Warning: Permanently added '10.128.0.253' (ECDSA) to the list of known hosts. executing program [ 36.9178408] panic: kernel diagnostic assertion "!topdown || hint <= orig_hint" failed: file "/syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/uvm/uvm_map.c", line 1795 map=0xffff818fe6a9a458 hint=0xffffffffff002000 orig_hint=0x20ffe000 length=0x20ffe000 uobj=0x0 uoffset=0xffffffffffffffff align=0 flags=0x80010 entry=0xffff818ff1ee8a00 (uvm_map_findspace line 1998) [ 36.9300092] cpu0: Begin traceback... [ 36.9478215] vpanic() at netbsd:vpanic+0x2f2 [ 37.0178223] kern_assert() at netbsd:kern_assert+0x65 [ 37.0778241] uvm_findspace_invariants() at netbsd:uvm_findspace_invariants+0x134 [ 37.1378217] uvm_map_findspace() at netbsd:uvm_map_findspace+0x3f4 [ 37.1878235] uvm_map_prepare() at netbsd:uvm_map_prepare+0x586 [ 37.2378220] uvm_map() at netbsd:uvm_map+0xd4 [ 37.2878255] uvm_mmap.part.0() at netbsd:uvm_mmap.part.0+0x3b0 [ 37.3378232] sys_mmap() at netbsd:sys_mmap+0x9e8 [ 37.3878225] compat_43_sys_mmap() at netbsd:compat_43_sys_mmap+0x24a [ 37.4378216] sys_syscall() at netbsd:sys_syscall+0x1e4 [ 37.4978222] syscall() at netbsd:syscall+0x2da [ 37.5078210] --- syscall (number 71 via SYS_syscall) --- [ 37.5278212] netbsd:syscall+0x2da: [ 37.5278212] cpu0: End traceback... [ 37.5278212] fatal breakpoint trap in supervisor mode [ 37.5391546] trap type 1 code 0 rip 0xffffffff80221ab5 cs 0x8 rflags 0x246 cr2 0xffff8680c83b7000 ilevel 0 rsp 0xffff8680c83d49a0 [ 37.5524986] curlwp 0xffff818ff094c580 pid 1220.1220 lowest kstack 0xffff8680c83d02c0 [ 37.5602165] Skipping crash dump on recursive panic [ 37.5602165] panic: UBSan: Undefined Behavior in /syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/dev/wsfb/genfb.c:988:28, member access within null pointer of type 'struct genfb_private' [ 37.5602165] cpu0: Begin traceback... [ 37.5602165] vpanic() at netbsd:vpanic+0x2f2 [ 37.5602165] Report() at netbsd:Report+0x3b [ 37.5602165] HandleTypeMismatch() at netbsd:HandleTypeMismatch+0x1fb [ 37.5602165] genfb_enable_polling() at netbsd:genfb_enable_polling+0x17e [ 37.5602165] x86_genfb_ddb_trap_callback() at netbsd:x86_genfb_ddb_trap_callback+0x39 [ 37.5602165] db_trap() at netbsd:db_trap+0x68 [ 37.5602165] kdb_trap() at netbsd:kdb_trap+0x1aa [ 37.5602165] trap() at netbsd:trap+0x5b2 [ 37.5602165] --- trap (number 1) --- [ 37.5602165] breakpoint() at netbsd:breakpoint+0x5 [ 37.5602165] db_panic() at netbsd:db_panic+0xec [ 37.5602165] vpanic() at netbsd:vpanic+0x2f2 [ 37.5602165] kern_assert() at netbsd:kern_assert+0x65 [ 37.5602165] uvm_findspace_invariants() at netbsd:uvm_findspace_invariants+0x134 [ 37.5602165] uvm_map_findspace() at netbsd:uvm_map_findspace+0x3f4 [ 37.5602165] uvm_map_prepare() at netbsd:uvm_map_prepare+0x586 [ 37.5602165] uvm_map() at netbsd:uvm_map+0xd4 [ 37.5602165] uvm_mmap.part.0() at netbsd:uvm_mmap.part.0+0x3b0 [ 37.5602165] sys_mmap() at netbsd:sys_mmap+0x9e8 [ 37.5602165] compat_43_sys_mmap() at netbsd:compat_43_sys_mmap+0x24a [ 37.5602165] sys_syscall() at netbsd:sys_syscall+0x1e4 [ 37.5602165] syscall() at netbsd:syscall+0x2da [ 37.5602165] --- syscall (number 71 via SYS_syscall) --- [ 37.5602165] netbsd:syscall+0x2da: [ 37.5602165] cpu0: End traceback... [ 37.5602165] fatal breakpoint trap in supervisor mode [ 37.5602165] trap type 1 code 0 rip 0xffffffff80221ab5 cs 0x8 rflags 0x246 cr2 0xffff8680c83b7000 ilevel 0x8 rsp 0xffff8680c83d4070 [ 37.5602165] curlwp 0xffff818ff094c580 pid 1220.1220 lowest kstack 0xffff8680c83d02c0