[  36.9178408] panic: kernel diagnostic assertion "!topdown || hint <= orig_hint" failed: file "/syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/uvm/uvm_map.c", line 1795 map=0xffff818fe6a9a458 hint=0xffffffffff002000 orig_hint=0x20ffe000 length=0x20ffe000 uobj=0x0 uoffset=0xffffffffffffffff align=0 flags=0x80010 entry=0xffff818ff1ee8a00 (uvm_map_findspace line 1998)
[  36.9300092] cpu0: Begin traceback...
[  36.9478215] vpanic() at netbsd:vpanic+0x2f2 sys/kern/subr_prf.c:293
[  37.0178223] kern_assert() at netbsd:kern_assert+0x65 sys/arch/amd64/amd64/db_disasm.c:1074
[  37.0778241] uvm_findspace_invariants() at netbsd:uvm_findspace_invariants+0x134 sys/uvm/uvm_map.c:1795
[  37.1378217] uvm_map_findspace() at netbsd:uvm_map_findspace+0x3f4 sys/uvm/uvm_map.c:1999
[  37.1878235] uvm_map_prepare() at netbsd:uvm_map_prepare+0x586 sys/uvm/uvm_map.c:1181
[  37.2378220] uvm_map() at netbsd:uvm_map+0xd4 sys/uvm/uvm_map.c:1089
[  37.2878255] uvm_mmap.part.0() at netbsd:uvm_mmap.part.0+0x3b0
[  37.3378232] sys_mmap() at netbsd:sys_mmap+0x9e8 uvm_mmap sys/uvm/uvm_mmap.c:425 [inline]
[  37.3378232] sys_mmap() at netbsd:sys_mmap+0x9e8 sys/uvm/uvm_mmap.c:425
[  37.3878225] compat_43_sys_mmap() at netbsd:compat_43_sys_mmap+0x24a sys/compat/common/vm_43.c:150
[  37.4378216] sys_syscall() at netbsd:sys_syscall+0x1e4 sy_call sys/sys/syscallvar.h:65 [inline]
[  37.4378216] sys_syscall() at netbsd:sys_syscall+0x1e4 sys/kern/sys_syscall.c:90
[  37.4978222] syscall() at netbsd:syscall+0x2da sy_call sys/sys/syscallvar.h:65 [inline]
[  37.4978222] syscall() at netbsd:syscall+0x2da sy_invoke sys/sys/syscallvar.h:94 [inline]
[  37.4978222] syscall() at netbsd:syscall+0x2da sys/arch/x86/x86/syscall.c:138
[  37.5078210] --- syscall (number 71 via SYS_syscall) ---
[  37.5278212] netbsd:syscall+0x2da:
[  37.5278212] cpu0: End traceback...
[  37.5278212] fatal breakpoint trap in supervisor mode
[  37.5391546] trap type 1 code 0 rip 0xffffffff80221ab5 cs 0x8 rflags 0x246 cr2 0xffff8680c83b7000 ilevel 0 rsp 0xffff8680c83d49a0
[  37.5524986] curlwp 0xffff818ff094c580 pid 1220.1220 lowest kstack 0xffff8680c83d02c0
[  37.5602165] Skipping crash dump on recursive panic
[  37.5602165] panic: UBSan: Undefined Behavior in /syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/dev/wsfb/genfb.c:988:28, member access within null pointer of type 'struct genfb_private'

[  37.5602165] cpu0: Begin traceback...
[  37.5602165] vpanic() at netbsd:vpanic+0x2f2 sys/kern/subr_prf.c:293
[  37.5602165] Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352
[  37.5602165] HandleTypeMismatch() at netbsd:HandleTypeMismatch+0x1fb sys/../common/lib/libc/misc/ubsan.c:429
[  37.5602165] genfb_enable_polling() at netbsd:genfb_enable_polling+0x17e sys/dev/wsfb/genfb.c:988
[  37.5602165] x86_genfb_ddb_trap_callback() at netbsd:x86_genfb_ddb_trap_callback+0x39 sys/arch/x86/x86/genfb_machdep.c:97
[  37.5602165] db_trap() at netbsd:db_trap+0x68 sys/ddb/db_trap.c:73
[  37.5602165] kdb_trap() at netbsd:kdb_trap+0x1aa sys/arch/amd64/amd64/db_interface.c:251
[  37.5602165] trap() at netbsd:trap+0x5b2 sys/arch/amd64/amd64/trap.c:315
[  37.5602165] --- trap (number 1) ---
[  37.5602165] breakpoint() at netbsd:breakpoint+0x5
[  37.5602165] db_panic() at netbsd:db_panic+0xec sys/ddb/db_panic.c:69
[  37.5602165] vpanic() at netbsd:vpanic+0x2f2 sys/kern/subr_prf.c:293
[  37.5602165] kern_assert() at netbsd:kern_assert+0x65 sys/arch/amd64/amd64/db_disasm.c:1074
[  37.5602165] uvm_findspace_invariants() at netbsd:uvm_findspace_invariants+0x134 sys/uvm/uvm_map.c:1795
[  37.5602165] uvm_map_findspace() at netbsd:uvm_map_findspace+0x3f4 sys/uvm/uvm_map.c:1999
[  37.5602165] uvm_map_prepare() at netbsd:uvm_map_prepare+0x586 sys/uvm/uvm_map.c:1181
[  37.5602165] uvm_map() at netbsd:uvm_map+0xd4 sys/uvm/uvm_map.c:1089
[  37.5602165] uvm_mmap.part.0() at netbsd:uvm_mmap.part.0+0x3b0
[  37.5602165] sys_mmap() at netbsd:sys_mmap+0x9e8 uvm_mmap sys/uvm/uvm_mmap.c:425 [inline]
[  37.5602165] sys_mmap() at netbsd:sys_mmap+0x9e8 sys/uvm/uvm_mmap.c:425
[  37.5602165] compat_43_sys_mmap() at netbsd:compat_43_sys_mmap+0x24a sys/compat/common/vm_43.c:150
[  37.5602165] sys_syscall() at netbsd:sys_syscall+0x1e4 sy_call sys/sys/syscallvar.h:65 [inline]
[  37.5602165] sys_syscall() at netbsd:sys_syscall+0x1e4 sys/kern/sys_syscall.c:90
[  37.5602165] syscall() at netbsd:syscall+0x2da sy_call sys/sys/syscallvar.h:65 [inline]
[  37.5602165] syscall() at netbsd:syscall+0x2da sy_invoke sys/sys/syscallvar.h:94 [inline]
[  37.5602165] syscall() at netbsd:syscall+0x2da sys/arch/x86/x86/syscall.c:138
[  37.5602165] --- syscall (number 71 via SYS_syscall) ---
[  37.5602165] netbsd:syscall+0x2da:
[  37.5602165] cpu0: End traceback...
[  37.5602165] fatal breakpoint trap in supervisor mode
[  37.5602165] trap type 1 code 0 rip 0xffffffff80221ab5 cs 0x8 rflags 0x246 cr2 0xffff8680c83b7000 ilevel 0x8 rsp 0xffff8680c83d4070
[  37.5602165] curlwp 0xffff818ff094c580 pid 1220.1220 lowest kstack 0xffff8680c83d02c0