============================================
WARNING: possible recursive locking detected
syzkaller #0 Not tainted
--------------------------------------------
kworker/u8:14/7198 is trying to acquire lock:
ffff888078c24ff0 (&hsr->seqnr_lock){+.-.}-{3:3}, at: spin_lock_bh include/linux/spinlock.h:348 [inline]
ffff888078c24ff0 (&hsr->seqnr_lock){+.-.}-{3:3}, at: hsr_dev_xmit+0x237/0x360 net/hsr/hsr_device.c:235

but task is already holding lock:
ffff8880ad5c8ff0 (&hsr->seqnr_lock){+.-.}-{3:3}, at: spin_lock_bh include/linux/spinlock.h:348 [inline]
ffff8880ad5c8ff0 (&hsr->seqnr_lock){+.-.}-{3:3}, at: send_hsr_supervision_frame+0x380/0xcb0 net/hsr/hsr_device.c:330

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&hsr->seqnr_lock);
  lock(&hsr->seqnr_lock);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

11 locks held by kworker/u8:14/7198:
 #0: ffff8880759ea940 ((wq_completion)krds_cp_wq#11/0#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3277 [inline]
 #0: ffff8880759ea940 ((wq_completion)krds_cp_wq#11/0#2){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 kernel/workqueue.c:3385
 #1: ffffc90002f37c40 ((work_completion)(&(&cp->cp_conn_w)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3278 [inline]
 #1: ffffc90002f37c40 ((work_completion)(&(&cp->cp_conn_w)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 kernel/workqueue.c:3385
 #2: ffff88805baa6780 (&tc->t_conn_path_lock){+.+.}-{4:4}, at: rds_tcp_conn_path_connect+0x1cc/0x930 net/rds/tcp_connect.c:118
 #3: ffffffff8e95cd60 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #3: ffffffff8e95cd60 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #3: ffffffff8e95cd60 (rcu_read_lock){....}-{1:3}, at: __inet_dev_addr_type+0x154/0x500 net/ipv4/fib_frontend.c:221
 #4: ffffc90000a08cc0 ((&hsr->announce_timer)){+.-.}-{0:0}, at: call_timer_fn+0xd4/0x5e0 kernel/time/timer.c:1745
 #5: ffffffff8e95cd60 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #5: ffffffff8e95cd60 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #5: ffffffff8e95cd60 (rcu_read_lock){....}-{1:3}, at: hsr_announce+0x89/0x370 net/hsr/hsr_device.c:419
 #6: ffff8880ad5c8ff0 (&hsr->seqnr_lock){+.-.}-{3:3}, at: spin_lock_bh include/linux/spinlock.h:348 [inline]
 #6: ffff8880ad5c8ff0 (&hsr->seqnr_lock){+.-.}-{3:3}, at: send_hsr_supervision_frame+0x380/0xcb0 net/hsr/hsr_device.c:330
 #7: ffffffff8e95cd60 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #7: ffffffff8e95cd60 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #7: ffffffff8e95cd60 (rcu_read_lock){....}-{1:3}, at: hsr_forward_skb+0xbb/0x2a80 net/hsr/hsr_forward.c:738
 #8: ffffffff8e95cdc0 (rcu_read_lock_bh){....}-{1:3}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
 #8: ffffffff8e95cdc0 (rcu_read_lock_bh){....}-{1:3}, at: rcu_read_lock_bh include/linux/rcupdate.h:891 [inline]
 #8: ffffffff8e95cdc0 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x2b6/0x3950 net/core/dev.c:4791
 #9: ffffffff8e95cdc0 (rcu_read_lock_bh){....}-{1:3}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
 #9: ffffffff8e95cdc0 (rcu_read_lock_bh){....}-{1:3}, at: rcu_read_lock_bh include/linux/rcupdate.h:891 [inline]
 #9: ffffffff8e95cdc0 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x2b6/0x3950 net/core/dev.c:4791
 #10: ffffffff8e95cd60 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #10: ffffffff8e95cd60 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #10: ffffffff8e95cd60 (rcu_read_lock){....}-{1:3}, at: hsr_dev_xmit+0x2d/0x360 net/hsr/hsr_device.c:229

stack backtrace:
CPU: 1 UID: 0 PID: 7198 Comm: kworker/u8:14 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Workqueue: krds_cp_wq#11/0 rds_connect_worker
Call Trace:
 <IRQ>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 print_deadlock_bug+0x279/0x290 kernel/locking/lockdep.c:3041
 check_deadlock kernel/locking/lockdep.c:3093 [inline]
 validate_chain kernel/locking/lockdep.c:3895 [inline]
 __lock_acquire+0x253f/0x2cf0 kernel/locking/lockdep.c:5237
 lock_acquire+0x106/0x350 kernel/locking/lockdep.c:5868
 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:150 [inline]
 _raw_spin_lock_bh+0x36/0x50 kernel/locking/spinlock.c:182
 spin_lock_bh include/linux/spinlock.h:348 [inline]
 hsr_dev_xmit+0x237/0x360 net/hsr/hsr_device.c:235
 __netdev_start_xmit include/linux/netdevice.h:5367 [inline]
 netdev_start_xmit include/linux/netdevice.h:5376 [inline]
 xmit_one net/core/dev.c:3888 [inline]
 dev_hard_start_xmit+0x2cd/0x830 net/core/dev.c:3904
 __dev_queue_xmit+0x14d9/0x3950 net/core/dev.c:4870
 dev_queue_xmit_accel include/linux/netdevice.h:3423 [inline]
 macvlan_queue_xmit drivers/net/macvlan.c:571 [inline]
 macvlan_start_xmit+0x3ba/0x600 drivers/net/macvlan.c:595
 __netdev_start_xmit include/linux/netdevice.h:5367 [inline]
 netdev_start_xmit include/linux/netdevice.h:5376 [inline]
 xmit_one net/core/dev.c:3888 [inline]
 dev_hard_start_xmit+0x2cd/0x830 net/core/dev.c:3904
 __dev_queue_xmit+0x14d9/0x3950 net/core/dev.c:4870
 dev_queue_xmit include/linux/netdevice.h:3417 [inline]
 hsr_xmit net/hsr/hsr_forward.c:440 [inline]
 hsr_forward_do net/hsr/hsr_forward.c:581 [inline]
 hsr_forward_skb+0x167e/0x2a80 net/hsr/hsr_forward.c:743
 send_hsr_supervision_frame+0x731/0xcb0 net/hsr/hsr_device.c:364
 hsr_announce+0x1db/0x370 net/hsr/hsr_device.c:421
 call_timer_fn+0x192/0x5e0 kernel/time/timer.c:1748
 expire_timers kernel/time/timer.c:1799 [inline]
 __run_timers kernel/time/timer.c:2374 [inline]
 __run_timer_base+0x652/0x8b0 kernel/time/timer.c:2386
 run_timer_base kernel/time/timer.c:2395 [inline]
 run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2405
 handle_softirqs+0x22a/0x840 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0xca/0x220 kernel/softirq.c:735
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:752
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1061
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:lock_is_held_type+0x3f/0x150 kernel/locking/lockdep.c:5933
Code: 56 ea 87 04 00 0f 84 e4 00 00 00 65 8b 05 39 8e 90 07 85 c0 0f 85 d5 00 00 00 65 4c 8b 2d 81 48 90 07 41 83 bd 8c 0b 00 00 00 <0f> 85 bf 00 00 00 89 f5 49 89 fe 9c 41 5c fa 48 c7 c7 02 24 fc 8d
RSP: 0018:ffffc90002f374a8 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 00000000ffffffff RCX: ffff888053f79ec0
RDX: 0000000000000000 RSI: 00000000ffffffff RDI: ffffffff8fdcf980
RBP: dffffc0000000000 R08: ffffc90002f376cf R09: 0000000000000000
R10: ffffc90002f376a0 R11: fffff520005e6eda R12: 0000000000000000
R13: ffff888053f79ec0 R14: ffff88803591c730 R15: dffffc0000000000
 lock_is_held include/linux/lockdep.h:249 [inline]
 lockdep_rtnl_is_held+0x1b/0x40 net/core/rtnetlink.c:182
 fib_table_lookup+0x2c2/0x16e0 net/ipv4/fib_trie.c:1479
 __inet_dev_addr_type+0x2d1/0x500 net/ipv4/fib_frontend.c:226
 __inet_bind+0x135/0xa90 net/ipv4/af_inet.c:500
 kernel_bind+0x13e/0x1c0 net/socket.c:3660
 rds_tcp_conn_path_connect+0x53e/0x930 net/rds/tcp_connect.c:175
 rds_connect_worker+0x1d8/0x290 net/rds/threads.c:176
 process_one_work kernel/workqueue.c:3302 [inline]
 process_scheduled_works+0xb5d/0x1860 kernel/workqueue.c:3385
 worker_thread+0xa53/0xfc0 kernel/workqueue.c:3466
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
----------------
Code disassembly (best guess), 2 bytes skipped:
   0:	87 04 00             	xchg   %eax,(%rax,%rax,1)
   3:	0f 84 e4 00 00 00    	je     0xed
   9:	65 8b 05 39 8e 90 07 	mov    %gs:0x7908e39(%rip),%eax        # 0x7908e49
  10:	85 c0                	test   %eax,%eax
  12:	0f 85 d5 00 00 00    	jne    0xed
  18:	65 4c 8b 2d 81 48 90 	mov    %gs:0x7904881(%rip),%r13        # 0x79048a1
  1f:	07
  20:	41 83 bd 8c 0b 00 00 	cmpl   $0x0,0xb8c(%r13)
  27:	00
* 28:	0f 85 bf 00 00 00    	jne    0xed <-- trapping instruction
  2e:	89 f5                	mov    %esi,%ebp
  30:	49 89 fe             	mov    %rdi,%r14
  33:	9c                   	pushf
  34:	41 5c                	pop    %r12
  36:	fa                   	cli
  37:	48 c7 c7 02 24 fc 8d 	mov    $0xffffffff8dfc2402,%rdi