============================================
WARNING: possible recursive locking detected
6.12.0-rc7-syzkaller-00189-ge8bdb3c8be08 #0 Not tainted
--------------------------------------------
syz.4.169/6486 is trying to acquire lock:
ffff888065396e70 (&hsr->seqnr_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
ffff888065396e70 (&hsr->seqnr_lock){+.-.}-{2:2}, at: hsr_dev_xmit+0x13e/0x1d0 net/hsr/hsr_device.c:234

but task is already holding lock:
ffff88807333ce70 (&hsr->seqnr_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
ffff88807333ce70 (&hsr->seqnr_lock){+.-.}-{2:2}, at: send_hsr_supervision_frame+0x27c/0xcc0 net/hsr/hsr_device.c:317

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&hsr->seqnr_lock);
  lock(&hsr->seqnr_lock);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

7 locks held by syz.4.169/6486:
 #0: ffffc90000a18c00 ((&hsr->announce_timer)){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 kernel/time/timer.c:1791
 #1: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #1: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #1: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: hsr_announce+0xaa/0x3a0 net/hsr/hsr_device.c:406
 #2: ffff88807333ce70 (&hsr->seqnr_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
 #2: ffff88807333ce70 (&hsr->seqnr_lock){+.-.}-{2:2}, at: send_hsr_supervision_frame+0x27c/0xcc0 net/hsr/hsr_device.c:317
 #3: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #3: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #3: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: hsr_forward_skb+0xaf/0x2b60 net/hsr/hsr_forward.c:714
 #4: ffffffff8e937e00 (rcu_read_lock_bh){....}-{1:2}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
 #4: ffffffff8e937e00 (rcu_read_lock_bh){....}-{1:2}, at: rcu_read_lock_bh include/linux/rcupdate.h:901 [inline]
 #4: ffffffff8e937e00 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x2da/0x3ed0 net/core/dev.c:4357
 #5: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #5: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #5: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: br_dev_xmit+0x21d/0x1b10 net/bridge/br_device.c:50
 #6: ffffffff8e937e00 (rcu_read_lock_bh){....}-{1:2}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
 #6: ffffffff8e937e00 (rcu_read_lock_bh){....}-{1:2}, at: rcu_read_lock_bh include/linux/rcupdate.h:901 [inline]
 #6: ffffffff8e937e00 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x2da/0x3ed0 net/core/dev.c:4357

stack backtrace:
CPU: 1 UID: 0 PID: 6486 Comm: syz.4.169 Not tainted 6.12.0-rc7-syzkaller-00189-ge8bdb3c8be08 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_deadlock_bug+0x483/0x620 kernel/locking/lockdep.c:3037
 check_deadlock kernel/locking/lockdep.c:3089 [inline]
 validate_chain+0x15e2/0x5920 kernel/locking/lockdep.c:3891
 __lock_acquire+0x1384/0x2050 kernel/locking/lockdep.c:5202
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
 _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178
 spin_lock_bh include/linux/spinlock.h:356 [inline]
 hsr_dev_xmit+0x13e/0x1d0 net/hsr/hsr_device.c:234
 __netdev_start_xmit include/linux/netdevice.h:4928 [inline]
 netdev_start_xmit include/linux/netdevice.h:4937 [inline]
 xmit_one net/core/dev.c:3588 [inline]
 dev_hard_start_xmit+0x27a/0x7e0 net/core/dev.c:3604
 __dev_queue_xmit+0x1b11/0x3ed0 net/core/dev.c:4432
 dev_queue_xmit include/linux/netdevice.h:3094 [inline]
 br_dev_queue_push_xmit+0x703/0x8d0 net/bridge/br_forward.c:53
 NF_HOOK+0x3a7/0x460 include/linux/netfilter.h:314
 br_forward_finish+0xd8/0x130 net/bridge/br_forward.c:66
 NF_HOOK+0x3a7/0x460 include/linux/netfilter.h:314
 __br_forward+0x489/0x660 net/bridge/br_forward.c:115
 deliver_clone net/bridge/br_forward.c:131 [inline]
 maybe_deliver+0xb3/0x150 net/bridge/br_forward.c:190
 br_flood+0x2e4/0x660 net/bridge/br_forward.c:236
 br_dev_xmit+0x11fc/0x1b10
 __netdev_start_xmit include/linux/netdevice.h:4928 [inline]
 netdev_start_xmit include/linux/netdevice.h:4937 [inline]
 xmit_one net/core/dev.c:3588 [inline]
 dev_hard_start_xmit+0x27a/0x7e0 net/core/dev.c:3604
 __dev_queue_xmit+0x1b11/0x3ed0 net/core/dev.c:4432
 dev_queue_xmit include/linux/netdevice.h:3094 [inline]
 hsr_xmit net/hsr/hsr_forward.c:418 [inline]
 hsr_forward_do net/hsr/hsr_forward.c:559 [inline]
 hsr_forward_skb+0x17b4/0x2b60 net/hsr/hsr_forward.c:719
 send_hsr_supervision_frame+0x63b/0xcc0 net/hsr/hsr_device.c:351
 hsr_announce+0x1f8/0x3a0 net/hsr/hsr_device.c:408
 call_timer_fn+0x18e/0x650 kernel/time/timer.c:1794
 expire_timers kernel/time/timer.c:1845 [inline]
 __run_timers kernel/time/timer.c:2419 [inline]
 __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2430
 run_timer_base kernel/time/timer.c:2439 [inline]
 run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2449
 handle_softirqs+0x2c5/0x980 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:649
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:finish_task_switch+0x1ea/0x870 kernel/sched/core.c:5202
Code: c9 50 e8 79 00 0c 00 48 83 c4 08 4c 89 f7 e8 4d 39 00 00 0f 1f 44 00 00 4c 89 f7 e8 70 a9 64 0a e8 1b 5a 38 00 fb 48 8b 5d c0 <48> 8d bb f8 15 00 00 48 89 f8 48 c1 e8 03 49 be 00 00 00 00 00 fc
RSP: 0018:ffffc90018bff1c8 EFLAGS: 00000282
RAX: fe3c85a299ed1b00 RBX: ffff8880665abc00 RCX: ffffffff9a3a1903
RDX: dffffc0000000000 RSI: ffffffff8c0acac0 RDI: ffffffff8c6038e0
RBP: ffffc90018bff210 R08: ffffffff901be06f R09: 1ffffffff2037c0d
R10: dffffc0000000000 R11: fffffbfff2037c0e R12: 1ffff110170e7f0c
R13: dffffc0000000000 R14: ffff8880b873ea40 R15: ffff8880b873f860
 context_switch kernel/sched/core.c:5331 [inline]
 __schedule+0x1802/0x4bd0 kernel/sched/core.c:6693
 __schedule_loop kernel/sched/core.c:6770 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6785
 schedule_timeout+0xb0/0x310 kernel/time/timer.c:2591
 unix_wait_for_peer+0x250/0x340 net/unix/af_unix.c:1529
 unix_dgram_sendmsg+0x127f/0x1f80 net/unix/af_unix.c:2131
 sock_sendmsg_nosec net/socket.c:729 [inline]
 __sock_sendmsg+0x221/0x270 net/socket.c:744
 ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2607
 ___sys_sendmsg net/socket.c:2661 [inline]
 __sys_sendmmsg+0x3ab/0x730 net/socket.c:2747
 __do_sys_sendmmsg net/socket.c:2776 [inline]
 __se_sys_sendmmsg net/socket.c:2773 [inline]
 __x64_sys_sendmmsg+0xa0/0xb0 net/socket.c:2773
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f9c7ad7e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f9c7bbd9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00007f9c7af35f80 RCX: 00007f9c7ad7e719
RDX: 0400000000000041 RSI: 0000000020000000 RDI: 0000000000000006
RBP: 00007f9c7adf175e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f9c7af35f80 R15: 00007ffdca566268
 </TASK>
----------------
Code disassembly (best guess):
   0:	c9                   	leave
   1:	50                   	push   %rax
   2:	e8 79 00 0c 00       	call   0xc0080
   7:	48 83 c4 08          	add    $0x8,%rsp
   b:	4c 89 f7             	mov    %r14,%rdi
   e:	e8 4d 39 00 00       	call   0x3960
  13:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
  18:	4c 89 f7             	mov    %r14,%rdi
  1b:	e8 70 a9 64 0a       	call   0xa64a990
  20:	e8 1b 5a 38 00       	call   0x385a40
  25:	fb                   	sti
  26:	48 8b 5d c0          	mov    -0x40(%rbp),%rbx
* 2a:	48 8d bb f8 15 00 00 	lea    0x15f8(%rbx),%rdi <-- trapping instruction
  31:	48 89 f8             	mov    %rdi,%rax
  34:	48 c1 e8 03          	shr    $0x3,%rax
  38:	49                   	rex.WB
  39:	be 00 00 00 00       	mov    $0x0,%esi
  3e:	00 fc                	add    %bh,%ah