pool: free list modified: tcpcb (2)
syzbot
syzbot found the following issue on:
HEAD commit: 3729e22e7105 sync
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=13da845a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=f9e59c846b08ed7e765d
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/39e6d9ba420a/disk-3729e22e.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/97911d116426/bsd-3729e22e.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/25607c7d53e2/kernel-3729e22e.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f9e59c...@syzkaller.appspotmail.com
�j���|����E1\�: panic: pool_p_free: tcpcb free list modified: page 0xffff800001696000; item addr 0xffff800001697d18; offset 0x0=0x0
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
355428 17104 0 0x14000 0x200 0 smr
*336827 62704 0 0x14000 0x200 1 systqmp
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83389977) at panic+0x1e5 sys/kern/subr_prf.c:198
pool_p_free(ffffffff8395c7c8,fffffd80601a2cc0) at pool_p_free+0x28c sys/kern/subr_pool.c:1009
pool_gc_pages(0) at pool_gc_pages+0x357 sys/kern/subr_pool.c:1591
taskq_thread(ffffffff8383f870) at taskq_thread+0x157 sys/kern/kern_task.c:446
end trace frame: 0x0, count: 10
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: pool_p_free: tcpcb free list modified: page 0xffff800001696000; item addr 0xffff800001697d18; offset 0x0=0x0
ddb{1}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83389977) at panic+0x1e5 sys/kern/subr_prf.c:198
pool_p_free(ffffffff8395c7c8,fffffd80601a2cc0) at pool_p_free+0x28c sys/kern/subr_pool.c:1009
pool_gc_pages(0) at pool_gc_pages+0x357 sys/kern/subr_pool.c:1591
taskq_thread(ffffffff8383f870) at taskq_thread+0x157 sys/kern/kern_task.c:446
end trace frame: 0x0, count: -5
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff80002a20a700
rbx 0xffff8000299dee07
rdx 0
rcx 0xffff8000ffffea60
rax 0xffff8000299ddff0
r8 0x101010101010101
r9 0x8080808080808080
r10 0x8978ab7bb9e645a2
r11 0x2e156852ce3b63ee
r12 0xffff8000299dec08
r13 0
r14 0
r15 0x1
rip 0xffffffff81fbb4e5 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80002a20a6f0
ss 0
db_enter+0x25: addq $0x8,%rsp
ddb{1}> show proc
PROC (systqmp) tid=336827 pid=62704 tcnt=1 stat=onproc
flags process=14000<NOZOMBIE,SYSTEM> proc=200<SYSTEM>
runpri=32, usrpri=51, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff8000ffffecf8,0xffff8000ffffe540
process=0xffff8000ffff84d0 user=0xffff80002a205000, vmspace=0xffffffff83a1c0d0
estcpu=1, cpticks=4, pctcpu=0.0, user=0, sys=0, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
11489 253220 23175 0 2 0 syz-executor
45013 279451 16450 0 2 0 syz-executor
45013 206276 16450 0 2 0x4000000 syz-executor
45013 34620 16450 0 2 0x4000000 syz-executor
99253 201279 81594 0 2 0 syz-executor
99253 52636 81594 0 3 0x4000080 fsleep syz-executor
42945 287362 3186 0 2 0 syz-executor
42945 365490 3186 0 2 0x4000000 syz-executor
6492 296193 1273 0 3 0x80 nanoslp syz-executor
6492 320060 1273 0 3 0x4000000 clonelk syz-executor
6492 282994 1273 0 3 0x4000080 fsleep syz-executor
44202 274185 69816 60929 2 0x10 syz-executor
44202 454661 69816 60929 2 0x4000010 syz-executor
44202 97923 69816 60929 3 0x4000090 fsleep syz-executor
87702 428261 0 0 3 0x14200 acct acct
94692 19946 1 0 3 0x100083 ttyopn getty
23175 455564 71722 0 3 0x82 nanoslp syz-executor
16450 219542 71722 0 2 0x2 syz-executor
50596 185369 0 0 3 0x14280 nfsidl nfsio
16323 272698 0 0 3 0x14280 nfsidl nfsio
96323 477549 71722 0 3 0x82 wait syz-executor
95535 150090 71722 0 3 0x82 wait syz-executor
1273 211069 71722 0 2 0x2 syz-executor
81594 233891 71722 0 3 0x82 nanoslp syz-executor
3186 473905 71722 0 3 0x82 nanoslp syz-executor
69816 127683 71722 0 3 0x82 nanoslp syz-executor
71722 408262 14109 0 3 0x82 kqread syz-executor
14109 71117 69434 0 3 0x10008a sigsusp ksh
69434 209293 94535 0 3 0x98 kqread sshd-session
94535 154557 92314 0 3 0x92 kqread sshd-session
92314 88910 1 0 3 0x88 kqread sshd
94348 486963 49802 74 3 0x1100092 bpf pflogd
49802 386879 1 0 3 0x80 sbwait pflogd
92882 516444 97123 73 3 0x1100090 kqread syslogd
97123 318216 1 0 3 0x100082 sbwait syslogd
49100 16543 1 0 3 0x100080 kqread resolvd
76313 468169 5158 77 3 0x100092 kqread dhcpleased
13655 93704 5158 77 3 0x100092 kqread dhcpleased
5158 252924 1 0 3 0x80 kqread dhcpleased
17104 355428 0 0 7 0x14200 smr
1802 494268 0 0 3 0x14200 pgzero zerothread
68686 350195 0 0 3 0x14200 aiodoned aiodoned
50655 97218 0 0 3 0x14200 syncer update
17399 421531 0 0 3 0x14200 cleaner cleaner
88587 203893 0 0 3 0x14200 reaper reaper
96206 247232 0 0 3 0x14200 pgdaemon pagedaemon
38066 322495 0 0 3 0x14200 bored viomb
48784 192504 0 0 3 0x40014200 acpi0 acpi0
94295 112932 0 0 3 0x40014200 idle1
97853 172098 0 0 3 0x14200 bored softnet1
44325 28541 0 0 3 0x14200 bored softnet0
*62704 336827 0 0 7 0x14200 systqmp
4582 74946 0 0 3 0x14200 bored systq
76552 498833 0 0 3 0x14200 tmoslp softclockmp
51144 189441 0 0 3 0x40014200 tmoslp softclock
68836 143312 0 0 3 0x40014200 idle0
1 27828 0 0 3 0x82 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb{1}> show all locks
Process 44202 (syz-executor) thread 0xffff8000fffefca0 (454661)
exclusive rwlock clonelk r = 0 (0xffffffff837f2058)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 if_clone_destroy+0x93 sys/net/if.c:-1
#3 ifioctl+0x59d sys/net/if.c:2159
#4 sys_ioctl+0x674 sys/kern/sys_generic.c:-1
#5 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#5 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:775
#6 Xsyscall+0x128
Process 17104 (smr) thread 0xffff8000ffffc538 (355428)
shared rwlock smr r = 0 (0xffffffff83824388)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 smr_thread+0x3cd sys/kern/kern_smr.c:-1
#2 proc_trampoline+0x10
Process 62704 (systqmp) thread 0xffff8000ffffea60 (336827)
shared rwlock pools r = 0 (0xffffffff8383e7b8)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_read+0x3e8 sys/kern/kern_rwlock.c:413
#2 pool_gc_pages+0x2e sys/kern/subr_pool.c:1568
#3 taskq_thread+0x157 sys/kern/kern_task.c:446
#4 proc_trampoline+0x10
shared rwlock systqmp r = 0 (0xffffffff8383f8e8)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 taskq_thread+0x12a sys/kern/kern_task.c:442
#2 proc_trampoline+0x10
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11110 12263K 13979K 166960K 15893 0
pcb 17 18K 34K 166960K 909 0
rtable 228 13K 13K 166960K 1198 0
pf 39 18K 81K 166960K 253 0
ifaddr 37 6K 8K 166960K 182 0
ifgroup 63 2K 2K 166960K 329 0
sysctl 4 1K 9K 166960K 25 0
counters 74 37K 38K 166960K 678 0
ioctlops 0 0K 4K 166960K 2328 0
iov 0 0K 32K 166960K 135 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1574 99K 100K 166960K 3821 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 9K 166960K 37 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 121 0
dirhash 12 2K 3K 166960K 63 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 18 65K 89K 166960K 2584 0
sigio 0 0K 0K 166960K 54 0
proc 73 131K 180K 166960K 972 0
subproc 72 4K 4K 166960K 117 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 318 0
in_multi 73 5K 7K 166960K 295 0
ether_multi 1 0K 0K 166960K 35 0
mrt 1 0K 0K 166960K 27 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 157 705K 705K 166960K 157 0
exec 0 0K 1K 166960K 863 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 3 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 245 159K 179K 166960K 25600 0
UVM aobj 170 145K 145K 166960K 183 0
pinsyscall 43 86K 105K 166960K 3920 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 1 0K 1K 166960K 229 0
NDP 14 0K 2K 166960K 133 0
temp 86 8688K 8792K 166960K 141082 0
kqueue 13 20K 31K 166960K 515 0
SYN cache 2 8K 16K 166960K 3 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 427 0 424 5 4 1 3 0 8 0
rtentry 176 351 0 268 6 1 5 6 0 8 0
unpcb 144 1774 0 1755 12 10 2 4 0 8 1
syncache 336 11 0 11 6 6 0 1 0 8 0
tcpqe 32 4 0 4 3 3 0 1 0 8 0
tcpcb 736 998 0 991 27 24 3 7 0 8 2
arp 136 78 0 68 1 0 1 1 0 8 0
inpcb 328 3946 0 3930 40 30 10 13 0 8 8
ip6q 72 2 0 2 1 1 0 1 0 8 0
ip6af 40 4 0 4 1 1 0 1 0 8 0
nd6 152 46 0 24 2 0 2 2 0 8 0
pkpcb 40 66 0 66 6 5 1 1 0 8 1
kcovpl 48 13 0 5 1 0 1 1 0 8 0
mppekey 1024 1 0 1 1 1 0 1 0 8 0
ppxss 1192 271 0 271 4 3 1 1 0 8 1
pppxif 1504 13 0 13 5 4 1 1 0 8 1
pffrag 232 14 0 6 1 0 1 1 0 482 0
pffrnode 88 13 0 6 1 0 1 1 0 8 0
pffrent 40 26 0 17 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfrktable 1344 1 0 1 1 1 0 1 0 8 0
pfstitem 24 2 0 0 1 0 1 1 0 8 0
pfstkey 128 2 0 0 1 0 1 1 0 8 0
pfstate 448 1 0 0 1 0 1 1 0 8 0
pfrule 1360 1 0 1 1 1 0 1 0 8 0
rttmr 136 4 0 4 4 4 0 1 0 8 0
art_heap8 4096 3 0 0 3 0 3 3 0 8 0
art_heap4 256 1312 0 960 45 20 25 39 0 8 1
art_table 40 1315 0 960 7 2 5 7 0 8 0
art_node 32 346 0 273 2 0 2 2 0 8 0
sysvmsgpl 40 20 0 12 2 1 1 1 0 8 0
semupl 112 3 0 3 2 2 0 1 0 8 0
semapl 112 115 0 105 1 0 1 1 0 8 0
shmpl 112 105 0 8 3 0 3 3 0 8 0
dirhash 1024 51 0 34 3 0 3 3 0 8 0
dino2pl 256 6550 0 5030 96 0 96 96 0 8 0
ffsino 296 6550 0 5030 118 0 118 118 0 8 0
nchpl 144 10191 0 9596 64 40 24 64 0 8 0
rtmask 32 27 0 27 5 5 0 1 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 37645 0 37645 5 4 1 2 0 8 1
percpumem 16 354 0 302 1 0 1 1 0 8 0
vcpupl 3968 73 0 3 9 0 9 9 0 8 0
vmpool 848 74 0 4 8 0 8 8 0 8 0
kstatmem 264 212 0 178 6 3 3 3 0 8 0
acpiwqpl 32 3 0 3 1 0 1 1 1 8 1
scsiplug 72 10 0 10 6 5 1 1 0 8 1
scxspl 216 96974 0 96974 14 11 3 8 1 8 3
plimitpl 152 949 0 932 1 0 1 1 0 8 0
sigapl 424 2919 0 2868 7 1 6 7 0 8 0
knotepl 120 606 0 0 17 0 17 17 0 8 0
kqueuepl 224 1237 0 1227 22 17 5 5 0 8 4
pipepl 344 585 0 557 18 9 9 12 0 8 6
fdescpl 528 2886 0 2854 3 0 3 3 0 8 0
filepl 160 22488 0 22258 41 21 20 21 0 8 7
lockfpl 104 1050 0 1046 2 1 1 2 0 8 0
lockfspl 48 358 0 354 1 0 1 1 0 8 0
sessionpl 144 38 0 29 1 0 1 1 0 8 0
pgrppl 48 105 0 88 1 0 1 1 0 8 0
ucredpl 104 3617 0 3603 1 0 1 1 0 8 0
zombiepl 144 2948 0 2946 1 0 1 1 0 8 0
processpl 1232 2919 0 2868 5 0 5 5 0 8 0
procpl 664 6960 0 6901 9 2 7 7 0 8 1
sosppl 176 27 0 27 6 5 1 1 0 8 1
sockpl 752 6343 0 6305 66 53 13 17 0 8 8
mcl64k 65536 5 0 0 1 0 1 1 0 8 0
mcl16k 16384 2 0 0 1 0 1 1 0 8 0
mcl12k 12288 1 0 0 1 0 1 1 0 8 0
mcl9k 9216 1 0 0 1 0 1 1 0 8 0
mcl8k 8192 3 0 0 1 0 1 1 0 8 0
mcl4k 4096 132 0 0 15 0 15 15 0 8 0
mcl2k 2048 60 0 0 7 1 6 7 0 8 0
mtagpl 96 11 0 0 1 0 1 1 0 8 0
mbufpl 256 1271 0 0 76 0 76 76 0 8 0
bufpl 280 41571 0 35435 439 0 439 439 0 8 0
anonpl 32 16086 0 0 130 0 130 130 0 246 0
amapchunkpl 152 88298 0 87809 59 31 28 30 0 158 4
amappl16 200 13840 0 13806 125 106 19 39 0 8 8
amappl15 192 6 0 6 1 1 0 1 0 8 0
amappl14 184 5 0 4 1 0 1 1 0 8 0
amappl13 176 508 0 507 1 0 1 1 0 8 0
amappl12 168 3323 0 3281 3 0 3 3 0 8 0
amappl11 160 8 0 8 1 1 0 1 0 8 0
amappl10 152 49 0 35 1 0 1 1 0 8 0
amappl9 144 243 0 243 1 1 0 1 0 8 0
amappl8 136 27 0 24 1 0 1 1 0 8 0
amappl7 128 108 0 106 1 0 1 1 0 8 0
amappl6 120 463 0 449 1 0 1 1 0 8 0
amappl5 112 92 0 80 1 0 1 1 0 8 0
amappl4 104 519 0 486 1 0 1 1 0 8 0
amappl3 96 15546 0 15452 4 1 3 3 0 8 0
amappl2 88 3061 0 2980 2 0 2 2 0 8 0
amappl1 80 21972 0 21369 18 3 15 15 0 8 0
amappl 88 24236 0 24069 5 0 5 5 0 92 0
uvmvnodes 80 209 0 0 5 0 5 5 0 8 0
dma8192 8192 1 0 1 1 1 0 1 0 8 0
dma4096 4096 2 0 2 2 2 0 1 0 8 0
dma1024 1024 2 0 1 1 0 1 1 0 8 0
dma256 256 8 0 8 3 3 0 1 0 8 0
dma128 128 260 0 260 5 4 1 1 0 8 1
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 19 0 18 1 0 1 1 0 8 0
aobjpl 72 182 0 13 4 0 4 4 0 8 0
uaddrrnd 24 2886 0 2854 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 2886 0 2854 1 0 1 1 0 8 0
vmmpekpl 168 24328 0 24264 4 0 4 4 0 8 0
vmmpepl 168 193076 0 191072 179 59 120 120 0 357 14
vmsppl 488 2885 0 2854 6 1 5 5 0 8 0
rwobjpl 80 54164 0 52834 49 6 43 43 0 8 1
pdppl 4096 5927 0 5786 195 54 141 142 0 8 0
pvpl 32 24594 0 0 199 0 199 199 0 265 0
pmappl 256 2959 0 2858 7 0 7 7 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 498 0 116 12 0 12 12 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffffffff83834ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff838ebc00) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline]
__mp_lock(ffffffff838ebc00) at __mp_lock+0x192 sys/kern/kern_lock.c:173
intr_handler(ffff80002a2527c0,ffff800000079600) at intr_handler+0xe9 sys/arch/amd64/amd64/intr.c:560
Xintr_ioapic_edge16_untramp() at Xintr_ioapic_edge16_untramp+0x18f
__sanitizer_cov_trace_const_cmp4(182738a7fd9c9616,4) at __sanitizer_cov_trace_const_cmp4
msleep_nsec(ffffffff839659d0,ffffffff83824350,4,ffffffff8341508e,ffffffffffffffff) at msleep_nsec+0x1a0 sys/kern/kern_synch.c:202
smr_thread(ffff8000ffffc538) at smr_thread+0x17b sys/kern/kern_smr.c:98
end trace frame: 0x0, count: 6
ddb{0}> trace
x86_ipi_db(ffffffff83834ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff838ebc00) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline]
__mp_lock(ffffffff838ebc00) at __mp_lock+0x192 sys/kern/kern_lock.c:173
intr_handler(ffff80002a2527c0,ffff800000079600) at intr_handler+0xe9 sys/arch/amd64/amd64/intr.c:560
Xintr_ioapic_edge16_untramp() at Xintr_ioapic_edge16_untramp+0x18f
__sanitizer_cov_trace_const_cmp4(182738a7fd9c9616,4) at __sanitizer_cov_trace_const_cmp4
msleep_nsec(ffffffff839659d0,ffffffff83824350,4,ffffffff8341508e,ffffffffffffffff) at msleep_nsec+0x1a0 sys/kern/kern_synch.c:202
smr_thread(ffff8000ffffc538) at smr_thread+0x17b sys/kern/kern_smr.c:98
end trace frame: 0x0, count: -9
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x25: addq $0x8,%rsp
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83389977) at panic+0x1e5 sys/kern/subr_prf.c:198
pool_p_free(ffffffff8395c7c8,fffffd80601a2cc0) at pool_p_free+0x28c sys/kern/subr_pool.c:1009
pool_gc_pages(0) at pool_gc_pages+0x357 sys/kern/subr_pool.c:1591
taskq_thread(ffffffff8383f870) at taskq_thread+0x157 sys/kern/kern_task.c:446
end trace frame: 0x0, count: 10
ddb{1}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83389977) at panic+0x1e5 sys/kern/subr_prf.c:198
pool_p_free(ffffffff8395c7c8,fffffd80601a2cc0) at pool_p_free+0x28c sys/kern/subr_pool.c:1009
pool_gc_pages(0) at pool_gc_pages+0x357 sys/kern/subr_pool.c:1591
taskq_thread(ffffffff8383f870) at taskq_thread+0x157 sys/kern/kern_task.c:446
end trace frame: 0x0, count: -5
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup