[   1.5185077] panic: kernel diagnostic assertion "start < end" failed: file "/syzkaller/managers/ci2-netbsd/kernel/sys/uvm/uvm_km.c", line 513 
[   1.5343676] cpu0: Begin traceback...
[   1.5381256] vpanic() at netbsd:vpanic+0x258 sys/kern/subr_prf.c:290
[   1.5568422] _sub_D_65535_0() at netbsd:_sub_D_65535_0+-0xca08
[   1.5768427] uvm_km_pgremove_intrsafe() at netbsd:uvm_km_pgremove_intrsafe+0x40b sys/uvm/uvm_km.c:514
[   1.5968426] uvm_km_kmem_free() at netbsd:uvm_km_kmem_free+0x3d sys/uvm/uvm_km.c:885
[   1.6168413] kmem_intr_free() at netbsd:kmem_intr_free+0x31a sys/kern/subr_kmem.c:279
[   1.6268416] scsi_probe_bus() at netbsd:scsi_probe_bus+0x7a9 sys/dev/scsipi/scsiconf.c:536
[   1.6468421] scsibus_discover_thread() at netbsd:scsibus_discover_thread+0xbb scsibus_config sys/dev/scsipi/scsiconf.c:325 [inline]
[   1.6468421] scsibus_discover_thread() at netbsd:scsibus_discover_thread+0xbb sys/dev/scsipi/scsiconf.c:290
[   1.6588201] cpu0: End traceback...
[   1.6685341] fatal breakpoint trap in supervisor mode
[   1.6685341] trap type 1 code 0 rip 0xffffffff80220a2d cs 0x8 rflags 0x282 cr2 0 ilevel 0 rsp 0xffffa20185089920
[   1.6836546] curlwp 0xffffa200120b36c0 pid 0.30 lowest kstack 0xffffa201850822c0
Stopped in pid 0.30 (system) at netbsd:breakpoint+0x5:  leave
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:69
vpanic() at netbsd:vpanic+0x258 sys/kern/subr_prf.c:290
_sub_D_65535_0() at netbsd:_sub_D_65535_0+-0xca08
uvm_km_pgremove_intrsafe() at netbsd:uvm_km_pgremove_intrsafe+0x40b sys/uvm/uvm_km.c:514
uvm_km_kmem_free() at netbsd:uvm_km_kmem_free+0x3d sys/uvm/uvm_km.c:885
kmem_intr_free() at netbsd:kmem_intr_free+0x31a sys/kern/subr_kmem.c:279
scsi_probe_bus() at netbsd:scsi_probe_bus+0x7a9 sys/dev/scsipi/scsiconf.c:536
scsibus_discover_thread() at netbsd:scsibus_discover_thread+0xbb scsibus_config sys/dev/scsipi/scsiconf.c:325 [inline]
scsibus_discover_thread() at netbsd:scsibus_discover_thread+0xbb sys/dev/scsipi/scsiconf.c:290
ds          0
es          0
fs          8ab3
gs          d7b
rdi         5
rsi         0
rbp         ffffa20185089920
rbx         1
rdx         0
rcx         ffffffff8161a066    db_panic+0xf6
rax         ffffa200120b36c0
r8          4
r9          ffffffff8161a057    db_panic+0xe7
--db_more--