IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready list_add double add: new=ffff8880a49b0a18, prev=ffff8880a49b0a18, next=ffff8880a90caac0. ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:29! invalid opcode: 0000 [#1] PREEMPT SMP KASAN Modules linked in: CPU: 0 PID: 7010 Comm: syz-executor.5 Not tainted 4.14.146 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff888059e22340 task.stack: ffff888059e28000 RIP: 0010:__list_add_valid.cold+0x26/0x3c lib/list_debug.c:29 RSP: 0018:ffff888059e2fa00 EFLAGS: 00010282 RAX: 0000000000000058 RBX: ffff8880a90caa80 RCX: 0000000000000000 RDX: 000000000000da44 RSI: ffffffff814b2e55 RDI: ffffed100b3c5f36 RBP: ffff888059e2fa18 R08: 0000000000000058 R09: ffff888059e22c08 R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880a90caac0 R13: ffff8880a49b0a18 R14: ffff8880a49b0a18 R15: ffff8880a49b0a18 FS: 00007f3148bc3700(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000099a82000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __list_add include/linux/list.h:60 [inline] list_add_tail include/linux/list.h:93 [inline] p9_fd_request+0xe3/0x2b0 net/9p/trans_fd.c:679 p9_client_rpc+0x21b/0x1180 net/9p/client.c:774 kobject: 'loop0' (ffff8880a4978660): kobject_cleanup, parent (null) p9_client_clunk+0x89/0x150 net/9p/client.c:1507 v9fs_dentry_release+0x6d/0xd0 fs/9p/vfs_dentry.c:73 __dentry_kill+0x39a/0x580 fs/dcache.c:596 kobject: 'loop0' (ffff8880a4978660): calling ktype release dentry_kill fs/dcache.c:632 [inline] dput.part.0+0x59f/0x750 fs/dcache.c:847 dput fs/dcache.c:811 [inline] do_one_tree+0x44/0x50 fs/dcache.c:1507 shrink_dcache_for_umount+0x67/0x140 fs/dcache.c:1521 generic_shutdown_super+0x6d/0x370 fs/super.c:431 kobject: 'queue' (ffff8880a4977148): kobject_cleanup, parent (null) kill_anon_super+0x3f/0x60 fs/super.c:1006 v9fs_kill_super+0x3e/0xa0 fs/9p/vfs_super.c:230 deactivate_locked_super+0x74/0xe0 fs/super.c:319 deactivate_super fs/super.c:350 [inline] deactivate_super+0x85/0xa0 fs/super.c:346 cleanup_mnt+0xb2/0x150 fs/namespace.c:1183 __cleanup_mnt+0x16/0x20 fs/namespace.c:1190 task_work_run+0x114/0x190 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x1da/0x220 arch/x86/entry/common.c:164 kobject: 'queue' (ffff8880a4977148): calling ktype release prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline] syscall_return_slowpath arch/x86/entry/common.c:270 [inline] do_syscall_64+0x4bc/0x640 arch/x86/entry/common.c:297 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x459a29 RSP: 002b:00007f3148bc2c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000459a29 kobject: 'iosched' (ffff8880a4997210): kobject_cleanup, parent (null) RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000020000140 RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3148bc36d4 R13: 00000000004c9427 R14: 00000000004e0ae0 R15: 00000000ffffffff Code: e9 56 ff ff ff 4c 89 e1 48 c7 c7 kobject: 'queue': free name 80 30 9d 86 e8 4f a8 72 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 c0 31 9d 86 e8 38 a8 72 fe <0f> 0b 48 89 f1 48 c7 c7 40 31 9d 86 4c 89 e6 e8 24 a8 72 fe 0f kobject: 'iosched' (ffff8880a4997210): calling ktype release RIP: __list_add_valid.cold+0x26/0x3c lib/list_debug.c:29 RSP: ffff888059e2fa00 ---[ end trace b080b4e35e71bd37 ]--- kobject: 'loop0': free name