[ 1.5397286] panic: kernel diagnostic assertion "start < end" failed: file "/syzkaller/managers/ci2-netbsd/kernel/sys/uvm/uvm_km.c", line 513 [ 1.5552659] cpu0: Begin traceback... [ 1.5589886] vpanic() at netbsd:vpanic+0x258 sys/kern/subr_prf.c:290 [ 1.5780869] _sub_D_65535_0() at netbsd:_sub_D_65535_0+-0xca08 [ 1.5980858] uvm_km_pgremove_intrsafe() at netbsd:uvm_km_pgremove_intrsafe+0x40b sys/uvm/uvm_km.c:514 [ 1.6180843] uvm_km_kmem_free() at netbsd:uvm_km_kmem_free+0x3d sys/uvm/uvm_km.c:885 [ 1.6380839] kmem_intr_free() at netbsd:kmem_intr_free+0x31a sys/kern/subr_kmem.c:279 [ 1.6480841] scsi_probe_bus() at netbsd:scsi_probe_bus+0x7a9 sys/dev/scsipi/scsiconf.c:536 [ 1.6680844] scsibus_discover_thread() at netbsd:scsibus_discover_thread+0xbb scsibus_config sys/dev/scsipi/scsiconf.c:325 [inline] [ 1.6680844] scsibus_discover_thread() at netbsd:scsibus_discover_thread+0xbb sys/dev/scsipi/scsiconf.c:290 [ 1.6780832] cpu0: End traceback... [ 1.6780832] fatal breakpoint trap in supervisor mode [ 1.6901236] trap type 1 code 0 rip 0xffffffff80220a2d cs 0x8 rflags 0x282 cr2 0 ilevel 0 rsp 0xffffc60185089920 [ 1.7019840] curlwp 0xffffc600120b36c0 pid 0.30 lowest kstack 0xffffc601850822c0 Stopped in pid 0.30 (system) at netbsd:breakpoint+0x5: leave breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:69 vpanic() at netbsd:vpanic+0x258 sys/kern/subr_prf.c:290 _sub_D_65535_0() at netbsd:_sub_D_65535_0+-0xca08 uvm_km_pgremove_intrsafe() at netbsd:uvm_km_pgremove_intrsafe+0x40b sys/uvm/uvm_km.c:514 uvm_km_kmem_free() at netbsd:uvm_km_kmem_free+0x3d sys/uvm/uvm_km.c:885 kmem_intr_free() at netbsd:kmem_intr_free+0x31a sys/kern/subr_kmem.c:279 scsi_probe_bus() at netbsd:scsi_probe_bus+0x7a9 sys/dev/scsipi/scsiconf.c:536 scsibus_discover_thread() at netbsd:scsibus_discover_thread+0xbb scsibus_config sys/dev/scsipi/scsiconf.c:325 [inline] scsibus_discover_thread() at netbsd:scsibus_discover_thread+0xbb sys/dev/scsipi/scsiconf.c:290 ds 0 es 0 fs 8ab3 gs d7b rdi 5 rsi 0 rbp ffffc60185089920 rbx 1 rdx 0 rcx ffffffff8161a066 db_panic+0xf6 rax ffffc600120b36c0 r8 4 r9 ffffffff8161a057 db_panic+0xe7 --db_more--