============================================
WARNING: possible recursive locking detected
syzkaller #0 Not tainted
--------------------------------------------
kworker/u32:8/1163 is trying to acquire lock:
ffff88802416f218 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#3){+.-.}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff88802416f218 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#3){+.-.}-{3:3}, at: __dev_xmit_skb net/core/dev.c:4186 [inline]
ffff88802416f218 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#3){+.-.}-{3:3}, at: __dev_queue_xmit+0x33ff/0x4490 net/core/dev.c:4729

but task is already holding lock:
ffff8880277ca258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#3){+.-.}-{3:3}, at: spin_trylock include/linux/spinlock.h:361 [inline]
ffff8880277ca258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#3){+.-.}-{3:3}, at: qdisc_run_begin include/net/sch_generic.h:197 [inline]
ffff8880277ca258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#3){+.-.}-{3:3}, at: qdisc_run_begin include/net/sch_generic.h:194 [inline]
ffff8880277ca258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#3){+.-.}-{3:3}, at: __dev_xmit_skb net/core/dev.c:4139 [inline]
ffff8880277ca258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#3){+.-.}-{3:3}, at: __dev_queue_xmit+0x122b/0x4490 net/core/dev.c:4729

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#3);
  lock(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#3);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

8 locks held by kworker/u32:8/1163:
 #0: ffff88804ad78148 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3238
 #1: ffffc900069e7d00 ((work_completion)(&(&forw_packet_aggr->delayed_work)->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3239
 #2: ffffffff8e3c4540 (rcu_read_lock_bh){....}-{1:3}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
 #2: ffffffff8e3c4540 (rcu_read_lock_bh){....}-{1:3}, at: rcu_read_lock_bh include/linux/rcupdate.h:918 [inline]
 #2: ffffffff8e3c4540 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x276/0x4490 net/core/dev.c:4688
 #3: ffff8880277ca258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#3){+.-.}-{3:3}, at: spin_trylock include/linux/spinlock.h:361 [inline]
 #3: ffff8880277ca258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#3){+.-.}-{3:3}, at: qdisc_run_begin include/net/sch_generic.h:197 [inline]
 #3: ffff8880277ca258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#3){+.-.}-{3:3}, at: qdisc_run_begin include/net/sch_generic.h:194 [inline]
 #3: ffff8880277ca258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#3){+.-.}-{3:3}, at: __dev_xmit_skb net/core/dev.c:4139 [inline]
 #3: ffff8880277ca258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#3){+.-.}-{3:3}, at: __dev_queue_xmit+0x122b/0x4490 net/core/dev.c:4729
 #4: ffffffff8e3c45a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #4: ffffffff8e3c45a0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
 #4: ffffffff8e3c45a0 (rcu_read_lock){....}-{1:3}, at: ip_output+0x60/0xa90 net/ipv4/ip_output.c:433
 #5: ffffffff8e3c45a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #5: ffffffff8e3c45a0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
 #5: ffffffff8e3c45a0 (rcu_read_lock){....}-{1:3}, at: ip_finish_output2+0x356/0x21a0 net/ipv4/ip_output.c:230
 #6: ffffffff8e3c45a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #6: ffffffff8e3c45a0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
 #6: ffffffff8e3c45a0 (rcu_read_lock){....}-{1:3}, at: arp_xmit+0x26/0x2e0 net/ipv4/arp.c:662
 #7: ffffffff8e3c4540 (rcu_read_lock_bh){....}-{1:3}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
 #7: ffffffff8e3c4540 (rcu_read_lock_bh){....}-{1:3}, at: rcu_read_lock_bh include/linux/rcupdate.h:918 [inline]
 #7: ffffffff8e3c4540 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x276/0x4490 net/core/dev.c:4688

stack backtrace:
CPU: 3 UID: 0 PID: 1163 Comm: kworker/u32:8 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_deadlock_bug+0x1e9/0x240 kernel/locking/lockdep.c:3041
 check_deadlock kernel/locking/lockdep.c:3093 [inline]
 validate_chain kernel/locking/lockdep.c:3895 [inline]
 __lock_acquire+0x1106/0x1c90 kernel/locking/lockdep.c:5237
 lock_acquire kernel/locking/lockdep.c:5868 [inline]
 lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
 _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
 spin_lock include/linux/spinlock.h:351 [inline]
 __dev_xmit_skb net/core/dev.c:4186 [inline]
 __dev_queue_xmit+0x33ff/0x4490 net/core/dev.c:4729
 dev_queue_xmit include/linux/netdevice.h:3365 [inline]
 arp_xmit_finish net/ipv4/arp.c:654 [inline]
 NF_HOOK include/linux/netfilter.h:318 [inline]
 NF_HOOK include/linux/netfilter.h:312 [inline]
 arp_xmit+0x106/0x2e0 net/ipv4/arp.c:664
 arp_send_dst net/ipv4/arp.c:320 [inline]
 arp_send_dst+0x1f9/0x270 net/ipv4/arp.c:301
 arp_solicit+0x657/0x10a0 net/ipv4/arp.c:392
 neigh_probe+0xce/0x110 net/core/neighbour.c:1098
 __neigh_event_send+0xac5/0x13c0 net/core/neighbour.c:1271
 neigh_event_send_probe include/net/neighbour.h:471 [inline]
 neigh_event_send include/net/neighbour.h:477 [inline]
 neigh_event_send include/net/neighbour.h:475 [inline]
 neigh_resolve_output+0x56b/0x940 net/core/neighbour.c:1579
 neigh_output include/net/neighbour.h:547 [inline]
 ip_finish_output2+0x7f8/0x21a0 net/ipv4/ip_output.c:237
 __ip_finish_output.part.0+0x1b4/0x350 net/ipv4/ip_output.c:315
 __ip_finish_output net/ipv4/ip_output.c:303 [inline]
 ip_finish_output net/ipv4/ip_output.c:325 [inline]
 NF_HOOK_COND include/linux/netfilter.h:307 [inline]
 ip_output+0x35f/0xa90 net/ipv4/ip_output.c:438
 dst_output include/net/dst.h:464 [inline]
 ip_local_out+0x38d/0x4d0 net/ipv4/ip_output.c:131
 iptunnel_xmit+0x67a/0xad0 net/ipv4/ip_tunnel_core.c:84
 ip_tunnel_xmit+0x1fd2/0x3850 net/ipv4/ip_tunnel.c:845
 __gre_xmit+0x8bb/0xc00 net/ipv4/ip_gre.c:488
 gre_tap_xmit+0x3b3/0x630 net/ipv4/ip_gre.c:776
 __netdev_start_xmit include/linux/netdevice.h:5248 [inline]
 netdev_start_xmit include/linux/netdevice.h:5257 [inline]
 xmit_one net/core/dev.c:3845 [inline]
 dev_hard_start_xmit+0x97/0x740 net/core/dev.c:3861
 sch_direct_xmit+0x1b2/0xcf0 net/sched/sch_generic.c:344
 __dev_xmit_skb net/core/dev.c:4152 [inline]
 __dev_queue_xmit+0x144d/0x4490 net/core/dev.c:4729
 dev_queue_xmit include/linux/netdevice.h:3365 [inline]
 batadv_send_skb_packet+0x548/0x6f0 net/batman-adv/send.c:100
 batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:391 [inline]
 batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:419 [inline]
 batadv_iv_send_outstanding_bat_ogm_packet+0x734/0x920 net/batman-adv/bat_iv_ogm.c:1697
 process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3263
 process_scheduled_works kernel/workqueue.c:3346 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3427
 kthread+0x3c5/0x780 kernel/kthread.c:463
 ret_from_fork+0x675/0x7d0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>