R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcbf29f96d4
R13: 00000000004c7bd7 R14: 00000000004dd968 R15: 0000000000000004
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
============================================
WARNING: possible recursive locking detected
4.14.149 #0 Not tainted
--------------------------------------------
syz-executor.4/12559 is trying to acquire lock:
 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}, at: [<ffffffff84d5748f>] spin_lock include/linux/spinlock.h:317 [inline]
 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}, at: [<ffffffff84d5748f>] __dev_xmit_skb net/core/dev.c:3202 [inline]
 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}, at: [<ffffffff84d5748f>] __dev_queue_xmit+0x1f0f/0x25e0 net/core/dev.c:3493

but task is already holding lock:
 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}, at: [<ffffffff84d5748f>] spin_lock include/linux/spinlock.h:317 [inline]
 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}, at: [<ffffffff84d5748f>] __dev_xmit_skb net/core/dev.c:3202 [inline]
 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}, at: [<ffffffff84d5748f>] __dev_queue_xmit+0x1f0f/0x25e0 net/core/dev.c:3493

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock);
  lock(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

12 locks held by syz-executor.4/12559:
 #0:  (sk_lock-AF_INET6){+.+.}, at: [<ffffffff85ab9196>] lock_sock include/net/sock.h:1462 [inline]
 #0:  (sk_lock-AF_INET6){+.+.}, at: [<ffffffff85ab9196>] sctp_setsockopt net/sctp/socket.c:3998 [inline]
 #0:  (sk_lock-AF_INET6){+.+.}, at: [<ffffffff85ab9196>] sctp_setsockopt+0x196/0x3f50 net/sctp/socket.c:3979
 #1:  (rcu_read_lock){....}, at: [<ffffffff85216a10>] sock_net include/net/sock.h:2328 [inline]
 #1:  (rcu_read_lock){....}, at: [<ffffffff85216a10>] ip_queue_xmit+0x40/0x1b10 net/ipv4/ip_output.c:429
 #2:  (rcu_read_lock_bh){....}, at: [<ffffffff85211386>] lwtunnel_xmit_redirect include/net/lwtunnel.h:92 [inline]
 #2:  (rcu_read_lock_bh){....}, at: [<ffffffff85211386>] ip_finish_output2+0x256/0x14a0 net/ipv4/ip_output.c:213
 #3:  (rcu_read_lock_bh){....}, at: [<ffffffff84d55762>] __dev_queue_xmit+0x1e2/0x25e0 net/core/dev.c:3459
 #4:  (rcu_read_lock){....}, at: [<ffffffff85646c62>] br_dev_xmit+0xb2/0xd40 net/bridge/br_device.c:39
 #5:  (rcu_read_lock_bh){....}, at: [<ffffffff84d55762>] __dev_queue_xmit+0x1e2/0x25e0 net/core/dev.c:3459
 #6:  (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}, at: [<ffffffff84d5748f>] spin_lock include/linux/spinlock.h:317 [inline]
 #6:  (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}, at: [<ffffffff84d5748f>] __dev_xmit_skb net/core/dev.c:3202 [inline]
 #6:  (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}, at: [<ffffffff84d5748f>] __dev_queue_xmit+0x1f0f/0x25e0 net/core/dev.c:3493
 #7:  (dev->qdisc_running_key ?: &qdisc_running_key){+...}, at: [<ffffffff84d57b78>] dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
 #8:  (rcu_read_lock_bh){....}, at: [<ffffffff85211386>] lwtunnel_xmit_redirect include/net/lwtunnel.h:92 [inline]
 #8:  (rcu_read_lock_bh){....}, at: [<ffffffff85211386>] ip_finish_output2+0x256/0x14a0 net/ipv4/ip_output.c:213
 #9:  (rcu_read_lock_bh){....}, at: [<ffffffff84d55762>] __dev_queue_xmit+0x1e2/0x25e0 net/core/dev.c:3459
 #10:  (rcu_read_lock){....}, at: [<ffffffff85646c62>] br_dev_xmit+0xb2/0xd40 net/bridge/br_device.c:39
 #11:  (rcu_read_lock_bh){....}, at: [<ffffffff84d55762>] __dev_queue_xmit+0x1e2/0x25e0 net/core/dev.c:3459

stack backtrace:
CPU: 1 PID: 12559 Comm: syz-executor.4 Not tainted 4.14.149 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x138/0x197 lib/dump_stack.c:53
 print_deadlock_bug kernel/locking/lockdep.c:1796 [inline]
 check_deadlock kernel/locking/lockdep.c:1843 [inline]
 validate_chain kernel/locking/lockdep.c:2444 [inline]
 __lock_acquire.cold+0x2bf/0x8dc kernel/locking/lockdep.c:3487
 lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
 _raw_spin_lock+0x2f/0x40 kernel/locking/spinlock.c:152
 spin_lock include/linux/spinlock.h:317 [inline]
 __dev_xmit_skb net/core/dev.c:3202 [inline]
 __dev_queue_xmit+0x1f0f/0x25e0 net/core/dev.c:3493
 dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
 br_dev_queue_push_xmit+0x367/0x530 net/bridge/br_forward.c:55
 NF_HOOK include/linux/netfilter.h:250 [inline]
 NF_HOOK include/linux/netfilter.h:244 [inline]
 br_forward_finish+0xbc/0x320 net/bridge/br_forward.c:67
 NF_HOOK include/linux/netfilter.h:250 [inline]
 NF_HOOK include/linux/netfilter.h:244 [inline]
 __br_forward+0x560/0x9c0 net/bridge/br_forward.c:111
 deliver_clone+0x61/0xc0 net/bridge/br_forward.c:127
 maybe_deliver net/bridge/br_forward.c:168 [inline]
 maybe_deliver net/bridge/br_forward.c:156 [inline]
 br_flood+0x3c8/0x530 net/bridge/br_forward.c:210
 br_dev_xmit+0x8a5/0xd40 net/bridge/br_device.c:67
 __netdev_start_xmit include/linux/netdevice.h:4033 [inline]
 netdev_start_xmit include/linux/netdevice.h:4042 [inline]
 xmit_one net/core/dev.c:3009 [inline]
 dev_hard_start_xmit+0x18c/0x8b0 net/core/dev.c:3025
 __dev_queue_xmit+0x1d95/0x25e0 net/core/dev.c:3525
 dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
 neigh_hh_output include/net/neighbour.h:490 [inline]
 neigh_output include/net/neighbour.h:498 [inline]
 ip_finish_output2+0xddc/0x14a0 net/ipv4/ip_output.c:229
 ip_finish_output+0x56d/0xc60 net/ipv4/ip_output.c:317
 NF_HOOK_COND include/linux/netfilter.h:239 [inline]
 ip_mc_output+0x24a/0xd40 net/ipv4/ip_output.c:390
 dst_output include/net/dst.h:462 [inline]
 ip_local_out+0x97/0x170 net/ipv4/ip_output.c:124
 iptunnel_xmit+0x56e/0x950 net/ipv4/ip_tunnel_core.c:91
 ip_tunnel_xmit+0xfd9/0x3189 net/ipv4/ip_tunnel.c:795
 __gre_xmit+0x4eb/0x890 net/ipv4/ip_gre.c:444
 gre_tap_xmit net/ipv4/ip_gre.c:775 [inline]
 gre_tap_xmit+0x29d/0x370 net/ipv4/ip_gre.c:759
 __netdev_start_xmit include/linux/netdevice.h:4033 [inline]
 netdev_start_xmit include/linux/netdevice.h:4042 [inline]
 xmit_one net/core/dev.c:3009 [inline]
 dev_hard_start_xmit+0x18c/0x8b0 net/core/dev.c:3025
 sch_direct_xmit+0x27a/0x550 net/sched/sch_generic.c:186
 __dev_xmit_skb net/core/dev.c:3218 [inline]
 __dev_queue_xmit+0x1b6e/0x25e0 net/core/dev.c:3493
 dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
 br_dev_queue_push_xmit+0x367/0x530 net/bridge/br_forward.c:55
 NF_HOOK include/linux/netfilter.h:250 [inline]
 NF_HOOK include/linux/netfilter.h:244 [inline]
 br_forward_finish+0xbc/0x320 net/bridge/br_forward.c:67
 NF_HOOK include/linux/netfilter.h:250 [inline]
 NF_HOOK include/linux/netfilter.h:244 [inline]
 __br_forward+0x560/0x9c0 net/bridge/br_forward.c:111
 deliver_clone+0x61/0xc0 net/bridge/br_forward.c:127
 maybe_deliver net/bridge/br_forward.c:168 [inline]
 maybe_deliver net/bridge/br_forward.c:156 [inline]
 br_flood+0x3c8/0x530 net/bridge/br_forward.c:210
 br_dev_xmit+0x8a5/0xd40 net/bridge/br_device.c:67
 __netdev_start_xmit include/linux/netdevice.h:4033 [inline]
 netdev_start_xmit include/linux/netdevice.h:4042 [inline]
 xmit_one net/core/dev.c:3009 [inline]
 dev_hard_start_xmit+0x18c/0x8b0 net/core/dev.c:3025
 __dev_queue_xmit+0x1d95/0x25e0 net/core/dev.c:3525
 dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
 neigh_hh_output include/net/neighbour.h:490 [inline]
 neigh_output include/net/neighbour.h:498 [inline]
 ip_finish_output2+0xddc/0x14a0 net/ipv4/ip_output.c:229
 ip_finish_output+0x56d/0xc60 net/ipv4/ip_output.c:317
 NF_HOOK_COND include/linux/netfilter.h:239 [inline]
 ip_mc_output+0x24a/0xd40 net/ipv4/ip_output.c:390
 dst_output include/net/dst.h:462 [inline]
 ip_local_out+0x97/0x170 net/ipv4/ip_output.c:124
 ip_queue_xmit+0x7d7/0x1b10 net/ipv4/ip_output.c:504
 sctp_v4_xmit+0x109/0x140 net/sctp/protocol.c:991
 sctp_packet_transmit+0x19a0/0x3020 net/sctp/output.c:637
 sctp_outq_flush+0x841/0x31b0 net/sctp/outqueue.c:896
 sctp_outq_uncork+0x60/0x70 net/sctp/outqueue.c:761
 sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1776 [inline]
 sctp_side_effects net/sctp/sm_sideeffect.c:1179 [inline]
 sctp_do_sm+0x417/0x4ae0 net/sctp/sm_sideeffect.c:1150
 sctp_primitive_ASSOCIATE+0x9d/0xd0 net/sctp/primitive.c:88
 __sctp_connect+0x785/0xc00 net/sctp/socket.c:1237
 __sctp_setsockopt_connectx+0x19c/0x1f0 net/sctp/socket.c:1370
 sctp_setsockopt_connectx net/sctp/socket.c:1402 [inline]
 sctp_setsockopt net/sctp/socket.c:4022 [inline]
 sctp_setsockopt+0x2381/0x3f50 net/sctp/socket.c:3979
 sock_common_setsockopt+0x94/0xd0 net/core/sock.c:2968
 SYSC_setsockopt net/socket.c:1865 [inline]
 SyS_setsockopt+0x13c/0x210 net/socket.c:1844
 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x459a59
RSP: 002b:00007f568b391c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459a59
RDX: 000000000000006e RSI: 0000000000000084 RDI: 0000000000000008
RBP: 000000000075c118 R08: 0000000000000010 R09: 0000000000000000
R10: 0000000020961fe4 R11: 0000000000000246 R12: 00007f568b3926d4
R13: 00000000004d0068 R14: 00000000004ded00 R15: 00000000ffffffff