=============================================
[ INFO: possible recursive locking detected ]
4.9.170+ #45 Not tainted
---------------------------------------------
syz-executor.5/6327 is trying to acquire lock:
 (_xmit_TUNNEL6#2){+.-...}, at: [<000000009f5f0d18>] spin_lock include/linux/spinlock.h:302 [inline]
 (_xmit_TUNNEL6#2){+.-...}, at: [<000000009f5f0d18>] __netif_tx_lock include/linux/netdevice.h:3573 [inline]
 (_xmit_TUNNEL6#2){+.-...}, at: [<000000009f5f0d18>] __dev_queue_xmit+0x1116/0x1bd0 net/core/dev.c:3469
but task is already holding lock:
 (_xmit_TUNNEL6#2){+.-...}, at: [<000000009f5f0d18>] spin_lock include/linux/spinlock.h:302 [inline]
 (_xmit_TUNNEL6#2){+.-...}, at: [<000000009f5f0d18>] __netif_tx_lock include/linux/netdevice.h:3573 [inline]
 (_xmit_TUNNEL6#2){+.-...}, at: [<000000009f5f0d18>] __dev_queue_xmit+0x1116/0x1bd0 net/core/dev.c:3469
other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(_xmit_TUNNEL6#2);
  lock(_xmit_TUNNEL6#2);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

9 locks held by syz-executor.5/6327:
 #0:  (rcu_read_lock){......}, at: [<000000006270b932>] skb_dst_set include/linux/skbuff.h:864 [inline]
 #0:  (rcu_read_lock){......}, at: [<000000006270b932>] rawv6_send_hdrinc net/ipv6/raw.c:663 [inline]
 #0:  (rcu_read_lock){......}, at: [<000000006270b932>] rawv6_sendmsg+0x15f5/0x2a00 net/ipv6/raw.c:927
 #1:  (rcu_read_lock_bh){......}, at: [<0000000048523c33>] ip6_finish_output2+0x169/0x1e50 net/ipv6/ip6_output.c:70
 #2:  (rcu_read_lock_bh){......}, at: [<00000000455a78d5>] __dev_queue_xmit+0x1d4/0x1bd0 net/core/dev.c:3407
 #3:  (_xmit_TUNNEL6#2){+.-...}, at: [<000000009f5f0d18>] spin_lock include/linux/spinlock.h:302 [inline]
 #3:  (_xmit_TUNNEL6#2){+.-...}, at: [<000000009f5f0d18>] __netif_tx_lock include/linux/netdevice.h:3573 [inline]
 #3:  (_xmit_TUNNEL6#2){+.-...}, at: [<000000009f5f0d18>] __dev_queue_xmit+0x1116/0x1bd0 net/core/dev.c:3469
 #4:  (rcu_read_lock){......}, at: [<000000001775556e>] icmpv6_send+0x0/0x1b0 net/ipv6/ip6_icmp.c:30
 #5:  (slock-AF_INET6){+.-...}, at: [<00000000f5cf13e1>] spin_trylock include/linux/spinlock.h:312 [inline]
 #5:  (slock-AF_INET6){+.-...}, at: [<00000000f5cf13e1>] icmpv6_xmit_lock net/ipv6/icmp.c:120 [inline]
 #5:  (slock-AF_INET6){+.-...}, at: [<00000000f5cf13e1>] icmp6_send+0xa5d/0x1c00 net/ipv6/icmp.c:493
 #6:  (rcu_read_lock){......}, at: [<00000000b9ab2c38>] icmp6_send+0x103f/0x1c00 net/ipv6/icmp.c:527
 #7:  (rcu_read_lock_bh){......}, at: [<0000000048523c33>] ip6_finish_output2+0x169/0x1e50 net/ipv6/ip6_output.c:70
 #8:  (rcu_read_lock_bh){......}, at: [<00000000455a78d5>] __dev_queue_xmit+0x1d4/0x1bd0 net/core/dev.c:3407

stack backtrace:
CPU: 1 PID: 6327 Comm: syz-executor.5 Not tainted 4.9.170+ #45
 ffff880120a267e0 ffffffff81b4fb21 ffffffff8424ccc0 ffffffff83ccc230
 ffffffff83ccc230 9aeeecc9b0a8c80b ffff880155255f00 ffff880120a26980
 ffffffff81403360 0000000000000008 ffff880155255f00 ffff880120a269a0
Call Trace:
 [<00000000f4a02f14>] __dump_stack lib/dump_stack.c:15 [inline]
 [<00000000f4a02f14>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<0000000035a78adc>] print_deadlock_bug kernel/locking/lockdep.c:1727 [inline]
 [<0000000035a78adc>] check_deadlock kernel/locking/lockdep.c:1771 [inline]
 [<0000000035a78adc>] validate_chain kernel/locking/lockdep.c:2249 [inline]
 [<0000000035a78adc>] __lock_acquire.cold+0x384/0x734 kernel/locking/lockdep.c:3345
 [<0000000007d67140>] lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3759
 [<00000000d6f708f1>] __raw_spin_lock include/linux/spinlock_api_smp.h:144 [inline]
 [<00000000d6f708f1>] _raw_spin_lock+0x38/0x50 kernel/locking/spinlock.c:151
 [<000000009f5f0d18>] spin_lock include/linux/spinlock.h:302 [inline]
 [<000000009f5f0d18>] __netif_tx_lock include/linux/netdevice.h:3573 [inline]
 [<000000009f5f0d18>] __dev_queue_xmit+0x1116/0x1bd0 net/core/dev.c:3469
 [<00000000c61db695>] dev_queue_xmit+0x18/0x20 net/core/dev.c:3506
 [<00000000869f92cb>] neigh_direct_output+0x16/0x20 net/core/neighbour.c:1365
 [<00000000b0b795ce>] dst_neigh_output include/net/dst.h:470 [inline]
 [<00000000b0b795ce>] ip6_finish_output2+0x94f/0x1e50 net/ipv6/ip6_output.c:119
 [<00000000ae11c81f>] ip6_finish_output+0x336/0x970 net/ipv6/ip6_output.c:145
 [<00000000da00386f>] NF_HOOK_COND include/linux/netfilter.h:246 [inline]
 [<00000000da00386f>] ip6_output+0x21b/0x730 net/ipv6/ip6_output.c:162
 [<000000004228775d>] dst_output include/net/dst.h:507 [inline]
 [<000000004228775d>] ip6_local_out+0x9c/0x180 net/ipv6/output_core.c:176
 [<000000008b8074ac>] ip6_send_skb+0xa2/0x340 net/ipv6/ip6_output.c:1753
 [<00000000571304e1>] ip6_push_pending_frames+0xbb/0xe0 net/ipv6/ip6_output.c:1773
 [<000000000b397141>] icmpv6_push_pending_frames+0x336/0x530 net/ipv6/icmp.c:276
 [<0000000017206886>] icmp6_send+0x158e/0x1c00 net/ipv6/icmp.c:547
 [<000000003c0c86dd>] icmpv6_send+0xb4/0x1b0 net/ipv6/ip6_icmp.c:42
 [<00000000fdf0e35f>] ip6_link_failure+0x2d/0x3e0 net/ipv6/route.c:1336
 [<00000000a230f5ac>] dst_link_failure include/net/dst.h:490 [inline]
 [<00000000a230f5ac>] vti6_xmit net/ipv6/ip6_vti.c:522 [inline]
 [<00000000a230f5ac>] vti6_tnl_xmit+0xb08/0x17f0 net/ipv6/ip6_vti.c:561
 [<00000000c00c677e>] __netdev_start_xmit include/linux/netdevice.h:4072 [inline]
 [<00000000c00c677e>] netdev_start_xmit include/linux/netdevice.h:4081 [inline]
 [<00000000c00c677e>] xmit_one net/core/dev.c:2977 [inline]
 [<00000000c00c677e>] dev_hard_start_xmit+0x195/0x8b0 net/core/dev.c:2993
 [<0000000003167488>] __dev_queue_xmit+0x11a3/0x1bd0 net/core/dev.c:3473
 [<00000000c61db695>] dev_queue_xmit+0x18/0x20 net/core/dev.c:3506
 [<00000000869f92cb>] neigh_direct_output+0x16/0x20 net/core/neighbour.c:1365
 [<00000000b0b795ce>] dst_neigh_output include/net/dst.h:470 [inline]
 [<00000000b0b795ce>] ip6_finish_output2+0x94f/0x1e50 net/ipv6/ip6_output.c:119
 [<00000000ae11c81f>] ip6_finish_output+0x336/0x970 net/ipv6/ip6_output.c:145
 [<00000000da00386f>] NF_HOOK_COND include/linux/netfilter.h:246 [inline]
 [<00000000da00386f>] ip6_output+0x21b/0x730 net/ipv6/ip6_output.c:162
 [<0000000047cb625b>] dst_output include/net/dst.h:507 [inline]
 [<0000000047cb625b>] NF_HOOK_THRESH include/linux/netfilter.h:232 [inline]
 [<0000000047cb625b>] NF_HOOK include/linux/netfilter.h:255 [inline]
 [<0000000047cb625b>] rawv6_send_hdrinc net/ipv6/raw.c:679 [inline]
 [<0000000047cb625b>] rawv6_sendmsg+0x2224/0x2a00 net/ipv6/raw.c:927
 [<0000000038df28f2>] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:766
 [<00000000c06f2796>] sock_sendmsg_nosec net/socket.c:649 [inline]
 [<00000000c06f2796>] sock_sendmsg+0xbe/0x110 net/socket.c:659
 [<000000002a9a6a8f>] sock_write_iter+0x235/0x3d0 net/socket.c:857
 [<00000000bc837e59>] new_sync_write fs/read_write.c:498 [inline]
 [<00000000bc837e59>] __vfs_write+0x3c1/0x560 fs/read_write.c:511
 [<00000000ec343d25>] vfs_write+0x185/0x520 fs/read_write.c:559
 [<00000000efa82c69>] SYSC_write fs/read_write.c:606 [inline]
 [<00000000efa82c69>] SyS_write+0xdc/0x1c0 fs/read_write.c:598
 [<0000000090af19c1>] do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285
 [<00000000a50addf2>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb