apic/apic.c:1063
 apic_timer_interrupt+0x2e/0x40 arch/x86/entry/entry_64.S:814
 </IRQ>
RIP: 0010:_raw_spin_unlock_irqrestore+0x4b/0x70 kernel/locking/spinlock.c:185
Code: 00 8b b8 88 0c 00 00 48 8b 00 48 85 c0 75 28 48 89 df e8 98 6c 4a f7 c6 00 00 c6 03 00 4d 85 e4 75 1c 4c 89 7d d8 ff 75 d8 9d <48> 83 c4 08 5b 41 5c 41 5e 41 5f 5d c3 e8 83 76 4a f7 eb d1 44 89
RSP: 0018:ffff888181fafe30 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: ffff8881ada6f848 RBX: ffff88819ba7f848 RCX: ffff8881ada6f848
RDX: ffff88818469f848 RSI: 0000160000000000 RDI: ccccccccccccd000
RBP: ffff888181fafe58 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000001 R11: ffffffff8169e0b0 R12: 0000000000000000
R13: ffff88819ba7f840 R14: 0000000000000000 R15: 0000000000000286
 spin_unlock_irqrestore include/linux/spinlock.h:384 [inline]
 complete+0x10e/0x170 kernel/sched/completion.c:37
 kthread+0x3c6/0x4e0 kernel/kthread.c:240
 ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:355
Modules linked in:
---[ end trace 87505f927777a7ff ]---
RIP: 0010:__msan_poison_alloca+0x29c/0x2a0 mm/kmsan/kmsan_instr.c:267
Code: 0b e8 e8 ee 7b ff 85 c0 75 20 48 8b 44 24 08 8b b0 88 09 00 00 48 8b 90 80 09 00 00 48 c7 c7 4e 72 5f 8b 31 c0 e8 f4 1b 7c ff <0f> 0b 66 90 55 48 89 e5 41 57 41 56 41 54 53 48 83 ec 18 65 48 8b
RSP: 0018:ffff88821fd0fb90 EFLAGS: 00010046
RAX: 000000000000003c RBX: ffff8881c24d3c00 RCX: c753807a538ece00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88821fd36abc
RBP: ffff88821fd0fc30 R08: 0000000000000000 R09: ffff88821fd38f10
R10: 0000000000000000 R11: ffffffff861d8220 R12: ffff88821fd0fd60
R13: 0000000000000246 R14: 0000000000000001 R15: ffffffff8bad7590
FS:  0000000000000000(0000) GS:ffff88821fd00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffea2505dec CR3: 000000000ba2f000 CR4: 00000000001426e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400