input: syz1 as /devices/virtual/input/input32
=============================================
[ INFO: possible recursive locking detected ]
4.4.174+ #4 Not tainted
---------------------------------------------
syz-executor.1/13640 is trying to acquire lock:
 (_xmit_TUNNEL6#2){+.-...}, at: [<ffffffff822471b9>] spin_lock include/linux/spinlock.h:302 [inline]
 (_xmit_TUNNEL6#2){+.-...}, at: [<ffffffff822471b9>] __netif_tx_lock include/linux/netdevice.h:3306 [inline]
 (_xmit_TUNNEL6#2){+.-...}, at: [<ffffffff822471b9>] __dev_queue_xmit+0x1439/0x1bb0 net/core/dev.c:3225

but task is already holding lock:
 (_xmit_TUNNEL6#2){+.-...}, at: [<ffffffff822471b9>] spin_lock include/linux/spinlock.h:302 [inline]
 (_xmit_TUNNEL6#2){+.-...}, at: [<ffffffff822471b9>] __netif_tx_lock include/linux/netdevice.h:3306 [inline]
 (_xmit_TUNNEL6#2){+.-...}, at: [<ffffffff822471b9>] __dev_queue_xmit+0x1439/0x1bb0 net/core/dev.c:3225

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(_xmit_TUNNEL6#2);
  lock(_xmit_TUNNEL6#2);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

10 locks held by syz-executor.1/13640:
 #0:  (sk_lock-AF_INET6){+.+.+.}, at: [<ffffffff824a8414>] lock_sock include/net/sock.h:1497 [inline]
 #0:  (sk_lock-AF_INET6){+.+.+.}, at: [<ffffffff824a8414>] inet_stream_connect+0x44/0xa0 net/ipv4/af_inet.c:675
 #1:  (rcu_read_lock){......}, at: [<ffffffff826660e8>] inet6_csk_xmit+0x108/0x4b0 net/ipv6/inet6_connection_sock.c:163
 #2:  (rcu_read_lock_bh){......}, at: [<ffffffff8259f091>] ip6_finish_output2+0x1e1/0x1dc0 net/ipv6/ip6_output.c:71
 #3:  (rcu_read_lock_bh){......}, at: [<ffffffff82245f57>] __dev_queue_xmit+0x1d7/0x1bb0 net/core/dev.c:3161
 #4:  (_xmit_TUNNEL6#2){+.-...}, at: [<ffffffff822471b9>] spin_lock include/linux/spinlock.h:302 [inline]
 #4:  (_xmit_TUNNEL6#2){+.-...}, at: [<ffffffff822471b9>] __netif_tx_lock include/linux/netdevice.h:3306 [inline]
 #4:  (_xmit_TUNNEL6#2){+.-...}, at: [<ffffffff822471b9>] __dev_queue_xmit+0x1439/0x1bb0 net/core/dev.c:3225
 #5:  (rcu_read_lock){......}, at: [<ffffffff826be400>] icmpv6_send+0x0/0x1b0 net/ipv6/ip6_icmp.c:30
 #6:  (slock-AF_INET6){+.-...}, at: [<ffffffff8262191d>] spin_trylock include/linux/spinlock.h:312 [inline]
 #6:  (slock-AF_INET6){+.-...}, at: [<ffffffff8262191d>] icmpv6_xmit_lock net/ipv6/icmp.c:120 [inline]
 #6:  (slock-AF_INET6){+.-...}, at: [<ffffffff8262191d>] icmp6_send+0x7bd/0x1b40 net/ipv6/icmp.c:485
 #7:  (rcu_read_lock){......}, at: [<ffffffff826220a4>] icmp6_send+0xf44/0x1b40 net/ipv6/icmp.c:517
 #8:  (rcu_read_lock_bh){......}, at: [<ffffffff8259f091>] ip6_finish_output2+0x1e1/0x1dc0 net/ipv6/ip6_output.c:71
 #9:  (rcu_read_lock_bh){......}, at: [<ffffffff82245f57>] __dev_queue_xmit+0x1d7/0x1bb0 net/core/dev.c:3161

stack backtrace:
CPU: 0 PID: 13640 Comm: syz-executor.1 Not tainted 4.4.174+ #4
 0000000000000000 bad8eb5fe4420290 ffff8801b3dee3d0 ffffffff81aad1a1
 ffffffff84057a80 ffff8801bf208000 ffffffff83ad5f40 ffff8801bf208968
 ffff8801bf208988 ffff8801b3dee558 ffffffff813ad6ff 0000000000000000
Call Trace:
 [<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<ffffffff813ad6ff>] print_deadlock_bug kernel/locking/lockdep.c:1752 [inline]
 [<ffffffff813ad6ff>] check_deadlock kernel/locking/lockdep.c:1796 [inline]
 [<ffffffff813ad6ff>] validate_chain kernel/locking/lockdep.c:2128 [inline]
 [<ffffffff813ad6ff>] __lock_acquire.cold+0x118/0x592 kernel/locking/lockdep.c:3213
 [<ffffffff81205f6e>] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592
 [<ffffffff82717c98>] __raw_spin_lock include/linux/spinlock_api_smp.h:144 [inline]
 [<ffffffff82717c98>] _raw_spin_lock+0x38/0x50 kernel/locking/spinlock.c:151
 [<ffffffff822471b9>] spin_lock include/linux/spinlock.h:302 [inline]
 [<ffffffff822471b9>] __netif_tx_lock include/linux/netdevice.h:3306 [inline]
 [<ffffffff822471b9>] __dev_queue_xmit+0x1439/0x1bb0 net/core/dev.c:3225
 [<ffffffff82247948>] dev_queue_xmit+0x18/0x20 net/core/dev.c:3263
 [<ffffffff8225c136>] neigh_direct_output+0x16/0x20 net/core/neighbour.c:1369
 [<ffffffff8259f877>] dst_neigh_output include/net/dst.h:461 [inline]
 [<ffffffff8259f877>] ip6_finish_output2+0x9c7/0x1dc0 net/ipv6/ip6_output.c:113
 [<ffffffff825b0203>] ip6_finish_output+0x2f3/0x750 net/ipv6/ip6_output.c:131
 [<ffffffff825b0814>] NF_HOOK_COND include/linux/netfilter.h:240 [inline]
 [<ffffffff825b0814>] ip6_output+0x1b4/0x520 net/ipv6/ip6_output.c:145
 [<ffffffff826bf66c>] dst_output include/net/dst.h:498 [inline]
 [<ffffffff826bf66c>] ip6_local_out+0x9c/0x180 net/ipv6/output_core.c:169
 [<ffffffff825b28c2>] ip6_send_skb+0xa2/0x340 net/ipv6/ip6_output.c:1725
 [<ffffffff825b2c1b>] ip6_push_pending_frames+0xbb/0xe0 net/ipv6/ip6_output.c:1745
 [<ffffffff82620f66>] icmpv6_push_pending_frames+0x336/0x530 net/ipv6/icmp.c:276
 [<ffffffff82622666>] icmp6_send+0x1506/0x1b40 net/ipv6/icmp.c:537
 [<ffffffff826be4b1>] icmpv6_send+0xb1/0x1b0 net/ipv6/ip6_icmp.c:42
 [<ffffffff825ec65d>] ip6_link_failure+0x2d/0x3e0 net/ipv6/route.c:1313
 [<ffffffff826b164a>] dst_link_failure include/net/dst.h:481 [inline]
 [<ffffffff826b164a>] ip6_tnl_xmit2+0x4da/0x2320 net/ipv6/ip6_tunnel.c:1089
 [<ffffffff826b4a25>] ip6ip6_tnl_xmit net/ipv6/ip6_tunnel.c:1193 [inline]
 [<ffffffff826b4a25>] ip6_tnl_xmit+0x5d5/0xe00 net/ipv6/ip6_tunnel.c:1215
 [<ffffffff82245071>] __netdev_start_xmit include/linux/netdevice.h:3750 [inline]
 [<ffffffff82245071>] netdev_start_xmit include/linux/netdevice.h:3759 [inline]
 [<ffffffff82245071>] xmit_one net/core/dev.c:2781 [inline]
 [<ffffffff82245071>] dev_hard_start_xmit+0x7c1/0x11e0 net/core/dev.c:2797
 [<ffffffff822473cb>] __dev_queue_xmit+0x164b/0x1bb0 net/core/dev.c:3229
 [<ffffffff82247948>] dev_queue_xmit+0x18/0x20 net/core/dev.c:3263
 [<ffffffff8225c136>] neigh_direct_output+0x16/0x20 net/core/neighbour.c:1369
 [<ffffffff8259f877>] dst_neigh_output include/net/dst.h:461 [inline]
 [<ffffffff8259f877>] ip6_finish_output2+0x9c7/0x1dc0 net/ipv6/ip6_output.c:113
 [<ffffffff825b0203>] ip6_finish_output+0x2f3/0x750 net/ipv6/ip6_output.c:131
 [<ffffffff825b0814>] NF_HOOK_COND include/linux/netfilter.h:240 [inline]
 [<ffffffff825b0814>] ip6_output+0x1b4/0x520 net/ipv6/ip6_output.c:145
 [<ffffffff825a8df6>] dst_output include/net/dst.h:498 [inline]
 [<ffffffff825a8df6>] NF_HOOK_THRESH include/linux/netfilter.h:226 [inline]
 [<ffffffff825a8df6>] NF_HOOK include/linux/netfilter.h:249 [inline]
 [<ffffffff825a8df6>] ip6_xmit+0xc76/0x1a60 net/ipv6/ip6_output.c:240
 [<ffffffff8266622c>] inet6_csk_xmit+0x24c/0x4b0 net/ipv6/inet6_connection_sock.c:176
 [<ffffffff82431dd4>] __tcp_transmit_skb+0x1904/0x2cf0 net/ipv4/tcp_output.c:1034
 [<ffffffff8243a4ed>] tcp_transmit_skb net/ipv4/tcp_output.c:1047 [inline]
 [<ffffffff8243a4ed>] tcp_connect+0x223d/0x31b0 net/ipv4/tcp_output.c:3295
 [<ffffffff82646631>] tcp_v6_connect+0x1391/0x1b30 net/ipv6/tcp_ipv6.c:294
 [<ffffffff824a7a2f>] __inet_stream_connect+0x2cf/0xc70 net/ipv4/af_inet.c:615
 [<ffffffff824a8425>] inet_stream_connect+0x55/0xa0 net/ipv4/af_inet.c:676
 [<ffffffff821dbd05>] SYSC_connect net/socket.c:1570 [inline]
 [<ffffffff821dbd05>] SyS_connect+0x1a5/0x2e0 net/socket.c:1551
 [<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
input: syz1 as /devices/virtual/input/input33
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket
input: syz1 as /devices/virtual/input/input34
input: syz1 as /devices/virtual/input/input35
input: syz1 as /devices/virtual/input/input36
input: syz1 as /devices/virtual/input/input37
input: syz1 as /devices/virtual/input/input38
input: syz1 as /devices/virtual/input/input39
input: syz1 as /devices/virtual/input/input40
input: syz1 as /devices/virtual/input/input41
input: syz1 as /devices/virtual/input/input42
input: syz1 as /devices/virtual/input/input43
input: syz1 as /devices/virtual/input/input47
input: syz1 as /devices/virtual/input/input48
input: syz1 as /devices/virtual/input/input49
input: syz1 as /devices/virtual/input/input50
audit: type=1400 audit(1574577727.525:85): avc:  denied  { setattr } for  pid=14796 comm="syz-executor.5" name="loginuid" dev="proc" ino=55856 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=file permissive=1
input: syz1 as /devices/virtual/input/input51
input: syz1 as /devices/virtual/input/input52
input: syz1 as /devices/virtual/input/input53