======================================================
WARNING: possible circular locking dependency detected
syzkaller #0 Not tainted
------------------------------------------------------
kworker/0:6/6323 is trying to acquire lock:
ffff88816a790ff0 (&hsr->seqnr_lock){+.-.}-{3:3}, at: hsr_dev_xmit+0x237/0x360

but task is already holding lock:
ffff888112d2e158 (&qdisc_xmit_lock_key#10){+.-.}-{3:3}, at: sch_direct_xmit+0x15f/0x4c0

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&qdisc_xmit_lock_key#10){+.-.}-{3:3}:
       _raw_spin_lock+0x2e/0x40
       sch_direct_xmit+0x15f/0x4c0
       __dev_queue_xmit+0x180f/0x3950
       hsr_forward_skb+0x167e/0x2a80
       send_hsr_supervision_frame+0x731/0xcb0
       hsr_announce+0x1db/0x370
       call_timer_fn+0x192/0x5e0
       __run_timer_base+0x652/0x8b0
       run_timer_softirq+0xb7/0x170
       handle_softirqs+0x22a/0x840
       do_softirq+0x76/0xd0
       __local_bh_enable_ip+0xf8/0x130
       __fib6_clean_all+0x464/0x5a0
       fib6_flush_trees+0x147/0x1a0
       add_addr+0x151/0x2d0
       add_v4_addrs+0x571/0x7e0
       addrconf_notify+0xb1e/0x1050
       notifier_call_chain+0x1ad/0x3d0
       __dev_notify_flags+0x1a9/0x310
       netif_change_flags+0xe8/0x1a0
       do_setlink+0xfa5/0x45a0
       rtnl_newlink+0x14ca/0x1bb0
       rtnetlink_rcv_msg+0x7d5/0xbe0
       netlink_rcv_skb+0x232/0x4b0
       netlink_unicast+0x75c/0x8e0
       netlink_sendmsg+0x813/0xb40
       ____sys_sendmsg+0x972/0x9f0
       ___sys_sendmsg+0x2a5/0x360
       __x64_sys_sendmsg+0x1bd/0x2a0
       do_syscall_64+0x15f/0xf80
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #0 (&hsr->seqnr_lock){+.-.}-{3:3}:
       __lock_acquire+0x15a5/0x2cf0
       lock_acquire+0x106/0x350
       _raw_spin_lock_bh+0x36/0x50
       hsr_dev_xmit+0x237/0x360
       dev_hard_start_xmit+0x2cd/0x830
       __dev_queue_xmit+0x14d9/0x3950
       NF_HOOK+0x33a/0x3c0
       arp_xmit+0x16c/0x270
       arp_solicit+0xbe0/0xe40
       __neigh_event_send+0xf05/0x14d0
       neigh_resolve_output+0x198/0x750
       ip_finish_output2+0xca9/0x1070
       ip_output+0x29f/0x450
       iptunnel_xmit+0x621/0xd10
       ip_tunnel_xmit+0x193a/0x1f20
       gre_tap_xmit+0x5a7/0x7a0
       dev_hard_start_xmit+0x2cd/0x830
       sch_direct_xmit+0x251/0x4c0
       __dev_queue_xmit+0x180f/0x3950
       bond_start_xmit+0x6a2/0x1900
       dev_hard_start_xmit+0x2cd/0x830
       __dev_queue_xmit+0x14d9/0x3950
       ip6_output+0x340/0x550
       NF_HOOK+0x177/0x4f0
       mld_sendpack+0x8b4/0xe40
       mld_ifc_work+0x835/0xe70
       process_scheduled_works+0xb5d/0x1860
       worker_thread+0xa53/0xfc0
       kthread+0x388/0x470
       ret_from_fork+0x514/0xb70
       ret_from_fork_asm+0x1a/0x30

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&qdisc_xmit_lock_key#10);
                               lock(&hsr->seqnr_lock);
                               lock(&qdisc_xmit_lock_key#10);
  lock(&hsr->seqnr_lock);

 *** DEADLOCK ***

15 locks held by kworker/0:6/6323:
 #0: ffff8881765c7940 ((wq_completion)mld){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860
 #1: ffffc9000a157c40 ((work_completion)(&(&idev->mc_ifc_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860
 #2: ffff8881a7aff530 (&idev->mc_lock){+.+.}-{4:4}, at: mld_ifc_work+0x2d/0xe70
 #3: ffffffff8e95cd60 (rcu_read_lock){....}-{1:3}, at: mld_sendpack+0x213/0xe40
 #4: ffffffff8e95cd60 (rcu_read_lock){....}-{1:3}, at: ip6_output+0x126/0x550
 #5: ffffffff8e95cdc0 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x2b6/0x3950
 #6: ffffffff8e95cd60 (rcu_read_lock){....}-{1:3}, at: bond_start_xmit+0xb4/0x1900
 #7: ffffffff8e95cdc0 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x2b6/0x3950
 #8: ffff88810f804228 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#3){+...}-{3:3}, at: __dev_queue_xmit+0x11a6/0x3950
 #9: ffff888112d2e158 (&qdisc_xmit_lock_key#10){+.-.}-{3:3}, at: sch_direct_xmit+0x15f/0x4c0
 #10: ffffffff8e95cd60 (rcu_read_lock){....}-{1:3}, at: ip_output+0x5b/0x450
 #11: ffffffff8e95cd60 (rcu_read_lock){....}-{1:3}, at: ip_finish_output2+0x3c2/0x1070
 #12: ffffffff8e95cd60 (rcu_read_lock){....}-{1:3}, at: arp_xmit+0x23/0x270
 #13: ffffffff8e95cdc0 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x2b6/0x3950
 #14: ffffffff8e95cd60 (rcu_read_lock){....}-{1:3}, at: hsr_dev_xmit+0x2d/0x360

stack backtrace:
CPU: 0 UID: 0 PID: 6323 Comm: kworker/0:6 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Workqueue: mld mld_ifc_work
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150
 print_circular_bug+0x2e1/0x300
 check_noncircular+0x12e/0x150
 __lock_acquire+0x15a5/0x2cf0
 lock_acquire+0x106/0x350
 _raw_spin_lock_bh+0x36/0x50
 hsr_dev_xmit+0x237/0x360
 dev_hard_start_xmit+0x2cd/0x830
 __dev_queue_xmit+0x14d9/0x3950
 NF_HOOK+0x33a/0x3c0
 arp_xmit+0x16c/0x270
 arp_solicit+0xbe0/0xe40
 __neigh_event_send+0xf05/0x14d0
 neigh_resolve_output+0x198/0x750
 ip_finish_output2+0xca9/0x1070
 ip_output+0x29f/0x450
 iptunnel_xmit+0x621/0xd10
 ip_tunnel_xmit+0x193a/0x1f20
 gre_tap_xmit+0x5a7/0x7a0
 dev_hard_start_xmit+0x2cd/0x830
 sch_direct_xmit+0x251/0x4c0
 __dev_queue_xmit+0x180f/0x3950
 bond_start_xmit+0x6a2/0x1900
 dev_hard_start_xmit+0x2cd/0x830
 __dev_queue_xmit+0x14d9/0x3950
 ip6_output+0x340/0x550
 NF_HOOK+0x177/0x4f0
 mld_sendpack+0x8b4/0xe40
 mld_ifc_work+0x835/0xe70
 process_scheduled_works+0xb5d/0x1860
 worker_thread+0xa53/0xfc0
 kthread+0x388/0x470
 ret_from_fork+0x514/0xb70
 ret_from_fork_asm+0x1a/0x30
 </TASK>
