[ 56.2378396] panic: kernel diagnostic assertion "ci->ci_tlbstate != TLBSTATE_VALID" failed: file "/syzkaller/managers/netbsd/kernel/sys/arch/x86/x86/pmap.c", line 3412 [ 56.2478272] cpu1: Begin traceback... [ 56.2578264] vpanic() at netbsd:vpanic+0x22e sys/kern/subr_prf.c:290 [ 56.2878327] _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure [ 56.3178299] pmap_activate() at netbsd:pmap_activate+0x173 sys/arch/x86/x86/pmap.c:3412 [ 56.3478316] mi_switch() at netbsd:mi_switch+0x673 sys/kern/kern_synch.c:808 [ 56.3678300] sleepq_block() at netbsd:sleepq_block+0x2c2 sys/kern/kern_sleepq.c:340 [ 56.3978306] kpause() at netbsd:kpause+0x19b sys/kern/kern_synch.c:246 [ 56.4178310] nanosleep1() at netbsd:nanosleep1+0x289 sys/kern/kern_time.c:348 [ 56.4478379] sys___nanosleep50() at netbsd:sys___nanosleep50+0xe5 sys/kern/kern_time.c:286 [ 56.4778340] syscall() at netbsd:syscall+0x553 sy_call sys/sys/syscallvar.h:65 [inline] [ 56.4778340] syscall() at netbsd:syscall+0x553 sy_invoke sys/sys/syscallvar.h:94 [inline] [ 56.4778340] syscall() at netbsd:syscall+0x553 sys/arch/x86/x86/syscall.c:138 [ 56.4878320] --- syscall (number 430) --- [ 56.4978313] netbsd:syscall+0x553: [ 56.5078307] cpu1: End traceback... [ 56.5078307] fatal breakpoint trap in supervisor mode [ 56.5178261] trap type 1 code 0 rip 0xffffffff8022094d cs 0x8 rflags 0x282 cr2 0x7282487cfff8 ilevel 0x8 rsp 0xffffd8818065b8b0 [ 56.5278280] curlwp 0xffffd8801479b540 pid 701.701 lowest kstack 0xffffd881806542c0 Stopped in pid 701.701 (syz-executor.0) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0xe9 sys/ddb/db_panic.c:67 vpanic() at netbsd:vpanic+0x22e sys/kern/subr_prf.c:290 _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure pmap_activate() at netbsd:pmap_activate+0x173 sys/arch/x86/x86/pmap.c:3412 mi_switch() at netbsd:mi_switch+0x673 sys/kern/kern_synch.c:808 sleepq_block() at netbsd:sleepq_block+0x2c2 sys/kern/kern_sleepq.c:340 kpause() at netbsd:kpause+0x19b sys/kern/kern_synch.c:246 nanosleep1() at netbsd:nanosleep1+0x289 sys/kern/kern_time.c:348 sys___nanosleep50() at netbsd:sys___nanosleep50+0xe5 sys/kern/kern_time.c:286 syscall() at netbsd:syscall+0x553 sy_call sys/sys/syscallvar.h:65 [inline] syscall() at netbsd:syscall+0x553 sy_invoke sys/sys/syscallvar.h:94 [inline] syscall() at netbsd:syscall+0x553 sys/arch/x86/x86/syscall.c:138 --- syscall (number 430) --- netbsd:syscall+0x553: ds a740 es 10bb fs b890 gs b8e0 rdi ffffffff82bd8280 db_onpanic rsi 1ffffffff057b050 rbp ffffd8818065b8b0 rbx ffffd8816e699000 rdx 0 rcx ffffffff8126bf59 db_panic+0xd5 rax ffffd8801479b540 r8 4 r9 1ffffffff057b050 r10 ffffffff82bd8283 db_onpanic+0x3 r11 8000000000 r12 ffffd8816e6aa000 r13 ffffffff81f89140 platform_private_nodes+0x160 r14 ffffd8818065b940 r15 ffffd8816e699060 rip ffffffff8022094d breakpoint+0x5 cs 8 rflags 282 rsp ffffd8818065b8b0 ss 10 netbsd:breakpoint+0x5: leave PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 1192 1192 2 0 0 ffffd88012c3c640 syz-executor.3 1369 1352 3 1 80 ffffd88012b55480 syz-executor.4 parked 1369 >1369 7 0 40 ffffd88012bfea00 syz-executor.4 1351 1481 3 0 80 ffffd88012cb2080 syz-executor.0 parked 1351 1351 2 0 40040 ffffd88012a8f300 syz-executor.0 1324 1359 3 1 80 ffffd88012c13a40 syz-executor.5 parked 1324 1324 2 0 40 ffffd88012c80b80 syz-executor.5 892 1232 3 0 80 ffffd88012c13600 syz-executor.1 parked 892 1368 3 1 80 ffffd88012bb6540 syz-executor.1 parked 892 892 2 0 40 ffffd88012bfe5c0 syz-executor.1 1194 1194 2 1 0 ffffd88012747740 syz-executor.2 845 845 2 0 40 ffffd880147d8180 syz-executor.4 838 838 2 0 40 ffffd880147af9c0 syz-executor.3 837 837 2 0 40 ffffd880147af580 syz-executor.1 1575 1575 2 0 40 ffffd880147af140 syz-executor.5 843 843 2 0 40 ffffd8801479b980 syz-executor.2 701 > 701 7 1 40 ffffd8801479b540 syz-executor.0 714 1186 3 0 80 ffffd8801479b100 syz-execprog parked 714 1313 3 0 80 ffffd88014794940 syz-execprog parked 714 836 3 0 80 ffffd88014794500 syz-execprog parked 714 702 3 0 80 ffffd880147940c0 syz-execprog parked 714 1436 3 1 80 ffffd88014789900 syz-execprog parked 714 726 3 0 80 ffffd880147894c0 syz-execprog parked 714 1659 3 1 80 ffffd88012744700 syz-execprog parked 714 700 3 0 80 ffffd88014789080 syz-execprog parked 714 696 3 0 c0 ffffd8801381eac0 syz-execprog parked 714 695 3 1 80 ffffd8801381e240 syz-execprog kqueue 714 697 3 1 80 ffffd88013827b00 syz-execprog parked 714 714 3 1 80 ffffd88012162b00 syz-execprog parked 685 685 3 1 80 ffffd88013843b80 sshd select 683 683 3 1 80 ffffd88013812640 getty nanoslp 722 722 3 1 80 ffffd88013812200 getty nanoslp 1250 1250 3 1 80 ffffd8801380ba40 getty nanoslp 1249 1249 3 1 c0 ffffd880138005c0 getty ttyraw 733 733 3 0 80 ffffd880136fa2c0 cron nanoslp 1060 1060 3 0 80 ffffd880136d26c0 inetd kqueue 1443 1443 3 1 80 ffffd88012ceda00 sshd select 1507 1507 3 0 80 ffffd88012c131c0 powerd kqueue 449 449 3 0 80 ffffd880136fab40 syslogd kqueue 303 303 3 0 80 ffffd88012c9e040 dhcpcd kqueue 337 337 3 0 80 ffffd88012b7a900 dhcpcd kqueue 1 1 3 0 80 ffffd880128e8980 init wait 0 597 3 0 200 ffffd8801295a5c0 physiod physiod 0 63 3 0 200 ffffd8801295c600 pooldrain pooldrain 0 126 3 0 200 ffffd8801295c1c0 ioflush syncer 0 125 3 1 200 ffffd8801295aa00 pgdaemon pgdaemon 0 122 3 0 200 ffffd880128fd9c0 usb0 usbevt 0 121 3 1 200 ffffd880128fd580 usbtask-dr usbtsk 0 120 3 0 200 ffffd8800fe5cac0 usbtask-hc usbtsk 0 119 3 0 200 ffffd880128fd140 npfgc-0 npfgccv 0 118 3 1 200 ffffd880128e8540 rt_free rt_free 0 117 3 1 200 ffffd880128e8100 unpgc unpgc 0 116 3 0 200 ffffd880128df940 key_timehandler key_timehandler 0 115 3 1 200 ffffd880128df500 icmp6_wqinput/1 icmp6_wqinput 0 114 3 0 200 ffffd880128df0c0 icmp6_wqinput/0 icmp6_wqinput 0 113 3 1 200 ffffd880128d6900 nd6_timer nd6_timer 0 112 3 1 200 ffffd880128d64c0 carp6_wqinput/1 carp6_wqinput 0 111 3 0 200 ffffd880128d6080 carp6_wqinput/0 carp6_wqinput 0 110 3 1 200 ffffd880127598c0 carp_wqinput/1 carp_wqinput 0 109 3 0 200 ffffd88012759480 carp_wqinput/0 carp_wqinput 0 108 3 1 200 ffffd88012759040 icmp_wqinput/1 icmp_wqinput 0 107 3 0 200 ffffd88012748bc0 icmp_wqinput/0 icmp_wqinput 0 106 3 0 200 ffffd88012748340 rt_timer rt_timer 0 105 3 0 200 ffffd88012748780 vmem_rehash vmem_rehash 0 104 3 1 200 ffffd88012744b40 entbutler entropy 0 30 3 1 200 ffffd880121626c0 vioif0_txrx/1 vioif0_txrx 0 29 3 0 200 ffffd88012162280 vioif0_txrx/0 vioif0_txrx 0 27 3 0 200 ffffd8800fe5c680 scsibus0 sccomp 0 26 3 0 200 ffffd8800fe5c240 pms0 pmsreset 0 25 3 1 200 ffffd8800fd9da80 xcall/1 xcall 0 24 1 1 200 ffffd8800fd9d640 softser/1 0 23 1 1 200 ffffd8800fd9d200 softclk/1 0 22 1 1 200 ffffd8800fd9ba40 softbio/1 0 21 1 1 200 ffffd8800fd9b600 softnet/1 0 20 1 1 201 ffffd8800fd9b1c0 idle/1 0 19 3 0 200 ffffd8800e80aa00 lnxpwrwq lnxpwrwq 0 18 3 0 200 ffffd8800e80a5c0 lnxlngwq lnxlngwq 0 17 3 0 200 ffffd8800e80a180 lnxsyswq lnxsyswq 0 16 3 0 200 ffffd8800e8049c0 lnxrcugc lnxrcugc 0 15 3 0 200 ffffd8800e804580 sysmon smtaskq 0 14 3 0 200 ffffd8800e804140 pmfsuspend pmfsuspend 0 13 3 0 200 ffffd8800e7ff980 pmfevent pmfevent 0 12 3 0 200 ffffd8800e7ff540 sopendfree sopendfr 0 11 3 0 200 ffffd8800e7ff100 iflnkst iflnkst 0 10 3 0 200 ffffd8800e7f3940 nfssilly nfssilly 0 9 3 0 200 ffffd8800e7f3500 vdrain vdrain 0 8 3 0 200 ffffd8800e7f30c0 modunload mod_unld 0 7 3 0 200 ffffd8800e7e6900 xcall/0 xcall 0 6 1 0 200 ffffd8800e7e64c0 softser/0 0 5 1 0 200 ffffd8800e7e6080 softclk/0 0 4 1 0 200 ffffd8800e7e48c0 softbio/0 0 3 1 0 200 ffffd8800e7e4480 softnet/0 0 2 1 0 201 ffffd8800e7e4040 idle/0 0 0 3 0 200 ffffffff82ca3700 swapper uvm [Locks tracked through LWPs] ****** LWP 1192.1192 (syz-executor.3) @ 0xffffd88012c3c640, l_stat=2 *** Locks held: * Lock 0 (initialized at amap_ctor) lock address : 0xffffd880147e1480 type : sleep/adaptive initialized : 0xffffffff81629013 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffd88012c3c640 last held: 0xffffd88012c3c640 last locked* : 0xffffffff81637e26 unlocked : 0xffffffff8162bf70 owner/count : 000000000000000000 flags : 000000000000000000 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 1194.1194 (syz-executor.2) @ 0xffffd88012747740, l_stat=2 *** Locks held: * Lock 0 (initialized at fork1) lock address : 0xffffd88012cba350 type : sleep/adaptive initialized : 0xffffffff816b76d8 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffffd88012747740 last held: 0xffffd88012747740 last locked* : 0xffffffff816b3fa4 unlocked : 000000000000000000 owner/count : 0xffffd88012747740 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at pmap_ctor) lock address : 0xffffd88012c92780 type : sleep/adaptive initialized : 0xffffffff80870a87 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffffd88012747740 last held: 0xffffd88012747740 last locked* : 0xffffffff80876dfc unlocked : 0xffffffff80871480 owner field : 0xffffd88012747740 wait/spin: 0/0 Turnstile: no active turnstile for this lock. *** Locks wanted: * Lock 0 (initialized at pool_init) lock address : 0xffffffff82dca1b0 type : sleep/adaptive initialized : 0xffffffff8175dd47 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 1 relevant cpu : 1 last held: 0 relevant lwp : 0xffffd88012747740 last held: 000000000000000000 last locked : 0xffffffff8175e918 unlocked*: 0xffffffff8175ef6d owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 838.838 (syz-executor.3) @ 0xffffd880147af9c0, l_stat=2 *** Locks held: * Lock 0 (initialized at uvm_map_setup) lock address : 0xffffd880140db628 type : sleep/adaptive initialized : 0xffffffff8164a151 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffd880147af9c0 last held: 0xffffd880147af9c0 last locked* : 0xffffffff81644405 unlocked : 0xffffffff8163a6be owner/count : 0xffffd880147af9c0 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 0.23 (softclk/1) @ 0xffffd8800fd9d200, l_stat=1 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at module_hook_init) lock address : 0xffffffff82d9bc40 type : sleep/adaptive initialized : 0xffffffff816cf3f2 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 0 relevant lwp : 0xffffd8800fd9d200 last held: 000000000000000000 last locked : 000000000000000000 unlocked*: 000000000000000000 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 0.11 (iflnkst) @ 0xffffd8800e7ff100, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at module_hook_init) lock address : 0xffffffff82d9bc40 type : sleep/adaptive initialized : 0xffffffff816cf3f2 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffd8800e7ff100 last held: 000000000000000000 last locked : 000000000000000000 unlocked*: 000000000000000000 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 0.5 (softclk/0) @ 0xffffd8800e7e6080, l_stat=1 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at module_hook_init) lock address : 0xffffffff82d9bc40 type : sleep/adaptive initialized : 0xffffffff816cf3f2 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffd8800e7e6080 last held: 000000000000000000 last locked : 000000000000000000 unlocked*: 000000000000000000 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. [Locks tracked through CPUs] PAGE FLAG PQ UOBJECT UANON 0xffffd88000017180 0041 00000000 0x0 0x0 0xffffd88000017200 0041 00000000 0x0 0x0 0xffffd88000017280 0041 00000000 0x0 0x0 0xffffd88000017300 0041 00000000 0x0 0x0 0xffffd88000017380 0041 00000000 0x0 0x0 0xffffd88000017400 0041 00000000 0x0 0x0 0xffffd88000017480 0041 00000000 0x0 0x0 0xffffd88000017500 0041 00000000 0x0 0x0 0xffffd88000017580 0041 00000000 0x0 0x0 0xffffd88000017600 0041 00000000 0x0 0x0 0xffffd88000017680 0041 00000000 0x0 0x0 0xffffd88000017700 0041 00000000 0x0 0x0 0xffffd88000017780 0041 00000000 0x0 0x0 0xffffd88000017800 0041 00000000 0x0 0x0 0xffffd88000017880 0041 00000000 0x0 0x0 0xffffd88000017900 0041 00000000 0x0 0x0 0xffffd88000017980 0041 00000000 0x0 0x0 0xffffd88000017a00 0041 00000000 0x0 0x0 0xffffd88000017a80 0041 00000000 0x0 0x0 0xffffd88000017b00 0041 00000000 0x0 0x0 0xffffd88000017b80 0041 00000000 0x0 0x0 0xffffd88000017c00 0041 00000000 0x0 0x0 0xffffd88000017c80 0041 00000000 0x0 0x0 0xffffd88000017d00 0041 00000000 0x0 0x0 0xffffd88000017d80 0041 00000000 0x0 0x0 0xffffd88000017e00 0041 00000000 0x0 0x0 0xffffd88000017e80 0041 00000000 0x0 0x0 0xffffd88000017f00 0041 00000000 0x0 0x0 0xffffd88000017f80 0041 00000000 0x0 0x0 0xffffd88000018000 0041 00000000 0x0 0x0 0xffffd88000018080 0041 00000000 0x0 0x0 0xffffd88000018100 0041 00000000 0x0 0x0 0xffffd88000018180 0041 00000000 0x0 0x0 0xffffd88000018200 0041 00000000 0x0 0x0 0xffffd88000018280 0041 00000000 0x0 0x0 0xffffd88000018300 0041 00000000 0x0 0x0 0xffffd88000018380 0041 00000000 0x0 0x0 0xffffd88000018400 0041 00000000 0x0 0x0 0xffffd88000018480 0041 00000000 0x0 0x0 0xffffd88000018500 0041 00000000 0x0 0x0 0xffffd88000018580 0041 00000000 0x0 0x0 0xffffd88000018600 0041 00000000 0x0 0x0 0xffffd88000018680 0041 00000000 0x0 0x0 0xffffd88000018700 0041 00000000 0x0 0x0 0xffffd88000018780 0041 00000000 0x0 0x0 0xffffd88000018800 0041 00000000 0x0 0x0 0xffffd88000018880 0041 00000000 0x0 0x0 0xffffd88000018900 0041 00000000 0x0 0x0 0xffffd88000018980 0041 00000000 0x0 0x0 0xffffd88000018a00 0041 00000000 0x0 0x0 0xffffd88000018a80 0041 00000000 0x0 0x0 0xffffd88000018b00 0041 00000000 0x0 0x0 0xffffd88000018b80 0041 00000000 0x0 0x0 0xffffd88000018c00 0041 00000000 0x0 0x0 0xffffd88000018c80 0041 00000000 0x0 0x0 0xffffd88000018d00 0041 00000000 0x0 0x0 0xffffd88000018d80 0041 00000000 0x0 0x0 0xffffd88000018e00 0041 00000000 0x0 0x0 0xffffd88000018e80 0041 00000000 0x0 0x0 0xffffd88000018f00 0041 00000000 0x0 0x0 0xffffd88000018f80 0041 00000000 0x0 0x0 0xffffd88000019000 0041 00000000 0x0 0x0 0xffffd88000019080 0041 00000000 0x0 0x0 0xffffd88000019100 0041 00000000 0x0 0x0 0xffffd88000019180 0041 00000000 0x0 0x0 0xffffd88000019200 0041 00000000 0x0 0x0 0xffffd88000019280 0041 00000000 0x0 0x0 0xffffd88000019300 0041 00000000 0x0 0x0 0xffffd88000019380 0041 00000000 0x0 0x0 0xffffd88000019400 0041 00000000 0x0 0x0 0xffffd88000019480 0041 00000000 0x0 0x0 0xffffd88000019500 0041 00000000 0x0 0x0 0xffffd88000019580 0041 00000000 0x0 0x0 0xffffd88000019600 0041 00000000 0x0 0x0 0xffffd88000019680 0041 00000000 0x0 0x0 0xffffd88000019700 0041 00000000 0x0 0x0 0xffffd88000019780 0041 00000000 0x0 0x0 0xffffd88000019800 0041 00000000 0x0 0x0 0xffffd88000019880 0041 00000000 0x0 0x0 0xffffd88000019900 0041 00000000 0x0 0x0 0xffffd88000019980 0041 00000000 0x0 0x0 0xffffd88000019a00 0041 00000000 0x0 0x0 0xffffd88000019a80 0041 00000000 0x0 0x0 0xffffd88000019b00 0041 00000000 0x0 0x0 0xffffd88000019b80 0041 00000000 0x0 0x0 0xffffd88000019c00 0041 00000000 0x0 0x0 0xffffd88000019c80 0041 00000000 0x0 0x0 0xffffd88000019d00 0041 00000000 0x0 0x0 0xffffd88000019d80 0041 00000000 0x0 0x0 0xffffd88000019e00 0041 00000000 0x0 0x0 0xffffd88000019e80 0041 00000000 0x0 0x0 0xffffd88000019f00 0041 00000000 0x0 0x0 0xffffd88000019f80 0041 00000000 0x0 0x0 0xffffd8800001a000 0041 00000000 0x0 0x0 0xffffd8800001a080 0041 00000000 0x0 0x0 0xffffd8800001a100 0041 00000000 0x0 0x0 0xffffd8800001a180 0041 00000000 0x0 0x0 0xffffd8800001a200 0041 00000000 0x0 0x0 0xffffd8800001a280 0041 00000000 0x0 0x0 0xffffd8800001a300 0041 00000000 0x0 0x0 0xffffd8800001a380 0041 00000000 0x0 0x0 0xffffd8800001a400 0041 00000000 0x0 0x0 0xffffd8800001a480 0041 00000000 0x0 0x0 0xffffd8800001a500 0041 00000000 0x0 0x0 0xffffd8800001a580 0041 00000000 0x0 0x0