Hello,
syzkaller hit the following crash on
6084b576dca2e898f5c101baef151f7bfdbb606d
git://
git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
compiler: gcc (GCC) 7.1.1 20170620
.config is attached
Raw console output is attached.
Unfortunately, I don't have any reproducer for this bug yet.
netlink: 9 bytes leftover after parsing attributes in process
`syz-executor3'.
sg_write: data in/out 822404280/197 bytes for SCSI command 0x12-- guessing
data in;
program syz-executor0 not setting count and/or reply_len properly
sg_write: data in/out 262364/161 bytes for SCSI command 0xff-- guessing
data in;
program syz-executor0 not setting count and/or reply_len properly
WARNING: CPU: 1 PID: 22282 at fs/sysfs/dir.c:31 sysfs_warn_dup+0x60/0x80
fs/sysfs/dir.c:30
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 22282 Comm: syz-executor7 Not tainted 4.15.0-rc3-next-20171214+
#67
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xe9/0x14b lib/dump_stack.c:53
panic+0x10e/0x2f8 kernel/panic.c:183
__warn+0x14e/0x150 kernel/panic.c:547
report_bug+0x11e/0x1a0 lib/bug.c:184
fixup_bug.part.11+0x17/0x30 arch/x86/kernel/traps.c:177
fixup_bug arch/x86/kernel/traps.c:246 [inline]
do_error_trap+0x14a/0x180 arch/x86/kernel/traps.c:295
do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:314
invalid_op+0x22/0x40 arch/x86/entry/entry_64.S:1079
RIP: 0010:sysfs_warn_dup+0x60/0x80 fs/sysfs/dir.c:30
RSP: 0018:ffffc90001b77a80 EFLAGS: 00010282
RAX: 0000000000000036 RBX: ffff8802135bf000 RCX: ffffffff8123dede
RDX: 0000000000010000 RSI: ffffc90001949000 RDI: ffff88021fd136f8
RBP: ffffc90001b77a98 R08: ffff88021fd1bd00 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801e1ae1d60
R13: ffff88021654cc80 R14: 0000000000000001 R15: ffffffffffffffef
sysfs_do_create_link_sd.isra.2+0xd8/0xf0 fs/sysfs/symlink.c:51
sysfs_do_create_link fs/sysfs/symlink.c:80 [inline]
sysfs_create_link+0x49/0x70 fs/sysfs/symlink.c:92
device_add_class_symlinks drivers/base/core.c:1601 [inline]
device_add+0x35f/0x840 drivers/base/core.c:1799
netdev_register_kobject+0xa2/0x190 net/core/net-sysfs.c:1604
register_netdevice+0x573/0x710 net/core/dev.c:7743
ip6_tnl_create2+0xef/0x1f0 net/ipv6/ip6_tunnel.c:269
ip6_tnl_create net/ipv6/ip6_tunnel.c:317 [inline]
ip6_tnl_locate+0x3f2/0x460 net/ipv6/ip6_tunnel.c:365
ip6_tnl_ioctl+0x240/0x560 net/ipv6/ip6_tunnel.c:1611
dev_ifsioc+0x175/0x520 net/core/dev_ioctl.c:354
dev_ioctl+0x548/0x7a0 net/core/dev_ioctl.c:589
sock_ioctl+0x150/0x320 net/socket.c:998
vfs_ioctl fs/ioctl.c:46 [inline]
do_vfs_ioctl+0xaf/0x840 fs/ioctl.c:686
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x452a39
RSP: 002b:00007f7d802cac58 EFLAGS: 00000212 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f7d802cb700 RCX: 0000000000452a39
RDX: 00000000207df000 RSI: 00000000000089f1 RDI: 0000000000000017
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000
R13: 0000000000a6f7ff R14: 00007f7d802cb9c0 R15: 0000000000000000
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a dumb bot. It may contain errors.
See
https://goo.gl/tpsmEJ for details.
Direct all questions to
syzk...@googlegroups.com.
Please credit me with: Reported-by: syzbot <
syzk...@googlegroups.com>
syzbot will keep track of this bug report.
Once a fix for this bug is merged into any tree, reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.