[ 201.6149098] panic: UBSan: Undefined Behavior in /syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/dev/wscons/wsmux.c:520:34, member access within null pointer of type 'struct pgrp' [ 201.6248363] cpu1: Begin traceback... [ 201.6546907] vpanic() at netbsd:vpanic+0x2f0 sys/kern/subr_prf.c:288 [ 201.7342907] Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352 [ 201.7939866] HandleTypeMismatch() at netbsd:HandleTypeMismatch+0x1fb sys/../common/lib/libc/misc/ubsan.c:429 [ 201.8536879] wsmux_do_ioctl() at netbsd:wsmux_do_ioctl+0x12ce sys/dev/wscons/wsmux.c:520 [ 201.9133859] cdev_ioctl() at netbsd:cdev_ioctl+0x162 sys/kern/subr_devsw.c:1525 [ 201.9631391] spec_ioctl() at netbsd:spec_ioctl+0xf2 sys/miscfs/specfs/spec_vnops.c:1331 [ 202.0128885] VOP_IOCTL() at netbsd:VOP_IOCTL+0x149 sys/kern/vnode_if.c:933 [ 202.0725862] vn_ioctl() at netbsd:vn_ioctl+0x1a4 sys/kern/vfs_vnops.c:894 [ 202.1322864] sys_ioctl() at netbsd:sys_ioctl+0xd88 sys/kern/sys_generic.c:675 [ 202.1820385] sys___syscall() at netbsd:sys___syscall+0x1e4 sy_call sys/sys/syscallvar.h:65 [inline] [ 202.1820385] sys___syscall() at netbsd:sys___syscall+0x1e4 sys/kern/sys_syscall.c:90 [ 202.2417398] syscall() at netbsd:syscall+0x28b sy_call sys/sys/syscallvar.h:65 [inline] [ 202.2417398] syscall() at netbsd:syscall+0x28b sy_invoke sys/sys/syscallvar.h:94 [inline] [ 202.2417398] syscall() at netbsd:syscall+0x28b sys/arch/x86/x86/syscall.c:137 [ 202.2516854] --- syscall (number 54 via SYS_syscall) --- [ 202.2715974] netbsd:syscall+0x28b: [ 202.2715974] cpu1: End traceback... [ 202.2815346] fatal breakpoint trap in supervisor mode [ 202.2815346] trap type 1 code 0 rip 0xffffffff80235475 cs 0x8 rflags 0x246 cr2 0x75ee7e1cfff8 ilevel 0 rsp 0xffffaa0248482630 [ 202.2914899] curlwp 0xffffcbb00dbaa940 pid 3819.1955 lowest kstack 0xffffaa024847e2c0 Stopped in pid 3819.1955 (syz-executor.0) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0xec sys/ddb/db_panic.c:71 vpanic() at netbsd:vpanic+0x2f0 sys/kern/subr_prf.c:288 Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352 HandleTypeMismatch() at netbsd:HandleTypeMismatch+0x1fb sys/../common/lib/libc/misc/ubsan.c:429 wsmux_do_ioctl() at netbsd:wsmux_do_ioctl+0x12ce sys/dev/wscons/wsmux.c:520 cdev_ioctl() at netbsd:cdev_ioctl+0x162 sys/kern/subr_devsw.c:1525 spec_ioctl() at netbsd:spec_ioctl+0xf2 sys/miscfs/specfs/spec_vnops.c:1331 VOP_IOCTL() at netbsd:VOP_IOCTL+0x149 sys/kern/vnode_if.c:933 vn_ioctl() at netbsd:vn_ioctl+0x1a4 sys/kern/vfs_vnops.c:894 sys_ioctl() at netbsd:sys_ioctl+0xd88 sys/kern/sys_generic.c:675 sys___syscall() at netbsd:sys___syscall+0x1e4 sy_call sys/sys/syscallvar.h:65 [inline] sys___syscall() at netbsd:sys___syscall+0x1e4 sys/kern/sys_syscall.c:90 syscall() at netbsd:syscall+0x28b sy_call sys/sys/syscallvar.h:65 [inline] syscall() at netbsd:syscall+0x28b sy_invoke sys/sys/syscallvar.h:94 [inline] syscall() at netbsd:syscall+0x28b sys/arch/x86/x86/syscall.c:137 --- syscall (number 54 via SYS_syscall) --- netbsd:syscall+0x28b: Panic string: UBSan: Undefined Behavior in /syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/dev/wscons/wsmux.c:520:34, member access within null pointer of type 'struct pgrp' PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 2744 2744 3 1 180 ffffcbb020ed54c0 syz-executor.0 parked 3819 2757 3 1 180 ffffcbb0201992c0 syz-executor.0 parked 3819 > 1955 7 1 0 ffffcbb00dbaa940 syz-executor.0 3819 1670 3 1 10000000 ffffcbb020ed5080 syz-executor.0 vfork 3819 3819 2 1 10000000 ffffcbb021d50040 syz-executor.0 1688 1688 3 0 40180 ffffcbb021d508c0 syz-executor.0 nanoslp 2379 2379 2 1 40000 ffffcbb020199b40 syz-executor.5 1534 > 1534 7 0 0 ffffcbb027bf6740 syz-executor.1 1522 1522 3 1 180 ffffcbb023ede240 syz-executor.4 parked 1533 1533 3 1 180 ffffcbb0167d9100 syz-executor.2 parked 1637 1637 3 1 180 ffffcbb025fa66c0 syz-executor.2 parked 1505 3412 3 1 11100000 ffffcbb023edeac0 syz-executor.2 vfork 1505 1505 3 0 11000000 ffffcbb027e53340 syz-executor.2 lwpwait 2376 2376 3 0 1c0 ffffcbb020199700 syz-executor.2 wait 1435 1435 3 1 180 ffffcbb019678500 syz-executor.5 parked 1436 1436 3 1 180 ffffcbb021d50480 syz-executor.5 parked 2095 2095 3 1 180 ffffcbb027bf6300 syz-executor.5 parked 1348 1348 3 1 180 ffffcbb025fa6b00 syz-executor.5 parked 2347 3655 2 1 1000040 ffffcbb0196780c0 syz-executor.5 2347 1322 3 1 1100000 ffffcbb01a0fdbc0 syz-executor.5 vfork 2347 2487 3 1 11100000 ffffcbb025fa6280 syz-executor.5 vfork 3638 3638 3 0 180 ffffcbb013b98640 syz-executor.0 parked 2905 3943 3 0 11100000 ffffcbb027bf6b80 syz-executor.0 vfork 2905 2905 2 1 11000040 ffffcbb027e53bc0 syz-executor.0 2778 2778 3 0 180 ffffcbb00e3b8980 syz-executor.4 parked 753 753 3 1 180 ffffcbb01462fb40 syz-executor.4 parked 1742 1742 3 1 180 ffffcbb01420f080 syz-executor.4 parked 2739 2739 3 1 180 ffffcbb0167d9540 syz-executor.3 parked 2098 1585 3 1 11100000 ffffcbb014a3f140 syz-executor.3 vfork 2098 2098 2 1 11000040 ffffcbb018b13180 syz-executor.3 1966 1966 3 1 180 ffffcbb019cf7600 syz-executor.0 parked 671 671 3 1 180 ffffcbb019aa3740 syz-executor.0 parked 657 657 3 1 180 ffffcbb019aa3300 syz-executor.5 parked 2904 2904 3 0 180 ffffcbb014a3f580 syz-executor.2 parked 645 645 3 1 180 ffffcbb013b98a80 syz-executor.2 parked 648 643 3 1 11100000 ffffcbb01a4aa480 syz-executor.2 vfork 648 648 2 1 11000040 ffffcbb0167d9980 syz-executor.2 2873 2873 3 1 180 ffffcbb019cf71c0 syz-executor.4 parked 495 495 3 0 180 ffffcbb00de91180 syz-executor.1 parked 322 322 3 0 180 ffffcbb019aa3b80 syz-executor.3 parked 830 1344 3 0 11100000 ffffcbb01a0fd340 syz-executor.3 vfork 830 830 2 1 11000040 ffffcbb019cf7a40 syz-executor.3 2889 2889 3 0 180 ffffcbb01420f4c0 syz-executor.2 parked 1964 1964 3 1 180 ffffcbb014a3f9c0 syz-executor.3 parked 1869 1869 3 0 180 ffffcbb016a25940 syz-executor.3 parked 12