list_add double add: new=ffff888095ad01a0, prev=ffffffff8821fa40, next=ffff888095ad01a0.
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xf7/0x13b lib/dump_stack.c:58
------------[ cut here ]------------
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold.3+0x105/0x14b lib/fault-inject.c:149
kernel BUG at lib/list_debug.c:31!
 should_failslab+0xba/0xf0 mm/failslab.c:32
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc mm/slab.c:3376 [inline]
 kmem_cache_alloc+0x2cf/0x790 mm/slab.c:3550
Modules linked in:
CPU: 1 PID: 6764 Comm: syz-executor.1 Not tainted 4.14.164-syzkaller #0
 alloc_inode+0x86/0x150 fs/inode.c:211
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 new_inode_pseudo+0xc/0xd0 fs/inode.c:898
task: ffff8880a58c2300 task.stack: ffff88808a028000
 new_inode+0x14/0x30 fs/inode.c:927
RIP: 0010:__list_add_valid+0xaa/0xb0 lib/list_debug.c:29
 simple_fill_super+0xf3/0x630 fs/libfs.c:527
RSP: 0018:ffff88808a02fc08 EFLAGS: 00010086
RAX: 0000000000000058 RBX: ffff888095ad01a0 RCX: 0000000000000000
RDX: 0000000000000058 RSI: 0000000000000000 RDI: ffffed1011405f78
 nfsd_fill_super+0x45/0x50 fs/nfsd/nfsctl.c:1180
RBP: ffff88808a02fc20 R08: 0000000000000001 R09: 0000000000000000
 mount_ns+0xd0/0x170 fs/super.c:1051
R10: ffff88808a02f7c0 R11: ffff8880a58c2300 R12: ffff888095ad01a0
 nfsd_mount+0x93/0xf0 fs/nfsd/nfsctl.c:1187
R13: ffff888095ad01a0 R14: 0000000000000282 R15: ffff8880a120b500
FS:  00000000015af940(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000
 mount_fs+0x7f/0x269 fs/super.c:1237
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000070e158 CR3: 00000000a6fc8000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 vfs_kern_mount.part.33+0x58/0x3c0 fs/namespace.c:1046
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
 vfs_kern_mount fs/namespace.c:1036 [inline]
 do_new_mount fs/namespace.c:2549 [inline]
 do_mount+0x36b/0x26a0 fs/namespace.c:2879
Call Trace:
 __list_add include/linux/list.h:60 [inline]
 list_add include/linux/list.h:79 [inline]
 __put_net+0x3b/0x100 net/core/net_namespace.c:530
 put_net include/net/net_namespace.h:219 [inline]
 __sk_destruct+0x3eb/0x4e0 net/core/sock.c:1580
 sk_destruct+0x83/0xb0 net/core/sock.c:1596
 __sk_free+0x47/0x1f0 net/core/sock.c:1604
 SYSC_mount fs/namespace.c:3095 [inline]
 SyS_mount+0xb8/0xd0 fs/namespace.c:3072
 sk_free+0x23/0x30 net/core/sock.c:1615
 sock_put include/net/sock.h:1658 [inline]
 tcp_close+0x94a/0xf00 net/ipv4/tcp.c:2304
 do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292
 inet_release+0xd9/0x1c0 net/ipv4/af_inet.c:425
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
 __sock_release+0xc2/0x2a0 net/socket.c:602
RIP: 0033:0x459279
 sock_close+0x10/0x20 net/socket.c:1139
RSP: 002b:00007fe960d58c78 EFLAGS: 00000246
 __fput+0x232/0x750 fs/file_table.c:210
 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fe960d58c90 RCX: 0000000000459279
 ____fput+0x9/0x10 fs/file_table.c:244
RDX: 0000000020000240 RSI: 0000000020000000 RDI: 0000000000000000
 task_work_run+0xe5/0x170 kernel/task_work.c:113
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
 tracehook_notify_resume include/linux/tracehook.h:191 [inline]
 exit_to_usermode_loop+0x16a/0x1b0 arch/x86/entry/common.c:164
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe960d596d4
R13: 00000000004c56a3 R14: 00000000004d9a20 R15: 0000000000000004
 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:270 [inline]
 do_syscall_64+0x416/0x5b0 arch/x86/entry/common.c:297
kobject: 'loop0' (ffff8880a497af20): kobject_uevent_env
kobject: 'loop0' (ffff8880a497af20): fill_kobj_path: path = '/devices/virtual/block/loop0'
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x412f40
RSP: 002b:00007fff709d8d28 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 00007fff709d8e30 RCX: 0000000000412f40
RDX: 00000000000000e0 RSI: 00007fff709d9210 RDI: 0000000000000003
RBP: 0000000000000003 R08: 0000000000006000 R09: 0000000000004000
R10: 00007fff709d8e30 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff709d94b0 R14: 000000000000f73b R15: 00007fff709d94c0
Code: 75 e8 eb a9 48 89 f7 48 89 75 e8 e8 f1 
kobject: 'loop3' (ffff8880a4a7ca20): kobject_uevent_env
b0 af fe 48 8b 75 e8 eb bb 48 89 f2 48 89 d9 4c 89 e6 48 c7 c7 00 d9 bc 86 e8 a3 10 76 fe <0f> 0b 0f 1f 40 00 48 b8 00 00 00 00 00 fc ff df 55 48 89 e5 41 
RIP: __list_add_valid+0xaa/0xb0 lib/list_debug.c:29 RSP: ffff88808a02fc08
---[ end trace b14f8dcc7b298f70 ]---