============================================
WARNING: possible recursive locking detected
6.1.124-syzkaller #0 Not tainted
--------------------------------------------
kworker/1:1/24 is trying to acquire lock:
ffff0000ded30d88 (&hsr->seqnr_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
ffff0000ded30d88 (&hsr->seqnr_lock){+.-.}-{2:2}, at: hsr_dev_xmit+0xf8/0x2d8 net/hsr/hsr_device.c:219
but task is already holding lock:
ffff0000d932cd88 (&hsr->seqnr_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
ffff0000d932cd88 (&hsr->seqnr_lock){+.-.}-{2:2}, at: hsr_dev_xmit+0xf8/0x2d8 net/hsr/hsr_device.c:219
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&hsr->seqnr_lock);
lock(&hsr->seqnr_lock);
*** DEADLOCK ***
May be due to missing lock nesting notation
11 locks held by kworker/1:1/24:
#0: ffff0000d5590938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x664/0x1404 kernel/workqueue.c:2265
#1: ffff80001d2e7c20 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x6a8/0x1404 kernel/workqueue.c:2267
#2: ffff8000180c4a08 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:74
#3: ffff800015c65360 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:349
#4: ffff800015c65360 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:349
#5: ffff800015c653c0 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:349
#6: ffff0000d932cd88 (&hsr->seqnr_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
#6: ffff0000d932cd88 (&hsr->seqnr_lock){+.-.}-{2:2}, at: hsr_dev_xmit+0xf8/0x2d8 net/hsr/hsr_device.c:219
#7: ffff800015c65360 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:349
#8: ffff800015c653c0 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:349
#9: ffff800015c65360 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:349
#10: ffff800015c653c0 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:349
stack backtrace:
CPU: 1 PID: 24 Comm: kworker/1:1 Not tainted 6.1.124-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: ipv6_addrconf addrconf_dad_work
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x5c lib/dump_stack.c:113
__lock_acquire+0x6310/0x7680 kernel/locking/lockdep.c:5049
lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5662
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x54/0x6c kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:356 [inline]
hsr_dev_xmit+0xf8/0x2d8 net/hsr/hsr_device.c:219
__netdev_start_xmit include/linux/netdevice.h:4888 [inline]
netdev_start_xmit include/linux/netdevice.h:4902 [inline]
xmit_one net/core/dev.c:3627 [inline]
dev_hard_start_xmit+0x25c/0x9a4 net/core/dev.c:3643
__dev_queue_xmit+0x161c/0x34d0 net/core/dev.c:4303
dev_queue_xmit include/linux/netdevice.h:3043 [inline]
br_dev_queue_push_xmit+0x584/0x730 net/bridge/br_forward.c:53
NF_HOOK+0x35c/0x408 include/linux/netfilter.h:302
br_forward_finish+0xd0/0x118 net/bridge/br_forward.c:66
NF_HOOK+0x35c/0x408 include/linux/netfilter.h:302
__br_forward+0x2f0/0x458 net/bridge/br_forward.c:115
deliver_clone net/bridge/br_forward.c:131 [inline]
maybe_deliver+0xc8/0x178 net/bridge/br_forward.c:189
br_flood+0x28c/0x3f8 net/bridge/br_forward.c:231
br_dev_xmit+0xdec/0x1520
__netdev_start_xmit include/linux/netdevice.h:4888 [inline]
netdev_start_xmit include/linux/netdevice.h:4902 [inline]
xmit_one net/core/dev.c:3627 [inline]
dev_hard_start_xmit+0x25c/0x9a4 net/core/dev.c:3643
__dev_queue_xmit+0x161c/0x34d0 net/core/dev.c:4303
dev_queue_xmit include/linux/netdevice.h:3043 [inline]
hsr_xmit net/hsr/hsr_forward.c:380 [inline]
hsr_forward_do net/hsr/hsr_forward.c:471 [inline]
hsr_forward_skb+0x1070/0x1c84 net/hsr/hsr_forward.c:621
hsr_dev_xmit+0x104/0x2d8 net/hsr/hsr_device.c:220
__netdev_start_xmit include/linux/netdevice.h:4888 [inline]
netdev_start_xmit include/linux/netdevice.h:4902 [inline]
xmit_one net/core/dev.c:3627 [inline]
dev_hard_start_xmit+0x25c/0x9a4 net/core/dev.c:3643
__dev_queue_xmit+0x161c/0x34d0 net/core/dev.c:4303
dev_queue_xmit include/linux/netdevice.h:3043 [inline]
neigh_connected_output+0x344/0x3d4 net/core/neighbour.c:1592
neigh_output include/net/neighbour.h:544 [inline]
ip6_finish_output2+0xdb8/0x1b54 net/ipv6/ip6_output.c:138
__ip6_finish_output net/ipv6/ip6_output.c:205 [inline]
ip6_finish_output+0x5a4/0x940 net/ipv6/ip6_output.c:216
NF_HOOK_COND include/linux/netfilter.h:291 [inline]
ip6_output+0x274/0x594 net/ipv6/ip6_output.c:237
dst_output include/net/dst.h:444 [inline]
NF_HOOK include/linux/netfilter.h:302 [inline]
ndisc_send_skb+0xc38/0x179c net/ipv6/ndisc.c:511
ndisc_send_ns+0xd4/0x164 net/ipv6/ndisc.c:669
addrconf_dad_work+0x99c/0x1390 net/ipv6/addrconf.c:4222
process_one_work+0x7ac/0x1404 kernel/workqueue.c:2292
worker_thread+0x8e4/0xfec kernel/workqueue.c:2439
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864