syzbot

------------[ cut here ]------------
HSR: Could not send supervision frame
WARNING: CPU: 3 PID: 100 at net/hsr/hsr_device.c:294 send_hsr_supervision_frame+0x5fe/0x840 net/hsr/hsr_device.c:294
Modules linked in:
CPU: 3 PID: 100 Comm: kswapd0 Not tainted 6.3.0-rc3-syzkaller-00021-ga1effab7a3a3 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
RIP: 0010:send_hsr_supervision_frame+0x5fe/0x840 net/hsr/hsr_device.c:294
Code: 04 31 ff 89 de e8 d2 2b a1 f7 84 db 0f 85 01 ff ff ff e8 b5 2f a1 f7 48 c7 c7 00 88 87 8b c6 05 37 b3 80 04 01 e8 f2 a8 69 f7 <0f> 0b e9 e2 fe ff ff e8 96 2f a1 f7 41 be 3c 00 00 00 ba 01 00 00
RSP: 0000:ffffc90000678c70 EFLAGS: 00010282
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000100
RDX: ffff8880160c00c0 RSI: ffffffff814a8087 RDI: 0000000000000001
RBP: ffffc90000678cd0 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff88801afb0300
R13: 0000000000000000 R14: 0000000000000017 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff88802cb80000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7e32fd38b7 CR3: 0000000015779000 CR4: 0000000000150ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 hsr_announce+0x10d/0x370 net/hsr/hsr_device.c:382
 call_timer_fn+0x1a0/0x580 kernel/time/timer.c:1700
 expire_timers+0x29b/0x4b0 kernel/time/timer.c:1751
 __run_timers kernel/time/timer.c:2022 [inline]
 __run_timers kernel/time/timer.c:1995 [inline]
 run_timer_softirq+0x326/0x910 kernel/time/timer.c:2035
 __do_softirq+0x1d4/0x905 kernel/softirq.c:571
 invoke_softirq kernel/softirq.c:445 [inline]
 __irq_exit_rcu+0x114/0x190 kernel/softirq.c:650
 irq_exit_rcu+0x9/0x20 kernel/softirq.c:662
 sysvec_apic_timer_interrupt+0x97/0xc0 arch/x86/kernel/apic/apic.c:1107
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:645
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0x3c/0x70 kernel/locking/spinlock.c:194
Code: 74 24 10 e8 f6 8a 5f f7 48 89 ef e8 8e f7 5f f7 81 e3 00 02 00 00 75 25 9c 58 f6 c4 02 75 2d 48 85 db 74 01 fb bf 01 00 00 00 <e8> 1f 23 52 f7 65 8b 05 f0 70 ff 75 85 c0 74 0a 5b 5d c3 e8 ec 45
RSP: 0000:ffffc90000c47ce8 EFLAGS: 00000206
RAX: 0000000000000006 RBX: 0000000000000200 RCX: 1ffffffff1ced8e9
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
RBP: ffff88803fffebd8 R08: 0000000000000001 R09: 0000000000000001
R10: fffffbfff1cedef2 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000003 R15: 0000000000000246
 spin_unlock_irqrestore include/linux/spinlock.h:405 [inline]
 __wake_up_common_lock+0xe2/0x140 kernel/sched/wait.c:140
 prepare_kswapd_sleep mm/vmscan.c:7220 [inline]
 kswapd_try_to_sleep mm/vmscan.c:7605 [inline]
 kswapd+0x445/0xd60 mm/vmscan.c:7681
 kthread+0x2e8/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
----------------
Code disassembly (best guess):
   0:	74 24                	je     0x26
   2:	10 e8                	adc    %ch,%al
   4:	f6 8a 5f f7 48 89 ef 	testb  $0xef,-0x76b708a1(%rdx)
   b:	e8 8e f7 5f f7       	callq  0xf75ff79e
  10:	81 e3 00 02 00 00    	and    $0x200,%ebx
  16:	75 25                	jne    0x3d
  18:	9c                   	pushfq
  19:	58                   	pop    %rax
  1a:	f6 c4 02             	test   $0x2,%ah
  1d:	75 2d                	jne    0x4c
  1f:	48 85 db             	test   %rbx,%rbx
  22:	74 01                	je     0x25
  24:	fb                   	sti
  25:	bf 01 00 00 00       	mov    $0x1,%edi
* 2a:	e8 1f 23 52 f7       	callq  0xf752234e <-- trapping instruction
  2f:	65 8b 05 f0 70 ff 75 	mov    %gs:0x75ff70f0(%rip),%eax        # 0x75ff7126
  36:	85 c0                	test   %eax,%eax
  38:	74 0a                	je     0x44
  3a:	5b                   	pop    %rbx
  3b:	5d                   	pop    %rbp
  3c:	c3                   	retq
  3d:	e8                   	.byte 0xe8
  3e:	ec                   	in     (%dx),%al
  3f:	45                   	rex.RB