[  63.5027196] panic: kernel diagnostic assertion "(cnp->cn_flags & LOCKPARENT) == 0 || searchdir == NULL || VOP_ISLOCKED(searchdir) == LK_EXCLUSIVE" failed: file "/syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/kern/vfs_lookup.c", line 1744 
[  63.5227013] cpu1: Begin traceback...
[  63.5427037] vpanic() at netbsd:vpanic+0x2f2 sys/kern/subr_prf.c:293
[  63.6127034] kern_assert() at netbsd:kern_assert+0x65 sys/arch/amd64/amd64/db_disasm.c:1074
[  63.6727032] namei_tryemulroot() at netbsd:namei_tryemulroot+0x28c8 namei_oneroot sys/kern/vfs_lookup.c:1758 [inline]
[  63.6727032] namei_tryemulroot() at netbsd:namei_tryemulroot+0x28c8 sys/kern/vfs_lookup.c:1919
[  63.7327027] namei() at netbsd:namei+0x2e sys/kern/vfs_lookup.c:1955
[  63.7827032] vn_open() at netbsd:vn_open+0x252 sys/kern/vfs_vnops.c:219
[  63.8327034] do_open() at netbsd:do_open+0x1a3 sys/kern/vfs_syscalls.c:1752
[  63.8827020] do_sys_openat() at netbsd:do_sys_openat+0xcb sys/kern/vfs_syscalls.c:1837
[  63.9327035] sys_open() at netbsd:sys_open+0x60 sys/kern/vfs_syscalls.c:1858
[  63.9827035] sys___syscall() at netbsd:sys___syscall+0x1e4 sy_call sys/sys/syscallvar.h:65 [inline]
[  63.9827035] sys___syscall() at netbsd:sys___syscall+0x1e4 sys/kern/sys_syscall.c:90
[  64.0327039] syscall() at netbsd:syscall+0x2da sy_call sys/sys/syscallvar.h:65 [inline]
[  64.0327039] syscall() at netbsd:syscall+0x2da sy_invoke sys/sys/syscallvar.h:94 [inline]
[  64.0327039] syscall() at netbsd:syscall+0x2da sys/arch/x86/x86/syscall.c:138
[  64.0527039] --- syscall (number 5 via SYS_syscall) ---
[  64.0627010] netbsd:syscall+0x2da:
[  64.0727032] cpu1: End traceback...
[  64.0727032] fatal breakpoint trap in supervisor mode
[  64.0827011] trap type 1 code 0 rip 0xffffffff80221ab5 cs 0x8 rflags 0x246 cr2 0xc000231630 ilevel 0 rsp 0xffffc380c8529a00
[  64.0927012] curlwp 0xffffeac70ab15340 pid 2278.1226 lowest kstack 0xffffc380c85252c0
[  64.0927012] Skipping crash dump on recursive panic
[  64.0927012] panic: UBSan: Undefined Behavior in /syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/dev/wsfb/genfb.c:988:28, member access within null pointer of type 'struct genfb_private'

[  64.0927012] cpu1: Begin traceback...
[  64.0927012] vpanic() at netbsd:vpanic+0x2f2 sys/kern/subr_prf.c:293
[  64.0927012] Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352
[  64.0927012] HandleTypeMismatch() at netbsd:HandleTypeMismatch+0x1fb sys/../common/lib/libc/misc/ubsan.c:429
[  64.0927012] genfb_enable_polling() at netbsd:genfb_enable_polling+0x17e sys/dev/wsfb/genfb.c:988
[  64.0927012] x86_genfb_ddb_trap_callback() at netbsd:x86_genfb_ddb_trap_callback+0x39 sys/arch/x86/x86/genfb_machdep.c:97
[  64.0927012] db_trap() at netbsd:db_trap+0x68 sys/ddb/db_trap.c:73
[  64.0927012] kdb_trap() at netbsd:kdb_trap+0x1aa sys/arch/amd64/amd64/db_interface.c:251
[  64.0927012] trap() at netbsd:trap+0x5b2 sys/arch/amd64/amd64/trap.c:315
[  64.0927012] --- trap (number 1) ---
[  64.0927012] breakpoint() at netbsd:breakpoint+0x5
[  64.0927012] db_panic() at netbsd:db_panic+0xec sys/ddb/db_panic.c:69
[  64.0927012] vpanic() at netbsd:vpanic+0x2f2 sys/kern/subr_prf.c:293
[  64.0927012] kern_assert() at netbsd:kern_assert+0x65 sys/arch/amd64/amd64/db_disasm.c:1074
[  64.0927012] namei_tryemulroot() at netbsd:namei_tryemulroot+0x28c8 namei_oneroot sys/kern/vfs_lookup.c:1758 [inline]
[  64.0927012] namei_tryemulroot() at netbsd:namei_tryemulroot+0x28c8 sys/kern/vfs_lookup.c:1919
[  64.0927012] namei() at netbsd:namei+0x2e sys/kern/vfs_lookup.c:1955
[  64.0927012] vn_open() at netbsd:vn_open+0x252 sys/kern/vfs_vnops.c:219
[  64.0927012] do_open() at netbsd:do_open+0x1a3 sys/kern/vfs_syscalls.c:1752
[  64.0927012] do_sys_openat() at netbsd:do_sys_openat+0xcb sys/kern/vfs_syscalls.c:1837
[  64.0927012] sys_open() at netbsd:sys_open+0x60 sys/kern/vfs_syscalls.c:1858
[  64.0927012] sys___syscall() at netbsd:sys___syscall+0x1e4 sy_call sys/sys/syscallvar.h:65 [inline]
[  64.0927012] sys___syscall() at netbsd:sys___syscall+0x1e4 sys/kern/sys_syscall.c:90
[  64.0927012] syscall() at netbsd:syscall+0x2da sy_call sys/sys/syscallvar.h:65 [inline]
[  64.0927012] syscall() at netbsd:syscall+0x2da sy_invoke sys/sys/syscallvar.h:94 [inline]
[  64.0927012] syscall() at netbsd:syscall+0x2da sys/arch/x86/x86/syscall.c:138
[  64.0927012] --- syscall (number 5 via SYS_syscall) ---
[  64.0927012] netbsd:syscall+0x2da:
[  64.0927012] cpu1: End traceback...
[  64.0927012] fatal breakpoint trap in supervisor mode
[  64.0927012] trap type 1 code 0 rip 0xffffffff80221ab5 cs 0x8 rflags 0x246 cr2 0xc000231630 ilevel 0x8 rsp 0xffffc380c85290d0
[  64.0927012] curlwp 0xffffeac70ab15340 pid 2278.1226 lowest kstack 0xffffc380c85252c0
[  64.0927012] uvm_fault(0xffffeac707cfe050, 0x0, 1) -> e
[  64.0927012] fatal page fault in supervisor mode
[  64.0927012] trap type 6 code 0 rip 0xffffffff830b6b1b cs 0x8 rflags 0x10217 cr2 0x1e8 ilevel 0x8 rsp 0xffffc380c8528d00
[  64.0927012] curlwp 0xffffeac70ab15340 pid 2278.1226 lowest kstack 0xffffc380c85252c0
kernel: page fault trap, code=0
[  64.0927012] uvm_fault(0xffffeac707cfe050, 0x0, 1) -> e
[  64.0927012] fatal page fault in supervisor mode
[  64.0927012] trap type 6 code 0 rip 0xffffffff830b6b1b cs 0x8 rflags 0x10217 cr2 0x1e8 ilevel 0x8 rsp 0xffffc380c8528930
[  64.0927012] curlwp 0xffffeac70ab15340 pid 2278.1226 lowest kstack 0xffffc380c85252c0
kernel: page fault trap, code=0
[  64.0927012] uvm_fault(0xffffeac707cfe050, 0x0, 1) -> e
[  64.0927012] fatal page fault in supervisor mode
[  64.0927012] trap type 6 code 0 rip 0xffffffff830b6b1b cs 0x8 rflags 0x10217 cr2 0x1e8 ilevel 0x8 rsp 0xffffc380c8528560
[  64.0927012] curlwp 0xffffeac70ab15340 pid 2278.1226 lowest kstack 0xffffc380c85252c0
kernel: page fault trap, code=0
[  64.0927012] uvm_fault(0xffffeac707cfe050, 0x0, 1) -> e
[  64.0927012] fatal page fault in supervisor mode
[  64.0927012] trap type 6 code 0 rip 0xffffffff830b6b1b cs 0x8 rflags 0x10217 cr2 0x1e8 ilevel 0x8 rsp 0xffffc380c8528190
[  64.0927012] curlwp 0xffffeac70ab15340 pid 2278.1226 lowest kstack 0xffffc380c85252c0
kernel: page fault trap, code=0
[  64.0927012] uvm_fault(0xffffeac707cfe050, 0x0, 1) -> e
[  64.0927012] fatal page fault in supervisor mode
[  64.0927012] trap type 6 code 0 rip 0xffffffff830b6b1b cs 0x8 rflags 0x10217 cr2 0x1e8 ilevel 0x8 rsp 0xffffc380c8527dc0
[  64.0927012] curlwp 0xffffeac70ab15340 pid 2278.1226 lowest kstack 0xffffc380c85252c0
kernel: page fault trap, code=0
[  64.0927012] uvm_fault(0xffffeac707cfe050, 0x0, 1) -> e
[  64.0927012] fatal page fault in supervisor mode
[  64.0927012] trap type 6 code 0 rip 0xffffffff830b6b1b cs 0x8 rflags 0x10217 cr2 0x1e8 ilevel 0x8 rsp 0xffffc380c85279f0
[  64.0927012] curlwp 0xffffeac70ab15340 pid 2278.1226 lowest kstack 0xffffc380c85252c0
kernel: page fault trap, code=0
[  64.0927012] uvm_fault(0xffffeac707cfe050, 0x0, 1) -> e