panic: /syzkaller/managers/main/kernel/sys/kern/kern_timeout.c:607: callout_cc_add: Bad list head 0xfffffe0007fe36a8 first->prev != head
cpuid = 0
time = 1747267317
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe00573ac9b0
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe00573acb10
vpanic() at vpanic+0x257/frame 0xfffffe00573accd0
panic() at panic+0xb5/frame 0xfffffe00573acd90
callout_cc_add() at callout_cc_add+0x339/frame 0xfffffe00573acdf0
callout_reset_sbt_on() at callout_reset_sbt_on+0x74f/frame 0xfffffe00573acf10
tcp_timer_activate() at tcp_timer_activate+0x56c/frame 0xfffffe00573acf90
tcp_do_segment() at tcp_do_segment+0x3f4f/frame 0xfffffe00573ad270
tcp_input_with_port() at tcp_input_with_port+0x2214/frame 0xfffffe00573ad530
tcp_input() at tcp_input+0x1f/frame 0xfffffe00573ad550
ip_input() at ip_input+0xaa2/frame 0xfffffe00573ad670
netisr_dispatch_src() at netisr_dispatch_src+0x219/frame 0xfffffe00573ad750
ether_demux() at ether_demux+0x447/frame 0xfffffe00573ad810
ether_nh_input() at ether_nh_input+0xb61/frame 0xfffffe00573ad8f0
netisr_dispatch_src() at netisr_dispatch_src+0x219/frame 0xfffffe00573ad9d0
ether_input() at ether_input+0x1db/frame 0xfffffe00573adab0
vtnet_rxq_eof() at vtnet_rxq_eof+0x16d2/frame 0xfffffe00573adcd0
vtnet_rx_vq_process() at vtnet_rx_vq_process+0x189/frame 0xfffffe00573add90
ithread_loop() at ithread_loop+0x4ec/frame 0xfffffe00573adef0
fork_exit() at fork_exit+0xcc/frame 0xfffffe00573adf30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00573adf30
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic
[ thread pid 12 tid 100053 ]
Stopped at      kdb_enter+0x6e: movq    $0,0x25bda37(%rip)
db> 
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs                        0x20
ds                        0x3b
es                        0x3b
fs                        0x13
gs                        0x1b
ss                        0x28
rax                       0x12
rcx         0xfffffe00033eee30
rdx                          0
rbx         0xffffffff827b0020  .str.27
rsp         0xfffffe00573acaf0
rbp         0xfffffe00573acb10
rsi                          0
rdi         0xffffffff816145e9  printf+0x149
r8                           0
r9                  0xffffffff
r10         0x97bb5adb70e6c22f
r11                      0x1ff
r12         0xfffffe000802c000
r13         0xfffffffffffffffe
r14         0xffffffff827b0020  .str.27
r15                          0
rip         0xffffffff815fe75e  kdb_enter+0x6e
rflags                    0x46
kdb_enter+0x6e: movq    $0,0x25bda37(%rip)
db>