============================================
WARNING: possible recursive locking detected
syzkaller #0 Not tainted
--------------------------------------------
swapper/0/0 is trying to acquire lock:
ffff88809b526a18 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#10){+.-.}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff88809b526a18 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#10){+.-.}-{3:3}, at: __dev_xmit_skb net/core/dev.c:4186 [inline]
ffff88809b526a18 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#10){+.-.}-{3:3}, at: __dev_queue_xmit+0x22b7/0x3b50 net/core/dev.c:4729

but task is already holding lock:
ffff88809b526a18 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#10){+.-.}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff88809b526a18 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#10){+.-.}-{3:3}, at: __dev_xmit_skb net/core/dev.c:4186 [inline]
ffff88809b526a18 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#10){+.-.}-{3:3}, at: __dev_queue_xmit+0x22b7/0x3b50 net/core/dev.c:4729

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#10);
  lock(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#10);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

12 locks held by swapper/0/0:
 #0: ffffc90000007be0 ((&ndev->rs_timer)){+.-.}-{0:0}, at: call_timer_fn+0xbe/0x5f0 kernel/time/timer.c:1744
 #1: ffffffff8df3d6e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #1: ffffffff8df3d6e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
 #1: ffffffff8df3d6e0 (rcu_read_lock){....}-{1:3}, at: ndisc_send_skb+0x1e4/0x1510 net/ipv6/ndisc.c:482
 #2: ffffffff8df3d6e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #2: ffffffff8df3d6e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
 #2: ffffffff8df3d6e0 (rcu_read_lock){....}-{1:3}, at: ip6_output+0x126/0x550 net/ipv6/ip6_output.c:235
 #3: ffffffff8df3d740 (rcu_read_lock_bh){....}-{1:3}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
 #3: ffffffff8df3d740 (rcu_read_lock_bh){....}-{1:3}, at: rcu_read_lock_bh include/linux/rcupdate.h:918 [inline]
 #3: ffffffff8df3d740 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x27b/0x3b50 net/core/dev.c:4688
 #4: ffffffff8df3d6e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #4: ffffffff8df3d6e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
 #4: ffffffff8df3d6e0 (rcu_read_lock){....}-{1:3}, at: ip6_output+0x126/0x550 net/ipv6/ip6_output.c:235
 #5: ffffffff8df3d740 (rcu_read_lock_bh){....}-{1:3}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
 #5: ffffffff8df3d740 (rcu_read_lock_bh){....}-{1:3}, at: rcu_read_lock_bh include/linux/rcupdate.h:918 [inline]
 #5: ffffffff8df3d740 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x27b/0x3b50 net/core/dev.c:4688
 #6: ffff88809b526a18 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#10){+.-.}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline]
 #6: ffff88809b526a18 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#10){+.-.}-{3:3}, at: __dev_xmit_skb net/core/dev.c:4186 [inline]
 #6: ffff88809b526a18 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#10){+.-.}-{3:3}, at: __dev_queue_xmit+0x22b7/0x3b50 net/core/dev.c:4729
 #7: ffffffff8df3d6e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #7: ffffffff8df3d6e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
 #7: ffffffff8df3d6e0 (rcu_read_lock){....}-{1:3}, at: icmp6_send+0x1e9/0x1940 net/ipv6/icmp.c:478
 #8: ffff88802f3481e0 (k-slock-AF_INET6){+.-.}-{3:3}, at: spin_trylock include/linux/spinlock.h:361 [inline]
 #8: ffff88802f3481e0 (k-slock-AF_INET6){+.-.}-{3:3}, at: icmpv6_xmit_lock net/ipv6/icmp.c:108 [inline]
 #8: ffff88802f3481e0 (k-slock-AF_INET6){+.-.}-{3:3}, at: icmp6_send+0xc5c/0x1940 net/ipv6/icmp.c:555
 #9: ffffffff8df3d6e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #9: ffffffff8df3d6e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
 #9: ffffffff8df3d6e0 (rcu_read_lock){....}-{1:3}, at: ip6_send_skb+0x10f/0x390 net/ipv6/ip6_output.c:1993
 #10: ffffffff8df3d6e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #10: ffffffff8df3d6e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
 #10: ffffffff8df3d6e0 (rcu_read_lock){....}-{1:3}, at: ip6_output+0x126/0x550 net/ipv6/ip6_output.c:235
 #11: ffffffff8df3d740 (rcu_read_lock_bh){....}-{1:3}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
 #11: ffffffff8df3d740 (rcu_read_lock_bh){....}-{1:3}, at: rcu_read_lock_bh include/linux/rcupdate.h:918 [inline]
 #11: ffffffff8df3d740 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x27b/0x3b50 net/core/dev.c:4688

stack backtrace:
CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Call Trace:
 <IRQ>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 print_deadlock_bug+0x28b/0x2a0 kernel/locking/lockdep.c:3041
 check_deadlock kernel/locking/lockdep.c:3093 [inline]
 validate_chain+0x1a3f/0x2140 kernel/locking/lockdep.c:3895
 __lock_acquire+0xab9/0xd20 kernel/locking/lockdep.c:5237
 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
 _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
 spin_lock include/linux/spinlock.h:351 [inline]
 __dev_xmit_skb net/core/dev.c:4186 [inline]
 __dev_queue_xmit+0x22b7/0x3b50 net/core/dev.c:4729
 neigh_output include/net/neighbour.h:547 [inline]
 ip6_finish_output2+0xfb3/0x1480 net/ipv6/ip6_output.c:136
 NF_HOOK_COND include/linux/netfilter.h:307 [inline]
 ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247
 ip6_send_skb+0x1d5/0x390 net/ipv6/ip6_output.c:1994
 icmp6_send+0x12c6/0x1940 net/ipv6/icmp.c:633
 __icmpv6_send include/linux/icmpv6.h:28 [inline]
 icmpv6_send include/linux/icmpv6.h:49 [inline]
 ip6_link_failure+0x3b/0x4c0 net/ipv6/route.c:2843
 dst_link_failure include/net/dst.h:432 [inline]
 ipip6_tunnel_xmit net/ipv6/sit.c:1034 [inline]
 sit_tunnel_xmit+0xaa1/0x1b90 net/ipv6/sit.c:1071
 __netdev_start_xmit include/linux/netdevice.h:5248 [inline]
 netdev_start_xmit include/linux/netdevice.h:5257 [inline]
 xmit_one net/core/dev.c:3845 [inline]
 dev_hard_start_xmit+0x2d7/0x830 net/core/dev.c:3861
 sch_direct_xmit+0x241/0x4b0 net/sched/sch_generic.c:347
 __dev_xmit_skb net/core/dev.c:4202 [inline]
 __dev_queue_xmit+0x1a47/0x3b50 net/core/dev.c:4729
 neigh_output include/net/neighbour.h:547 [inline]
 ip6_finish_output2+0xfb3/0x1480 net/ipv6/ip6_output.c:136
 NF_HOOK_COND include/linux/netfilter.h:307 [inline]
 ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247
 ip6tunnel_xmit+0x1c5/0x3e0 include/net/ip6_tunnel.h:162
 ip6_tnl_xmit+0x22d4/0x2b90 net/ipv6/ip6_tunnel.c:1280
 __gre6_xmit+0xa47/0xd40 net/ipv6/ip6_gre.c:784
 ip6gre_xmit_ipv6 net/ipv6/ip6_gre.c:842 [inline]
 ip6gre_tunnel_xmit+0xd6e/0x10e0 net/ipv6/ip6_gre.c:894
 __netdev_start_xmit include/linux/netdevice.h:5248 [inline]
 netdev_start_xmit include/linux/netdevice.h:5257 [inline]
 xmit_one net/core/dev.c:3845 [inline]
 dev_hard_start_xmit+0x2d7/0x830 net/core/dev.c:3861
 __dev_queue_xmit+0x1b8d/0x3b50 net/core/dev.c:4763
 neigh_output include/net/neighbour.h:547 [inline]
 ip6_finish_output2+0xfb3/0x1480 net/ipv6/ip6_output.c:136
 NF_HOOK_COND include/linux/netfilter.h:307 [inline]
 ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247
 NF_HOOK include/linux/netfilter.h:318 [inline]
 ndisc_send_skb+0xbce/0x1510 net/ipv6/ndisc.c:512
 addrconf_rs_timer+0x369/0x670 net/ipv6/addrconf.c:4037
 call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1747
 expire_timers kernel/time/timer.c:1798 [inline]
 __run_timers kernel/time/timer.c:2372 [inline]
 __run_timer_base+0x61a/0x860 kernel/time/timer.c:2384
 run_timer_base kernel/time/timer.c:2393 [inline]
 run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403
 handle_softirqs+0x286/0x870 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:723
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1052
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:pv_native_safe_halt+0x13/0x20 arch/x86/kernel/paravirt.c:82
Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 93 b1 21 00 f3 0f 1e fa fb f4 <e9> c8 e6 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffffff8dc07d80 EFLAGS: 000002c6
RAX: 26c2aecc106c3200 RBX: ffffffff81967b47 RCX: 26c2aecc106c3200
RDX: 0000000000000001 RSI: ffffffff8d70e844 RDI: ffffffff8bbf08e0
RBP: ffffffff8dc07ea8 R08: ffff8880b8832fdb R09: 1ffff110171065fb
R10: dffffc0000000000 R11: ffffed10171065fc R12: ffffffff8f7cf270
R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1b92a40
 arch_safe_halt arch/x86/include/asm/paravirt.h:107 [inline]
 default_idle+0x13/0x20 arch/x86/kernel/process.c:767
 default_idle_call+0x73/0xb0 kernel/sched/idle.c:122
 cpuidle_idle_call kernel/sched/idle.c:190 [inline]
 do_idle+0x1e7/0x510 kernel/sched/idle.c:330
 cpu_startup_entry+0x44/0x60 kernel/sched/idle.c:428
 rest_init+0x2de/0x300 init/main.c:757
 start_kernel+0x3ae/0x410 init/main.c:1111
 x86_64_start_reservations+0x24/0x30 arch/x86/kernel/head64.c:310
 x86_64_start_kernel+0x143/0x1c0 arch/x86/kernel/head64.c:291
 common_startup_64+0x13e/0x147
 </TASK>
----------------
Code disassembly (best guess):
   0:	cc                   	int3
   1:	cc                   	int3
   2:	cc                   	int3
   3:	cc                   	int3
   4:	cc                   	int3
   5:	cc                   	int3
   6:	cc                   	int3
   7:	90                   	nop
   8:	90                   	nop
   9:	90                   	nop
   a:	90                   	nop
   b:	90                   	nop
   c:	90                   	nop
   d:	90                   	nop
   e:	90                   	nop
   f:	90                   	nop
  10:	90                   	nop
  11:	90                   	nop
  12:	90                   	nop
  13:	90                   	nop
  14:	90                   	nop
  15:	90                   	nop
  16:	90                   	nop
  17:	f3 0f 1e fa          	endbr64
  1b:	66 90                	xchg   %ax,%ax
  1d:	0f 00 2d 93 b1 21 00 	verw   0x21b193(%rip)        # 0x21b1b7
  24:	f3 0f 1e fa          	endbr64
  28:	fb                   	sti
  29:	f4                   	hlt
* 2a:	e9 c8 e6 02 00       	jmp    0x2e6f7 <-- trapping instruction
  2f:	cc                   	int3
  30:	cc                   	int3
  31:	cc                   	int3
  32:	cc                   	int3
  33:	cc                   	int3
  34:	cc                   	int3
  35:	cc                   	int3
  36:	cc                   	int3
  37:	90                   	nop
  38:	90                   	nop
  39:	90                   	nop
  3a:	90                   	nop
  3b:	90                   	nop
  3c:	90                   	nop
  3d:	90                   	nop
  3e:	90                   	nop
  3f:	90                   	nop