[ 126.4439504] panic: UBSan: Undefined Behavior in /syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/kern/kern_ras.c:237:10, pointer expression with base 0 overflowed to 0x8000000000000000 [ 126.4606907] cpu0: Begin traceback... [ 126.4939412] vpanic() at netbsd:vpanic+0x2f2 sys/kern/subr_prf.c:293 [ 126.5939414] Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352 [ 126.6839390] HandlePointerOverflow() at netbsd:HandlePointerOverflow+0xd2 sys/../common/lib/libc/misc/ubsan.c:706 [ 126.7639445] sys_rasctl() at netbsd:sys_rasctl+0x621 ras_purge sys/kern/kern_ras.c:237 [inline] [ 126.7639445] sys_rasctl() at netbsd:sys_rasctl+0x621 sys/kern/kern_ras.c:291 [ 126.8339408] sys___syscall() at netbsd:sys___syscall+0x1e4 sy_call sys/sys/syscallvar.h:65 [inline] [ 126.8339408] sys___syscall() at netbsd:sys___syscall+0x1e4 sys/kern/sys_syscall.c:90 [ 126.9139426] syscall() at netbsd:syscall+0x2da sy_call sys/sys/syscallvar.h:65 [inline] [ 126.9139426] syscall() at netbsd:syscall+0x2da sy_invoke sys/sys/syscallvar.h:94 [inline] [ 126.9139426] syscall() at netbsd:syscall+0x2da sys/arch/x86/x86/syscall.c:138 [ 126.9339415] --- syscall (number 343 via SYS_syscall) --- [ 126.9639421] netbsd:syscall+0x2da: [ 126.9639421] cpu0: End traceback... [ 126.9639421] fatal breakpoint trap in supervisor mode [ 126.9767854] trap type 1 code 0 rip 0xffffffff80221ab5 cs 0x8 rflags 0x246 cr2 0x7999a107cc50 ilevel 0 rsp 0xffff9f80d15d79a0 [ 126.9898592] curlwp 0xffffd67cca77c500 pid 2785.2625 lowest kstack 0xffff9f80d15d32c0 [ 126.9975835] Skipping crash dump on recursive panic [ 126.9975835] panic: UBSan: Undefined Behavior in /syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/dev/wsfb/genfb.c:988:28, member access within null pointer of type 'struct genfb_private' [ 126.9975835] cpu0: Begin traceback... [ 126.9975835] vpanic() at netbsd:vpanic+0x2f2 sys/kern/subr_prf.c:293 [ 126.9975835] Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352 [ 126.9975835] HandleTypeMismatch() at netbsd:HandleTypeMismatch+0x1fb sys/../common/lib/libc/misc/ubsan.c:429 [ 126.9975835] genfb_enable_polling() at netbsd:genfb_enable_polling+0x17e sys/dev/wsfb/genfb.c:988 [ 126.9975835] x86_genfb_ddb_trap_callback() at netbsd:x86_genfb_ddb_trap_callback+0x39 sys/arch/x86/x86/genfb_machdep.c:97 [ 126.9975835] db_trap() at netbsd:db_trap+0x68 sys/ddb/db_trap.c:73 [ 126.9975835] kdb_trap() at netbsd:kdb_trap+0x1aa sys/arch/amd64/amd64/db_interface.c:251 [ 126.9975835] trap() at netbsd:trap+0x5b2 sys/arch/amd64/amd64/trap.c:315 [ 126.9975835] --- trap (number 1) --- [ 126.9975835] breakpoint() at netbsd:breakpoint+0x5 [ 126.9975835] db_panic() at netbsd:db_panic+0xec sys/ddb/db_panic.c:69 [ 126.9975835] vpanic() at netbsd:vpanic+0x2f2 sys/kern/subr_prf.c:293 [ 126.9975835] Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352 [ 126.9975835] HandlePointerOverflow() at netbsd:HandlePointerOverflow+0xd2 sys/../common/lib/libc/misc/ubsan.c:706 [ 126.9975835] sys_rasctl() at netbsd:sys_rasctl+0x621 ras_purge sys/kern/kern_ras.c:237 [inline] [ 126.9975835] sys_rasctl() at netbsd:sys_rasctl+0x621 sys/kern/kern_ras.c:291 [ 126.9975835] sys___syscall() at netbsd:sys___syscall+0x1e4 sy_call sys/sys/syscallvar.h:65 [inline] [ 126.9975835] sys___syscall() at netbsd:sys___syscall+0x1e4 sys/kern/sys_syscall.c:90 [ 126.9975835] syscall() at netbsd:syscall+0x2da sy_call sys/sys/syscallvar.h:65 [inline] [ 126.9975835] syscall() at netbsd:syscall+0x2da sy_invoke sys/sys/syscallvar.h:94 [inline] [ 126.9975835] syscall() at netbsd:syscall+0x2da sys/arch/x86/x86/syscall.c:138 [ 126.9975835] --- syscall (number 343 via SYS_syscall) --- [ 126.9975835] netbsd:syscall+0x2da: [ 126.9975835] cpu0: End traceback... [ 126.9975835] fatal breakpoint trap in supervisor mode [ 126.9975835] trap type 1 code 0 rip 0xffffffff80221ab5 cs 0x8 rflags 0x246 cr2 0x7999a107cc50 ilevel 0x8 rsp 0xffff9f80d15d7070 [ 126.9975835] curlwp 0xffffd67cca77c500 pid 2785.2625 lowest kstack 0xffff9f80d15d32c0 [ 126.9975835] uvm_fault(0xffffd67cb4492df8, 0x0, 1) -> e [ 126.9975835] fatal page fault in supervisor mode [ 126.9975835] trap type 6 code 0 rip 0xffffffff830b6b1b cs 0x8 rflags 0x10217 cr2 0x1e8 ilevel 0x8 rsp 0xffff9f80d15d6ca0 [ 126.9975835] curlwp 0xffffd67cca77c500 pid 2785.2625 lowest kstack 0xffff9f80d15d32c0 kernel: page fault trap, code=0 [ 126.9975835] uvm_fault(0xffffd67cb4492df8, 0x0, 1) -> e [ 126.9975835] fatal page fault in supervisor mode [ 126.9975835] trap type 6 code 0 rip 0xffffffff830b6b1b cs 0x8 rflags 0x10217 cr2 0x1e8 ilevel 0x8 rsp 0xffff9f80d15d68d0 [ 126.9975835] curlwp 0xffffd67cca77c500 pid 2785.2625 lowest kstack 0xffff9f80d15d32c0 kernel: page fault trap, code=0 [ 126.9975835] uvm_fault(0xffffd67cb4492df8, 0x0, 1) -> e [ 126.9975835] fatal page fault in supervisor mode [ 126.9975835] trap type 6 code 0 rip 0xffffffff830b6b1b cs 0x8 rflags 0x10217 cr2 0x1e8 ilevel 0x8 rsp 0xffff9f80d15d6500 [ 126.9975835] curlwp 0xffffd67cca77c500 pid 2785.2625 lowest kstack 0xffff9f80d15d32c0 kernel: page fault trap, code=0 [ 126.9975835] uvm_fault(0xffffd67cb4492df8, 0x0, 1) -> e [ 126.9975835] fatal page fault in supervisor mode [ 126.9975835] trap type 6 code 0 rip 0xffffffff830b6b1b cs 0x8 rflags 0x10217 cr2 0x1e8 ilevel 0x8 rsp 0xffff9f80d15d6130 [ 126.9975835] curlwp 0xffffd67cca77c500 pid 2785.2625 lowest kstack 0xffff9f80d15d32c0 kernel: page fault trap, code=0 [ 126.9975835] uvm_fault(0xffffd67cb4492df8, 0x0, 1) -> e [ 126.9975835] fatal page fault in supervisor mode [ 126.9975835] trap type 6 code 0 rip 0xffffffff830b6b1b cs 0x8 rflags 0x10217 cr2 0x1e8 ilevel 0x8 rsp 0xffff9f80d15d5d60 [ 126.9975835] curlwp 0xffffd67cca77c500 pid 2785.2625 lowest kstack 0xffff9f80d15d32c0 kernel: page fault trap, code=0 [ 126.9975835] uvm_fault(0xffffd67cb4492df8, 0x0, 1) -> e [ 126.9975835] fatal page fault in supervisor mode [ 126.9975835] trap type 6 code 0 rip 0xffffffff830b6b1b cs 0x8 rflags 0x10217 cr2 0x1e8 ilevel 0x8 rsp 0xffff9f80d15d5990 [ 126.9975835] curlwp 0xffffd67cca77c500 pid 2785.2625 lowest kstack 0xffff9f80d15d32c0 kernel: page fault trap, code=0