============================================
WARNING: possible recursive locking detected
5.15.179-syzkaller #0 Not tainted
--------------------------------------------
kworker/0:3/4169 is trying to acquire lock:
ffff88807987e218 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:363 [inline]
ffff88807987e218 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}-{2:2}, at: __dev_xmit_skb net/core/dev.c:3908 [inline]
ffff88807987e218 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}-{2:2}, at: __dev_queue_xmit+0x2158/0x32b0 net/core/dev.c:4252

but task is already holding lock:
ffff888079e77258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}-{2:2}, at: spin_trylock include/linux/spinlock.h:373 [inline]
ffff888079e77258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}-{2:2}, at: qdisc_run_begin include/net/sch_generic.h:173 [inline]
ffff888079e77258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}-{2:2}, at: __dev_xmit_skb net/core/dev.c:3870 [inline]
ffff888079e77258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}-{2:2}, at: __dev_queue_xmit+0x1178/0x32b0 net/core/dev.c:4252

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock);
  lock(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

9 locks held by kworker/0:3/4169:
 #0: ffff888017472138 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 kernel/workqueue.c:2283
 #1: ffffc90002ebfd20 ((work_completion)(&(&ssp->work)->work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 kernel/workqueue.c:2285
 #2: ffffc90000007be0 ((&ndev->rs_timer)){+.-.}-{0:0}, at: lockdep_copy_map include/linux/lockdep.h:45 [inline]
 #2: ffffc90000007be0 ((&ndev->rs_timer)){+.-.}-{0:0}, at: call_timer_fn+0xbe/0x560 kernel/time/timer.c:1441
 #3: ffffffff8cb1f4e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:311
 #4: ffffffff8cb1f540 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x9/0x30 include/linux/rcupdate.h:312
 #5: ffffffff8cb1f540 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x9/0x30 include/linux/rcupdate.h:312
 #6: ffff888079e77258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}-{2:2}, at: spin_trylock include/linux/spinlock.h:373 [inline]
 #6: ffff888079e77258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}-{2:2}, at: qdisc_run_begin include/net/sch_generic.h:173 [inline]
 #6: ffff888079e77258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}-{2:2}, at: __dev_xmit_skb net/core/dev.c:3870 [inline]
 #6: ffff888079e77258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}-{2:2}, at: __dev_queue_xmit+0x1178/0x32b0 net/core/dev.c:4252
 #7: ffffffff8cb1f540 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x9/0x30 include/linux/rcupdate.h:312
 #8: ffffffff8cb1f540 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x9/0x30 include/linux/rcupdate.h:312

stack backtrace:
CPU: 0 PID: 4169 Comm: kworker/0:3 Not tainted 5.15.179-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: rcu_gp process_srcu
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2d0 lib/dump_stack.c:106
 print_deadlock_bug kernel/locking/lockdep.c:2946 [inline]
 check_deadlock kernel/locking/lockdep.c:2989 [inline]
 validate_chain+0x46d2/0x5930 kernel/locking/lockdep.c:3775
 __lock_acquire+0x1295/0x1ff0 kernel/locking/lockdep.c:5012
 lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
 _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154
 spin_lock include/linux/spinlock.h:363 [inline]
 __dev_xmit_skb net/core/dev.c:3908 [inline]
 __dev_queue_xmit+0x2158/0x32b0 net/core/dev.c:4252
 neigh_hh_output include/net/neighbour.h:493 [inline]
 neigh_output include/net/neighbour.h:507 [inline]
 ip_finish_output2+0xcd7/0x11a0 net/ipv4/ip_output.c:228
 iptunnel_xmit+0x51a/0x950 net/ipv4/ip_tunnel_core.c:82
 ip_tunnel_xmit+0x19c9/0x24f0 net/ipv4/ip_tunnel.c:838
 __gre_xmit net/ipv4/ip_gre.c:474 [inline]
 gre_tap_xmit+0x4f8/0x6e0 net/ipv4/ip_gre.c:751
 __netdev_start_xmit include/linux/netdevice.h:5027 [inline]
 netdev_start_xmit include/linux/netdevice.h:5041 [inline]
 xmit_one net/core/dev.c:3648 [inline]
 dev_hard_start_xmit+0x298/0x7a0 net/core/dev.c:3664
 sch_direct_xmit+0x2b2/0x5e0 net/sched/sch_generic.c:342
 __dev_xmit_skb net/core/dev.c:3883 [inline]
 __dev_queue_xmit+0x1861/0x32b0 net/core/dev.c:4252
 neigh_hh_output include/net/neighbour.h:493 [inline]
 neigh_output include/net/neighbour.h:507 [inline]
 ip6_finish_output2+0xead/0x15a0 net/ipv6/ip6_output.c:130
 dst_output include/net/dst.h:452 [inline]
 NF_HOOK include/linux/netfilter.h:302 [inline]
 ndisc_send_skb+0xb98/0x1520 net/ipv6/ndisc.c:513
 addrconf_rs_timer+0x357/0x610 net/ipv6/addrconf.c:3959
 call_timer_fn+0x16d/0x560 kernel/time/timer.c:1451
 expire_timers kernel/time/timer.c:1496 [inline]
 __run_timers+0x67c/0x890 kernel/time/timer.c:1767
 run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1780
 handle_softirqs+0x3a7/0x930 kernel/softirq.c:558
 __do_softirq kernel/softirq.c:592 [inline]
 invoke_softirq kernel/softirq.c:432 [inline]
 __irq_exit_rcu+0x157/0x240 kernel/softirq.c:641
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:653
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1108 [inline]
 sysvec_apic_timer_interrupt+0xa0/0xc0 arch/x86/kernel/apic/apic.c:1108
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:676
RIP: 0010:arch_test_and_set_bit arch/x86/include/asm/bitops.h:138 [inline]
RIP: 0010:test_and_set_bit include/asm-generic/bitops/instrumented-atomic.h:71 [inline]
RIP: 0010:queue_delayed_work_on+0x1fd/0x250 kernel/workqueue.c:1714
Code: 11 e8 37 a1 2d 00 4d 85 e4 75 16 e8 2d a1 2d 00 eb 15 e8 26 a1 2d 00 e8 b1 03 ed 08 4d 85 e4 74 ea e8 17 a1 2d 00 fb 45 84 ff <0f> 94 c0 48 c7 44 24 20 0e 36 e0 45 48 b9 00 00 00 00 00 fc ff df
RSP: 0018:ffffc90002ebfb80 EFLAGS: 00000246
RAX: ffffffff8152fba9 RBX: 0000000000000000 RCX: ffff88802510d940
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90002ebfc50 R08: ffffffff8152fb7f R09: fffffbfff2131e1b
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000200
R13: 1ffff920005d7f74 R14: 0000000000000046 R15: 0000000000000000
 process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
 worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
 kthread+0x3f6/0x4f0 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
 </TASK>
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	e8 37 a1 2d 00       	call   0x2da13c
   5:	4d 85 e4             	test   %r12,%r12
   8:	75 16                	jne    0x20
   a:	e8 2d a1 2d 00       	call   0x2da13c
   f:	eb 15                	jmp    0x26
  11:	e8 26 a1 2d 00       	call   0x2da13c
  16:	e8 b1 03 ed 08       	call   0x8ed03cc
  1b:	4d 85 e4             	test   %r12,%r12
  1e:	74 ea                	je     0xa
  20:	e8 17 a1 2d 00       	call   0x2da13c
  25:	fb                   	sti
  26:	45 84 ff             	test   %r15b,%r15b
* 29:	0f 94 c0             	sete   %al <-- trapping instruction
  2c:	48 c7 44 24 20 0e 36 	movq   $0x45e0360e,0x20(%rsp)
  33:	e0 45
  35:	48 b9 00 00 00 00 00 	movabs $0xdffffc0000000000,%rcx
  3c:	fc ff df