============================================
WARNING: possible recursive locking detected
syzkaller #0 Not tainted
--------------------------------------------
swapper/1/0 is trying to acquire lock:
ffff0000f03e0d88 (&hsr->seqnr_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
ffff0000f03e0d88 (&hsr->seqnr_lock){+.-.}-{2:2}, at: hsr_dev_xmit+0x188/0x3ac net/hsr/hsr_device.c:237
but task is already holding lock:
ffff0000c39b6d88 (&hsr->seqnr_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
ffff0000c39b6d88 (&hsr->seqnr_lock){+.-.}-{2:2}, at: send_hsr_supervision_frame+0x238/0x8d8 net/hsr/hsr_device.c:323
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&hsr->seqnr_lock);
lock(&hsr->seqnr_lock);
*** DEADLOCK ***
May be due to missing lock nesting notation
8 locks held by swapper/1/0:
#0: ffff800008017c40 ((&hsr->announce_timer)){+.-.}-{0:0}, at: lockdep_copy_map include/linux/lockdep.h:41 [inline]
#0: ffff800008017c40 ((&hsr->announce_timer)){+.-.}-{0:0}, at: call_timer_fn+0xd0/0x964 kernel/time/timer.c:1691
#1: ffff800015227400 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:349
#2: ffff0000c39b6d88 (&hsr->seqnr_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
#2: ffff0000c39b6d88 (&hsr->seqnr_lock){+.-.}-{2:2}, at: send_hsr_supervision_frame+0x238/0x8d8 net/hsr/hsr_device.c:323
#3: ffff800015227400 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:349
#4: ffff800015227460 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:349
#5: ffff800015227400 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:349
#6: ffff800015227460 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:349
#7: ffff800015227400 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:349
stack backtrace:
CPU: 1 PID: 0 Comm: swapper/1 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack+0x30/0x40 lib/dump_stack.c:88
dump_stack_lvl+0xf8/0x160 lib/dump_stack.c:106
dump_stack+0x1c/0x5c lib/dump_stack.c:113
__lock_acquire+0x18b4/0x6544 kernel/locking/lockdep.c:-1
lock_acquire+0x20c/0x644 kernel/locking/lockdep.c:5662
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x54/0x6c kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:356 [inline]
hsr_dev_xmit+0x188/0x3ac net/hsr/hsr_device.c:237
__netdev_start_xmit include/linux/netdevice.h:4896 [inline]
netdev_start_xmit include/linux/netdevice.h:4910 [inline]
xmit_one net/core/dev.c:3670 [inline]
dev_hard_start_xmit+0x244/0x8e0 net/core/dev.c:3686
__dev_queue_xmit+0x155c/0x309c net/core/dev.c:4346
dev_queue_xmit include/linux/netdevice.h:3051 [inline]
br_dev_queue_push_xmit+0x558/0x704 net/bridge/br_forward.c:53
NF_HOOK+0x2c0/0x354 include/linux/netfilter.h:302
br_forward_finish+0xd0/0x118 net/bridge/br_forward.c:66
NF_HOOK+0x2c0/0x354 include/linux/netfilter.h:302
__br_forward+0x2dc/0x444 net/bridge/br_forward.c:115
deliver_clone net/bridge/br_forward.c:131 [inline]
maybe_deliver+0xc8/0x178 net/bridge/br_forward.c:190
br_flood+0x28c/0x3f8 net/bridge/br_forward.c:232
br_dev_xmit+0xcc8/0x12bc net/bridge/br_device.c:-1
__netdev_start_xmit include/linux/netdevice.h:4896 [inline]
netdev_start_xmit include/linux/netdevice.h:4910 [inline]
xmit_one net/core/dev.c:3670 [inline]
dev_hard_start_xmit+0x244/0x8e0 net/core/dev.c:3686
__dev_queue_xmit+0x155c/0x309c net/core/dev.c:4346
dev_queue_xmit include/linux/netdevice.h:3051 [inline]
hsr_xmit net/hsr/hsr_forward.c:380 [inline]
hsr_forward_do net/hsr/hsr_forward.c:471 [inline]
hsr_forward_skb+0xef8/0x1aac net/hsr/hsr_forward.c:624
send_hsr_supervision_frame+0x440/0x8d8 net/hsr/hsr_device.c:346
hsr_announce+0x160/0x2e4 net/hsr/hsr_device.c:402
call_timer_fn+0x1b8/0x964 kernel/time/timer.c:1701
expire_timers kernel/time/timer.c:1752 [inline]
__run_timers+0x468/0x6d8 kernel/time/timer.c:2023
run_timer_softirq+0x7c/0x114 kernel/time/timer.c:2036
handle_softirqs+0x318/0xc6c kernel/softirq.c:596
__do_softirq+0x14/0x20 kernel/softirq.c:630
____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:80
call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:897
do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:85
invoke_softirq kernel/softirq.c:477 [inline]
__irq_exit_rcu+0x23c/0x43c kernel/softirq.c:679
irq_exit_rcu+0x14/0x84 kernel/softirq.c:691
__el1_irq arch/arm64/kernel/entry-common.c:472 [inline]
el1_interrupt+0x38/0x54 arch/arm64/kernel/entry-common.c:486
el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:491
el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:581
arch_local_irq_enable+0xc/0x18 arch/arm64/include/asm/irqflags.h:35
default_idle_call+0x68/0xdc kernel/sched/idle.c:109
cpuidle_idle_call kernel/sched/idle.c:191 [inline]
do_idle+0x1d8/0x4bc kernel/sched/idle.c:303
cpu_startup_entry+0x5c/0x74 kernel/sched/idle.c:401
secondary_start_kernel+0x198/0x1c0 arch/arm64/kernel/smp.c:265
__secondary_switched+0xb0/0xb4 arch/arm64/kernel/head.S:618