syzbot

------------[ cut here ]------------
HSR: Could not send supervision frame
WARNING: CPU: 1 PID: 85 at net/hsr/hsr_device.c:294 send_hsr_supervision_frame+0x60a/0x810 net/hsr/hsr_device.c:294
Modules linked in:
CPU: 1 PID: 85 Comm: kswapd1 Not tainted 6.7.0-rc5-syzkaller-00214-gc8e97fc6b4c0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
RIP: 0010:send_hsr_supervision_frame+0x60a/0x810 net/hsr/hsr_device.c:294
Code: ff 89 de e8 08 da 29 f7 84 db 0f 85 bd fe ff ff e8 cb de 29 f7 c6 05 d1 c3 a5 04 01 90 48 c7 c7 20 ff 16 8c e8 67 23 f0 f6 90 <0f> 0b 90 90 e9 9a fe ff ff e8 a8 de 29 f7 41 be 3c 00 00 00 ba 01
RSP: 0000:ffffc900001f0bd8 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff814db519
RDX: ffff88801b2b5940 RSI: ffffffff814db526 RDI: 0000000000000001
RBP: ffffc900001f0c40 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff8880204be100
R13: 0000000000000000 R14: ffffffff8a5d86a0 R15: 0000000000000017
FS:  0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0e99ac4fa7 CR3: 000000000cd77000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 hsr_announce+0x114/0x370 net/hsr/hsr_device.c:382
 call_timer_fn+0x193/0x590 kernel/time/timer.c:1700
 expire_timers kernel/time/timer.c:1751 [inline]
 __run_timers+0x764/0xb20 kernel/time/timer.c:2022
 run_timer_softirq+0x58/0xd0 kernel/time/timer.c:2035
 __do_softirq+0x21a/0x8de kernel/softirq.c:553
 invoke_softirq kernel/softirq.c:427 [inline]
 __irq_exit_rcu kernel/softirq.c:632 [inline]
 irq_exit_rcu+0xb7/0x120 kernel/softirq.c:644
 sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1076
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:649
RIP: 0010:lock_release+0x3b8/0x690 kernel/locking/lockdep.c:5762
Code: 7e 83 f8 01 0f 85 c8 01 00 00 9c 58 f6 c4 02 0f 85 b3 01 00 00 48 f7 04 24 00 02 00 00 74 01 fb 48 b8 00 00 00 00 00 fc ff df <48> 01 c5 48 c7 45 00 00 00 00 00 c7 45 08 00 00 00 00 48 8b 84 24
RSP: 0000:ffffc900015c7738 EFLAGS: 00000206
RAX: dffffc0000000000 RBX: 9ee5988421400fa7 RCX: ffffc900015c7788
RDX: 1ffff11003656c7e RSI: ffffffff8accb1c0 RDI: ffffffff8b2efc20
RBP: 1ffff920002b8ee9 R08: 0000000000000000 R09: fffffbfff1e3266a
R10: ffffffff8f193357 R11: 0000000000000001 R12: 0000000000000001
R13: 0000000000000002 R14: ffff88801b2b63f8 R15: ffff88801b2b5940
 rcu_lock_release include/linux/rcupdate.h:306 [inline]
 rcu_read_unlock include/linux/rcupdate.h:780 [inline]
 shrink_slab+0x176/0x1310 mm/shrinker.c:660
 shrink_one+0x47d/0x7a0 mm/vmscan.c:4745
 shrink_many mm/vmscan.c:4808 [inline]
 lru_gen_shrink_node mm/vmscan.c:4923 [inline]
 shrink_node+0x211c/0x3710 mm/vmscan.c:5863
 kswapd_shrink_node mm/vmscan.c:6668 [inline]
 balance_pgdat+0x9d2/0x1a90 mm/vmscan.c:6858
 kswapd+0x5be/0xbf0 mm/vmscan.c:7118
 kthread+0x2c6/0x3a0 kernel/kthread.c:388
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
 </TASK>
----------------
Code disassembly (best guess):
   0:	7e 83                	jle    0xffffff85
   2:	f8                   	clc
   3:	01 0f                	add    %ecx,(%rdi)
   5:	85 c8                	test   %ecx,%eax
   7:	01 00                	add    %eax,(%rax)
   9:	00 9c 58 f6 c4 02 0f 	add    %bl,0xf02c4f6(%rax,%rbx,2)
  10:	85 b3 01 00 00 48    	test   %esi,0x48000001(%rbx)
  16:	f7 04 24 00 02 00 00 	testl  $0x200,(%rsp)
  1d:	74 01                	je     0x20
  1f:	fb                   	sti
  20:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  27:	fc ff df
* 2a:	48 01 c5             	add    %rax,%rbp <-- trapping instruction
  2d:	48 c7 45 00 00 00 00 	movq   $0x0,0x0(%rbp)
  34:	00
  35:	c7 45 08 00 00 00 00 	movl   $0x0,0x8(%rbp)
  3c:	48                   	rex.W
  3d:	8b                   	.byte 0x8b
  3e:	84                   	.byte 0x84
  3f:	24                   	.byte 0x24