============================================
WARNING: possible recursive locking detected
6.10.0-rc6-syzkaller-00212-g1dd28064d416 #0 Not tainted
--------------------------------------------
swapper/1/0 is trying to acquire lock:
ffff888057c0ee00 (&hsr->seqnr_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
ffff888057c0ee00 (&hsr->seqnr_lock){+.-.}-{2:2}, at: hsr_dev_xmit+0x174/0x220 net/hsr/hsr_device.c:228
but task is already holding lock:
ffff8880282bce00 (&hsr->seqnr_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
ffff8880282bce00 (&hsr->seqnr_lock){+.-.}-{2:2}, at: send_hsr_supervision_frame+0x1dc/0xa60 net/hsr/hsr_device.c:310
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&hsr->seqnr_lock);
lock(&hsr->seqnr_lock);
*** DEADLOCK ***
May be due to missing lock nesting notation
7 locks held by swapper/1/0:
#0: ffffc90000598cb0 ((&hsr->announce_timer)){+.-.}-{0:0}, at: call_timer_fn+0x11a/0x610 kernel/time/timer.c:1789
#1: ffffffff8dbb4ea0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
#1: ffffffff8dbb4ea0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline]
#1: ffffffff8dbb4ea0 (rcu_read_lock){....}-{1:2}, at: hsr_announce+0x90/0x380 net/hsr/hsr_device.c:397
#2: ffff8880282bce00 (&hsr->seqnr_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
#2: ffff8880282bce00 (&hsr->seqnr_lock){+.-.}-{2:2}, at: send_hsr_supervision_frame+0x1dc/0xa60 net/hsr/hsr_device.c:310
#3: ffffffff8dbb4ea0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
#3: ffffffff8dbb4ea0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline]
#3: ffffffff8dbb4ea0 (rcu_read_lock){....}-{1:2}, at: hsr_forward_skb+0xb2/0x2190 net/hsr/hsr_forward.c:681
#4: ffffffff8dbb4e40 (rcu_read_lock_bh){....}-{1:2}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
#4: ffffffff8dbb4e40 (rcu_read_lock_bh){....}-{1:2}, at: rcu_read_lock_bh include/linux/rcupdate.h:833 [inline]
#4: ffffffff8dbb4e40 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x244/0x4130 net/core/dev.c:4318
#5: ffffffff8dbb4ea0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
#5: ffffffff8dbb4ea0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline]
#5: ffffffff8dbb4ea0 (rcu_read_lock){....}-{1:2}, at: br_dev_xmit+0x1a2/0x1890 net/bridge/br_device.c:50
#6: ffffffff8dbb4e40 (rcu_read_lock_bh){....}-{1:2}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
#6: ffffffff8dbb4e40 (rcu_read_lock_bh){....}-{1:2}, at: rcu_read_lock_bh include/linux/rcupdate.h:833 [inline]
#6: ffffffff8dbb4e40 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x244/0x4130 net/core/dev.c:4318
stack backtrace:
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.10.0-rc6-syzkaller-00212-g1dd28064d416 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114
check_deadlock kernel/locking/lockdep.c:3062 [inline]
validate_chain kernel/locking/lockdep.c:3856 [inline]
__lock_acquire+0x20e6/0x3b30 kernel/locking/lockdep.c:5137
lock_acquire kernel/locking/lockdep.c:5754 [inline]
lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5719
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:356 [inline]
hsr_dev_xmit+0x174/0x220 net/hsr/hsr_device.c:228
__netdev_start_xmit include/linux/netdevice.h:4882 [inline]
netdev_start_xmit include/linux/netdevice.h:4896 [inline]
xmit_one net/core/dev.c:3578 [inline]
dev_hard_start_xmit+0x143/0x790 net/core/dev.c:3594
__dev_queue_xmit+0x7ba/0x4130 net/core/dev.c:4393
dev_queue_xmit include/linux/netdevice.h:3095 [inline]
br_dev_queue_push_xmit+0x272/0x870 net/bridge/br_forward.c:53
NF_HOOK include/linux/netfilter.h:314 [inline]
NF_HOOK include/linux/netfilter.h:308 [inline]
br_forward_finish+0xf5/0x130 net/bridge/br_forward.c:66
NF_HOOK include/linux/netfilter.h:314 [inline]
NF_HOOK include/linux/netfilter.h:308 [inline]
__br_forward+0x1e5/0x5b0 net/bridge/br_forward.c:115
deliver_clone+0x5b/0xa0 net/bridge/br_forward.c:131
maybe_deliver+0x31a/0x3e0 net/bridge/br_forward.c:190
br_flood+0x17e/0x5c0 net/bridge/br_forward.c:236
br_dev_xmit+0xf7d/0x1890 net/bridge/br_device.c:106
__netdev_start_xmit include/linux/netdevice.h:4882 [inline]
netdev_start_xmit include/linux/netdevice.h:4896 [inline]
xmit_one net/core/dev.c:3578 [inline]
dev_hard_start_xmit+0x143/0x790 net/core/dev.c:3594
__dev_queue_xmit+0x7ba/0x4130 net/core/dev.c:4393
dev_queue_xmit include/linux/netdevice.h:3095 [inline]
hsr_xmit net/hsr/hsr_forward.c:389 [inline]
hsr_forward_do net/hsr/hsr_forward.c:529 [inline]
hsr_forward_skb+0xc30/0x2190 net/hsr/hsr_forward.c:686
send_hsr_supervision_frame+0x500/0xa60 net/hsr/hsr_device.c:343
hsr_announce+0x116/0x380 net/hsr/hsr_device.c:399
call_timer_fn+0x1a0/0x610 kernel/time/timer.c:1792
expire_timers kernel/time/timer.c:1843 [inline]
__run_timers+0x74b/0xaf0 kernel/time/timer.c:2417
__run_timer_base kernel/time/timer.c:2428 [inline]
__run_timer_base kernel/time/timer.c:2421 [inline]
run_timer_base+0x111/0x190 kernel/time/timer.c:2437
run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2447
handle_softirqs+0x216/0x8f0 kernel/softirq.c:554
__do_softirq kernel/softirq.c:588 [inline]
invoke_softirq kernel/softirq.c:428 [inline]
__irq_exit_rcu kernel/softirq.c:637 [inline]
irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:native_irq_disable arch/x86/include/asm/irqflags.h:37 [inline]
RIP: 0010:arch_local_irq_disable arch/x86/include/asm/irqflags.h:72 [inline]
RIP: 0010:default_idle+0xf/0x20 arch/x86/kernel/process.c:743
Code: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d b3 59 4a 00 fb f4 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90
RSP: 0018:ffffc90000477e08 EFLAGS: 00000246
RAX: 00000000012cb0c5 RBX: 0000000000000001 RCX: ffffffff8adc1c39
RDX: 0000000000000000 RSI: ffffffff8b2cb9e0 RDI: ffffffff8b8fb620
RBP: ffffed1002c63910 R08: 0000000000000001 R09: ffffed1005826fdd
R10: ffff88802c137eeb R11: 0000000000000000 R12: 0000000000000001
R13: ffff88801631c880 R14: ffffffff8fe29550 R15: 0000000000000000
default_idle_call+0x6d/0xb0 kernel/sched/idle.c:117
cpuidle_idle_call kernel/sched/idle.c:191 [inline]
do_idle+0x32c/0x3f0 kernel/sched/idle.c:332
cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:430
start_secondary+0x220/0x2b0 arch/x86/kernel/smpboot.c:313
common_startup_64+0x13e/0x148
----------------
Code disassembly (best guess):
0: 4c 01 c7 add %r8,%rdi
3: 4c 29 c2 sub %r8,%rdx
6: e9 72 ff ff ff jmp 0xffffff7d
b: 90 nop
c: 90 nop
d: 90 nop
e: 90 nop
f: 90 nop
10: 90 nop
11: 90 nop
12: 90 nop
13: 90 nop
14: 90 nop
15: 90 nop
16: 90 nop
17: 90 nop
18: 90 nop
19: 90 nop
1a: 90 nop
1b: f3 0f 1e fa endbr64
1f: 66 90 xchg %ax,%ax
21: 0f 00 2d b3 59 4a 00 verw 0x4a59b3(%rip) # 0x4a59db
28: fb sti
29: f4 hlt
* 2a: fa cli <-- trapping instruction
2b: c3 ret
2c: cc int3
2d: cc int3
2e: cc int3
2f: cc int3
30: 66 66 2e 0f 1f 84 00 data16 cs nopw 0x0(%rax,%rax,1)
37: 00 00 00 00
3b: 90 nop
3c: 90 nop
3d: 90 nop
3e: 90 nop
3f: 90 nop