============================================
WARNING: possible recursive locking detected
6.12.0-syzkaller-05480-gfcc79e1714e8 #0 Not tainted
--------------------------------------------
swapper/1/0 is trying to acquire lock:
ffff88805db56f30 (&hsr->seqnr_lock){+.-.}-{3:3}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
ffff88805db56f30 (&hsr->seqnr_lock){+.-.}-{3:3}, at: hsr_dev_xmit+0x18a/0x210 net/hsr/hsr_device.c:234

but task is already holding lock:
ffff8880270eaf30 (&hsr->seqnr_lock){+.-.}-{3:3}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
ffff8880270eaf30 (&hsr->seqnr_lock){+.-.}-{3:3}, at: send_hsr_supervision_frame+0x27c/0xcc0 net/hsr/hsr_device.c:317

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&hsr->seqnr_lock);
  lock(&hsr->seqnr_lock);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

7 locks held by swapper/1/0:
 #0: ffffc90000a18c00 ((&hsr->announce_timer)){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 kernel/time/timer.c:1790
 #1: ffffffff8e93c860 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #1: ffffffff8e93c860 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #1: ffffffff8e93c860 (rcu_read_lock){....}-{1:3}, at: hsr_announce+0xaa/0x3a0 net/hsr/hsr_device.c:406
 #2: ffff8880270eaf30 (&hsr->seqnr_lock){+.-.}-{3:3}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
 #2: ffff8880270eaf30 (&hsr->seqnr_lock){+.-.}-{3:3}, at: send_hsr_supervision_frame+0x27c/0xcc0 net/hsr/hsr_device.c:317
 #3: ffffffff8e93c860 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #3: ffffffff8e93c860 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #3: ffffffff8e93c860 (rcu_read_lock){....}-{1:3}, at: hsr_forward_skb+0xb6/0x2ac0 net/hsr/hsr_forward.c:723
 #4: ffffffff8e93c8c0 (rcu_read_lock_bh){....}-{1:3}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
 #4: ffffffff8e93c8c0 (rcu_read_lock_bh){....}-{1:3}, at: rcu_read_lock_bh include/linux/rcupdate.h:901 [inline]
 #4: ffffffff8e93c8c0 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x2f4/0x3f50 net/core/dev.c:4359
 #5: ffffffff8e93c860 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #5: ffffffff8e93c860 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #5: ffffffff8e93c860 (rcu_read_lock){....}-{1:3}, at: br_dev_xmit+0x21d/0x1b40 net/bridge/br_device.c:50
 #6: ffffffff8e93c8c0 (rcu_read_lock_bh){....}-{1:3}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
 #6: ffffffff8e93c8c0 (rcu_read_lock_bh){....}-{1:3}, at: rcu_read_lock_bh include/linux/rcupdate.h:901 [inline]
 #6: ffffffff8e93c8c0 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x2f4/0x3f50 net/core/dev.c:4359

stack backtrace:
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_deadlock_bug+0x483/0x620 kernel/locking/lockdep.c:3037
 check_deadlock kernel/locking/lockdep.c:3089 [inline]
 validate_chain+0x15e2/0x5920 kernel/locking/lockdep.c:3891
 __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
 _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178
 spin_lock_bh include/linux/spinlock.h:356 [inline]
 hsr_dev_xmit+0x18a/0x210 net/hsr/hsr_device.c:234
 __netdev_start_xmit include/linux/netdevice.h:5002 [inline]
 netdev_start_xmit include/linux/netdevice.h:5011 [inline]
 xmit_one net/core/dev.c:3590 [inline]
 dev_hard_start_xmit+0x27a/0x7e0 net/core/dev.c:3606
 __dev_queue_xmit+0x1b73/0x3f50 net/core/dev.c:4434
 dev_queue_xmit include/linux/netdevice.h:3168 [inline]
 br_dev_queue_push_xmit+0x726/0x900 net/bridge/br_forward.c:53
 NF_HOOK+0x3a7/0x460 include/linux/netfilter.h:314
 br_forward_finish+0xd8/0x130 net/bridge/br_forward.c:66
 NF_HOOK+0x3a7/0x460 include/linux/netfilter.h:314
 __br_forward+0x489/0x660 net/bridge/br_forward.c:115
 deliver_clone net/bridge/br_forward.c:131 [inline]
 maybe_deliver+0xb3/0x150 net/bridge/br_forward.c:190
 br_flood+0x2e4/0x660 net/bridge/br_forward.c:236
 br_dev_xmit+0x1202/0x1b40
 __netdev_start_xmit include/linux/netdevice.h:5002 [inline]
 netdev_start_xmit include/linux/netdevice.h:5011 [inline]
 xmit_one net/core/dev.c:3590 [inline]
 dev_hard_start_xmit+0x27a/0x7e0 net/core/dev.c:3606
 __dev_queue_xmit+0x1b73/0x3f50 net/core/dev.c:4434
 dev_queue_xmit include/linux/netdevice.h:3168 [inline]
 hsr_xmit net/hsr/hsr_forward.c:430 [inline]
 hsr_forward_do net/hsr/hsr_forward.c:571 [inline]
 hsr_forward_skb+0x171c/0x2ac0 net/hsr/hsr_forward.c:728
 send_hsr_supervision_frame+0x63b/0xcc0 net/hsr/hsr_device.c:351
 hsr_announce+0x1f8/0x3a0 net/hsr/hsr_device.c:408
 call_timer_fn+0x18e/0x650 kernel/time/timer.c:1793
 expire_timers kernel/time/timer.c:1844 [inline]
 __run_timers kernel/time/timer.c:2418 [inline]
 __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2430
 run_timer_base kernel/time/timer.c:2439 [inline]
 run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2449
 handle_softirqs+0x2c5/0x980 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:655
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:671
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:finish_task_switch+0x1ea/0x870 kernel/sched/core.c:5243
Code: c9 50 e8 79 07 0c 00 48 83 c4 08 4c 89 f7 e8 9d 39 00 00 0f 1f 44 00 00 4c 89 f7 e8 f0 53 74 0a e8 6b 47 38 00 fb 48 8b 5d c0 <48> 8d bb f8 15 00 00 48 89 f8 48 c1 e8 03 49 be 00 00 00 00 00 fc
RSP: 0018:ffffc900001a7b48 EFLAGS: 00000286
RAX: 81219231471e7000 RBX: ffff88801d2e0000 RCX: ffffffff9a413903
RDX: dffffc0000000000 RSI: ffffffff8c0ad300 RDI: ffffffff8c6131e0
RBP: ffffc900001a7b90 R08: ffffffff901e4837 R09: 1ffffffff203c906
R10: dffffc0000000000 R11: fffffbfff203c907 R12: 1ffff110170e7edc
R13: dffffc0000000000 R14: ffff8880b873e8c0 R15: ffff8880b873f6e0
 context_switch kernel/sched/core.c:5372 [inline]
 __schedule+0x1858/0x4c30 kernel/sched/core.c:6756
 schedule_idle+0x56/0x90 kernel/sched/core.c:6874
 do_idle+0x567/0x5c0 kernel/sched/idle.c:353
 cpu_startup_entry+0x42/0x60 kernel/sched/idle.c:423
 start_secondary+0x102/0x110 arch/x86/kernel/smpboot.c:314
 common_startup_64+0x13e/0x147
 </TASK>
----------------
Code disassembly (best guess):
   0:	c9                   	leave
   1:	50                   	push   %rax
   2:	e8 79 07 0c 00       	call   0xc0780
   7:	48 83 c4 08          	add    $0x8,%rsp
   b:	4c 89 f7             	mov    %r14,%rdi
   e:	e8 9d 39 00 00       	call   0x39b0
  13:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
  18:	4c 89 f7             	mov    %r14,%rdi
  1b:	e8 f0 53 74 0a       	call   0xa745410
  20:	e8 6b 47 38 00       	call   0x384790
  25:	fb                   	sti
  26:	48 8b 5d c0          	mov    -0x40(%rbp),%rbx
* 2a:	48 8d bb f8 15 00 00 	lea    0x15f8(%rbx),%rdi <-- trapping instruction
  31:	48 89 f8             	mov    %rdi,%rax
  34:	48 c1 e8 03          	shr    $0x3,%rax
  38:	49                   	rex.WB
  39:	be 00 00 00 00       	mov    $0x0,%esi
  3e:	00 fc                	add    %bh,%ah