WARNING in remove_proc_entry (2)

From: syzbot
Date: Wed Nov 21 2018 - 12:52:06 EST


Hello,

syzbot found the following crash on:

HEAD commit: c8ce94b8fe53 Merge tag 'mips_fixes_4.20_3' of git://git.ke..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1325f225400000
kernel config: https://syzkaller.appspot.com/x/.config?x=73e2bc0cb6463446
dashboard link: https://syzkaller.appspot.com/bug?extid=46d1fec9e51890edb1a6
compiler: gcc (GCC) 8.0.1 20180413 (experimental)

Unfortunately, I don't have any reproducer for this crash yet.

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+46d1fec9e51890edb1a6@xxxxxxxxxxxxxxxxxxxxxxxxx

IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
------------[ cut here ]------------
remove_proc_entry: removing non-empty directory 'net/bonding', leaking at least 'ï'
WARNING: CPU: 0 PID: 9001 at fs/proc/generic.c:681 remove_proc_entry+0x3e1/0x4a0 fs/proc/generic.c:679
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 9001 Comm: kworker/u4:6 Not tainted 4.20.0-rc3+ #343
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x244/0x39d lib/dump_stack.c:113
panic+0x2ad/0x55c kernel/panic.c:188
__warn.cold.8+0x20/0x45 kernel/panic.c:540
report_bug+0x254/0x2d0 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:178 [inline]
do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:271
do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:290
invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:969
RIP: 0010:remove_proc_entry+0x3e1/0x4a0 fs/proc/generic.c:679
Code: fa 48 c1 ea 03 80 3c 02 00 0f 85 86 00 00 00 49 8b 94 24 c8 00 00 00 48 c7 c6 80 2f 37 88 48 c7 c7 00 2f 37 88 e8 1f c9 52 ff <0f> 0b e9 19 fe ff ff e8 93 b7 cc ff e9 88 fd ff ff e8 49 b8 cc ff
RSP: 0000:ffff88817e3172f0 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff8881c0602180 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8165eaf5 RDI: 0000000000000005
RBP: ffff88817e3173c8 R08: ffff8881c0e88400 R09: ffffed103b5c5020
R10: ffffed103b5c5020 R11: ffff8881dae28107 R12: ffff8881ced1e340
R13: ffff88817e317320 R14: 1ffff1102fc62e60 R15: ffff8881c0602228
bond_destroy_proc_dir+0x87/0xdd drivers/net/bonding/bond_procfs.c:307
bond_net_exit+0x33f/0x4d0 drivers/net/bonding/bond_main.c:4837
ops_exit_list.isra.5+0xb0/0x160 net/core/net_namespace.c:153
cleanup_net+0x555/0xb10 net/core/net_namespace.c:551
process_one_work+0xc90/0x1c40 kernel/workqueue.c:2153
worker_thread+0x17f/0x1390 kernel/workqueue.c:2296
kthread+0x35a/0x440 kernel/kthread.c:246
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352
Kernel Offset: disabled
Rebooting in 86400 seconds..


---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@xxxxxxxxxxxxxxxxx

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with syzbot.