possible deadlock in __dev_queue

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
android-49	possible deadlock in __dev_queue_xmit				4	1763d	1832d	0/3	auto-closed as invalid on 2019/10/25 08:36
upstream	possible deadlock in __dev_queue_xmit (3) net	C	done	inconclusive	984	11d	1599d	0/26	upstream: reported C repro on 2019/12/03 09:55
linux-4.19	possible deadlock in __dev_queue_xmit	C		error	5	940d	1358d	0/1	upstream: reported C repro on 2020/07/31 07:05
android-44	possible deadlock in __dev_queue_xmit				14	1598d	1660d	0/2	auto-closed as invalid on 2020/04/02 07:14
linux-6.1	possible deadlock in __dev_queue_xmit				98	183d	296d	0/3	auto-obsoleted due to no activity on 2023/12/28 22:22
linux-4.14	possible deadlock in __dev_queue_xmit				7	1309d	1754d	0/1	auto-closed as invalid on 2021/01/16 21:33
upstream	possible deadlock in __dev_queue_xmit net				1	1921d	1921d	0/26	closed as invalid on 2019/03/10 18:51
linux-5.15	possible deadlock in __dev_queue_xmit				113	247d	383d	0/3	auto-obsoleted due to no activity on 2023/10/25 04:56
linux-6.1	possible deadlock in __dev_queue_xmit (2)				6	7d11h	91d	0/3	upstream: reported on 2024/01/19 16:24
linux-5.15	possible deadlock in __dev_queue_xmit (2)	C			12	10d	127d	0/3	upstream: reported C repro on 2023/12/15 02:11
upstream	possible deadlock in __dev_queue_xmit (2) kernel				2	1733d	1849d	0/26	auto-closed as invalid on 2019/11/19 09:01

============================================ WARNING: possible recursive locking detected 4.14.113+ #61 Not tainted -------------------------------------------- syz-executor.1/16186 is trying to acquire lock: (_xmit_TUNNEL6#2){+.-.}, at: [<000000004137c28f>] spin_lock include/linux/spinlock.h:317 [inline] (_xmit_TUNNEL6#2){+.-.}, at: [<000000004137c28f>] __netif_tx_lock include/linux/netdevice.h:3530 [inline] (_xmit_TUNNEL6#2){+.-.}, at: [<000000004137c28f>] __dev_queue_xmit+0x1127/0x1cd0 net/core/dev.c:3521 but task is already holding lock: (_xmit_TUNNEL6#2){+.-.}, at: [<000000004137c28f>] spin_lock include/linux/spinlock.h:317 [inline] (_xmit_TUNNEL6#2){+.-.}, at: [<000000004137c28f>] __netif_tx_lock include/linux/netdevice.h:3530 [inline] (_xmit_TUNNEL6#2){+.-.}, at: [<000000004137c28f>] __dev_queue_xmit+0x1127/0x1cd0 net/core/dev.c:3521 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(_xmit_TUNNEL6#2); lock(_xmit_TUNNEL6#2); *** DEADLOCK *** ip6_tunnel: xmit: Local address not yet configured! May be due to missing lock nesting notation 9 locks held by syz-executor.1/16186: #0: (rcu_read_lock){....}, at: [<000000003e87a303>] skb_dst_set include/linux/skbuff.h:896 [inline] #0: (rcu_read_lock){....}, at: [<000000003e87a303>] rawv6_send_hdrinc net/ipv6/raw.c:671 [inline] #0: (rcu_read_lock){....}, at: [<000000003e87a303>] rawv6_sendmsg+0x1691/0x2b80 net/ipv6/raw.c:935 #1: (rcu_read_lock_bh){....}, at: [<00000000331a014a>] ip6_finish_output2+0x173/0x1fa0 net/ipv6/ip6_output.c:70 #2: (rcu_read_lock_bh){....}, at: [<000000007fa60437>] __dev_queue_xmit+0x1b3/0x1cd0 net/core/dev.c:3459 #3: (_xmit_TUNNEL6#2){+.-.}, at: [<000000004137c28f>] spin_lock include/linux/spinlock.h:317 [inline] #3: (_xmit_TUNNEL6#2){+.-.}, at: [<000000004137c28f>] __netif_tx_lock include/linux/netdevice.h:3530 [inline] #3: (_xmit_TUNNEL6#2){+.-.}, at: [<000000004137c28f>] __dev_queue_xmit+0x1127/0x1cd0 net/core/dev.c:3521 #4: (rcu_read_lock){....}, at: [<00000000a9c41ecf>] icmpv6_send+0x0/0x1a0 net/ipv6/ip6_icmp.c:31 #5: (k-slock-AF_INET6){+...}, at: [<0000000074fa18a9>] spin_trylock include/linux/spinlock.h:327 [inline] #5: (k-slock-AF_INET6){+...}, at: [<0000000074fa18a9>] icmpv6_xmit_lock net/ipv6/icmp.c:119 [inline] #5: (k-slock-AF_INET6){+...}, at: [<0000000074fa18a9>] icmp6_send+0xb5a/0x1cb0 net/ipv6/icmp.c:533 #6: (rcu_read_lock){....}, at: [<00000000ae325f27>] icmp6_send+0x10c6/0x1cb0 net/ipv6/icmp.c:568 #7: (rcu_read_lock_bh){....}, at: [<00000000331a014a>] ip6_finish_output2+0x173/0x1fa0 net/ipv6/ip6_output.c:70 #8: (rcu_read_lock_bh){....}, at: [<000000007fa60437>] __dev_queue_xmit+0x1b3/0x1cd0 net/core/dev.c:3459 stack backtrace: CPU: 0 PID: 16186 Comm: syz-executor.1 Not tainted 4.14.113+ #61 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xb9/0x10e lib/dump_stack.c:53 print_deadlock_bug kernel/locking/lockdep.c:1796 [inline] check_deadlock kernel/locking/lockdep.c:1843 [inline] validate_chain kernel/locking/lockdep.c:2444 [inline] __lock_acquire.cold+0x1da/0xa36 kernel/locking/lockdep.c:3487 ip6_tunnel: xmit: Local address not yet configured! kauditd_printk_skb: 240 callbacks suppressed audit: type=1400 audit(2000000369.080:72494): avc: denied { create } for pid=16190 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(2000000369.110:72495): avc: denied { write } for pid=16190 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(2000000369.110:72496): avc: denied { map } for pid=16194 comm="modprobe" path="/bin/kmod" dev="sda1" ino=1440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 ip6_tunnel: xmit: Local address not yet configured! audit: type=1400 audit(2000000369.110:72497): avc: denied { map } for pid=16194 comm="modprobe" path="/bin/kmod" dev="sda1" ino=1440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(2000000369.110:72498): avc: denied { read } for pid=16190 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 ip6_tunnel: xmit: Local address not yet configured! ip6_tunnel: xmit: Local address not yet configured! audit: type=1400 audit(2000000369.880:72499): avc: denied { create } for pid=16190 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(2000000369.880:72500): avc: denied { write } for pid=16190 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(2000000369.880:72501): avc: denied { map } for pid=16232 comm="modprobe" path="/bin/kmod" dev="sda1" ino=1440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(2000000369.920:72502): avc: denied { read } for pid=16190 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(2000000370.010:72503): avc: denied { create } for pid=16239 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 ip6_tunnel: xmit: Local address not yet configured! ip6_tunnel: xmit: Local address not yet configured! ip6_tunnel: xmit: Local address not yet configured! ip6_tunnel: xmit: Local address not yet configured! ip6_tunnel: xmit: Local address not yet configured! ip6_tunnel: xmit: Local address not yet configured! kauditd_printk_skb: 67 callbacks suppressed audit: type=1400 audit(2000000374.420:72571): avc: denied { create } for pid=16425 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(2000000374.450:72572): avc: denied { map } for pid=16434 comm="modprobe" path="/bin/kmod" dev="sda1" ino=1440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(2000000374.460:72573): avc: denied { write } for pid=16425 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(2000000374.480:72574): avc: denied { map } for pid=16439 comm="modprobe" path="/bin/kmod" dev="sda1" ino=1440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(2000000374.480:72575): avc: denied { map } for pid=16439 comm="modprobe" path="/bin/kmod" dev="sda1" ino=1440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(2000000374.480:72576): avc: denied { map } for pid=16441 comm="modprobe" path="/etc/ld.so.cache" dev="sda1" ino=2503 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(2000000374.500:72577): avc: denied { map } for pid=16441 comm="modprobe" path="/lib/x86_64-linux-gnu/libc-2.13.so" dev="sda1" ino=2784 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(2000000374.540:72578): avc: denied { read } for pid=16425 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(2000000374.640:72579): avc: denied { map } for pid=16451 comm="modprobe" path="/bin/kmod" dev="sda1" ino=1440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(2000000374.650:72580): avc: denied { map } for pid=16451 comm="modprobe" path="/lib/x86_64-linux-gnu/libkmod.so.2.1.3" dev="sda1" ino=2811 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 ip6_tunnel: xmit: Local address not yet configured! ip6_tunnel: xmit: Local address not yet configured! ip6_tunnel: xmit: Local address not yet configured! ip6_tunnel: xmit: Local address not yet configured!

Crashes (3):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Manager
2019/04/24 21:30	android-4.14	ffa22221c473	8e3c52b1	.config	console log	report	ci-android-414-kasan-gce-root
2019/03/25 12:14	android-4.14	4344de2f79ab	2c86e0a5	.config	console log	report	ci-android-414-kasan-gce-root
2018/12/23 14:22	android-4.14	815e34f802d8	e3bd7ab8	.config	console log	report	ci-android-414-kasan-gce-root

Crashes (3):

Assets (help?)