list_add double add: new=ffff8801c53c6d18, prev=ffff8801c53c6d18, next=ffff8801be4b7840.
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:31!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 8634 Comm: syz-executor4 Not tainted 4.19.0-rc3+ #231
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__list_add_valid+0xaa/0xb0 lib/list_debug.c:29
Code: e8 eb a9 48 89 f7 48 89 75 e8 e8 91 bf 31 fe 48 8b 75 e8 eb bb 48 89 f2 48 89 d9 4c 89 e6 48 c7 c7 60 a0 44 88 e8 8a 6d d4 fd <0f> 0b 0f 1f 40 00 48 b8 00 00 00 00 00 fc ff df 55 48 89 e5 41 55
RSP: 0018:ffff8801bab77378 EFLAGS: 00010282
RAX: 0000000000000058 RBX: ffff8801be4b7840 RCX: ffffc90004061000
RDX: 0000000000000000 RSI: ffffffff8164f955 RDI: 0000000000000005
RBP: ffff8801bab77390 R08: ffff8801a5840640 R09: ffffed003b5e4fe8
R10: ffffed003b5e4fe8 R11: ffff8801daf27f47 R12: ffff8801c53c6d18
R13: ffff8801c169ed00 R14: ffff8801c53c6cb0 R15: ffff8801c53c6d18
FS: 00007f0f45645700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2c733000 CR3: 00000001ac639000 CR4: 00000000001406e0
Call Trace:
__list_add include/linux/list.h:60 [inline]
list_add_tail include/linux/list.h:93 [inline]
p9_fd_request+0x145/0x400 net/9p/trans_fd.c:672
p9_client_rpc+0x299/0x1480 net/9p/client.c:767
p9_client_clunk+0x93/0x180 net/9p/client.c:1471
v9fs_dentry_release+0x68/0xd0 fs/9p/vfs_dentry.c:73
__dentry_kill+0x4c0/0x7a0 fs/dcache.c:571
dentry_kill+0xc9/0x5a0 fs/dcache.c:685
dput.part.26+0x660/0x790 fs/dcache.c:846
dput fs/dcache.c:829 [inline]
do_one_tree+0x37/0x40 fs/dcache.c:1529
shrink_dcache_for_umount+0xc7/0x2b0 fs/dcache.c:1543
generic_shutdown_super+0xd5/0x530 fs/super.c:441
kill_anon_super+0x3e/0x60 fs/super.c:1032
v9fs_kill_super+0x3e/0xa0 fs/9p/vfs_super.c:230
deactivate_locked_super+0x97/0x100 fs/super.c:329
deactivate_super+0x2bb/0x320 fs/super.c:360
cleanup_mnt+0xbf/0x160 fs/namespace.c:1098
__cleanup_mnt+0x16/0x20 fs/namespace.c:1105
task_work_run+0x1e8/0x2a0 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:193 [inline]
exit_to_usermode_loop+0x318/0x380 arch/x86/entry/common.c:166
prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
syscall_return_slowpath arch/x86/entry/common.c:268 [inline]
do_syscall_64+0x6be/0x820 arch/x86/entry/common.c:293
kobject: 'loop3' (0000000054c33ecc): kobject_uevent_env
entry_SYSCALL_64_after_hwframe+0x49/0xbe
kobject: 'loop3' (0000000054c33ecc): fill_kobj_path: path = '/devices/virtual/block/loop3'
RIP: 0033:0x4572d9
Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f0f45644c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00007f0f456456d4 RCX: 00000000004572d9
RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000020000780
RBP: 0000000000930140 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004d7b20 R14: 00000000004caa16 R15: 0000000000000001
Modules linked in:
Dumping ftrace buffer:
(ftrace buffer empty)
---[ end trace 1dd8550b6cc016b0 ]---
RIP: 0010:__list_add_valid+0xaa/0xb0 lib/list_debug.c:29
kobject: 'rx-0' (000000008718cd5d): kobject_cleanup, parent 00000000ebf11e05
Code: e8 eb a9 48 89 f7 48 89 75 e8 e8 91 bf 31 fe 48 8b 75 e8 eb bb 48 89 f2 48 89 d9 4c 89 e6 48 c7 c7 60 a0 44 88 e8 8a 6d d4 fd <0f> 0b 0f 1f 40 00 48 b8 00 00 00 00 00 fc ff df 55 48 89 e5 41 55
RSP: 0018:ffff8801bab77378 EFLAGS: 00010282
kobject: 'rx-0' (000000008718cd5d): auto cleanup 'remove' event
RAX: 0000000000000058 RBX: ffff8801be4b7840 RCX: ffffc90004061000
RDX: 0000000000000000 RSI: ffffffff8164f955 RDI: 0000000000000005
RBP: ffff8801bab77390 R08: ffff8801a5840640 R09: ffffed003b5e4fe8
R10: ffffed003b5e4fe8 R11: ffff8801daf27f47 R12: ffff8801c53c6d18
R13: ffff8801c169ed00 R14: ffff8801c53c6cb0 R15: ffff8801c53c6d18
FS: 00007f0f45645700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
kobject: '9p-102' (000000007c22f905): kobject_add_internal: parent: 'bdi', set: 'devices'
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2c733000 CR3: 00000001ac639000 CR4: 00000000001406e0