panic: /syzkaller/managers/main/kernel/sys/kern/kern_timeout.c:607: callout_cc_add: Bad list head 0xfffffe0007fd4c00 first->prev != head cpuid = 0 time = 17 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0057280530 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0057280690 vpanic() at vpanic+0x257/frame 0xfffffe0057280850 panic() at panic+0xb5/frame 0xfffffe0057280910 callout_cc_add() at callout_cc_add+0x339/frame 0xfffffe0057280970 callout_reset_sbt_on() at callout_reset_sbt_on+0x74f/frame 0xfffffe0057280a90 mld_fasttimo() at mld_fasttimo+0x1b38/frame 0xfffffe0057280cd0 softclock_call_cc() at softclock_call_cc+0x422/frame 0xfffffe0057280e80 softclock_thread() at softclock_thread+0x200/frame 0xfffffe0057280ef0 fork_exit() at fork_exit+0xcc/frame 0xfffffe0057280f30 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0057280f30 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- KDB: enter: panic [ thread pid 2 tid 100031 ] Stopped at kdb_enter+0x6e: movq $0,0x25bda37(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0x28 rax 0x12 rcx 0xfffffe00033eee30 rdx 0 rbx 0xffffffff827b0020 .str.27 rsp 0xfffffe0057280670 rbp 0xfffffe0057280690 rsi 0 rdi 0xffffffff816145e9 printf+0x149 r8 0 r9 0xffffffff r10 0x4d7c105f668ee309 r11 0x17 r12 0xfffffe000801a740 r13 0xfffffffffffffffe r14 0xffffffff827b0020 .str.27 r15 0 rip 0xffffffff815fe75e kdb_enter+0x6e rflags 0x46 kdb_enter+0x6e: movq $0,0x25bda37(%rip) db> show proc Process 2 (clock) at 0xfffffe0008008020: state: NORMAL uid: 0 gids: 0 parent: pid 0 at 0xffffffff83b468e0 ABI: null flag: 0x10000284 flag2: 0x2 reaper: 0xffffffff83b468e0 reapsubtree: 2 sigparent: 20 vmspace: 0xffffffff83b47880 (map 0xffffffff83b47880) (map.pmap 0xffffffff83b47920) (pmap 0xffffffff83b47990) threads: 2 100031 Run CPU 0 [clock (0)] 100032 RunQ [clock (1)] db> ps pid ppid pgrp uid state wmesg wchan cmd 1241 766 766 0 R (threaded) syz-executor 100537 RunQ syz-executor 100659 Run CPU 1 syz-executor 100660 RunQ syz-executor 1240 0 0 0 DL mdwait 0xfffffe005a36e000 [md0] 1237 1095 1095 -1 R (threaded) syz-executor 100564 RunQ syz-executor 100656 S sbwait 0xfffffe005a0de20c syz-executor 100658 S uwait 0xfffffe00785dc280 syz-executor 1236 1 1095 0 S uwait 0xfffffe00785dc480 syz-executor 1233 1 766 0 S uwait 0xfffffe00785dbb00 syz-executor 1226 767 767 60928 T (threaded) syz-executor 100620 s syz-executor 100635 D fork 0xffffffff827b5361 syz-executor 1225 1036 1036 0 S (threaded) syz-executor 100089 S nanslp 0xffffffff83b9d500 syz-executor 100634 S pipdwt 0xfffffe005a068700 syz-executor 100637 S uwait 0xfffffe00785dc780 syz-executor 100638 S uwait 0xfffffe0058d08980 syz-executor 1224 1 1036 0 S uwait 0xfffffe0058951400 syz-executor 1215 1 1095 0 S uwait 0xfffffe006eb47080 syz-executor 1212 1 1036 0 S uwait 0xfffffe00785dd280 syz-executor 1209 1 1095 0 S uwait 0xfffffe006eb46300 syz-executor 1202 1 1036 0 S uwait 0xfffffe00785db800 syz-executor 1201 1 1199 0 S uwait 0xfffffe0058951500 syz-executor 1198 1 1036 0 S uwait 0xfffffe0058950000 syz-executor 1172 1 1172 0 Ss+ ttyin 0xfffffe005476e8b0 getty 1171 1 1171 0 Ss+ ttyin 0xfffffe005476e0b0 getty 1170 1 1170 0 Ss+ ttyin 0xfffffe005476d8b0 getty 1169 1 1169 0 Ss+ ttyin 0xfffffe005476d0b0 getty 1168 1 1168 0 Ss+ ttyin 0xfffffe005476f0b0 getty 1167 1 1167 0 Ss+ ttyin 0xfffffe0059cbc8b0 getty 1166 1 1166 0 Ss+ ttyin 0xfffffe0059cbc0b0 getty 1165 1 1165 0 Ss+ ttyin 0xfffffe0058aa04b0 getty 1163 1 1163 0 Ss+ ttyin 0xfffffe0058a9c8b0 getty 1154 1 1095 -1 S uwait 0xfffffe0058950b80 syz-executor 1151 1 1036 0 S uwait 0xfffffe005894f100 syz-executor 1149 1 767 0 S uwait 0xfffffe0058d0a500 syz-executor 1146 1 1095 0 S uwait 0xfffffe00785dc380 syz-executor 1141 1 766 0 S uwait 0xfffffe006eb47d00 syz-executor 1125 1 1095 0 S uwait 0xfffffe0058950c80 syz-executor 1123 1 1095 0 SV uwait 0xfffffe006eb48e00 syz-executor 1118 1 1118 0 S umtxn 0xfffffe0058d07700 syz-executor 1111 1 1036 0 S uwait 0xfffffe00785dc580 syz-executor 1109 1 1036 0 S uwait 0xfffffe0058d07e80 syz-executor 1108 1 1036 0 S uwait 0xfffffe006eb48080 syz-executor 1106 1 1036 0 S uwait 0xfffffe0058d0a580 syz-executor 1095 763 1095 0 S nanslp 0xffffffff83b9d500 syz-executor 1092 1 765 0 S uwait 0xfffffe006eb49280 syz-executor 1086 1 766 0 SV uwait 0xfffffe0058d07500 syz-executor 1082 1 766 0 S uwait 0xfffffe0058950d80 syz-executor 1080 1 1036 0 S uwait 0xfffffe0058d08d80 syz-executor 1075 1 1036 60928 S uwait 0xfffffe006eb49180 syz-executor 1063 1 765 0 S uwait 0xfffffe0058950e80 syz-executor 1062 1 766 0 S uwait 0xfffffe006eb46c00 syz-executor 1053 1 766 0 S uwait 0xfffffe006eb46c80 syz-executor 1045 1 766 0 S uwait 0xfffffe006eb46b80 syz-executor 1042 1 766 0 S uwait 0xfffffe006eb48d00 syz-executor 1041 1 766 0 S uwait 0xfffffe0058d08200 syz-executor 1036 763 1036 0 S nanslp 0xffffffff83b9d500 syz-executor 1035 1 766 0 S uwait 0xfffffe006eb46480 syz-executor 1034 1 767 0 SV uwait 0xfffffe005894f480 syz-executor 1013 1 765 0 S uwait 0xfffffe006eb47780 syz-executor 1009 1 764 0 S uwait 0xfffffe006eb48c00 syz-executor 1002 1 765 0 S uwait 0xfffffe006eb47a80 syz-executor 982 0 0 0 DL (threaded) [so_splice] 100235 D - 0xfffffe0058e3d300 [thr_0] 100275 D - 0xfffffe0058e3d340 [thr_1] 980 1 765 0 S uwait 0xfffffe0007f7e400 syz-executor 971 1 766 0 S uwait 0xfffffe006eb46e00 syz-executor 962 1 766 0 S uwait 0xfffffe0058d07900 syz-executor 952 1 765 0 S uwait 0xfffffe005894fc80 syz-executor 933 1 764 0 S uwait 0xfffffe0007f7e300 syz-executor 931 0 0 0 DL mdwait 0xfffffe0077c58000 [md1] 924 1 766 0 SV uwait 0xfffffe0058d08e80 syz-executor 920 1 764 0 S uwait 0xfffffe0007f7ee80 syz-executor 912 1 767 0 S uwait 0xfffffe0058d07800 syz-executor 907 0 0 0 DL (threaded) [KTLS] 100191 D - 0xfffffe0077c4c100 [thr_0] 100192 D - 0xfffffe0077c4c180 [thr_1] 100193 D - 0xffffffff83caec28 [reclaim_0] 904 1 767 0 S uwait 0xfffffe0058950200 syz-executor 903 1 766 0 S uwait 0xfffffe0058d07200 syz-executor 884 1 766 0 S uwait 0xfffffe0007f7eb00 syz-executor 879 1 766 0 S uwait 0xfffffe006eb47580 syz-executor 878 1 766 0 S uwait 0xfffffe0007f7ec00 syz-executor 872 1 764 0 S uwait 0xfffffe006eb47480 syz-executor 840 1 767 0 S uwait 0xfffffe006eb47f00 syz-executor 814 1 766 0 S uwait 0xfffffe0058d07300 syz-executor 810 0 0 0 DL aiordy 0xfffffe00549025a0 [aiod4] 809 0 0 0 DL aiordy 0xfffffe0054902b00 [aiod3] 808 0 0 0 DL aiordy 0xfffffe005490ab00 [aiod2] 805 0 0 0 DL aiordy 0xfffffe0054908000 [aiod1] 767 763 767 0 S nanslp 0xffffffff83b9d500 syz-executor 766 763 766 0 S nanslp 0xffffffff83b9d500 syz-executor 763 761 761 0 S select 0xfffffe0059e97040 syz-executor 761 1 761 0 Ss pause 0xfffffe00548d0610 csh 17 0 0 0 DL syncer 0xffffffff83cbada0 [syncer] 16 0 0 0 DL vlruwt 0xfffffe0008028040 [vnlru] 15 0 0 0 DL (threaded) [bufdaemon] 100080 D psleep 0xffffffff83cb9360 [bufdaemon] 100083 D - 0xffffffff83002140 [bufspacedaemon-0] 100094 D sdflush 0xfffffe0059e7e8e8 [/ worker] 9 0 0 0 DL psleep 0xffffffff83d04380 [vmdaemon] 8 0 0 0 DL (threaded) [pagedaemon] 100078 D psleep 0xffffffff83cea2f8 [dom0] 100081 D launds 0xffffffff83cea304 [laundry: dom0] 100082 D umarcl 0xffffffff81dcf0a0 [uma] 7 0 0 0 DL - 0xffffffff8391acd0 [rand_harvestq] 6 0 0 0 DL pftm 0xffffffff843d0850 [pf purge] 5 0 0 0 DL waiting 0xffffffff848eb700 [sctp_iterator] 4 0 0 0 DL (threaded) [cam] 100046 D - 0xffffffff838e5340 [doneq0] 100047 D - 0xffffffff838e52c0 [async] 100076 D - 0xffffffff838e5140 [scanner] 3 0 0 0 DL (threaded) [crypto] 100043 D crypto_ 0xffffffff83ce5b40 [crypto] 100044 D crypto_ 0xfffffe0058566330 [crypto returns 0] 100045 D crypto_ 0xfffffe0058566380 [crypto returns 1] 14 0 0 0 DL seqstat 0xfffffe00547edc88 [sequencer 00] 13 0 0 0 DL (threaded) [geom] 100037 D - 0xffffffff83b45f00 [g_event] 100038 D - 0xffffffff83b45f20 [g_up] 100039 D - 0xffffffff83b45f40 [g_down] 2 0 0 0 RL (threaded) [clock] 100031 Run CPU 0 [clock (0)] 100032 RunQ [clock (1)] 12 0 0 0 WL (threaded) [intr] 100013 I [swi6: task queue] 100014 I [swi6: Giant taskq] 100016 I [swi5: fast taskq] 100033 I [swi1: netisr 0] 100034 I [swi1: hpts] 100035 I [swi1: hpts] 100048 I [irq24: virtio_pci0] 100049 I [irq25: virtio_pci0] 100050 I [irq26: virtio_pci0] 100051 I [irq27: virtio_pci0] 100052 I [irq28: virtio_pci1] 100053 I [irq29: virtio_pci1] 100054 I [irq30: virtio_pci1] 100055 I [irq31: virtio_pci1] 100056 I [irq32: virtio_pci1] 100061 I [irq10: virtio_pci2] 100063 I [irq1: atkbd0] 100064 I [irq12: psm0] 100065 I [swi0: uart uart++] 100069 I [swi1: pf send] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffffe0008009040 [init] 10 0 0 0 DL audit_w 0xffffffff83ce65e0 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D parked 0xffffffff84c2cff0 [swapper] 100005 D - 0xfffffe005462d700 [softirq_0] 100006 D - 0xfffffe005462d600 [softirq_1] 100007 D - 0xfffffe005462d500 [if_io_tqg_0] 100008 D - 0xfffffe005462d400 [if_io_tqg_1] 100009 D - 0xfffffe005462d300 [if_config_tqg_0] 100010 D - 0xfffffe0008bf9500 [kqueue_ctx taskq] 100011 D - 0xfffffe0008bf9300 [jail_remove taskq] 100012 D - 0xfffffe0008bf9100 [bus taskq] 100015 D - 0xfffffe0008bf8a00 [thread taskq] 100017 D - 0xfffffe0008bf8600 [aiod_kick taskq] 100018 D - 0xfffffe0008bf8400 [deferred_unmount ta] 100019 D - 0xfffffe0008bf8200 [inm_free taskq] 100020 D - 0xfffffe0008bf8000 [in6m_free taskq] 100021 D - 0xfffffe0008bf7d00 [linuxkpi_irq_wq] 100022 D - 0xfffffe0008bf7b00 [linuxkpi_short_wq_0] 100023 D - 0xfffffe0008bf7b00 [linuxkpi_short_wq_1] 100024 D - 0xfffffe0008bf7b00 [linuxkpi_short_wq_2] 100025 D - 0xfffffe0008bf7b00 [linuxkpi_short_wq_3] 100026 D - 0xfffffe0008bf7600 [linuxkpi_long_wq_0] 100027 D - 0xfffffe0008bf7600 [linuxkpi_long_wq_1] 100028 D - 0xfffffe0008bf7600 [linuxkpi_long_wq_2] 100029 D - 0xfffffe0008bf7600 [linuxkpi_long_wq_3] 100036 D - 0xfffffe0008bf6a00 [firmware taskq] 100041 D - 0xfffffe0008bf6300 [crypto_0] 100042 D - 0xfffffe0008bf6300 [crypto_1] 100057 D - 0xfffffe0058565900 [vtnet0 rxq 0] 100058 D - 0xfffffe0058565800 [vtnet0 txq 0] 100059 D - 0xfffffe0058565700 [vtnet0 rxq 1] 100060 D - 0xfffffe0058565600 [vtnet0 txq 1] 100062 D vtbslp 0xfffffe005858d000 [virtio_balloon] 100066 D - 0xffffffff827b5361 [deadlkres] 100070 D - 0xfffffe0058d0dd00 [acpi_task_0] 100071 D - 0xfffffe0058d0dd00 [acpi_task_1] 100072 D - 0xfffffe0058d0dd00 [acpi_task_2] 100074 D - 0xfffffe0008bfa100 [mca taskq] 100075 D - 0xfffffe0058566000 [CAM taskq] 100077 D - 0xfffffe0058564400 [ipsec_offload] 100151 D - 0xfffffe006eb72100 [netlink_socket (PID] 100301 D - 0xfffffe0058d0b200 [netlink_socket (PID] 100370 D - 0xfffffe006eb72500 [system_taskq_0] 100371 D - 0xfffffe006eb72500 [system_taskq_1] 100372 D - 0xfffffe007893d500 [system_delay_taskq_] 100373 D - 0xfffffe007893d500 [system_delay_taskq_] 100375 D - 0xfffffe007893d800 [arc_prune] 100376 D - 0xfffffe007893da00 [arc_flush_0] 100377 D - 0xfffffe007893da00 [arc_flush_1] 100398 D - 0xfffffe007893e200 [dbu_evict] 100423 D - 0xfffffe0058566c00 [z_vdev_file_0] 100424 D - 0xfffffe0058566c00 [z_vdev_file_1] 100425 D - 0xfffffe0058566c00 [z_vdev_file_2] 100426 D - 0xfffffe0058566c00 [z_vdev_file_3] 100427 D - 0xfffffe0058566c00 [z_vdev_file_4] 100428 D - 0xfffffe0058566c00 [z_vdev_file_5] 100429 D - 0xfffffe0058566c00 [z_vdev_file_6] 100430 D - 0xfffffe0058566c00 [z_vdev_file_7] 100431 D - 0xfffffe0058566c00 [z_vdev_file_8] 100432 D - 0xfffffe0058566c00 [z_vdev_file_9] 100433 D - 0xfffffe0058566c00 [z_vdev_file_10] 100434 D -