============================================
WARNING: possible recursive locking detected
6.16.0-rc4-syzkaller-00991-g6b9fd8857b9f #0 Not tainted
--------------------------------------------
kworker/1:7/5980 is trying to acquire lock:
ffff88805d40ef30 (&hsr->seqnr_lock){+.-.}-{3:3}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
ffff88805d40ef30 (&hsr->seqnr_lock){+.-.}-{3:3}, at: hsr_dev_xmit+0x19a/0x220 net/hsr/hsr_device.c:234

but task is already holding lock:
ffff88807b38ef30 (&hsr->seqnr_lock){+.-.}-{3:3}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
ffff88807b38ef30 (&hsr->seqnr_lock){+.-.}-{3:3}, at: hsr_dev_xmit+0x19a/0x220 net/hsr/hsr_device.c:234

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&hsr->seqnr_lock);
  lock(&hsr->seqnr_lock);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

11 locks held by kworker/1:7/5980:
 #0: ffff88801a481d48 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
 #0: ffff88801a481d48 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3321
 #1: ffffc9000b887bc0 ((work_completion)(&(&gc_work->dwork)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
 #1: ffffc9000b887bc0 ((work_completion)(&(&gc_work->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3321
 #2: ffffffff8e13ee20 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #2: ffffffff8e13ee20 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #2: ffffffff8e13ee20 (rcu_read_lock){....}-{1:3}, at: gc_worker+0x264/0x1380 net/netfilter/nf_conntrack_core.c:1535
 #3: ffffc90000a08be0 ((&ndev->rs_timer)){+.-.}-{0:0}, at: call_timer_fn+0xbe/0x5f0 kernel/time/timer.c:1744
 #4: ffffffff8e13ee20 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #4: ffffffff8e13ee20 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #4: ffffffff8e13ee20 (rcu_read_lock){....}-{1:3}, at: ndisc_send_skb+0x20c/0x1440 net/ipv6/ndisc.c:485
 #5: ffffffff8e13ee20 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #5: ffffffff8e13ee20 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #5: ffffffff8e13ee20 (rcu_read_lock){....}-{1:3}, at: ip6_finish_output2+0x701/0x16a0 net/ipv6/ip6_output.c:126
 #6: ffffffff8e13ee80 (rcu_read_lock_bh){....}-{1:3}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
 #6: ffffffff8e13ee80 (rcu_read_lock_bh){....}-{1:3}, at: rcu_read_lock_bh include/linux/rcupdate.h:892 [inline]
 #6: ffffffff8e13ee80 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x27e/0x3a70 net/core/dev.c:4636
 #7: ffff88807b38ef30 (&hsr->seqnr_lock){+.-.}-{3:3}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
 #7: ffff88807b38ef30 (&hsr->seqnr_lock){+.-.}-{3:3}, at: hsr_dev_xmit+0x19a/0x220 net/hsr/hsr_device.c:234
 #8: ffffffff8e13ee20 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #8: ffffffff8e13ee20 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #8: ffffffff8e13ee20 (rcu_read_lock){....}-{1:3}, at: hsr_forward_skb+0x9e/0x2860 net/hsr/hsr_forward.c:728
 #9: ffffffff8e13ee80 (rcu_read_lock_bh){....}-{1:3}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
 #9: ffffffff8e13ee80 (rcu_read_lock_bh){....}-{1:3}, at: rcu_read_lock_bh include/linux/rcupdate.h:892 [inline]
 #9: ffffffff8e13ee80 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x27e/0x3a70 net/core/dev.c:4636
 #10: ffffffff8e13ee80 (rcu_read_lock_bh){....}-{1:3}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
 #10: ffffffff8e13ee80 (rcu_read_lock_bh){....}-{1:3}, at: rcu_read_lock_bh include/linux/rcupdate.h:892 [inline]
 #10: ffffffff8e13ee80 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x27e/0x3a70 net/core/dev.c:4636

stack backtrace:
CPU: 1 UID: 0 PID: 5980 Comm: kworker/1:7 Not tainted 6.16.0-rc4-syzkaller-00991-g6b9fd8857b9f #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: events_power_efficient gc_worker
Call Trace:
 <IRQ>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 print_deadlock_bug+0x28b/0x2a0 kernel/locking/lockdep.c:3044
 check_deadlock kernel/locking/lockdep.c:3096 [inline]
 validate_chain+0x1a3f/0x2140 kernel/locking/lockdep.c:3898
 __lock_acquire+0xab9/0xd20 kernel/locking/lockdep.c:5240
 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5871
 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
 _raw_spin_lock_bh+0x36/0x50 kernel/locking/spinlock.c:178
 spin_lock_bh include/linux/spinlock.h:356 [inline]
 hsr_dev_xmit+0x19a/0x220 net/hsr/hsr_device.c:234
 __netdev_start_xmit include/linux/netdevice.h:5217 [inline]
 netdev_start_xmit include/linux/netdevice.h:5226 [inline]
 xmit_one net/core/dev.c:3828 [inline]
 dev_hard_start_xmit+0x2d4/0x830 net/core/dev.c:3844
 __dev_queue_xmit+0x1adf/0x3a70 net/core/dev.c:4711
 dev_queue_xmit_accel include/linux/netdevice.h:3364 [inline]
 macvlan_queue_xmit drivers/net/macvlan.c:557 [inline]
 macvlan_start_xmit+0x46d/0x6e0 drivers/net/macvlan.c:581
 __netdev_start_xmit include/linux/netdevice.h:5217 [inline]
 netdev_start_xmit include/linux/netdevice.h:5226 [inline]
 xmit_one net/core/dev.c:3828 [inline]
 dev_hard_start_xmit+0x2d4/0x830 net/core/dev.c:3844
 __dev_queue_xmit+0x1adf/0x3a70 net/core/dev.c:4711
 dev_queue_xmit include/linux/netdevice.h:3358 [inline]
 hsr_xmit net/hsr/hsr_forward.c:430 [inline]
 hsr_forward_do net/hsr/hsr_forward.c:571 [inline]
 hsr_forward_skb+0x158b/0x2860 net/hsr/hsr_forward.c:733
 hsr_dev_xmit+0x1a5/0x220 net/hsr/hsr_device.c:235
 __netdev_start_xmit include/linux/netdevice.h:5217 [inline]
 netdev_start_xmit include/linux/netdevice.h:5226 [inline]
 xmit_one net/core/dev.c:3828 [inline]
 dev_hard_start_xmit+0x2d4/0x830 net/core/dev.c:3844
 __dev_queue_xmit+0x1adf/0x3a70 net/core/dev.c:4711
 neigh_output include/net/neighbour.h:542 [inline]
 ip6_finish_output2+0x11fe/0x16a0 net/ipv6/ip6_output.c:141
 __ip6_finish_output net/ipv6/ip6_output.c:-1 [inline]
 ip6_finish_output+0x234/0x7d0 net/ipv6/ip6_output.c:226
 NF_HOOK include/linux/netfilter.h:317 [inline]
 ndisc_send_skb+0xb54/0x1440 net/ipv6/ndisc.c:515
 addrconf_rs_timer+0x369/0x670 net/ipv6/addrconf.c:4041
 call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1747
 expire_timers kernel/time/timer.c:1798 [inline]
 __run_timers kernel/time/timer.c:2372 [inline]
 __run_timer_base+0x61a/0x860 kernel/time/timer.c:2384
 run_timer_base kernel/time/timer.c:2393 [inline]
 run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403
 handle_softirqs+0x286/0x870 kernel/softirq.c:579
 __do_softirq kernel/softirq.c:613 [inline]
 invoke_softirq kernel/softirq.c:453 [inline]
 __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1050
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:seqcount_lockdep_reader_access+0x17e/0x1c0 include/linux/seqlock.h:75
Code: f8 4d 85 e4 75 16 e8 11 c0 20 f8 eb 15 e8 0a c0 20 f8 e8 f5 b8 d0 01 4d 85 e4 74 ea e8 fb bf 20 f8 fb 48 c7 04 24 0e 36 e0 45 <4b> c7 04 3e 00 00 00 00 66 43 c7 44 3e 09 00 00 43 c6 44 3e 0b 00
RSP: 0018:ffffc9000b887860 EFLAGS: 00000293
RAX: ffffffff899fa005 RBX: 0000000000000000 RCX: ffff88802d805a00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc9000b887910 R08: ffffffff8fa205f7 R09: 1ffffffff1f440be
R10: dffffc0000000000 R11: fffffbfff1f440bf R12: 0000000000000200
R13: ffff88806f05a218 R14: 1ffff92001710f0c R15: dffffc0000000000
 nf_conntrack_get_ht include/net/netfilter/nf_conntrack.h:333 [inline]
 gc_worker+0x308/0x1380 net/netfilter/nf_conntrack_core.c:1537
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402
 kthread+0x70e/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
----------------
Code disassembly (best guess):
   0:	f8                   	clc
   1:	4d 85 e4             	test   %r12,%r12
   4:	75 16                	jne    0x1c
   6:	e8 11 c0 20 f8       	call   0xf820c01c
   b:	eb 15                	jmp    0x22
   d:	e8 0a c0 20 f8       	call   0xf820c01c
  12:	e8 f5 b8 d0 01       	call   0x1d0b90c
  17:	4d 85 e4             	test   %r12,%r12
  1a:	74 ea                	je     0x6
  1c:	e8 fb bf 20 f8       	call   0xf820c01c
  21:	fb                   	sti
  22:	48 c7 04 24 0e 36 e0 	movq   $0x45e0360e,(%rsp)
  29:	45
* 2a:	4b c7 04 3e 00 00 00 	movq   $0x0,(%r14,%r15,1) <-- trapping instruction
  31:	00
  32:	66 43 c7 44 3e 09 00 	movw   $0x0,0x9(%r14,%r15,1)
  39:	00
  3a:	43 c6 44 3e 0b 00    	movb   $0x0,0xb(%r14,%r15,1)