panic: /syzkaller/managers/main/kernel/sys/kern/kern_timeout.c:607: callout_cc_add: Bad list head 0xfffffe00077b5d98 first->prev != head cpuid = 0 time = 1759841025 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0056a7d6b0 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0056a7d810 vpanic() at vpanic+0x257/frame 0xfffffe0056a7d9d0 panic() at panic+0xb5/frame 0xfffffe0056a7da90 callout_cc_add() at callout_cc_add+0x339/frame 0xfffffe0056a7daf0 callout_reset_sbt_on() at callout_reset_sbt_on+0x74f/frame 0xfffffe0056a7dc10 lim_cb() at lim_cb+0x341/frame 0xfffffe0056a7dcd0 softclock_call_cc() at softclock_call_cc+0x422/frame 0xfffffe0056a7de80 softclock_thread() at softclock_thread+0x200/frame 0xfffffe0056a7def0 fork_exit() at fork_exit+0xcc/frame 0xfffffe0056a7df30 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0056a7df30 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- KDB: enter: panic [ thread pid 2 tid 100031 ] Stopped at kdb_enter+0x6e: movq $0,0x259ea67(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0x28 rax 0x12 rcx 0xfffffe0002bf1850 rdx 0 rbx 0xffffffff8280ac20 .str.27 rsp 0xfffffe0056a7d7f0 rbp 0xfffffe0056a7d810 rsi 0 rdi 0xffffffff81644d49 printf+0x149 r8 0 r9 0xffffffff r10 0xb152f702c384b98f r11 0x17 r12 0xfffffe000781a780 r13 0xfffffffffffffffe r14 0xffffffff8280ac20 .str.27 r15 0 rip 0xffffffff8162e12e kdb_enter+0x6e rflags 0x46 kdb_enter+0x6e: movq $0,0x259ea67(%rip) db> show proc Process 2 (clock) at 0xfffffe0007808008: state: NORMAL uid: 0 gid: 0 supp gids: 0 parent: pid 0 at 0xffffffff83b57080 ABI: null flag: 0x10000284 flag2: 0 reaper: 0xffffffff83b57080 reapsubtree: 2 sigparent: 20 vmspace: 0xffffffff83b58060 (map 0xffffffff83b58060) (map.pmap 0xffffffff83b58100) (pmap 0xffffffff83b58170) threads: 2 100031 Run CPU 0 [clock (0)] 100032 I [clock (1)] db> ps pid ppid pgrp uid state wmesg wchan cmd 1021 763 763 0 R (threaded) syz-executor 100383 RunQ syz-executor 100441 RunQ syz-executor 1017 765 765 0 R (threaded) syz-executor 100426 RunQ syz-executor 100432 RunQ syz-executor 100438 S uwait 0xfffffe00786f4700 syz-executor 100439 S uwait 0xfffffe00786f4600 syz-executor 1013 1012 766 -1 S uwait 0xfffffe006e5a9000 syz-executor 1012 1011 766 -1 SV wait 0xfffffe0054158018 syz-executor 1011 766 766 -1 T (threaded) syz-executor 100421 s syz-executor 100422 D ppwait 0xfffffe0054158518 syz-executor 100424 s syz-executor 1009 764 764 0 T (threaded) syz-executor 100366 s syz-executor 100414 RunQ syz-executor 1008 0 0 0 DL - 0xffffffff83ccde00 [soaiod4] 1007 0 0 0 DL - 0xffffffff83ccde00 [soaiod3] 1006 0 0 0 DL - 0xffffffff83ccde00 [soaiod2] 1005 0 0 0 DL - 0xffffffff83ccde00 [soaiod1] 1004 1 763 0 S uwait 0xfffffe006e5a8b80 syz-executor 1001 1 765 0 S uwait 0xfffffe00582d1580 syz-executor 993 1 764 0 S uwait 0xfffffe007800d080 syz-executor 981 1 765 0 S uwait 0xfffffe00582d0f00 syz-executor 977 1 763 0 S uwait 0xfffffe006e5a9100 syz-executor 968 1 766 0 S uwait 0xfffffe00582d1680 syz-executor 962 1 763 0 S uwait 0xfffffe007800db00 syz-executor 957 1 765 0 S uwait 0xfffffe006e5aad80 syz-executor 953 1 765 0 S uwait 0xfffffe00582d2c80 syz-executor 952 1 765 0 S uwait 0xfffffe006e5a9a00 syz-executor 949 0 0 0 DL aiordy 0xfffffe005414d558 [aiod10] 948 0 0 0 DL aiordy 0xfffffe005414dab0 [aiod9] 947 0 0 0 DL aiordy 0xfffffe005414e008 [aiod8] 946 0 0 0 DL aiordy 0xfffffe005414e560 [aiod7] 945 0 0 0 DL aiordy 0xfffffe005414eab8 [aiod6] 944 0 0 0 DL aiordy 0xfffffe00540db568 [aiod5] 941 1 765 0 S uwait 0xfffffe006e5ab680 syz-executor 937 1 763 0 SV uwait 0xfffffe006e5ab000 syz-executor 930 0 0 0 DL (threaded) [so_splice] 100114 D - 0xfffffe006e5a9b00 [thr_0] 100278 D - 0xfffffe006e5a9b40 [thr_1] 929 1 766 0 S uwait 0xfffffe00582d2680 syz-executor 926 1 766 0 S uwait 0xfffffe00582d1280 syz-executor 925 1 766 0 S uwait 0xfffffe0058519380 syz-executor 924 1 766 0 S uwait 0xfffffe00582cfe80 syz-executor 923 1 766 0 S uwait 0xfffffe0058519580 syz-executor 920 1 766 0 S uwait 0xfffffe00582d1780 syz-executor 916 1 916 0 Ss+ ttyin 0xfffffe00595088b0 getty 915 1 915 0 Ss+ ttyin 0xfffffe00582b80b0 getty 914 1 914 0 Ss+ ttyin 0xfffffe00595080b0 getty 913 1 913 0 Ss+ ttyin 0xfffffe0053f660b0 getty 912 1 912 0 Ss+ ttyin 0xfffffe00582c3cb0 getty 911 1 911 0 Ss+ ttyin 0xfffffe00582c44b0 getty 910 1 910 0 Ss+ ttyin 0xfffffe0053f668b0 getty 909 1 909 0 Ss+ ttyin 0xfffffe0053f670b0 getty 908 1 908 0 Ss+ ttyin 0xfffffe0053f678b0 getty 907 1 764 0 S uwait 0xfffffe006e5aa380 syz-executor 897 1 763 0 S uwait 0xfffffe006e5aae80 syz-executor 895 1 764 0 S uwait 0xfffffe00582d0e00 syz-executor 888 1 766 0 S uwait 0xfffffe0058518b80 syz-executor 880 780 423 0 S kqread 0xfffffe0057e06a00 rtsol 839 1 763 0 S uwait 0xfffffe00582d2780 syz-executor 837 0 0 0 DL (threaded) [KTLS] 100134 D - 0xfffffe0058594200 [thr_0] 100138 D - 0xfffffe0058594280 [thr_1] 100139 D - 0xffffffff83ccf628 [reclaim_0] 824 1 764 0 S uwait 0xfffffe006e5ab780 syz-executor 817 0 0 0 DL aiordy 0xfffffe00540dc018 [aiod4] 816 0 0 0 DL aiordy 0xfffffe0054102010 [aiod3] 815 0 0 0 DL aiordy 0xfffffe00540dc570 [aiod2] 814 0 0 0 DL aiordy 0xfffffe0054101ab8 [aiod1] 780 1 423 0 S wait 0xfffffe0054100558 sh 766 762 766 0 R syz-executor 765 762 765 0 S nanslp 0xffffffff83badc41 syz-executor 764 762 764 0 R syz-executor 763 762 763 0 S nanslp 0xffffffff83badc41 syz-executor 762 760 760 0 S select 0xfffffe006dc311c0 syz-executor 760 1 760 0 Ss sigsu