============================================
WARNING: possible recursive locking detected
syzkaller #0 Not tainted
--------------------------------------------
kworker/0:1/10 is trying to acquire lock:
ffff88802741f158 (&qdisc_xmit_lock_key#3){+...}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff88802741f158 (&qdisc_xmit_lock_key#3){+...}-{3:3}, at: __netif_tx_lock include/linux/netdevice.h:4659 [inline]
ffff88802741f158 (&qdisc_xmit_lock_key#3){+...}-{3:3}, at: sch_direct_xmit+0x3ba/0xcf0 net/sched/sch_generic.c:342

but task is already holding lock:
ffff88803643d158 (&qdisc_xmit_lock_key#3){+...}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff88803643d158 (&qdisc_xmit_lock_key#3){+...}-{3:3}, at: __netif_tx_lock include/linux/netdevice.h:4659 [inline]
ffff88803643d158 (&qdisc_xmit_lock_key#3){+...}-{3:3}, at: __dev_queue_xmit+0x1d9d/0x4490 net/core/dev.c:4721

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&qdisc_xmit_lock_key#3);
  lock(&qdisc_xmit_lock_key#3);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

12 locks held by kworker/0:1/10:
 #0: ffff88810a6f8148 ((wq_completion)mld){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3211
 #1: ffffc900000d7d10 ((work_completion)(&(&idev->mc_ifc_work)->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3212
 #2: ffff88803b450538 (&idev->mc_lock){+.+.}-{4:4}, at: mld_ifc_work+0x42/0xbf0 net/ipv6/mcast.c:2697
 #3: ffffffff8e5c1220 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #3: ffffffff8e5c1220 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #3: ffffffff8e5c1220 (rcu_read_lock){....}-{1:3}, at: mld_sendpack+0x1b3/0x1270 net/ipv6/mcast.c:1832
 #4: ffffffff8e5c1220 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #4: ffffffff8e5c1220 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #4: ffffffff8e5c1220 (rcu_read_lock){....}-{1:3}, at: ip6_finish_output2+0x39d/0x2020 net/ipv6/ip6_output.c:126
 #5: ffffffff8e5c11c0 (rcu_read_lock_bh){....}-{1:3}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
 #5: ffffffff8e5c11c0 (rcu_read_lock_bh){....}-{1:3}, at: rcu_read_lock_bh include/linux/rcupdate.h:892 [inline]
 #5: ffffffff8e5c11c0 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x276/0x4490 net/core/dev.c:4650
 #6: ffff88803643d158 (&qdisc_xmit_lock_key#3){+...}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline]
 #6: ffff88803643d158 (&qdisc_xmit_lock_key#3){+...}-{3:3}, at: __netif_tx_lock include/linux/netdevice.h:4659 [inline]
 #6: ffff88803643d158 (&qdisc_xmit_lock_key#3){+...}-{3:3}, at: __dev_queue_xmit+0x1d9d/0x4490 net/core/dev.c:4721
 #7: ffffffff8e5c1220 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #7: ffffffff8e5c1220 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #7: ffffffff8e5c1220 (rcu_read_lock){....}-{1:3}, at: ip_output+0x60/0xa10 net/ipv4/ip_output.c:431
 #8: ffffffff8e5c1220 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #8: ffffffff8e5c1220 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #8: ffffffff8e5c1220 (rcu_read_lock){....}-{1:3}, at: ip_finish_output2+0x356/0x21a0 net/ipv4/ip_output.c:228
 #9: ffffffff8e5c1220 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #9: ffffffff8e5c1220 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #9: ffffffff8e5c1220 (rcu_read_lock){....}-{1:3}, at: arp_xmit+0x26/0x2e0 net/ipv4/arp.c:662
 #10: ffffffff8e5c11c0 (rcu_read_lock_bh){....}-{1:3}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
 #10: ffffffff8e5c11c0 (rcu_read_lock_bh){....}-{1:3}, at: rcu_read_lock_bh include/linux/rcupdate.h:892 [inline]
 #10: ffffffff8e5c11c0 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x276/0x4490 net/core/dev.c:4650
 #11: ffff8880372cb258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#3){+...}-{3:3}, at: spin_trylock include/linux/spinlock.h:361 [inline]
 #11: ffff8880372cb258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#3){+...}-{3:3}, at: qdisc_run_begin include/net/sch_generic.h:197 [inline]
 #11: ffff8880372cb258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#3){+...}-{3:3}, at: qdisc_run_begin include/net/sch_generic.h:194 [inline]
 #11: ffff8880372cb258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#3){+...}-{3:3}, at: __dev_xmit_skb net/core/dev.c:4101 [inline]
 #11: ffff8880372cb258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#3){+...}-{3:3}, at: __dev_queue_xmit+0x122b/0x4490 net/core/dev.c:4691

stack backtrace:
CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: mld mld_ifc_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_deadlock_bug+0x1e9/0x240 kernel/locking/lockdep.c:3041
 check_deadlock kernel/locking/lockdep.c:3093 [inline]
 validate_chain kernel/locking/lockdep.c:3895 [inline]
 __lock_acquire+0x1133/0x1ce0 kernel/locking/lockdep.c:5237
 lock_acquire kernel/locking/lockdep.c:5868 [inline]
 lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
 _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
 spin_lock include/linux/spinlock.h:351 [inline]
 __netif_tx_lock include/linux/netdevice.h:4659 [inline]
 sch_direct_xmit+0x3ba/0xcf0 net/sched/sch_generic.c:342
 __dev_xmit_skb net/core/dev.c:4114 [inline]
 __dev_queue_xmit+0x144d/0x4490 net/core/dev.c:4691
 dev_queue_xmit include/linux/netdevice.h:3361 [inline]
 arp_xmit_finish net/ipv4/arp.c:654 [inline]
 NF_HOOK include/linux/netfilter.h:318 [inline]
 NF_HOOK include/linux/netfilter.h:312 [inline]
 arp_xmit+0x106/0x2e0 net/ipv4/arp.c:664
 arp_send_dst net/ipv4/arp.c:320 [inline]
 arp_send_dst+0x1a6/0x200 net/ipv4/arp.c:301
 arp_solicit+0x657/0x10a0 net/ipv4/arp.c:392
 neigh_probe+0xcb/0x110 net/core/neighbour.c:1098
 __neigh_event_send+0xac5/0x13c0 net/core/neighbour.c:1271
 neigh_event_send_probe include/net/neighbour.h:471 [inline]
 neigh_event_send include/net/neighbour.h:477 [inline]
 neigh_event_send include/net/neighbour.h:475 [inline]
 neigh_resolve_output+0x56b/0x940 net/core/neighbour.c:1579
 neigh_output include/net/neighbour.h:547 [inline]
 ip_finish_output2+0x7f5/0x21a0 net/ipv4/ip_output.c:235
 __ip_finish_output.part.0+0x1b4/0x350 net/ipv4/ip_output.c:313
 __ip_finish_output net/ipv4/ip_output.c:301 [inline]
 ip_finish_output net/ipv4/ip_output.c:323 [inline]
 NF_HOOK_COND include/linux/netfilter.h:307 [inline]
 ip_output+0x35e/0xa10 net/ipv4/ip_output.c:436
 dst_output include/net/dst.h:461 [inline]
 ip_local_out+0x38d/0x4d0 net/ipv4/ip_output.c:129
 iptunnel_xmit+0x625/0xa50 net/ipv4/ip_tunnel_core.c:84
 ip_tunnel_xmit+0x1fd2/0x37b0 net/ipv4/ip_tunnel.c:859
 __gre_xmit+0x8bb/0xc00 net/ipv4/ip_gre.c:488
 ipgre_xmit+0x523/0xb10 net/ipv4/ip_gre.c:692
 __netdev_start_xmit include/linux/netdevice.h:5222 [inline]
 netdev_start_xmit include/linux/netdevice.h:5231 [inline]
 xmit_one net/core/dev.c:3839 [inline]
 dev_hard_start_xmit+0x97/0x740 net/core/dev.c:3855
 __dev_queue_xmit+0xa46/0x4490 net/core/dev.c:4725
 neigh_output include/net/neighbour.h:547 [inline]
 ip6_finish_output2+0xaeb/0x2020 net/ipv6/ip6_output.c:141
 __ip6_finish_output+0x3cd/0x1010 net/ipv6/ip6_output.c:215
 ip6_finish_output net/ipv6/ip6_output.c:226 [inline]
 NF_HOOK_COND include/linux/netfilter.h:307 [inline]
 ip6_output+0x1ca/0x3e0 net/ipv6/ip6_output.c:248
 dst_output include/net/dst.h:461 [inline]
 NF_HOOK include/linux/netfilter.h:318 [inline]
 NF_HOOK include/linux/netfilter.h:312 [inline]
 mld_sendpack+0x9ea/0x1270 net/ipv6/mcast.c:1860
 mld_send_cr net/ipv6/mcast.c:2159 [inline]
 mld_ifc_work+0x740/0xbf0 net/ipv6/mcast.c:2698
 process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3236
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
 kthread+0x3c5/0x780 kernel/kthread.c:463
 ret_from_fork+0x5d7/0x6f0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>