[ 44.4502434] panic: UBSan: Undefined Behavior in /syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/kern/kern_ras.c:183:10, pointer expression with base 0x200000c0 overflowed to 0x80000000200000c1 [ 44.4679941] cpu0: Begin traceback... [ 44.5002297] vpanic() at netbsd:vpanic+0x2f2 sys/kern/subr_prf.c:293 [ 44.6102304] Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352 [ 44.6902314] HandlePointerOverflow() at netbsd:HandlePointerOverflow+0xd2 sys/../common/lib/libc/misc/ubsan.c:706 [ 44.7702326] sys_rasctl() at netbsd:sys_rasctl+0x641 ras_install sys/kern/kern_ras.c:183 [inline] [ 44.7702326] sys_rasctl() at netbsd:sys_rasctl+0x641 sys/kern/kern_ras.c:288 [ 44.8502305] sys___syscall() at netbsd:sys___syscall+0x1e4 sy_call sys/sys/syscallvar.h:65 [inline] [ 44.8502305] sys___syscall() at netbsd:sys___syscall+0x1e4 sys/kern/sys_syscall.c:90 [ 44.9202329] syscall() at netbsd:syscall+0x2da sy_call sys/sys/syscallvar.h:65 [inline] [ 44.9202329] syscall() at netbsd:syscall+0x2da sy_invoke sys/sys/syscallvar.h:94 [inline] [ 44.9202329] syscall() at netbsd:syscall+0x2da sys/arch/x86/x86/syscall.c:138 [ 44.9402315] --- syscall (number 343 via SYS_syscall) --- [ 44.9702317] netbsd:syscall+0x2da: [ 44.9702317] cpu0: End traceback... [ 44.9702317] fatal breakpoint trap in supervisor mode [ 44.9830139] trap type 1 code 0 rip 0xffffffff80221ab5 cs 0x8 rflags 0x246 cr2 0x63e060 ilevel 0 rsp 0xffff9400c81599a0 [ 44.9954817] curlwp 0xffffd8e5d9425b00 pid 1202.1128 lowest kstack 0xffff9400c81552c0 [ 45.0031804] Skipping crash dump on recursive panic [ 45.0031804] panic: UBSan: Undefined Behavior in /syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/dev/wsfb/genfb.c:988:28, member access within null pointer of type 'struct genfb_private' [ 45.0031804] cpu0: Begin traceback... [ 45.0031804] vpanic() at netbsd:vpanic+0x2f2 sys/kern/subr_prf.c:293 [ 45.0031804] Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352 [ 45.0031804] HandleTypeMismatch() at netbsd:HandleTypeMismatch+0x1fb sys/../common/lib/libc/misc/ubsan.c:429 [ 45.0031804] genfb_enable_polling() at netbsd:genfb_enable_polling+0x17e sys/dev/wsfb/genfb.c:988 [ 45.0031804] x86_genfb_ddb_trap_callback() at netbsd:x86_genfb_ddb_trap_callback+0x39 sys/arch/x86/x86/genfb_machdep.c:97 [ 45.0031804] db_trap() at netbsd:db_trap+0x68 sys/ddb/db_trap.c:73 [ 45.0031804] kdb_trap() at netbsd:kdb_trap+0x1aa sys/arch/amd64/amd64/db_interface.c:251 [ 45.0031804] trap() at netbsd:trap+0x5b2 sys/arch/amd64/amd64/trap.c:315 [ 45.0031804] --- trap (number 1) --- [ 45.0031804] breakpoint() at netbsd:breakpoint+0x5 [ 45.0031804] db_panic() at netbsd:db_panic+0xec sys/ddb/db_panic.c:69 [ 45.0031804] vpanic() at netbsd:vpanic+0x2f2 sys/kern/subr_prf.c:293 [ 45.0031804] Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352 [ 45.0031804] HandlePointerOverflow() at netbsd:HandlePointerOverflow+0xd2 sys/../common/lib/libc/misc/ubsan.c:706 [ 45.0031804] sys_rasctl() at netbsd:sys_rasctl+0x641 ras_install sys/kern/kern_ras.c:183 [inline] [ 45.0031804] sys_rasctl() at netbsd:sys_rasctl+0x641 sys/kern/kern_ras.c:288 [ 45.0031804] sys___syscall() at netbsd:sys___syscall+0x1e4 sy_call sys/sys/syscallvar.h:65 [inline] [ 45.0031804] sys___syscall() at netbsd:sys___syscall+0x1e4 sys/kern/sys_syscall.c:90 [ 45.0031804] syscall() at netbsd:syscall+0x2da sy_call sys/sys/syscallvar.h:65 [inline] [ 45.0031804] syscall() at netbsd:syscall+0x2da sy_invoke sys/sys/syscallvar.h:94 [inline] [ 45.0031804] syscall() at netbsd:syscall+0x2da sys/arch/x86/x86/syscall.c:138 [ 45.0031804] --- syscall (number 343 via SYS_syscall) --- [ 45.0031804] netbsd:syscall+0x2da: [ 45.0031804] cpu0: End traceback... [ 45.0031804] fatal breakpoint trap in supervisor mode [ 45.0031804] trap type 1 code 0 rip 0xffffffff80221ab5 cs 0x8 rflags 0x246 cr2 0x63e060 ilevel 0x8 rsp 0xffff9400c8159070 [ 45.0031804] curlwp 0xffffd8e5d9425b00 pid 1202.1128 lowest kstack 0xffff9400c81552c0 [ 45.0031804] uvm_fault(0xffffd8e5cfb6aca8, 0x0, 1) -> e [ 45.0031804] fatal page fault in supervisor mode [ 45.0031804] trap type 6 code 0 rip 0xffffffff830b6b1b cs 0x8 rflags 0x10217 cr2 0x1e8 ilevel 0x8 rsp 0xffff9400c8158ca0 [ 45.0031804] curlwp 0xffffd8e5d9425b00 pid 1202.1128 lowest kstack 0xffff9400c81552c0 kernel: page fault trap, code=0 [ 45.0031804] uvm_fault(0xffffd8e5cfb6aca8, 0x0, 1) -> e [ 45.0031804] fatal page fault in supervisor mode [ 45.0031804] trap type 6 code 0 rip 0xffffffff830b6b1b cs 0x8 rflags 0x10217 cr2 0x1e8 ilevel 0x8 rsp 0xffff9400c81588d0 [ 45.0031804] curlwp 0xffffd8e5d9425b00 pid 1202.1128 lowest kstack 0xffff9400c81552c0 kernel: page fault trap, code=0 [ 45.0031804] uvm_fault(0xffffd8e5cfb6aca8, 0x0, 1) -> e [ 45.0031804] fatal page fault in supervisor mode [ 45.0031804] trap type 6 code 0 rip 0xffffffff830b6b1b cs 0x8 rflags 0x10217 cr2 0x1e8 ilevel 0x8 rsp 0xffff9400c8158500 [ 45.0031804] curlwp 0xffffd8e5d9425b00 pid 1202.1128 lowest kstack 0xffff9400c81552c0 kernel: page fault trap, code=0 [ 45.0031804] uvm_fault(0xffffd8e5cfb6aca8, 0x0, 1) -> e [ 45.0031804] fatal page fault in supervisor mode [ 45.0031804] trap type 6 code 0 rip 0xffffffff830b6b1b cs 0x8 rflags 0x10217 cr2 0x1e8 ilevel 0x8 rsp 0xffff9400c8158130 [ 45.0031804] curlwp 0xffffd8e5d9425b00 pid 1202.1128 lowest kstack 0xffff9400c81552c0 kernel: page fault trap, code=0 [ 45.0031804] uvm_fault(0xffffd8e5cfb6aca8, 0x0, 1) -> e [ 45.0031804] fatal page fault in supervisor mode [ 45.0031804] trap type 6 code 0 rip 0xffffffff830b6b1b cs 0x8 rflags 0x10217 cr2 0x1e8 ilevel 0x8 rsp 0xffff9400c8157d60 [ 45.0031804] curlwp 0xffffd8e5d9425b00 pid 1202.1128 lowest kstack 0xffff9400c81552c0 kernel: page fault trap, code=0 [ 45.0031804] uvm_fault(0xffffd8e5cfb6aca8, 0x0, 1) -> e [ 45.0031804] fatal page fault in supervisor mode [ 45.0031804] trap type 6 code 0 rip 0xffffffff830b6b1b cs 0x8 rflags 0x10217 cr2 0x1e8 ilevel 0x8 rsp 0xffff9400c8157990 [ 45.0031804] curlwp 0xffffd8e5d9425b00 pid 1202.1128 lowest kstack 0xffff9400c81552c0 kernel: page fault trap, code=0