[ 65.4722120] panic: kernel diagnostic assertion "ci->ci_tlbstate != TLBSTATE_VALID" failed: file "/syzkaller/managers/netbsd/kernel/sys/arch/x86/x86/pmap.c", line 3412 [ 65.4821701] cpu1: Begin traceback... [ 65.5021653] vpanic() at netbsd:vpanic+0x22e sys/kern/subr_prf.c:290 [ 65.5221657] _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure [ 65.5521901] pmap_activate() at netbsd:pmap_activate+0x173 sys/arch/x86/x86/pmap.c:3412 [ 65.5821634] mi_switch() at netbsd:mi_switch+0x673 sys/kern/kern_synch.c:808 [ 65.6121674] kpreempt() at netbsd:kpreempt+0x1fc sys/kern/kern_synch.c:428 [ 65.6321638] mutex_enter() at netbsd:mutex_enter+0xa8f KPREEMPT_ENABLE sys/sys/lwp.h:555 [inline] [ 65.6321638] mutex_enter() at netbsd:mutex_enter+0xa8f KPREEMPT_ENABLE sys/sys/lwp.h:545 [inline] [ 65.6321638] mutex_enter() at netbsd:mutex_enter+0xa8f sys/kern/kern_mutex.c:697 [ 65.6521653] pool_get() at netbsd:pool_get+0xcc sys/kern/subr_pool.c:1059 [ 65.6821641] pool_cache_get_slow() at netbsd:pool_cache_get_slow+0x30c sys/kern/subr_pool.c:2485 [ 65.7021631] pool_cache_get_paddr() at netbsd:pool_cache_get_paddr+0x52f sys/kern/subr_pool.c:2577 [ 65.7321684] pmap_enter_ma() at netbsd:pmap_enter_ma+0x259c pmap_alloc_pv sys/arch/x86/x86/pmap.c:2022 [inline] [ 65.7321684] pmap_enter_ma() at netbsd:pmap_enter_ma+0x259c pmap_enter_pv sys/arch/x86/x86/pmap.c:2259 [inline] [ 65.7321684] pmap_enter_ma() at netbsd:pmap_enter_ma+0x259c sys/arch/x86/x86/pmap.c:4906 [ 65.7521671] pmap_enter_default() at netbsd:pmap_enter_default+0x60 sys/arch/x86/x86/pmap.c:4789 [ 65.7821653] uvm_fault_internal() at netbsd:uvm_fault_internal+0x2d34 uvm_fault_lower_lookup sys/uvm/uvm_fault.c:2037 [inline] [ 65.7821653] uvm_fault_internal() at netbsd:uvm_fault_internal+0x2d34 uvm_fault_lower sys/uvm/uvm_fault.c:1874 [inline] [ 65.7821653] uvm_fault_internal() at netbsd:uvm_fault_internal+0x2d34 sys/uvm/uvm_fault.c:943 [ 65.8021627] trap() at netbsd:trap+0x945 sys/arch/amd64/amd64/trap.c:520 [ 65.8121611] --- trap (number 6) --- [ 65.8221609] 7f7ec760cddf: [ 65.8221609] cpu1: End traceback... [ 65.8321641] fatal breakpoint trap in supervisor mode [ 65.8321641] trap type 1 code 0 rip 0xffffffff8022094d cs 0x8 rflags 0x282 cr2 0x7117cbfedec8 ilevel 0x8 rsp 0xffffbb0180747fb0 [ 65.8421636] curlwp 0xffffbb0012c6ab40 pid 2599.2599 lowest kstack 0xffffbb01807412c0 Stopped in pid 2599.2599 (syz-executor.2) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0xe9 sys/ddb/db_panic.c:67 vpanic() at netbsd:vpanic+0x22e sys/kern/subr_prf.c:290 _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure pmap_activate() at netbsd:pmap_activate+0x173 sys/arch/x86/x86/pmap.c:3412 mi_switch() at netbsd:mi_switch+0x673 sys/kern/kern_synch.c:808 kpreempt() at netbsd:kpreempt+0x1fc sys/kern/kern_synch.c:428 mutex_enter() at netbsd:mutex_enter+0xa8f KPREEMPT_ENABLE sys/sys/lwp.h:555 [inline] mutex_enter() at netbsd:mutex_enter+0xa8f KPREEMPT_ENABLE sys/sys/lwp.h:545 [inline] mutex_enter() at netbsd:mutex_enter+0xa8f sys/kern/kern_mutex.c:697 pool_get() at netbsd:pool_get+0xcc sys/kern/subr_pool.c:1059 pool_cache_get_slow() at netbsd:pool_cache_get_slow+0x30c sys/kern/subr_pool.c:2485 pool_cache_get_paddr() at netbsd:pool_cache_get_paddr+0x52f sys/kern/subr_pool.c:2577 pmap_enter_ma() at netbsd:pmap_enter_ma+0x259c pmap_alloc_pv sys/arch/x86/x86/pmap.c:2022 [inline] pmap_enter_ma() at netbsd:pmap_enter_ma+0x259c pmap_enter_pv sys/arch/x86/x86/pmap.c:2259 [inline] pmap_enter_ma() at netbsd:pmap_enter_ma+0x259c sys/arch/x86/x86/pmap.c:4906 pmap_enter_default() at netbsd:pmap_enter_default+0x60 sys/arch/x86/x86/pmap.c:4789 uvm_fault_internal() at netbsd:uvm_fault_internal+0x2d34 uvm_fault_lower_lookup sys/uvm/uvm_fault.c:2037 [inline] uvm_fault_internal() at netbsd:uvm_fault_internal+0x2d34 uvm_fault_lower sys/uvm/uvm_fault.c:1874 [inline] uvm_fault_internal() at netbsd:uvm_fault_internal+0x2d34 sys/uvm/uvm_fault.c:943 trap() at netbsd:trap+0x945 sys/arch/amd64/amd64/trap.c:520 --- trap (number 6) --- 7f7ec760cddf: ds 802a es 3480 fs 7f90 gs 7fe0 rdi ffffffff82bd8280 db_onpanic rsi 1ffffffff057b050 rbp ffffbb0180747fb0 rbx ffffbb016e699000 rdx 0 rcx ffffffff8126bf59 db_panic+0xd5 rax ffffbb0012c6ab40 r8 4 r9 1ffffffff057b050 r10 ffffffff82bd8283 db_onpanic+0x3 r11 8000000000 r12 ffffbb016e6aa000 r13 ffffffff81f89140 platform_private_nodes+0x160 r14 ffffbb0180748040 r15 ffffbb016e699060 rip ffffffff8022094d breakpoint+0x5 cs 8 rflags 282 rsp ffffbb0180747fb0 ss 10 netbsd:breakpoint+0x5: leave PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 3123 3123 2 0 0 ffffbb0014887640 syz-executor.5 3418 3418 2 0 0 ffffbb0012747740 syz-executor.0 3362 3362 3 1 10000000 ffffbb00148521c0 syz-executor.1 tstile 2658 2980 3 0 80 ffffbb0013869340 syz-executor.4 parked 2658 2658 2 0 10000000 ffffbb0012a296c0 syz-executor.4 4155 3809 3 1 80 ffffbb00136cf6c0 syz-executor.3 parked 4155 4155 2 1 10000000 ffffbb0012b35340 syz-executor.3 2599 >2599 7 1 0 ffffbb0012c6ab40 syz-executor.2 847 847 2 0 40 ffffbb00147fe180 syz-executor.4 841 841 2 0 40 ffffbb00147d79c0 syz-executor.1 845 845 3 1 80 ffffbb00147d7580 syz-executor.2 nanoslp 837 > 837 7 0 40 ffffbb00147d7140 syz-executor.5 1574 1574 2 0 40 ffffbb00147ba980 syz-executor.0 843 843 3 1 80 ffffbb00147ba540 syz-executor.3 nanoslp 698 639 3 1