[  63.7514466] panic: kernel diagnostic assertion "l->l_cpu == ci" failed: file "/syzkaller/managers/netbsd-kubsan/kernel/sys/kern/kern_synch.c", line 768 
[  63.7677881] cpu0: Begin traceback...
[  63.7914861] vpanic() at netbsd:vpanic+0x2aa sys/kern/subr_prf.c:336
[  63.8515745] kern_assert() at netbsd:kern_assert+0x63
[  63.9116611] mi_switch() at netbsd:mi_switch+0x10e9 sys/kern/kern_synch.c:768
[  63.9717442] sleepq_block() at netbsd:sleepq_block+0x1c6 sys/kern/kern_sleepq.c:281
[  64.0318260] lwp_park() at netbsd:lwp_park+0x1f6 sys/kern/sys_lwp.c:575
[  64.0919114] sys____lwp_park60() at netbsd:sys____lwp_park60+0xdf sys/kern/sys_lwp.c:628
[  64.1620169] syscall() at netbsd:syscall+0x29a sy_call sys/sys/syscallvar.h:65 [inline]
[  64.1620169] syscall() at netbsd:syscall+0x29a sy_invoke sys/sys/syscallvar.h:94 [inline]
[  64.1620169] syscall() at netbsd:syscall+0x29a sys/arch/x86/x86/syscall.c:138
[  64.1820386] --- syscall (number 478) ---
[  64.2120812] 7d3f1ecade7a:
[  64.2120812] cpu0: End traceback...
[  64.2226499] fatal breakpoint trap in supervisor mode
[  64.2226499] trap type 1 code 0 rip 0xffffffff8021dd9d cs 0x8 rflags 0x282 cr2 0x7d3f1f69bff8 ilevel 0 rsp 0xffff8a00a6ddfd30
[  64.2387925] curlwp 0xfffff359ac6d3760 pid 1431.3 lowest kstack 0xffff8a00a6ddc2c0
Stopped in pid 1431.3 (syz-executor7233) at     netbsd:breakpoint+0x5:  leave
?
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0xd1 sys/ddb/db_panic.c:67
vpanic() at netbsd:vpanic+0x2aa sys/kern/subr_prf.c:336
kern_assert() at netbsd:kern_assert+0x63
mi_switch() at netbsd:mi_switch+0x10e9 sys/kern/kern_synch.c:768
sleepq_block() at netbsd:sleepq_block+0x1c6 sys/kern/kern_sleepq.c:281
lwp_park() at netbsd:lwp_park+0x1f6 sys/kern/sys_lwp.c:575
sys____lwp_park60() at netbsd:sys____lwp_park60+0xdf sys/kern/sys_lwp.c:628
syscall() at netbsd:syscall+0x29a sy_call sys/sys/syscallvar.h:65 [inline]
syscall() at netbsd:syscall+0x29a sy_invoke sys/sys/syscallvar.h:94 [inline]
syscall() at netbsd:syscall+0x29a sys/arch/x86/x86/syscall.c:138
--- syscall (number 478) ---
7d3f1ecade7a:
ds          fd30
es          292e
fs          fd20
gs          7308
rdi         fffff35ab7eb54e0
rsi         fffff359ac6d3a48
rbp         ffff8a00a6ddfd30
rbx         ffffffff84029580    cpu_info_primary
rdx         2
rcx         0
rax         0
r8          ffffffff84029580    cpu_info_primary
r9          0
r10         ffff8a00a6ddfc60
r11         10
r12         ffffffff83b57308    ostype+0xc70
r13         ffff8a00a6ddfda8
r14         104
r15         ffffffff853e3fe0    pool_head+0x560
rip         ffffffff8021dd9d    breakpoint+0x5
cs          8
rflags      282
rsp         ffff8a00a6ddfd30
ss          10
netbsd:breakpoint+0x5:  leave
PID    LID S CPU     FLAGS       STRUCT LWP *               NAME WAIT
1703     7 2   1         0   fffff359a9fd82c0   syz-executor7233
1703     6 2   1         0   fffff359ad2ba520   syz-executor7233
1703     5 2   1         0   fffff359ac90b480   syz-executor7233
1703     4 3   1        80   fffff359b1268500   syz-executor7233 parked
1703     3 3   1        80   fffff359ac6d3ba0   syz-executor7233 parked
1703     1 2   1         0   fffff359aedf1540   syz-executor7233
1514     3 2   1         0   fffff359a9c54b60   syz-executor7233
1514     1 2   1     40000   fffff359ac3ae9e0   syz-executor7233
1627     3 3   1        80   fffff359b12680c0   syz-executor7233 parked
1627     1 2   1  10040000   fffff359b14c8120   syz-executor7233
1516     3 3   1        80   fffff359ac395080   syz-executor7233 parked
1516     1 2   1  10040000   fffff359ac215bc0   syz-executor7233
1431     5 2   1         0   fffff359ac5ac4e0   syz-executor7233
1431     4 2   1         0   fffff359ac90b040   syz-executor7233
1431 >   3 7   0         0   fffff359ac6d3760   syz-executor7233
1431 >   1 7   1  10040000   fffff359a89e5ac0   syz-executor7233
530      1 2   0         0   fffff359ac6d3320   syz-executor7233
453      1 2   0         0   fffff359a9c1cb80   syz-executor7233
45       1 2   0         0   fffff359a9fd8b40   syz-executor7233
381      1 2   1         0   fffff359a9fd8700   syz-executor7233
454      1 2   1         0   fffff359a89e5680   syz-executor7233
565      1 2   0         0   fffff359a89e5240   syz-executor7233
440      1 3   0        80   fffff359a8aefae0   syz-executor7233 nanoslp
41       1 3   1        80   fffff359a8de2280               sshd select
575      1 3   1        80   fffff359a9c1c740              getty nanoslp
580      1 3   1        80   fffff359a9c1c300              getty nanoslp
529      1 3   0        80   fffff359a9c54720              getty nanoslp
527      1 3   1        80   fffff359a86c1200              getty ttyraw
563      1 3   1        80   fffff359a9c542e0               cron nanoslp
534      1 3   0        80   fffff359a8de26c0              inetd kqueue
436      1 3   1        80   fffff359a8aef260               sshd select
410      1 3   0        80   fffff359a8e67b20             powerd kqueue
195      1 3   1        80   fffff359a8e672a0            syslogd kqueue
249      1 3   1        80   fffff359a8e676e0             dhcpcd kqueue
174      1 3   0        80   fffff359a8de2b00             dhcpcd kqueue
1        1 3   1        80   fffff359a85e7a60               init wait
0       58 3   0       204   fffff359a86c1640            physiod physiod
0       57 3   0       204   fffff359a86b7aa0           aiodoned aiodoned
0       56 3   1       200   fffff359a86b7660            ioflush syncer
0       55 3   0       204   fffff359a86b7220          pooldrain pooldrain
0       54 3   0       200   fffff359a86c1a80           pgdaemon pgdaemon
0       51 3   0       200   fffff359a5cdc9c0            npfgc-0 npfgccv
0       50 3   1       204   fffff359a85e7620            rt_free rt_free
0       49 3   1       204   fffff359a85e71e0              unpgc unpgc
0       48 3   1       204   fffff359a85d8a40    key_timehandler key_timehandler
0       47 3   1       204   fffff359a85d8600    icmp6_wqinput/1 icmp6_wqinput
0       46 3   0       204   fffff359a85d81c0    icmp6_wqinput/0 icmp6_wqinput
0       45 3   0       204   fffff359a8571a20          nd6_timer nd6_timer
0       44 3   1       204   fffff359a8543160    carp6_wqinput/1 carp6_wqinput
0       43 3   0       204   fffff359a85435a0    carp6_wqinput/0 carp6_wqinput
0       42 3   1       204   fffff359a85439e0     carp_wqinput/1 carp_wqinput
0       41 3   0       204   fffff359a856a180     carp_wqinput/0 carp_wqinput
0       40 3   1       204   fffff359a856a5c0     icmp_wqinput/1 icmp_wqinput
0       39 3   0       204   fffff359a856aa00     icmp_wqinput/0 icmp_wqinput
0       38 3   1       204   fffff359a85711a0           rt_timer rt_timer
0       37 3   1       204   fffff359a85715e0        vmem_rehash vmem_rehash
0       27 3   0       204   fffff359a5cdc580           scsibus0 sccomp
0       26 3   0       200   fffff359a5cdc140               pms0 pmsreset
0       25 3   1       204   fffff359a5c679a0            xcall/1 xcall
0       24 1   1       200   fffff359a5c67560          softser/1
0       23 1   1       200   fffff359a5c67120          softclk/1
0       22 1   1       200   fffff359a5c58980          softbio/1
0       21 1   1       200   fffff359a5c58540          softnet/1
0       20 1   1       201   fffff359a5c58100             idle/1
0       19 3   0       204   fffff35ab617e960           lnxpwrwq lnxpwrwq
0       18 3   0       204   fffff35ab617e520           lnxlngwq lnxlngwq
0       17 3   0       204   fffff35ab617e0e0           lnxsyswq lnxsyswq
0       16 3   0       204   fffff35ab61a3940           lnxrcugc lnxrcugc
0       15 3   0       204   fffff35ab61a3500             sysmon smtaskq
0       14 3   0       204   fffff35ab61a30c0         pmfsuspend pmfsuspend
0       13 3   0       204   fffff35ab65b8920           pmfevent pmfevent
0       12 3   0       204   fffff35ab65b84e0         sopendfree sopendfr
0       11 3   0       204   fffff35ab65b80a0           nfssilly nfssilly
0       10 3   1       200   fffff35ab79df900            cachegc cachegc
0        9 3   0       204   fffff35ab79df4c0             vdrain vdrain
0        8 3   0       200   fffff35ab79df080          modunload mod_unld
0        7 3   0       204   fffff35ab79fa8e0            xcall/0 xcall
0        6 1   0       200   fffff35ab79fa4a0          softser/0
0        5 1   0       200   fffff35ab79fa060          softclk/0
0        4 1   0       200   fffff35ab7a1b8c0          softbio/0
0        3 1   0       200   fffff35ab7a1b480          softnet/0
0        2 1   0       201   fffff35ab7a1b040             idle/0
0        1 3   0       200   ffffffff8533ac40            swapper uvm
[Locks tracked through LWPs]
Locks held by an LWP (syz-executor7233):
Lock 0 (initialized at amap_alloc)
lock address : 0xfffff359ac538fc0 type     :     sleep/adaptive
initialized  : 0xffffffff8222ae06
shared holds :                  0 exclusive:                  1
shares wanted:                  0 exclusive:                  0
current cpu  :                  0 last held:                  1
current lwp  : 0xfffff359ac6d3760 last held: 0xfffff359aedf1540
last locked* : 0xffffffff8224e448 unlocked : 0xffffffff822387b7
owner field  : 000000000000000000 wait/spin:                0/0

Turnstile chain at 0xffffffff85eb8638 with mutex 0xfffff35ab7a321c0.
=> No active turnstile for this lock.
Lock 1 (initialized at uvm_page_init)
lock address : 0xffffffff85eb0f40 type     :     sleep/adaptive
initialized  : 0xffffffff82288285
shared holds :                  0 exclusive:                  1
shares wanted:                  0 exclusive:                  0
current cpu  :                  0 last held:                  1
current lwp  : 0xfffff359ac6d3760 last held: 0xfffff359aedf1540
last locked* : 0xffffffff8224