============================================
WARNING: possible recursive locking detected
6.9.0-rc5-syzkaller-00031-g71b1543c83d6 #0 Not tainted
--------------------------------------------
syz-executor.4/16542 is trying to acquire lock:
ffff888062b70da0 (&hsr->seqnr_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
ffff888062b70da0 (&hsr->seqnr_lock){+.-.}-{2:2}, at: hsr_dev_xmit+0x13e/0x1d0 net/hsr/hsr_device.c:228

but task is already holding lock:
ffff888020802da0 (&hsr->seqnr_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
ffff888020802da0 (&hsr->seqnr_lock){+.-.}-{2:2}, at: send_hsr_supervision_frame+0x276/0xad0 net/hsr/hsr_device.c:309

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&hsr->seqnr_lock);
  lock(&hsr->seqnr_lock);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

9 locks held by syz-executor.4/16542:
 #0: ffffffff8f598dd0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c8/0x7b0 net/core/net_namespace.c:501
 #1: ffffffff8f618348 (nf_ct_proto_mutex){+.+.}-{3:3}, at: nf_ct_netns_do_get+0x97/0x630 net/netfilter/nf_conntrack_proto.c:444
 #2: ffffc90000007c00 ((&hsr->announce_timer)){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 kernel/time/timer.c:1790
 #3: ffffffff8e334d20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
 #3: ffffffff8e334d20 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline]
 #3: ffffffff8e334d20 (rcu_read_lock){....}-{1:2}, at: hsr_announce+0xa3/0x370 net/hsr/hsr_device.c:386
 #4: ffff888020802da0 (&hsr->seqnr_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
 #4: ffff888020802da0 (&hsr->seqnr_lock){+.-.}-{2:2}, at: send_hsr_supervision_frame+0x276/0xad0 net/hsr/hsr_device.c:309
 #5: ffffffff8e334d20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
 #5: ffffffff8e334d20 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline]
 #5: ffffffff8e334d20 (rcu_read_lock){....}-{1:2}, at: hsr_forward_skb+0xae/0x2400 net/hsr/hsr_forward.c:614
 #6: ffffffff8e334d80 (rcu_read_lock_bh){....}-{1:2}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
 #6: ffffffff8e334d80 (rcu_read_lock_bh){....}-{1:2}, at: rcu_read_lock_bh include/linux/rcupdate.h:833 [inline]
 #6: ffffffff8e334d80 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x2c7/0x3ca0 net/core/dev.c:4266
 #7: ffffffff8e334d20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
 #7: ffffffff8e334d20 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline]
 #7: ffffffff8e334d20 (rcu_read_lock){....}-{1:2}, at: br_dev_xmit+0x1b9/0x1a10 net/bridge/br_device.c:44
 #8: ffffffff8e334d80 (rcu_read_lock_bh){....}-{1:2}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
 #8: ffffffff8e334d80 (rcu_read_lock_bh){....}-{1:2}, at: rcu_read_lock_bh include/linux/rcupdate.h:833 [inline]
 #8: ffffffff8e334d80 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x2c7/0x3ca0 net/core/dev.c:4266

stack backtrace:
CPU: 0 PID: 16542 Comm: syz-executor.4 Not tainted 6.9.0-rc5-syzkaller-00031-g71b1543c83d6 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
 check_deadlock kernel/locking/lockdep.c:3062 [inline]
 validate_chain+0x15c1/0x58e0 kernel/locking/lockdep.c:3856
 __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
 _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178
 spin_lock_bh include/linux/spinlock.h:356 [inline]
 hsr_dev_xmit+0x13e/0x1d0 net/hsr/hsr_device.c:228
 __netdev_start_xmit include/linux/netdevice.h:4903 [inline]
 netdev_start_xmit include/linux/netdevice.h:4917 [inline]
 xmit_one net/core/dev.c:3531 [inline]
 dev_hard_start_xmit+0x27a/0x7e0 net/core/dev.c:3547
 __dev_queue_xmit+0x1ad1/0x3ca0 net/core/dev.c:4341
 dev_queue_xmit include/linux/netdevice.h:3091 [inline]
 br_dev_queue_push_xmit+0x701/0x8d0 net/bridge/br_forward.c:53
 NF_HOOK+0x3a7/0x460 include/linux/netfilter.h:314
 br_forward_finish+0xe5/0x140 net/bridge/br_forward.c:66
 NF_HOOK+0x3a7/0x460 include/linux/netfilter.h:314
 __br_forward+0x489/0x660 net/bridge/br_forward.c:115
 deliver_clone net/bridge/br_forward.c:131 [inline]
 maybe_deliver+0xb3/0x150 net/bridge/br_forward.c:190
 br_flood+0x2e4/0x660 net/bridge/br_forward.c:236
 br_dev_xmit+0x118c/0x1a10
 __netdev_start_xmit include/linux/netdevice.h:4903 [inline]
 netdev_start_xmit include/linux/netdevice.h:4917 [inline]
 xmit_one net/core/dev.c:3531 [inline]
 dev_hard_start_xmit+0x27a/0x7e0 net/core/dev.c:3547
 __dev_queue_xmit+0x1ad1/0x3ca0 net/core/dev.c:4341
 dev_queue_xmit include/linux/netdevice.h:3091 [inline]
 hsr_xmit net/hsr/hsr_forward.c:380 [inline]
 hsr_forward_do net/hsr/hsr_forward.c:471 [inline]
 hsr_forward_skb+0x183f/0x2400 net/hsr/hsr_forward.c:619
 send_hsr_supervision_frame+0x548/0xad0 net/hsr/hsr_device.c:332
 hsr_announce+0x1a9/0x370 net/hsr/hsr_device.c:388
 call_timer_fn+0x18e/0x650 kernel/time/timer.c:1793
 expire_timers kernel/time/timer.c:1844 [inline]
 __run_timers kernel/time/timer.c:2418 [inline]
 __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2429
 run_timer_base kernel/time/timer.c:2438 [inline]
 run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2448
 __do_softirq+0x2c6/0x980 kernel/softirq.c:554
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:645
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:on_stack arch/x86/include/asm/stacktrace.h:56 [inline]
RIP: 0010:stack_access_ok arch/x86/kernel/unwind_orc.c:393 [inline]
RIP: 0010:deref_stack_reg+0x6f/0x260 arch/x86/kernel/unwind_orc.c:403
Code: 10 4c 89 74 24 18 48 8b 43 08 48 89 44 24 20 48 8d 6b 10 49 89 ed 49 c1 ed 03 48 b8 00 00 00 00 00 fc ff df 41 80 7c 05 00 00 <74> 08 48 89 ef e8 77 f6 b8 00 48 89 6c 24 08 4c 8b 7b 10 49 89 de
RSP: 0018:ffffc900056e7148 EFLAGS: 00000246
RAX: dffffc0000000000 RBX: ffffc900056e7280 RCX: ffff8880224d1e00
RDX: 0000000000000000 RSI: ffffc900056e7838 RDI: ffffc900056e7280
RBP: ffffc900056e7290 R08: 0000000000000005 R09: ffffffff814158df
R10: 0000000000000003 R11: ffff8880224d1e00 R12: 1ffff92000adce51
R13: 1ffff92000adce52 R14: ffffc900056e72c0 R15: dffffc0000000000
 unwind_next_frame+0x1ab8/0x2a00 arch/x86/kernel/unwind_orc.c:648
 arch_stack_walk+0x151/0x1b0 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x118/0x1d0 kernel/stacktrace.c:122
 kasan_save_stack+0x3f/0x60 mm/kasan/common.c:47
 __kasan_record_aux_stack+0xac/0xc0 mm/kasan/generic.c:541
 __call_rcu_common kernel/rcu/tree.c:2734 [inline]
 call_rcu+0x167/0xa70 kernel/rcu/tree.c:2838
 nf_hook_entries_free net/netfilter/core.c:88 [inline]
 __nf_register_net_hook+0x71e/0x8d0 net/netfilter/core.c:457
 nf_register_net_hook+0xb0/0x190 net/netfilter/core.c:578
 nf_register_net_hooks+0x41/0x1a0 net/netfilter/core.c:594
 nf_ct_netns_do_get+0x20a/0x630 net/netfilter/nf_conntrack_proto.c:475
 nf_ct_netns_inet_get+0x3b/0x150 net/netfilter/nf_conntrack_proto.c:570
 nf_conncount_init+0x12e/0x390 net/netfilter/nf_conncount.c:544
 ovs_ct_limit_init net/openvswitch/conntrack.c:1575 [inline]
 ovs_ct_init+0x34a/0x4c0 net/openvswitch/conntrack.c:1984
 ovs_init_net+0x1e6/0x250 net/openvswitch/datapath.c:2638
 ops_init+0x352/0x610 net/core/net_namespace.c:136
 setup_net+0x515/0xca0 net/core/net_namespace.c:340
 copy_net_ns+0x4e4/0x7b0 net/core/net_namespace.c:505
 create_new_namespaces+0x425/0x7b0 kernel/nsproxy.c:110
 unshare_nsproxy_namespaces+0x124/0x180 kernel/nsproxy.c:228
 ksys_unshare+0x619/0xc10 kernel/fork.c:3323
 __do_sys_unshare kernel/fork.c:3394 [inline]
 __se_sys_unshare kernel/fork.c:3392 [inline]
 __ia32_sys_unshare+0x37/0x40 kernel/fork.c:3392
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0xb8/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x34/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7299579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 002b:00000000f753af5c EFLAGS: 00000206 ORIG_RAX: 0000000000000136
RAX: ffffffffffffffda RBX: 0000000040000000 RCX: 0000000000000000
RDX: 00000000f73f0ff4 RSI: 00000000f7341508 RDI: 0000000030000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
----------------
Code disassembly (best guess):
   0:	10 4c 89 74          	adc    %cl,0x74(%rcx,%rcx,4)
   4:	24 18                	and    $0x18,%al
   6:	48 8b 43 08          	mov    0x8(%rbx),%rax
   a:	48 89 44 24 20       	mov    %rax,0x20(%rsp)
   f:	48 8d 6b 10          	lea    0x10(%rbx),%rbp
  13:	49 89 ed             	mov    %rbp,%r13
  16:	49 c1 ed 03          	shr    $0x3,%r13
  1a:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  21:	fc ff df
  24:	41 80 7c 05 00 00    	cmpb   $0x0,0x0(%r13,%rax,1)
* 2a:	74 08                	je     0x34 <-- trapping instruction
  2c:	48 89 ef             	mov    %rbp,%rdi
  2f:	e8 77 f6 b8 00       	call   0xb8f6ab
  34:	48 89 6c 24 08       	mov    %rbp,0x8(%rsp)
  39:	4c 8b 7b 10          	mov    0x10(%rbx),%r15
  3d:	49 89 de             	mov    %rbx,%r14