login: panic: /syzkaller/managers/main/kernel/sys/kern/kern_timeout.c:607: callout_cc_add: Bad list head 0xfffffe00077b7998 first->prev != head cpuid = 0 time = 1759921510 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0056a7d730 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0056a7d890 vpanic() at vpanic+0x257/frame 0xfffffe0056a7da50 panic() at panic+0xb5/frame 0xfffffe0056a7db10 callout_cc_add() at callout_cc_add+0x339/frame 0xfffffe0056a7db70 callout_reset_sbt_on() at callout_reset_sbt_on+0x74f/frame 0xfffffe0056a7dc90 callout_schedule() at callout_schedule+0x72/frame 0xfffffe0056a7dcd0 softclock_call_cc() at softclock_call_cc+0x422/frame 0xfffffe0056a7de80 softclock_thread() at softclock_thread+0x200/frame 0xfffffe0056a7def0 fork_exit() at fork_exit+0xcc/frame 0xfffffe0056a7df30 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0056a7df30 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- KDB: enter: panic [ thread pid 2 tid 100031 ] Stopped at kdb_enter+0x6e: movq $0,0x259ea67(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0x28 rax 0x12 rcx 0xfffffe0002bf1850 rdx 0 rbx 0xffffffff8280ac20 .str.27 rsp 0xfffffe0056a7d870 rbp 0xfffffe0056a7d890 rsi 0 rdi 0xffffffff81644d49 printf+0x149 r8 0 r9 0xffffffff r10 0x33e29d3e6cfd981b r11 0xb124434c r12 0xfffffe000781a780 r13 0xfffffffffffffffe r14 0xffffffff8280ac20 .str.27 r15 0 rip 0xffffffff8162e12e kdb_enter+0x6e rflags 0x46 kdb_enter+0x6e: movq $0,0x259ea67(%rip) db> show proc Process 2 (clock) at 0xfffffe0007808008: state: NORMAL uid: 0 gid: 0 supp gids: 0 parent: pid 0 at 0xffffffff83b57080 ABI: null flag: 0x10000284 flag2: 0 reaper: 0xffffffff83b57080 reapsubtree: 2 sigparent: 20 vmspace: 0xffffffff83b58060 (map 0xffffffff83b58060) (map.pmap 0xffffffff83b58100) (pmap 0xffffffff83b58170) threads: 2 100031 Run CPU 0 [clock (0)] 100032 RunQ [clock (1)] db> ps pid ppid pgrp uid state wmesg wchan cmd 1003 766 766 0 R syz-executor 1002 763 763 0 R (threaded) syz-executor 100118 RunQ syz-executor 100351 RunQ syz-executor 1001 764 764 0 R (threaded) syz-executor 100200 RunQ syz-executor 100350 S uwait 0xfffffe0058517900 syz-executor 995 765 765 0 R (threaded) syz-executor 100085 RunQ syz-executor 100338 S sbwait 0xfffffe0059b5a20c syz-executor 100343 S lthr 0xfffffe00540f4000 syz-executor 100348 S uwait 0xfffffe00582d0480 syz-executor 986 1 986 0 Ss+ ttyin 0xfffffe0053f678b0 getty 985 1 985 0 Ss+ ttyin 0xfffffe0053f670b0 getty 984 1 984 0 Ss+ ttyin 0xfffffe0053f668b0 getty 983 1 983 0 Ss+ ttyin 0xfffffe0053f660b0 getty 982 1 982 0 Ss+ ttyin 0xfffffe00594ad8b0 getty 981 1 981 0 Ss+ ttyin 0xfffffe00594ad0b0 getty 980 1 980 0 Ss+ ttyin 0xfffffe00594ac8b0 getty 979 1 979 0 Ss+ ttyin 0xfffffe00594ac0b0 getty 978 1 978 0 Ss+ ttyin 0xfffffe00582b80b0 getty 976 1 766 0 S uwait 0xfffffe0058519180 syz-executor 972 1 766 0 S uwait 0xfffffe006e4ef480 syz-execu