syzbot

login: panic: attempt to execute user address 0x0 in supervisor mode
Stopped at      db_enter+0x18:  addq    $0x8,%rsp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
* 78903  53434      0           0  0x4000000    0K syz-executor.1
 497310  50793      0         0x2  0x4000000    1  syz-execprog
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff82234bff) at panic+0x15c sys/kern/subr_prf.c:207
pageflttrap(ffff800020ba30f0,0) at pageflttrap+0x40b
kerntrap(ffff800020ba30f0) at kerntrap+0xec sys/arch/amd64/amd64/trap.c:287
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
0(fffffd806e8dddd0,ffff800020ba3300,ffff800020aa1650,fffffd806e8dddd0,14ccc39b3c4cf773,7) at 0
sys_kevent(ffff800020aa1650,ffff800020ba3408,ffff800020ba3450) at sys_kevent+0x2b1 sys/kern/kern_event.c:522
syscall(ffff800020ba34d0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
syscall(ffff800020ba34d0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x41a98097c90, count: 6
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb{0}> 
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
attempt to execute user address 0x0 in supervisor mode
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff82234bff) at panic+0x15c sys/kern/subr_prf.c:207
pageflttrap(ffff800020ba30f0,0) at pageflttrap+0x40b
kerntrap(ffff800020ba30f0) at kerntrap+0xec sys/arch/amd64/amd64/trap.c:287
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
0(fffffd806e8dddd0,ffff800020ba3300,ffff800020aa1650,fffffd806e8dddd0,14ccc39b3c4cf773,7) at 0
sys_kevent(ffff800020aa1650,ffff800020ba3408,ffff800020ba3450) at sys_kevent+0x2b1 sys/kern/kern_event.c:522
syscall(ffff800020ba34d0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
syscall(ffff800020ba34d0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x41a98097c90, count: -9
ddb{0}> show registers
rdi                                0
rsi                              0x1
rbp               0xffff800020ba2f60
rbx               0xffff800020ba3010
rdx                             0x8b
rcx                              0x2
rax                              0x1
r8                0xffffffff8191fd6f    kprintf+0x16f
r9                               0x1
r10               0x6cb278c79a1c6b59
r11               0x908d8312e7c6a85f
r12                     0x3000000008
r13               0xffff800020ba2f70
r14                            0x100
r15                              0x1
rip               0xffffffff81e12998    db_enter+0x18
cs                               0x8
rflags                         0x246
rsp               0xffff800020ba2f50
ss                              0x10
db_enter+0x18:  addq    $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor.1) pid=78903 stat=onproc
    flags process=0 proc=4000000<THREAD>
    pri=61, usrpri=61, nice=20
    forw=0xffffffffffffffff, list=0xffff800020aa1160,0xffffffff826177f8
    process=0xffff800020aa2aa8 user=0xffff800020b9e000, vmspace=0xfffffd807efff730
    estcpu=36, cpticks=0, pctcpu=0.0
    user=0, sys=0, intr=0
ddb{0}>