I'm running EdgeOS 1.8.5 on an EdgeRouter, and I'm using load-balancing (eth0, eth1, and eth2) and an IPIP tunnel connected to eth0's IP address.
When packets come in via the tunnel, they get de-encapsulated and immediately get sent back out via eth0 (instead of being routed to their expected destination interface -- eth5 in my case).
What seems to be going on is that, in the Linux kernel version used by EdgeOS 1.8.5, skb->mark is preserved by xform_input(). As a result, IPIP packets arriving via eth0 are marked with eth0's PBR routing table ID (in the UBNT_WLBL_ chain), and this mark propagates to the de-encapsulated packet. This de-encapsulated packet is then routed according to eth0's PBR routing table, which sends all traffic back out via eth0.
I've seen a few related discussions (here, here, here, and even a support article), but the only solution they offer is to create explicit PBR tables for the load-balance interfaces, which requires having a statically configured default route for each interface. In my case, I have DHCP on two out of three interfaces, which makes it impossible to explicitly construct custom PBR tables for load-balancing.
One solution might be to drop the UBNT_WLBL_ chain. I don't really understand why it's necessary to mark packets coming in via the load-balanced interface. It seems sufficient to just mark packets based on the outgoing interface, in the UBNT_WLBO_ chain; experimentally, this works fine for ensuring that the "ping -I ethN" probes get sent out via the right interface.
Another solution might be to adopt a recent patch from the Linux kernel that allows controlling mark inheritance across tunnels (see here). This way, the tunnel i_key can be set to 0, and packets inside the tunnel will not inherit the outer packet's mark from UBNT_WLBL_.
Tangentially related, I wanted to implement the second solution myself, but then I realized that I don't know where to get the source code for UBNT's Linux kernel. Any pointers?