============================================
WARNING: possible recursive locking detected
6.1.59-syzkaller #0 Not tainted
--------------------------------------------
syz-executor.0/18815 is trying to acquire lock:
ffff0000d9fae0d8 (_xmit_ETHER#2){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:350 [inline]
ffff0000d9fae0d8 (_xmit_ETHER#2){+.-.}-{2:2}, at: __netif_tx_lock include/linux/netdevice.h:4304 [inline]
ffff0000d9fae0d8 (_xmit_ETHER#2){+.-.}-{2:2}, at: __dev_queue_xmit+0x1320/0x38d8 net/core/dev.c:4261

but task is already holding lock:
ffff0000d4b810d8 (_xmit_ETHER#2){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:350 [inline]
ffff0000d4b810d8 (_xmit_ETHER#2){+.-.}-{2:2}, at: __netif_tx_lock include/linux/netdevice.h:4304 [inline]
ffff0000d4b810d8 (_xmit_ETHER#2){+.-.}-{2:2}, at: sch_direct_xmit+0x164/0x548 net/sched/sch_generic.c:340

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(_xmit_ETHER#2);
  lock(_xmit_ETHER#2);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

10 locks held by syz-executor.0/18815:
 #0: ffff0000d9846748 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
 #0: ffff0000d9846748 (&mm->mmap_lock){++++}-{3:3}, at: exit_mmap+0x18c/0xa60 mm/mmap.c:3199
 #1: ffff000109f8a9d8 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:350 [inline]
 #1: ffff000109f8a9d8 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pte_range mm/memory.c:1417 [inline]
 #1: ffff000109f8a9d8 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pmd_range mm/memory.c:1574 [inline]
 #1: ffff000109f8a9d8 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pud_range mm/memory.c:1603 [inline]
 #1: ffff000109f8a9d8 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_p4d_range mm/memory.c:1624 [inline]
 #1: ffff000109f8a9d8 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: unmap_page_range+0x7b4/0x2080 mm/memory.c:1645
 #2: ffff800015a84ba0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0xc/0x44 include/linux/rcupdate.h:305
 #3: ffff800008017c80 ((&in_dev->mr_ifc_timer)){+.-.}-{0:0}, at: lockdep_copy_map include/linux/lockdep.h:41 [inline]
 #3: ffff800008017c80 ((&in_dev->mr_ifc_timer)){+.-.}-{0:0}, at: call_timer_fn+0xd0/0xa1c kernel/time/timer.c:1464
 #4: ffff800015a84ba0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:305
 #5: ffff800015a84c00 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:305
 #6: ffff0000cf2ac258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: spin_trylock include/linux/spinlock.h:360 [inline]
 #6: ffff0000cf2ac258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: qdisc_run_begin include/net/sch_generic.h:194 [inline]
 #6: ffff0000cf2ac258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: __dev_xmit_skb net/core/dev.c:3813 [inline]
 #6: ffff0000cf2ac258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: __dev_queue_xmit+0x10b4/0x38d8 net/core/dev.c:4231
 #7: ffff0000d4b810d8 (_xmit_ETHER#2){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:350 [inline]
 #7: ffff0000d4b810d8 (_xmit_ETHER#2){+.-.}-{2:2}, at: __netif_tx_lock include/linux/netdevice.h:4304 [inline]
 #7: ffff0000d4b810d8 (_xmit_ETHER#2){+.-.}-{2:2}, at: sch_direct_xmit+0x164/0x548 net/sched/sch_generic.c:340
 #8: ffff800015a84ba0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:305
 #9: ffff800015a84c00 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:305

stack backtrace:
CPU: 1 PID: 18815 Comm: syz-executor.0 Not tainted 6.1.59-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 __lock_acquire+0x6310/0x764c kernel/locking/lockdep.c:5048
 lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5661
 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
 _raw_spin_lock+0x54/0x6c kernel/locking/spinlock.c:154
 spin_lock include/linux/spinlock.h:350 [inline]
 __netif_tx_lock include/linux/netdevice.h:4304 [inline]
 __dev_queue_xmit+0x1320/0x38d8 net/core/dev.c:4261
 dev_queue_xmit include/linux/netdevice.h:3021 [inline]
 neigh_resolve_output+0x518/0x618 net/core/neighbour.c:1554
 neigh_output include/net/neighbour.h:544 [inline]
 ip_finish_output2+0xc8c/0x1198 net/ipv4/ip_output.c:228
 __ip_finish_output+0x1b0/0x458
 ip_finish_output+0x40/0x268 net/ipv4/ip_output.c:316
 NF_HOOK_COND include/linux/netfilter.h:291 [inline]
 ip_output+0x330/0x49c net/ipv4/ip_output.c:430
 dst_output include/net/dst.h:444 [inline]
 ip_local_out+0x120/0x160 net/ipv4/ip_output.c:126
 iptunnel_xmit+0x40c/0x8ec net/ipv4/ip_tunnel_core.c:82
 ip_tunnel_xmit+0x19ac/0x28e8 net/ipv4/ip_tunnel.c:813
 __gre_xmit net/ipv4/ip_gre.c:469 [inline]
 erspan_xmit+0x9c8/0x1498 net/ipv4/ip_gre.c:715
 __netdev_start_xmit include/linux/netdevice.h:4853 [inline]
 netdev_start_xmit include/linux/netdevice.h:4867 [inline]
 xmit_one net/core/dev.c:3599 [inline]
 dev_hard_start_xmit+0x25c/0x9a4 net/core/dev.c:3615
 sch_direct_xmit+0x234/0x548 net/sched/sch_generic.c:342
 __dev_xmit_skb net/core/dev.c:3826 [inline]
 __dev_queue_xmit+0x1658/0x38d8 net/core/dev.c:4231
 dev_queue_xmit include/linux/netdevice.h:3021 [inline]
 neigh_resolve_output+0x518/0x618 net/core/neighbour.c:1554
 neigh_output include/net/neighbour.h:544 [inline]
 ip_finish_output2+0xc8c/0x1198 net/ipv4/ip_output.c:228
 __ip_finish_output+0x1b0/0x458
 ip_finish_output+0x40/0x268 net/ipv4/ip_output.c:316
 NF_HOOK_COND include/linux/netfilter.h:291 [inline]
 ip_output+0x330/0x49c net/ipv4/ip_output.c:430
 dst_output include/net/dst.h:444 [inline]
 ip_local_out+0x120/0x160 net/ipv4/ip_output.c:126
 igmpv3_sendpack+0x230/0x3b0 net/ipv4/igmp.c:425
 igmpv3_send_cr net/ipv4/igmp.c:721 [inline]
 igmp_ifc_timer_expire+0xa60/0xf5c net/ipv4/igmp.c:811
 call_timer_fn+0x1c0/0xa1c kernel/time/timer.c:1474
 expire_timers kernel/time/timer.c:1519 [inline]
 __run_timers+0x554/0x718 kernel/time/timer.c:1790
 run_timer_softirq+0x7c/0x114 kernel/time/timer.c:1803
 __do_softirq+0x30c/0xea0 kernel/softirq.c:571
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:79
 call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:893
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:84
 invoke_softirq kernel/softirq.c:452 [inline]
 __irq_exit_rcu+0x28c/0x534 kernel/softirq.c:650
 irq_exit_rcu+0x14/0x84 kernel/softirq.c:662
 __el1_irq arch/arm64/kernel/entry-common.c:472 [inline]
 el1_interrupt+0x38/0x68 arch/arm64/kernel/entry-common.c:486
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:491
 el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:581
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
 lock_acquire+0x2ac/0x7cc kernel/locking/lockdep.c:5664
 rcu_lock_acquire+0x38/0x44 include/linux/rcupdate.h:306
 rcu_read_lock include/linux/rcupdate.h:747 [inline]
 folio_memcg_lock+0x28/0x20c mm/memcontrol.c:2098
 lock_page_memcg+0x44/0x5c mm/memcontrol.c:2134
 page_remove_rmap+0x44/0xe78 mm/rmap.c:1426
 zap_pte_range mm/memory.c:1453 [inline]
 zap_pmd_range mm/memory.c:1574 [inline]
 zap_pud_range mm/memory.c:1603 [inline]
 zap_p4d_range mm/memory.c:1624 [inline]
 unmap_page_range+0xe6c/0x2080 mm/memory.c:1645
 unmap_single_vma mm/memory.c:1691 [inline]
 unmap_vmas+0x394/0x550 mm/memory.c:1730
 exit_mmap+0x1d0/0xa60 mm/mmap.c:3214
 __mmput+0xec/0x39c kernel/fork.c:1199
 mmput+0x70/0xac kernel/fork.c:1221
 exit_mm+0x14c/0x244 kernel/exit.c:563
 do_exit+0x4d4/0x1a88 kernel/exit.c:856
 do_group_exit+0x194/0x22c kernel/exit.c:1019
 get_signal+0x14a0/0x158c kernel/signal.c:2862
 do_signal arch/arm64/kernel/signal.c:1076 [inline]
 do_notify_resume+0x3ac/0x3474 arch/arm64/kernel/signal.c:1129
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
 el0_svc+0x9c/0x168 arch/arm64/kernel/entry-common.c:638
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585