syzbot

IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
8021q: adding VLAN 0 to HW filter on device batadv0
list_add double add: new=ffff88808ea22758, prev=ffff88808ea22758, next=ffff8880a67d85c0.
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:29!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 7223 Comm: syz-executor.1 Not tainted 4.14.158-syzkaller #0
kobject: '9p-41' (ffff888095b9ce10): kobject_add_internal: parent: 'bdi', set: 'devices'
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff888097416180 task.stack: ffff88807fab8000
RIP: 0010:__list_add_valid.cold+0x26/0x3c lib/list_debug.c:29
RSP: 0018:ffff88807fabfa00 EFLAGS: 00010282
RAX: 0000000000000058 RBX: ffff8880a67d8580 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff86cc43c0 RDI: ffffed100ff57f36
RBP: ffff88807fabfa18 R08: 0000000000000058 R09: ffff888097416a48
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880a67d85c0
R13: ffff88808ea22758 R14: ffff88808ea22758 R15: ffff88808ea22758
FS:  00007f14e844a700(0000) GS:ffff8880aed00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8755a4d000 CR3: 000000007de71000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __list_add include/linux/list.h:60 [inline]
 list_add_tail include/linux/list.h:93 [inline]
 p9_fd_request+0xe3/0x2b0 net/9p/trans_fd.c:679
 p9_client_rpc+0x21b/0x1180 net/9p/client.c:774
kobject: '9p-41' (ffff888095b9ce10): kobject_uevent_env
kobject: '9p-41' (ffff888095b9ce10): fill_kobj_path: path = '/devices/virtual/bdi/9p-41'
 p9_client_clunk+0x89/0x150 net/9p/client.c:1507
 v9fs_dentry_release+0x6d/0xd0 fs/9p/vfs_dentry.c:73
 __dentry_kill+0x39a/0x580 fs/dcache.c:596
 dentry_kill fs/dcache.c:632 [inline]
 dput.part.0+0x59f/0x750 fs/dcache.c:847
 dput fs/dcache.c:811 [inline]
 do_one_tree+0x44/0x50 fs/dcache.c:1507
 shrink_dcache_for_umount+0x67/0x140 fs/dcache.c:1521
 generic_shutdown_super+0x6d/0x370 fs/super.c:431
 kill_anon_super+0x3f/0x60 fs/super.c:1006
 v9fs_kill_super+0x3e/0xa0 fs/9p/vfs_super.c:230
 deactivate_locked_super+0x74/0xe0 fs/super.c:319
 deactivate_super fs/super.c:350 [inline]
 deactivate_super+0x85/0xa0 fs/super.c:346
 cleanup_mnt+0xb2/0x150 fs/namespace.c:1183
 __cleanup_mnt+0x16/0x20 fs/namespace.c:1190
 task_work_run+0x114/0x190 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:191 [inline]
 exit_to_usermode_loop+0x1da/0x220 arch/x86/entry/common.c:164
 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:270 [inline]
 do_syscall_64+0x4bc/0x640 arch/x86/entry/common.c:297
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a6f9
RSP: 002b:00007f14e8449c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000002 RCX: 000000000045a6f9
RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000020000140
RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f14e844a6d4
R13: 00000000004cb211 R14: 00000000004e4988 R15: 00000000ffffffff
Code: e9 56 ff ff ff 4c 89 e1 48 c7 c7 80 0d 04 87 e8 bf 8f 40 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 c0 0e 04 87 e8 
kobject: '9p-42' (ffff888098142610): kobject_add_internal: parent: 'bdi', set: 'devices'
a8 8f 40 fe <0f> 0b 48 89 f1 48 c7 c7 40 0e 04 87 4c 89 e6 e8 94 8f 40 fe 0f 
RIP: __list_add_valid.cold+0x26/0x3c lib/list_debug.c:29 RSP: ffff88807fabfa00
---[ end trace 644dbe71b9835f23 ]---