panic: /syzkaller/managers/main/kernel/sys/kern/kern_timeout.c:607: callout_cc_add: Bad list head 0xfffffe0007fc9078 first->prev != head cpuid = 0 time = 1747154476 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe00574015b0 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0057401710 vpanic() at vpanic+0x257/frame 0xfffffe00574018d0 panic() at panic+0xb5/frame 0xfffffe0057401990 callout_cc_add() at callout_cc_add+0x339/frame 0xfffffe00574019f0 callout_reset_sbt_on() at callout_reset_sbt_on+0x74f/frame 0xfffffe0057401b10 sleepq_set_timeout_sbt() at sleepq_set_timeout_sbt+0x20b/frame 0xfffffe0057401bd0 _sleep() at _sleep+0x468/frame 0xfffffe0057401d30 random_kthread() at random_kthread+0x6d7/frame 0xfffffe0057401ef0 fork_exit() at fork_exit+0xcc/frame 0xfffffe0057401f30 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0057401f30 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- KDB: enter: panic [ thread pid 7 tid 100073 ] Stopped at kdb_enter+0x6e: movq $0,0x25bda67(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0x28 rax 0x12 rcx 0xfffffe00033eee30 rdx 0 rbx 0xffffffff827b0020 .str.27 rsp 0xfffffe00574016f0 rbp 0xfffffe0057401710 rsi 0 rdi 0xffffffff816145b9 printf+0x149 r8 0 r9 0xffffffff r10 0xf3e263173f61593f r11 0x2 r12 0xfffffe00081fb000 r13 0xfffffffffffffffe r14 0xffffffff827b0020 .str.27 r15 0 rip 0xffffffff815fe72e kdb_enter+0x6e rflags 0x46 kdb_enter+0x6e: movq $0,0x25bda67(%rip) db> show proc Process 7 (rand_harvestq) at 0xfffffe00080295c0: state: NORMAL uid: 0 gids: 0 parent: pid 0 at 0xffffffff83b468e0 ABI: null flag: 0x10000204 flag2: 0 reaper: 0xffffffff83b468e0 reapsubtree: 7 sigparent: 20 vmspace: 0xffffffff83b47880 (map 0xffffffff83b47880) (map.pmap 0xffffffff83b47920) (pmap 0xffffffff83b47990) threads: 1 100073 Run - 0xffffffff8391acd0 [rand_harvestq] db> ps pid ppid pgrp uid state wmesg wchan cmd 1192 764 764 0 R (threaded) syz-executor 100601 RunQ syz-executor 100647 Run CPU 1 syz-executor 1190 766 766 0 R (threaded) syz-executor 100544 RunQ syz-executor 100645 S uwait 0xfffffe006eb39b00 syz-executor 1189 1 766 0 S uwait 0xfffffe007a806e00 syz-executor 1188 936 936 0 R (threaded) syz-executor 100115 RunQ syz-executor 100640 S uwait 0xfffffe006eb39380 syz-executor 100642 S uwait 0xfffffe0058952900 syz-executor 1184 1183 767 0 T syz-executor 1183 767 767 0 R (threaded) syz-executor 100606 RunQ syz-executor 100632 S wait 0xfffffe0054966b00 syz-executor 100638 S uwait 0xfffffe007a808300 syz-executor 100639 S uwait 0xfffffe0007f7eb80 syz-executor 1175 1 764 0 S uwait 0xfffffe0058952580 syz-executor 1170 1 764 0 SV uwait 0xfffffe006eb3c100 syz-executor 1169 1 767 0 S uwait 0xfffffe0058d0a300 syz-executor 1168 0 0 0 DL mdwait 0xfffffe005a127000 [md0] 1153 1 767 0 S uwait 0xfffffe0007f7eb00 syz-executor 1150 1 764 0 S uwait 0xfffffe0058d07180 syz-executor 1144 1 766 0 SV uwait 0xfffffe0058d0a500 syz-executor 1133 1 936 0 S uwait 0xfffffe006eb39880 syz-executor 1129 1 764 0 S uwait 0xfffffe0058950b80 syz-executor 1117 1 764 0 S uwait 0xfffffe0058d08480 syz-executor 1113 1 764 0 S uwait 0xfffffe0058d08900 syz-executor 1110 1 764 0 S uwait 0xfffffe006eb3c000 syz-executor 1109 1 766 0 S uwait 0xfffffe0058d08600 syz-executor 1107 1 766 0 S uwait 0xfffffe005894f400 syz-executor 1106 1 766 0 S uwait 0xfffffe005894f480 syz-executor 1103 1 766 0 S uwait 0xfffffe0058d08400 syz-executor 1101 1 936 0 S uwait 0xfffffe0058d07e80 syz-executor 1100 1 936 0 S uwait 0xfffffe0058d0a680 syz-executor 1095 1 764 0 S uwait 0xfffffe006eb3c380 syz-executor 1091 1 764 0 S uwait 0xfffffe0058d07a80 syz-executor 1087 1 936 0 S uwait 0xfffffe0058d07b80 syz-executor 1082 1 767 0 S uwait 0xfffffe006eb3a200 syz-executor 1081 1 767 0 S uwait 0xfffffe0058d07880 syz-executor 1080 1 767 0 S uwait 0xfffffe0058d0a480 syz-executor 1079 1 767 0 S uwait 0xfffffe006eb3a180 syz-executor 1076 1 767 0 S uwait 0xfffffe0007f7ec00 syz-executor 1074 1 767 0 S uwait 0xfffffe006eb39700 syz-executor 1072 1 767 0 S uwait 0xfffffe0058d07980 syz-executor 1068 1 766 0 SV uwait 0xfffffe006eb39500 syz-executor 1066 1 936 0 S uwait 0xfffffe006eb3a680 syz-executor 1060 1 936 0 S uwait 0xfffffe006eb3ac00 syz-executor 1057 1 766 0 S uwait 0xfffffe006eb39280 syz-executor 1055 1 766 0 S uwait 0xfffffe0058d07780 syz-executor 1054 1 766 0 S uwait 0xfffffe0058d0af00 syz-executor 1052 1 766 0 S uwait 0xfffffe0058d0a800 syz-executor 1049 1 936 0 S umtxn 0xfffffe006eb3b080 syz-executor 1044 1 766 0 S uwait 0xfffffe0058d0a900 syz-executor 1043 1 766 0 S uwait 0xfffffe006eb3aa80 syz-executor 1042 1 764 0 S uwait 0xfffffe006eb39c00 syz-executor 1033 1 764 0 S uwait 0xfffffe006eb3a280 syz-executor 1027 1 767 0 SV uwait 0xfffffe0058d0ab00 syz-executor 1020 1 936 0 S uwait 0xfffffe006eb39180 syz-executor 1019 1 766 0 S uwait 0xfffffe006eb3be80 syz-executor 1018 1 764 0 SV uwait 0xfffffe006eb39080 syz-executor 1009 1 767 0 S uwait 0xfffffe0058950200 syz-executor 1004 1 764 0 S uwait 0xfffffe0058d08300 syz-executor 1001 1 767 0 S uwait 0xfffffe0058950500 syz-executor 1000 1 764 0 S uwait 0xfffffe0058d09100 syz-executor 995 1 766 0 S uwait 0xfffffe006eb3a400 syz-executor 992 1 766 0 S uwait 0xfffffe0058d07200 syz-executor 989 1 767 0 S uwait 0xfffffe0058d08700 syz-executor 982 1 767 0 S uwait 0xfffffe0007f7ee00 syz-executor 978 1 766 0 S uwait 0xfffffe0058951600 syz-executor 975 1 766 0 S uwait 0xfffffe006eb39e80 syz-executor 974 1 766 0 S uwait 0xfffffe0058950780 syz-executor 973 1 766 0 S uwait 0xfffffe0058950400 syz-executor 969 0 0 0 DL - 0xffffffff83b47d40 [accounting] 968 1 936 0 SV uwait 0xfffffe006eb3a780 syz-executor 963 1 764 0 S uwait 0xfffffe0058950600 syz-executor 962 1 764 0 S uwait 0xfffffe006eb3a000 syz-executor 961 1 764 0 S uwait 0xfffffe006eb3af00 syz-executor 944 1 767 0 S uwait 0xfffffe0058951400 syz-executor 939 1 767 0 S uwait 0xfffffe0058d08e80 syz-executor 936 763 936 0 R syz-executor 928 1 764 0 S uwait 0xfffffe0058950580 syz-executor 927 1 764 0 S uwait 0xfffffe0058d08c80 syz-executor 925 1 764 0 S uwait 0xfffffe0007f7e780 syz-executor 923 1 764 0 S uwait 0xfffffe0058d09200 syz-executor 922 1 766 0 SV uwait 0xfffffe0058950000 syz-executor 920 1 766 0 S uwait 0xfffffe006eb3a980 syz-executor 914 0 0 0 DL (threaded) [so_splice] 100212 D - 0xfffffe0058e3e080 [thr_0] 100213 D - 0xfffffe0058e3e0c0 [thr_1] 911 1 767 0 S uwait 0xfffffe0058950100 syz-executor 909 1 767 0 S uwait 0xfffffe0058950880 syz-executor 908 1 767 0 S uwait 0xfffffe006eb3bc80 syz-executor 905 1 766 0 S uwait 0xfffffe0058950c80 syz-executor 902 1 764 0 S uwait 0xfffffe0058d07e00 syz-executor 898 1 898 0 Ts+ getty 897 1 897 0 Ts+ getty 896 1 896 0 Ts+ getty 895 1 895 0 Ts+ getty 894 1 894 0 Ts+ getty 893 1 893 0 Ts+ getty 892 1 892 0 Ts+ getty 891 1 891 0 Ts+ getty 890 1 890 0 Ts+ getty 887 1 765 0 S uwait 0xfffffe006eb3b980 syz-executor 886 1 765 0 S uwait 0xfffffe006eb3a580 syz-executor 877 1 764 0 S uwait 0xfffffe006eb3a880 syz-executor 871 782 424 0 S kqread 0xfffffe0058d0c600 rtsol 845 0 0 0 DL aiordy 0xfffffe0054905560 [aiod4] 844 0 0 0 DL aiordy 0xfffffe0054905ac0 [aiod3] 843 0 0 0 DL aiordy 0xfffffe0054906020 [aiod2] 842 0 0 0 DL aiordy 0xfffffe0054906580 [aiod1] 825 1 766 0 S umtxn 0xfffffe0058d08d80 syz-executor 808 0 0 0 DL (threaded) [KTLS] 100121 D - 0xfffffe006eb6f700 [thr_0] 100125 D - 0xfffffe006eb6f780 [thr_1] 100126 D - 0xffffffff83caec28 [reclaim_0] 782 1 424 0 S wait 0xfffffe00548c7b00 sh 767 763 767 0 R syz-executor 766 763 766 0 R syz-executor 764 763 764 0 R syz-executor 763 1 761 0 S select 0xfffffe0058cf5f40 syz-executor 737 1 18 0 S+ nanslp 0xffffffff83b9d500 sleep 17 0 0 0 DL syncer 0xffffffff83cbada0 [syncer] 16 0