============================================
WARNING: possible recursive locking detected
syzkaller #0 Not tainted
--------------------------------------------
swapper/1/0 is trying to acquire lock:
ffff888074f0cd88 (&hsr->seqnr_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
ffff888074f0cd88 (&hsr->seqnr_lock){+.-.}-{2:2}, at: hsr_dev_xmit+0x1d8/0x340 net/hsr/hsr_device.c:237

but task is already holding lock:
ffff8880743acd88 (&hsr->seqnr_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
ffff8880743acd88 (&hsr->seqnr_lock){+.-.}-{2:2}, at: send_hsr_supervision_frame+0x30d/0xb80 net/hsr/hsr_device.c:323

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&hsr->seqnr_lock);
  lock(&hsr->seqnr_lock);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

8 locks held by swapper/1/0:
 #0: ffffc900001e0bc0 ((&hsr->announce_timer)){+.-.}-{0:0}, at: call_timer_fn+0xcf/0x670 kernel/time/timer.c:1698
 #1: ffffffff8cb2d620 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
 #1: ffffffff8cb2d620 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline]
 #1: ffffffff8cb2d620 (rcu_read_lock){....}-{1:2}, at: hsr_announce+0x80/0x340 net/hsr/hsr_device.c:400
 #2: ffff8880743acd88 (&hsr->seqnr_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
 #2: ffff8880743acd88 (&hsr->seqnr_lock){+.-.}-{2:2}, at: send_hsr_supervision_frame+0x30d/0xb80 net/hsr/hsr_device.c:323
 #3: ffffffff8cb2d620 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
 #3: ffffffff8cb2d620 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline]
 #3: ffffffff8cb2d620 (rcu_read_lock){....}-{1:2}, at: hsr_forward_skb+0xad/0x20f0 net/hsr/hsr_forward.c:621
 #4: ffffffff8cb2d680 (rcu_read_lock_bh){....}-{1:2}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
 #4: ffffffff8cb2d680 (rcu_read_lock_bh){....}-{1:2}, at: rcu_read_lock_bh include/linux/rcupdate.h:843 [inline]
 #4: ffffffff8cb2d680 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x26b/0x37c0 net/core/dev.c:4282
 #5: ffffffff8cb2d620 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
 #5: ffffffff8cb2d620 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline]
 #5: ffffffff8cb2d620 (rcu_read_lock){....}-{1:2}, at: br_dev_xmit+0x188/0x16d0 net/bridge/br_device.c:49
 #6: ffffffff8cb2d680 (rcu_read_lock_bh){....}-{1:2}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
 #6: ffffffff8cb2d680 (rcu_read_lock_bh){....}-{1:2}, at: rcu_read_lock_bh include/linux/rcupdate.h:843 [inline]
 #6: ffffffff8cb2d680 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x26b/0x37c0 net/core/dev.c:4282
 #7: ffffffff8cb2d620 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
 #7: ffffffff8cb2d620 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline]
 #7: ffffffff8cb2d620 (rcu_read_lock){....}-{1:2}, at: hsr_dev_xmit+0x29/0x340 net/hsr/hsr_device.c:231

stack backtrace:
CPU: 1 PID: 0 Comm: swapper/1 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Call Trace:
 <IRQ>
 dump_stack_lvl+0x188/0x24e lib/dump_stack.c:106
 __lock_acquire+0x123e/0x7d10 kernel/locking/lockdep.c:-1
 lock_acquire+0x1bb/0x4a0 kernel/locking/lockdep.c:5662
 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
 _raw_spin_lock_bh+0x32/0x50 kernel/locking/spinlock.c:178
 spin_lock_bh include/linux/spinlock.h:356 [inline]
 hsr_dev_xmit+0x1d8/0x340 net/hsr/hsr_device.c:237
 __netdev_start_xmit include/linux/netdevice.h:4896 [inline]
 netdev_start_xmit include/linux/netdevice.h:4910 [inline]
 xmit_one net/core/dev.c:3683 [inline]
 dev_hard_start_xmit+0x262/0x870 net/core/dev.c:3699
 __dev_queue_xmit+0x1aa3/0x37c0 net/core/dev.c:4363
 dev_queue_xmit include/linux/netdevice.h:3051 [inline]
 br_dev_queue_push_xmit+0x6af/0x870 net/bridge/br_forward.c:53
 NF_HOOK+0x34d/0x3e0 include/linux/netfilter.h:302
 br_forward_finish+0xcf/0x120 net/bridge/br_forward.c:66
 NF_HOOK+0x34d/0x3e0 include/linux/netfilter.h:302
 __br_forward+0x433/0x610 net/bridge/br_forward.c:115
 deliver_clone net/bridge/br_forward.c:131 [inline]
 maybe_deliver+0xb5/0x150 net/bridge/br_forward.c:190
 br_flood+0x2fc/0x450 net/bridge/br_forward.c:232
 br_dev_xmit+0x118d/0x16d0 net/bridge/br_device.c:-1
 __netdev_start_xmit include/linux/netdevice.h:4896 [inline]
 netdev_start_xmit include/linux/netdevice.h:4910 [inline]
 xmit_one net/core/dev.c:3683 [inline]
 dev_hard_start_xmit+0x262/0x870 net/core/dev.c:3699
 __dev_queue_xmit+0x1aa3/0x37c0 net/core/dev.c:4363
 dev_queue_xmit include/linux/netdevice.h:3051 [inline]
 hsr_xmit net/hsr/hsr_forward.c:382 [inline]
 hsr_forward_do net/hsr/hsr_forward.c:473 [inline]
 hsr_forward_skb+0x1312/0x20f0 net/hsr/hsr_forward.c:626
 send_hsr_supervision_frame+0x5f7/0xb80 net/hsr/hsr_device.c:346
 hsr_announce+0x194/0x340 net/hsr/hsr_device.c:402
 call_timer_fn+0x1ac/0x670 kernel/time/timer.c:1701
 expire_timers kernel/time/timer.c:1752 [inline]
 __run_timers+0x53e/0x800 kernel/time/timer.c:2023
 run_timer_softirq+0x63/0xf0 kernel/time/timer.c:2036
 handle_softirqs+0x2a1/0x930 kernel/softirq.c:596
 __do_softirq kernel/softirq.c:630 [inline]
 invoke_softirq kernel/softirq.c:470 [inline]
 __irq_exit_rcu+0x13b/0x230 kernel/softirq.c:679
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:691
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1118 [inline]
 sysvec_apic_timer_interrupt+0xa0/0xc0 arch/x86/kernel/apic/apic.c:1118
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:691
RIP: 0010:default_idle+0xb/0x10 arch/x86/kernel/process.c:742
Code: 48 89 df e8 e7 5f 9c f7 e9 44 ff ff ff e8 3d 07 f6 ff 00 00 cc cc 00 00 cc cc 00 00 cc cc 00 66 90 0f 00 2d 77 ac 4f 00 fb f4 <c3> 0f 1f 40 00 41 57 41 56 53 49 be 00 00 00 00 00 fc ff df 65 48
RSP: 0018:ffffc90000177de8 EFLAGS: 000002c6
RAX: bd7a8324267f1d00 RBX: ffffffff8a3702b7 RCX: bd7a8324267f1d00
RDX: 0000000000000001 RSI: ffffffff8a8c1220 RDI: ffffffff8adf0f60
RBP: ffffc90000177f20 R08: ffff8880b8f3580b R09: 1ffff110171e6b01
R10: dffffc0000000000 R11: ffffed10171e6b02 R12: 1ffff9200002efc8
R13: dffffc0000000000 R14: ffff888017689dc0 R15: 0000000000000001
 default_idle_call+0x84/0xc0 kernel/sched/idle.c:109
 cpuidle_idle_call kernel/sched/idle.c:191 [inline]
 do_idle+0x20d/0x5a0 kernel/sched/idle.c:303
 cpu_startup_entry+0x3f/0x60 kernel/sched/idle.c:401
 start_secondary+0xe4/0xf0 arch/x86/kernel/smpboot.c:281
 secondary_startup_64_no_verify+0xcf/0xdb
 </TASK>
----------------
Code disassembly (best guess):
   0:	48 89 df             	mov    %rbx,%rdi
   3:	e8 e7 5f 9c f7       	call   0xf79c5fef
   8:	e9 44 ff ff ff       	jmp    0xffffff51
   d:	e8 3d 07 f6 ff       	call   0xfff6074f
  12:	00 00                	add    %al,(%rax)
  14:	cc                   	int3
  15:	cc                   	int3
  16:	00 00                	add    %al,(%rax)
  18:	cc                   	int3
  19:	cc                   	int3
  1a:	00 00                	add    %al,(%rax)
  1c:	cc                   	int3
  1d:	cc                   	int3
  1e:	00 66 90             	add    %ah,-0x70(%rsi)
  21:	0f 00 2d 77 ac 4f 00 	verw   0x4fac77(%rip)        # 0x4fac9f
  28:	fb                   	sti
  29:	f4                   	hlt
* 2a:	c3                   	ret <-- trapping instruction
  2b:	0f 1f 40 00          	nopl   0x0(%rax)
  2f:	41 57                	push   %r15
  31:	41 56                	push   %r14
  33:	53                   	push   %rbx
  34:	49 be 00 00 00 00 00 	movabs $0xdffffc0000000000,%r14
  3b:	fc ff df
  3e:	65                   	gs
  3f:	48                   	rex.W