Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address	= 0x0
fault code		= supervisor read data, page not present
instruction pointer	= 0x20:0xffffffff8159dc41
stack pointer	        = 0x0:0xfffffe0056eb9a60
frame pointer	        = 0x0:0xfffffe0056eb9ba0
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= resume, IOPL = 0
current process		= 934 (syz-executor)
rdi: 0000000000000000 rsi: 0000000000000000 rdx: 0000000000000000
rcx: fffffe0002bf1850  r8: 0000000000000000  r9: 0000000000000001
rax: fffffe0000000000 rbx: fffffe005412cf40 rbp: fffffe0056eb9ba0
r10: e7166de9ea0366cb r11: 0000000000000017 r12: 0000000000000000
r13: 00000033e9438814 r14: fffffe005412cf38 r15: 0000000000000000
trap number		= 12
NMI/cpu0 ... going to debugger
timeout stopping cpus
panic: page fault
cpuid = 0
time = 1758934225
KDB: stac[ k thbarcpkatnriac:ce :Ass
ertion curthread->td_pinned > 0 failed at /syzkaller/managers/main/kernel/sys/sys/sched.h:192
cpuid = 0
time = 1758934225
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0056eb9290
db_trace_self_wrapper+0xc6/frame 0xffffffff83d2de30
kdb_backtrace() at kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0056eb93f0
kdb_backtrace+0xd0/frame 0xffffffff83d2df90
vpanic() at vpanic() at vpanic+0x257/frame 0xfffffe0056eb95b0
vpanic+0x257/frame 0xffffffff83d2e150
panic() at panic() at panic+0xb5/frame 0xfffffe0056eb9670
panic+0xb5/frame 0xffffffff83d2e220
trap_pfault() at DELAY() at trap_pfault+0xaf2/frame 0xfffffe0056eb97b0
DELAY+0x279/frame 0xffffffff83d2e270
trap() at ns8250_putc() at trap+0x78e/frame 0xfffffe0056eb9990
ns8250_putc+0x172/frame 0xffffffff83d2e2d0
calltrap() at calltrap+0x8/frame 0xfffffe0056eb9990
--- trap 0xc, rip = 0xffffufafrfft8_1c5np9udtcc4(1,)a  trsp = 0xfffffe0056eb9a60, rbp = 0xfffffe0056eb9ba0 ---
uart_cnputc+0xab/frame 0xffffffff83d2e310
callout_process() at callout_process+0x441/frame 0xfffffe0056eb9ba0
cnputc() at cnputc+0x130/frame 0xffffffff83d2e340
handleevents() at handleevents+0x3ee/frame 0xfffffe0056eb9c10
db_putc() at db_putc+0x28f/frame 0xffffffff83d2e370
timercb() at timercb+0x3cb/frame 0xfffffe0056eb9ce0
kvprintf() at kvprintf+0x1d5/frame 0xffffffff83d2e530
lapic_handle_timer() at lapic_handle_timer+0x17f/frame 0xfffffe0056eb9d2d0b_p
rintf() at db_printf+0x125/fXrtaimeme  r in  t ( )  a  t   0xffffffff83d2e670
Xtimerint+0xb1/frame 0xfffffe0056eb9d20
--- interrupt, rip = 0xffffffff8211ed81, rsp = 0xfffffe0056eb9df0, rbp = 0xfffffe0056eb9e10 ---
db_trap() at spinlock_exit() at db_trap+0x1d2/frame 0xffffffff83d2e7b0
spinlock_exit+0xd1/frame 0xfffffe0056eb9e10
kdb_trap() at sleepq_switkcdbh_(t)r  aap+t0x66c/frame 0xffffffff83d2e970
sleepq_switch+0x1f0/frame 0xfffffe0056eb9e70
nmi_call_kdb() at _sleep() at nmi_call_kdb+0x132/frame 0xffffffff83d2e9b0
_sleep+0x6c8/frame 0xfffffe0056eb9fd0
nmi_call_kdb_smp() at bufwait() at nmi_call_kdb_smp+0x5f/frame 0xffffffff83d2e9f0
bufwait+0x129/frame 0xfffffe0056eba020
trap() at bufwrite() at trap+0x232/frame 0xffffffff83d2ebe0
bufwrite+0x493/frame 0xfffffe0056eba070
nmi_calltrap() at nmi_calltrap+0x8/frame 0xffffffff83d2ebe0
--- trap 0x13, rip = 0xffffffff81632522, rsp = 0xfffffe0056e666f0, rbp = 0xfffffe0ffs_0w5ri6tee66(7)1 0  - -  - 
 at lock_deflafsy_()w r it e + 0x  a5  f/ f  r a m e   0x  ff  f ff  e 0 0  56 e  ba 2  30  
 at lock_delay+0x42/frame 0xfffffe0056e66710
VOP_WRITE_APV() at _mtx_lock_spinV_cOoPo_kWRiIeT(E)_ aAPtV+0x28b/frame 0xfffffe0056eba450
_mtx_lock_spin_cookie+0x4a3/frame 0xfffffe0056e66830
vn_write() at __mtvnx__wlorcikt_es+0pixn9f_bfl/fargas(me)   a t   0xfffffe0056eba650
__mtx_lock_spin_flags+0x1b0/frame 0xfffffe0056e668f0
vn_io_fault_doio() at cvan_liloo_uft_aruelst_edt_osiobt+_0xon1(1)b /f  ra m  e   0 x f f ff  f e 0 0 5 6  ebata790
callout_reset_sbt_on+0x1f3/frame 0xfffffe0056e66a10
vn_io_fault1() at vn_io_fault1+0x788/frame 0txfcpff_tffime0er05_6aectbiav9fa0te(
) at tcp_timer_activate+0x56c/frame 0xfffffe0056e66a90
vn_io_fault() at vn_io_fault+0x47d/frame 0xfffffe0056ebab20
tcp_usr_connect() at tcp_usr_connect+0x523/frame 0xfffffe0056e66b90
dofilewrite() at dofilewrite+0x133/frame 0xfffffe0056ebab90
soconnectat() at soconnectat+0x1c0/frame 0xfffffe0056e66bf0
kern_pwritev() at kern_pwritev+0x14c/frame 0xfffffe0056ebac50
kern_connectat() at kern_connectat+0x300/frame 0xfffffe0056e66cd0
sys_pwritev() at sys_pwritev+0xef/frame 0xfffffe0056ebad10
sys_connect() at sys_connect+0xf5/frame 0xfffffe0056e66d10
amd64_syscall() at amd64_syscall+0x4e2/frame 0xfffffe0056ebaf30
amd64_syscall() at fast_syscall_common() at amd64_syscall+0x4e2/frame 0xfffffe0056e66f30
fast_syscall_common+0xf8/frame 0xfffffe0056ebaf30
--- syscall (1f9a8s,t  _sFryseceaBlSlD _cEoLmF6mo4,n( )   a  t   __syscall), rip = 0x3a52ba, rsp = 0x82559df08, rbp = 0x82559df80 ---
panic: mtx_lock_spin: recursed on non-recursive mutex callout @ /syzkaller/managers/main/kernel/sys/kern/kern_timeout.c:576

cpuid = 0
time = 17589f3a4s2t2_s5ys
cKDalB:l_ cstomacmkon b+a0xcfkt8/rfarcae:me
 0xfffffe0056e66f30
--- syscall (198, FreeBSD ELF64, __syscall), rip = 0x3a52ba, rsp = 0x8247a0f08, rbp = 0x8247a0f80 ---
panic: Assertion kstack_contains(td, (vm_offset_t)et, sizeof(*et)) failed at /dsyb_ztkarallceer_/smelafna_gewrras/ppmeari(n/) keatrnel/sys/kern/subr_epoch.c:470
cpuid = 0
time = 1758934225
KDB: stack backtrace:
 db_trace_self_wrapper+0xc6/frame 0xfffffe0056eb8d30
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xffffffff83d2d9b0
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0056eb8e90
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xffffffff83d2db10
vpanic() at vpanic+0x257/frame 0xfffffe0056eb9050
vpanic() at vpanic+0x257/frame 0xffffffff83d2dcd0
panic() at panic+0xb5/frame 0xfffffe0056eb9110
panic() at panic+0xb5/frame 0xffffffff83d2dd90
__mtx_lock_spin_flags() at __mtx_lock_spin_flags+0x28b/frame 0xff_fepffoceh_0e05nt6eerb_91prd0ee
mpt() at _epoch_enter_preempt+0x354/frame 0xffffffff83d2ddd0
_callout_stop_safe() at _callout_stop_safe+0x262/frame 0xfftcfpff_rel00_5s6heutbd9o30w0n()
 at tcp_rl_shutdown+0x9f/frame 0xffffffff83d2ded0
shutdown_resettodr() at shutdown_resettodkre+0rnx_21r/ebfrooatm(e)    at0xfffffe0056eb9330
kern_reboot+0x54e/frame 0xffffffff83d2df90
kern_reboot() at  vkeprann_irc(e)b oo t  +0 xpa5n4eic/f:r Aasmese 0rxtiffofn ffcuer00t5h6reebad93->f0td_
pinned > 0 failed at /syzkaller/managers/main/kernel/sys/sys/sched.h:192
cpuid = 0
time = 1758934225
KDB: stack backtrace:
db_trace_self_wrapper() at vpanic() at db_trace_self_wrapper+0xc6/frame 0xffffffff83d2cfb0
vpanic+0x338/frame 0xfffffe0056eb95b0
kdb_backtrace() at panic() at kdb_backtrace+0xd0/frame 0xffffffff83d2d110
panic+0xb5/frame 0xfffffe0056eb9670
vpanic() at trap_pfault() at vpanic+0x257/frame 0xffffffff83d2d2d0
trap_pfault+0xaf2/frame 0xfffffe0056eb97b0
panic() at trap() at panic+0xb5/frame 0xffffffff83d2d3a0
trap+0x78e/frame 0xfffffe0056eb9990
calltrap() at DELAY() at calltrap+0DxELpaAYni+0cx:27 9A/ssferartme io0xn fcfuffrtfhffrefa8d3d-2>tdd3_f0pi
nned > 0 failed at /syzkaller/managers/main/kernel/sys/sys/sched.h:192
cpuid = 0
time = 1758934225
KDB: stack backtrace:
db_trace_self_wrapper() at ns8250_putc() at db_trace_self_wrapper+0xc6/frame 0xfffffe0056eb8150
ns8250_putc+0x172/frame 0xffffffff83d2d450
kdb_backtrace() at uart_cnputc() at kdb_backtrace+0xd0/frame 0xfffffe0056eub8ar2bt_0c
nputc+0xab/frame 0xffffffff83d2d490
vpanic() at cnputc() at vpanic+0x257/frame 0xfcfnpfuftfec+0005x163e0b8/47f0ra
me 0xffffffff83d2d4c0
db_putc() at panic() at db_putc+0x159/frame 0xfffffffpfa83 d2  d 4 f 0  
nic+0xb5/frame 0xfffffe0056eb8540
kvprintf() at DELAY() at kvprintf+0x1d5/frame 0xffffffff83d2d6bD0ELA
Y+0x279/frame 0xfffffe0056eb8590
db_printf() at ns8250_putc() at db_printf+0x125/frame 0xffffffff83d2d800
ns8250_putc+0x172/frame 0xfffffe0056eb85f0
db_print_stack_entry() at uart_cnputc() at u  ardbt__pcrnipnuttc_+s0taxcakpapnainc:ic A:s seArtsisoernt ciuornth rcueradt->hrtde_adp-i>nntded_ p>i nn0 efda >i l0ed f atail e/sd yaztk a/lslyezr/kamallnaegre/rsm/pamnaiinc:/ kAerssneerl/tsioyns/ csuysrt/hscrpeaandi-c>:t dA_pssinerntedi o>n  c0 ufrtaihlreeda d-a>tt d_/spiyznkneald le>r/ 0ma fnaagielresd /amati /n/skyezrknalell/esr/ymsa/nsyags/erssch/emd.aih:n/19ke2r
necplu/isyd s/= s0ys/
tsimchee =d. 1h7:1589293
42cp2u5i
dK D=B 0: s
titameck = b 1a7ck5t8r93ac42e2:5

KDB: stack backtrace:
db_trace_self_dwrba_ptprepra(n)ic a:t Assertion curthread->td_pinned > 0 failed at /syzkaller/managers/main/kernel/sys/sys/sched.h:192
cpuid = 0
time = 1758934225
KDB: stack backtrace:
 db_trace_self_wrapper+0xc6/frame 0xfffffe0056eb6dd0
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xffffffff83d2b230
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0056eb6f30
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xffffffff83d2b390
vpanic() at vpanic+0x257/frame 0xfffffe0056eb70f0
vpanic() at vpanic+0x257/frame 0xffffffff83d2b550
panic() at panic+0xb5/frame 0xfffffe0056eb71b0
panic() at panic+0xb5/frame 0xffffffff83d2b620
DELAY() at DELAY+0x279/frame 0xfffffe0056eb7200
DELAY() at DELAY+0x279/frame 0xffffffff83d2b670
ns8250_putc() at ns8250_putc+0x172/frame 0xfffffe0056eb7260
ns8250_putc() at ns8250_putc+0x172/frame 0xffffffff83d2b6d0
uart_cnputc() at uart_cnputc+0xab/frame 0xfffffe0056eb72a0
uart_cnputc() at uart_cnputc+0xab/frame 0xffffffff83d2b710
cnputc() at cnputc+0x130/frame 0xfffffe0056eb72d0
cnputc() at cnputc+0x130/frame 0xffffffff83d2b740
putchar() at putchar+0xf0/frame 0xfffffe0056eb7410
db_putc() at db_putc+0x28f/frame 0xffffffff83d2b770
kvprintf() at kvprintf+0x1425/frame 0xfffffe0056eb75d0
kvprintf() at kvprintf+0x1425/frame 0xffffffff83d2b930
_vprintf() at _vprintf+0x186/frame 0xfffffe0056eb7770
db_printf() at db_printf+0x125/frame 0xffffffff83d2ba80
vprintf() at vprintf+0x27/frame 0xfffffe0056eb7790
db_print_stack_entry() at db_print_stack_entry+0x34/frame 0xffffffff83d2bab0
vpanic() at vpanic+0x376/frame 0xfffffe0056eb7950
db_backtrace() at db_backtrace+0x188/frame 0xffffffff83d2bb30
panic() at panic+0xb5/frame 0xfffffe0056eb7a20
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xffffffff83d2bc30
DELAY() at DELAY+0x279/frame 0xfffffe0056eb7a70
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xffffffff83d2bd90
ns8250_putc() at ns8250_putc+0x172/frame 0xfffffe0056eb7ad0
vpanic() at vpanic+0x257/frame 0xffffffff83d2bf50
uart_cnputc() at uart_cnputc+0xab/frame 0xfffffe0056eb7b10
panic() at panic+0xb5/frame 0xffffffff83d2c010cn
putc() at cnputc+0x130/frame 0xfffffe0056eb7b40
DELAY() at db_putc() at DELAY+0x279/frame 0xffffffff83d2c060
db_putc+0x28f/frame 0xfffffe0056eb7b70
ns8250_putc() at kvprnsi8ntpafn()i ca:t Assertion curthread->td_pinned > 0 failed at /syzkaller/managers/main/kernel/sys/sys/sched.h:192
cpuid = 0
time = 1758934225
KDB: stack backtrace:
 kvprintf+0x1eda/frame 0xfffffe0056eb7d30
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xffffffff83d2a710
db_printf() at db_printf+0x125/frame 0xfffffe0056eb7e70
kdb_backtrace() at db_printsym() atkdb_backtrace+0xd0/frame 0xffffffff83d2a870
db_printsym+0x2b3/frame 0xfffffe0056eb7fa0
vpanic() at vpandbi_c+pr0xin2p57a/nfirca:m Aes s0exrfftifofnff cffur8t3hd2reaaa3d-0>
td_pinned > 0 failed at /syzkaller/managers/main/kernel/sys/sys/sched.h:192
cpuid = 0
time = 1758934225
KDB: stack backtrace:
db_trace_self_wrapper() at panic() at db_trace_self_wrapper+0xc6/frame 0xfffffe0056eb63d0
panic+0xb5/frame 0xffffffff83d2ab00
kdb_backtrace() at DELAY() at kdb_backtrace+0xd0/frame 0xfffffe0056eb6530
DELAY+0x279/frame 0xffffffff83d2ab50
vpanic() at ns8250_putc() at vpanic+0x257/frame 0xfffffe0056eb66f0
ns8250_putc+0x172/frame 0xffffffff83d2abb0
panic() at uart_cnputc() at panic+0xb5/frame 0xfffffe0056eb67c0
uart_cnputc+0xab/frame 0xffffffff83d2abf0
DELAY() at cnputc() at DELAY+0x279/frame 0xfffffe0056eb6810
cnputc+0x130/frame 0xffffffff83d2ac20
ns8250_putc() at db_putc() at ns8d2b5_p0u_tpcu+t0c+x028x1f/72f/rfarmae m0ex f f f  ff0xffffff8f3df2ea00c5560e
b6870
uarktv_cprnpinuttcf(())    aatt uart_cknpvuptrcin+t0fx+a0bx/1fr42a5me/f0rxafmfef 0xffffffe0f0f5ff68eb36d28abe01
0
db_printf() at cnputc() at db_printf+0x125/frame 0xffffffff83cnpd2utafc+500x1
30/frame 0xfffffe0056eb68e0
db_printsym() at db_putc() at db_printsym+0x28a/fradmeb  _p0xutffc+ff0fx2ff8ff/8f3dr2ambe08 0  0
xfffffe0056eb6910
kvpridnbt_fpr()i n t_ s t a c  k _e nt  ry (  )  a t     at k  vdprbi_nptrfi+n0xt_1s425ta/cfrk_aement  ry   +00xxf4f1/fffrafeme00  56  eb   6a0xdf0f
ffffff83d2b0b0
db_printf() at db_backtrace() at db_printf+0x125/frame 0xfffffe0056eb6c20
db_backtrace+0x188/frame 0xffffffff83d2b130
db_print_stack_entry() at db_trace_self_wrapper() at ddbb__tprraincte__sstelacf_k_werantpperyr++00xxc364//ffrraammee    00xxffffffffffef0f0f5836de2bb6230c50

kdb_backtrace() at db_backtrace() at kdb_backtrace+0xd0/frame 0xffffffff8d3db_b2bac39k0tr
ace+0x188/frame 0xfffffe0056eb6cd0
db_travcpaen_sice(lf)_ w  raatpper() at db_trace_svelpfan_wircap+p0ex2r+570x/cf6r/amfre a0mex ff f  ff  ff  f8 3  d2  b 5 5 0  
0xfffffe0056eb6dd0
panic(k)d ba_tbacktrace() at panic+0xb5/frame  0kxdfbf_bffafcfktffr83adce+20bx6d200/
frame 0xfffffe0056eb6f30
DvELpaAnYi(c)  (a) tat vpanicDE+L0xA2Y5+70/x2fr79a/mefr a m e     0x0xfffffffffffef0f8053d6e2bb6707f00

ns8pa2n5i0c_p(u)t c  ()at   at pnasn8i2c5+00x_bp5/uftrc+ame0  0x1xf72ff/ffrfae0m0e5 6  eb07xf1fbf0f
ffff83d2b6d0
uart_cnputc()  aDtELAY() at uart_cnputc+0xab/frame 0DExfLfAfYf+0fffxf27839/df2rba7m10e 
0xfffffe0056eb7200
cnputc() at ns8250_putc() at cnputc+0x130/fnrsa8m25e0_  p  u0xtcfff+0fxff1f7f823/dfr2ba7m4e0
 0xfffffe0056eb7260
db_putc() at uart_cnputc() at db_putc+0x28f/frame 0xffffffff83d2b770
uart_cnputc+0xab/frame 0xfffffe0056eb72a0
kvprintf() at cnputc() at kvprintf+0x1425/frame 0xffffffff83d2b930
cnputc+0x130/frame 0xfffffe0056eb72d0
db_printf() at putchar() at db_printf+0x125/frame 0xffffffff83d2ba80
putchar+0xf0/frame 0xfffffe0056eb7410
db_print_stack_entry() at kvprintf() at db_print_stack_entry+0x34/frame 0xffffffff83d2bab0
kvprintf+0x1425/frame 0xfffffe0056eb75d0
db_backtrace() at _vprintf() at db_backtrace+0x188/frame 0xffffffff83d2bb3_v0pri
ntf+0x186/frame 0xfffffe0056eb7770
db_trace_self_wrapper() at vprintf() at db_trace_self_wrapper+0xc6/frame 0xffffffff83d2bc30
vprintf+0x27/frame 0xfffffe0056eb7790
kdb_backtrace() at vpanic() at kdb_backtrace+0xd0/frame 0xffffffff83d2bd90
vpanic+0x376/frame 0xfffffe0056eb7950
vpanic() at panic() at vpanic+0x257/frame 0xffffffff83d2bpfa5n0ic
+0xb5/frame 0xfffffe0056eb7a20
panic() at DELAY() at panic+0xb5/frame 0xffffffff83d2c010
DELAY+0x279/frame 0xfffffe0056eb7a70
DELAY() at ns8250_putc() at DELAY+0x279/frame 0xffffffff83d2c060
ns8250_putc+0x172/frame 0xfffffe0056eb7ad0
ns8250_putc() at uart_cnputc() at ns8250_putc+0x172/frame 0uxafrfft_ffcfnpffut8c3+d02xca0cb0/
frame 0xfffffe0056eb7b10
uart_cnputc() at cnputc() at uart_cnputc+0xab/frame cn0xpfutffc+0ffx1f3ff08/3fdr2acme10 0  
 0xfffffe0056eb7b40
db_putc() actnputc() at db_putc+0x28f/frame 0xfcffnpffuetc00+506xe13b70b/7f0ra
me 0xffffffff83d2c130
kvprintf() at putchar() at kvprintf+0x1eda/frame 0xfpufftfcfhaer00+50x6fe0b/7fdr3a0m
e 0xffffffff83d2c270
db_printf() at kvprintf() at db_printf+0x125/frame 0xfffffe0056eb7e70
kvprintf+0x1425/frame 0xffffffff83d2c430
db_printsym() at _vprintf() at db_printsym+0x2b3/frame 0xfffffe0056eb7fa0
_vprintf+0x186/frame 0xffffffff83d2c5d0
db_print_stack_entry() at vprintf() at db_print_stack_entry+0x41/frame 0xfffffe0056eb7fd0
vprintf+0x27/frame 0xffffffff83d2c5f0
db_bvapacnkitcra(c)e ( )  a  t   at vpadnbi_bc+ac0xkt3ra7c6/e+f0rxa1me88 /  f r a m e  0x0xffffffffffffef008356de2cb78b0050

db_trace_self_wrapper() at panic() at db_trace_self_wrapper+0xcp6a/nifrc+a0mex b5 /  fr  am e   0  xf ff ff f f  f8  3d 2  c88  0 
  0xfffffe0056eb8150
DEkdLbAY_(b)ac  kt r  a c e ()   a t    at kdb_bacDEktLrAY+a0cxe2+07x9/df0/rfarmeam e   0 xf f f f  f e 00 5 6 e b 8 2  b0  
 0xffffffff83d2c8d0
ns8250_puvtpacni(c) ()at    at ns8250v_ppaunitcc++00x2x15772/f/rframaeme   0 x  f f ff f f f f 8  3d 2 c9  30  
 0xfffffe0056eb8470
uart_cnputc() at panic() at uart_cnputc+0xab/frame 0xffffffpafnf8i3cd+02xcb975/0f
rame 0xfffffe0056eb8540
cnputc() at DELAY() at cnputc+0x130/frame 0xffffffff83d2c9a0
DELAY+0x279/frame 0xfffffe0056eb8590
db_putc() at ns8250_putc() at db_putc+0x28f/frame 0xffffffff83d2c9d0
ns8250_putc+0x172/frame 0xfffffe0056eb85f0
kvprintf() at uart_cnputc() at kvprintf+0x1425/frame 0xffffffff83d2cb90
uart_cnputc+0xab/frame 0xfffffe0056eb8630
db_printf() at cnputc() at db_printf+0x125/frame 0xffffffff83d2ccd0
cnputc+0x130/frame 0xfffffe0056eb8660
db_printsym() at db_putc() at db_printsym+0x28a/frame 0xffffffff83d2ce00
db_putc+0x28f/frame 0xfffffe0056eb8690
db_print_stack_entry() at kvprintf() at db_print_stack_enktrvy+p0rxi4n1t/ff+ra0mxe1 ed0axf/fffraffmfef f 8 3  d02cxfef3ff0f
e0056eb8850
db_printf() at db_backtrace() at db_printf+0x125/frame 0xfffffe0056eb8990
db_backtrace+0x188/frame 0xffffffff83d2ceb0
db_printsym() at db_trace_self_wrapper() at db_printsym+0x2b3/frame 0xfffffe0056eb8ab0
db_trace_self_wrapper+0xc6/frame 0xffffffff83d2cfb0
db_nextframe() at kdb_backtrace() at db_nextfrak d b_  bmaec+k0txra5caea+/0xfdr0am/efr a  me   0  x f f ff  ff  f f 83  d2 d 1  1 0  
0xfffffe0056eb8bb0
vpanic() at db_backtrace() at vpanic+0x257/frame 0xffffffff83d2d2d0
db_backtrace+0x1b2/frame 0xfffffe0056eb8c30
panic() at db_trace_self_wrapper() at panic+0xb5/frame 0xffffffff83d2d3a0
db_trace_self_wrapper+0xc6/frame 0xfffffe0056eb8d30
DELAY() at kdb_backtrace() at DELAY+0x279/frame  k0dxbf_fbfacfkfftfraf8c3e+d02dx3df0/0f
rame 0xfffffe0056eb8e90
ns8250_putc() at vpanic() at ns8250_putc+0x172/frame 0xffffffff8v3padn2d4ic5+00x
257/frame 0xfffffe0056eb9050
uart_cnputc() at panic() at uart_cnputc+0xab/frame 0xffffffff83d2d490
panic+0xb5/frame 0xfffffe0056eb9110
cnputc() at __mtx_lock_spin_flags() at cnputc+0x130/frame 0xffffffff83d2d4c0
__mtx_lock_spin_flags+0x28b/frame 0xfffffe0056eb91d0
db_putc() at _callout_stop_safe() at db_putc+0x159/frame 0xffffffff83d2d4f0
_callout_stop_safe+0x262/frame 0xfffffe0056eb9300
kvprintf() at shutdown_resettodr() at kvprintf+0x1d5/frame 0xffffffff83d2d6b0
shutdown_resettodr+0x21/frame 0xfffffe0056eb9330
db_printf() at db_printf+0x125/frame 0xffffffff83dk2de8rn0_0r
eboot() at kern_reboot+0x54e/frame 0xfffffe0056eb93f0
db_print_stack_entry() at  dvpb_anprici(nt) _asttack_entry+0x34/frame 0xffffffff83d2d830
vpanic+0x338/frame 0xfffffe0056eb95b0
db_backtrace() at panic() at db_backtrace+0x188/frame 0xffffffff83d2d8b0
panic+0xb5/frame 0xfffffe0056eb9670
db_trace_self_wrapper() at db_trace_self_wrapper+t0rxac6p/_fprafamuel t (  )0  xfatfffffff83d2d9b0
trap_pfault+0xaf2/frame 0xfffffe0056eb97b0
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xffffffff83d2db10
trap() at trap+0x78e/frame 0xfffffe0056eb9990
vpanic() at calltrap() at vpanic+0x257/frame 0xffffffff83d2dcd0
calltrap+0x8/frame 0xfffffe0056eb9990
--- trap 0xc, rip = 0xffffffff8159dc41, rsp = 0xfffffe0056eb9a60, rbp = 0xfffffe0056eb9ba0 ---
calpalnoicut(_) partocess() at panic+0xb5/cafrllamoue t0x_pffrfocfeffssff+08x34d42d1d/9f0rame
 0xfffffe0056eb9ba0
ha_ndelpeocehv_eentnst(e)r _ p re  em p t( )   a t     at _epoch_enterh_panredelmepevte+0nxt3s+504x/f3reaem/ef  r0axmfe ff0xfffffffff8fe3d0205dd6ed0b9
c10
tctipm_erlrc_sbh()ut d o w  n ( )   a t   at t  imtecrpc_rb+0l_x3shcbut/fdorwanme+ 0x  9f  /f  ra m e   0 x f f  ff f  f f f  830xdf2fdfefdf0e
0056eb9ce0
kern_reboot() at lapic_handle_timer() at kern_reboot+0x54e/frame 0xffffffff83d2df90
lapic_handle_timer+0x17f/frame 0xfffffe0056eb9d20
Xtimerint() at vpanic() at Xtimerint+0xb1/frame 0xfffffe0056eb9d20
--- interrupt, rip = 0xffffffff8211ed81, rsp = 0xfffffe0056eb9df0, rbvpp an=i c +  0x0x3f3f8/fffrafmee0 05  6  e0bx9fef10f f ff f  f8  3 d 2  e --15-0

spinlock_exit() at panic() at spinlock_exit+0xd1/frame 0xfffffe0056eb9e10
panic+0xb5/frame 0xffffffff83d2e220
sleepq_switch() at DELAY() at sleepq_switch+0x1f0/frame 0xfffffe0056eb9e70
DELAY+0x279/frame 0xffffffff83d2e270
_sleep() at ns8250_putc() at _sleep+0x6c8/frame 0xfffffe0056eb9fd0
ns8250_putc+0x172/frame 0xffffffff83d2e2d0
bufwait() at uart_cnputc() at bufwait+0x129/frame 0xfffffe0056eba020
uart_cnputc+0xab/frame 0xffffffff83d2e310
bufwrite() at cnputc() at bufwrite+0x493/frame 0xfffffe0056eba070
cnputc+0x130/frame 0xffffffff83d2e340
ffs_write() at db_putc() at ffs_write+0xa5f/frame 0xfffffe0056eba230
db_putc+0x28f/frame 0xffffffff83d2e370
VOP_WRITE_APV() at kvprintf() at VOP_WRITE_APV+0x28b/frame 0xfffffe0056eba450
kvprintf+0x1d5/frame 0xffffffff83d2e530
vn_write() at db_printf() at vn_write+0x9fb/frame 0xfffffe0056eba650
db_printf+0x125/frame 0xffffffff83d2e670
vn_io_fault_ddboi_ot(r)a pa()t   at db_trapv+n_0xio1d_f2a/furltam_edo i  o + 0x 1 1 b  /f r a m e    0 xf  f ff f  e  000 xf5f6febfaf7f9f0f8
3d2e7b0
kvdnb_i_tor_fapa(u)lt 1  ()    a t at  kvd b _  t nr_aiop_+f0ax6ul6tc/1+fr0ax7m8e8 0/xffrfamfef ff  f f 83 d 2  e 9  700x
fffffe0056eba9f0
nmvin__ciaol_fla_ukldbt(())    atat  vnnm_i_icoa_llf_aukdltb++00xx14372d//frfraameme   0  xf f f  f fe  00  56  eb  a b2 0   
0xffffffff83d2e9b0
dofilewrite() at nmi_call_kdb_smp() at dofilewrite+0x133/frame 0xfffffe0056ebab9n0m
i_call_kdb_smp+0x5f/frame 0xffffffff83d2e9f0
kern_pwritev() at trap() at kern_pwritev+0x14c/frame 0xfffffe0056ebac50
trap+0x232/frame 0xffffffff83d2ebe0
nmi_calltrap() at sys_pwritev() at nmi_calltrap+0x8/frame 0xffffffff83d2ebe0
--- trap 0x13, rip = 0xffffffff81632522, rsp = 0xfffffe0056e666f0, syrsb_  pwrpi te v  + 0x  e f/  fr  a  m=e    0 0xxfffffffffefe0000556e6be6ad617100
 ---
lock_delay() at laocmdk6_d4e_slyays+c0axl42l/f(r)a maet  0xfffffe0056e66710
amd64_syscall+0x4e2/frame 0xfffffe0056ebaf30
_mtx_lock_spin_cookie() at fast_syscall_common() at _mtx_lock_spin_cookie+0x4a3/frame 0xfffffe0056e66830
fast_syscall_common+0xf8/frame 0xfffffe0056ebaf30
--- syscall (198, FreeBSD ELF64, __syscall), rip = 0x3a52ba, rsp = 0x82559df08, rbp = 0x82559df80 ---
panic: mtx_lock_spin: recursed on non-recursive mutex callout @ /syzkaller/managers/main/kernel/sys/kern/kern_timeout.c:576

cpuid = 0
time = 1758934225
KDB: stack backtrace:
__mtx_lock_spin_flags() at db_trace_self_wrapper() at __mtx_lock_spin_flags+0x1b0/frame 0xfffffe0056e668f0
db_trace_self_wrapper+0xc6/frame 0xfffffe0056eb5e70
callout_reset_sbt_on() at kdb_backtrace() at callout_reset_sbt_on+0x1f3/frame 0xfffffe0056e66a10
kdb_backtrace+0xd0/frame 0xfffffe0056eb5fd0
tcp_timer_activate() at vpanic() at tcp_timer_activate+0x56c/frame 0xfffffe0056e66a90
vpanic+0x257/frame 0xfffffe0056eb6190
tcp_usr_connect() at panic() at tcp_usr_connect+0x523/frame 0xfffffe0p05an6eic66+b0x90b5/
frame 0xfffffe0056eb6250
soconnect__amt(tx) _alotck_spin_flags() at soconnectat+_0_xm1tcx_0/lforcak_mesp  i n _ fl  a g s+ 0  x2  8 b/ f  r a me    0x  f ff  f fe  0 0 56  e b6  3 10  
 0xfffffe0056e66bf0
_callout_stop_safe() at kern_connectat() at _callout_stop_safe+0x262/framke e0rnxff_cfonfnfeec00ta5t6e+0b64x43000
/frame 0xfffffe0056e66cd0
shutdown_resettodr() at sys_connect() at shutdown_resettodr+0x21/frame 0xfffffe0056eb64s7y0s_
connect+0xf5/frame 0xfffffe0056e66d10
kern_reboot() at amd64_syscall() at kern_reboot+0x54e/frame 0xfffffe0056eb6530
amd64_syscall+0x4e2/frame 0xfffffe0056e66f30
fast_syscall_common() at vpanic() at fast_syscall_common+0xf8/frame 0xfffffe0056e66f30
--- syscall (198, FreeBSD ELF64, __syscall), rip = 0vpxa3an52ibca,+0  x3  3 8 /f r a m  e   0 x f f ff f  e0  0 56  e b6  6 f  0rs
p = 0x8247a0f08, rbp = 0x8247a0f80 ---
panic: Assertion kstack_contains(td, (vm_offset_t)et, sizeof(*et)) failed at /syzkaller/managers/main/kernel/sys/kern/subr_epoch.c:470
cpuid = 0
time = 1758934225
KDB: stack backtrace:
dpba_ntiracc()e _s  el f  _w  ra  p p er ( )   at     at db_trace_self_wrapppear+ni0xc+c06x/fbr5/afmrea  me0x ff f f f  ff f  83 d  2 a2 9 0   
 0xfffffe0056eb67c0
kdb_backtrace() at DELAY() at kdb_backtrace+0xd0/frame 0xffffffff83d2aDE3fL0AY
+0x279/frame 0xfffffe0056eb6810
vpanic() at ns8250_putc() at vpanic+0x2n57s8/f2r5a0m_epu t  c +0  x1 7  2 /fr a  me   0  xf f f  ff  e 00 5 6  e b6 8 7 0  
 0xffffffff83d2a5b0
uart_cnputc() at panic() at uart_cnputc+0xab/frame 0xfffffe0056eb68bpa0ni
c+0xb5/frame 0xffffffff83d2a670
cnputc() at _epoch_enter_preempt() at cnputc+0x130/frame 0xfffffe0056eb68e0
_epoch_enter_preempt+0x354/frame 0xffffffff83d2a6b0
db_putc() at tcp_rl_shutdown() at db_putc+0x28f/frame 0xfffffe0056eb6910
tcp_rl_shutdown+0x9f/frame 0xffffffff83d2a7b0
kvprintf() at kern_reboot() at kvprintf+0x1425/frame 0xfffffe0056eb6ad0
kern_reboot+0x54e/frame 0xffffffff83d2a870