[ 238.5092035] panic: UBSan: Undefined Behavior in /syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/dev/wscons/wskbd.c:1020:48, member access within null pointer of type 'struct pgrp'

[ 238.5264294] cpu0: Begin traceback...
[ 238.5591852] vpanic() at netbsd:vpanic+0x2f2 sys/kern/subr_prf.c:293
[ 238.6691831] Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352
[ 238.7491846] HandleTypeMismatch() at netbsd:HandleTypeMismatch+0x1fb sys/../common/lib/libc/misc/ubsan.c:429
[ 238.8391871] wskbd_do_ioctl() at netbsd:wskbd_do_ioctl+0x77b wskbd_do_ioctl_sc sys/dev/wscons/wskbd.c:1020 [inline]
[ 238.8391871] wskbd_do_ioctl() at netbsd:wskbd_do_ioctl+0x77b sys/dev/wscons/wskbd.c:993
[ 238.9191840] cdev_ioctl() at netbsd:cdev_ioctl+0x18d sys/kern/subr_devsw.c:1248
[ 238.9891840] spec_ioctl() at netbsd:spec_ioctl+0xf2 sys/miscfs/specfs/spec_vnops.c:1294
[ 239.0691841] VOP_IOCTL() at netbsd:VOP_IOCTL+0x147 sys/kern/vnode_if.c:934
[ 239.1491842] vn_ioctl() at netbsd:vn_ioctl+0x195 sys/kern/vfs_vnops.c:865
[ 239.2291850] sys_ioctl() at netbsd:sys_ioctl+0xd88 sys/kern/sys_generic.c:675
[ 239.2991829] sys___syscall() at netbsd:sys___syscall+0x1e4 sy_call sys/sys/syscallvar.h:65 [inline]
[ 239.2991829] sys___syscall() at netbsd:sys___syscall+0x1e4 sys/kern/sys_syscall.c:90
[ 239.3791829] syscall() at netbsd:syscall+0x2da sy_call sys/sys/syscallvar.h:65 [inline]
[ 239.3791829] syscall() at netbsd:syscall+0x2da sy_invoke sys/sys/syscallvar.h:94 [inline]
[ 239.3791829] syscall() at netbsd:syscall+0x2da sys/arch/x86/x86/syscall.c:138
[ 239.3991829] --- syscall (number 54 via SYS_syscall) ---
[ 239.4291815] netbsd:syscall+0x2da:
[ 239.4291815] cpu0: End traceback...
[ 239.4397181] fatal breakpoint trap in supervisor mode
[ 239.4397181] trap type 1 code 0 rip 0xffffffff80221ab5 cs 0x8 rflags 0x246 cr2 0x7dc968800000 ilevel 0 rsp 0xffff8880d14c5660
[ 239.4589024] curlwp 0xffff85488e8a9bc0 pid 6326.5263 lowest kstack 0xffff8880d14c12c0
[ 239.4672441] Skipping crash dump on recursive panic
[ 239.4672441] panic: UBSan: Undefined Behavior in /syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/dev/wsfb/genfb.c:988:28, member access within null pointer of type 'struct genfb_private'

[ 239.4672441] cpu0: Begin traceback...
[ 239.4672441] vpanic() at netbsd:vpanic+0x2f2 sys/kern/subr_prf.c:293
[ 239.4672441] Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352
[ 239.4672441] HandleTypeMismatch() at netbsd:HandleTypeMismatch+0x1fb sys/../common/lib/libc/misc/ubsan.c:429
[ 239.4672441] genfb_enable_polling() at netbsd:genfb_enable_polling+0x17e sys/dev/wsfb/genfb.c:988
[ 239.4672441] x86_genfb_ddb_trap_callback() at netbsd:x86_genfb_ddb_trap_callback+0x39 sys/arch/x86/x86/genfb_machdep.c:97
[ 239.4672441] db_trap() at netbsd:db_trap+0x68 sys/ddb/db_trap.c:73
[ 239.4672441] kdb_trap() at netbsd:kdb_trap+0x1aa sys/arch/amd64/amd64/db_interface.c:251
[ 239.4672441] trap() at netbsd:trap+0x5b2 sys/arch/amd64/amd64/trap.c:315
[ 239.4672441] --- trap (number 1) ---
[ 239.4672441] breakpoint() at netbsd:breakpoint+0x5
[ 239.4672441] db_panic() at netbsd:db_panic+0xec sys/ddb/db_panic.c:69
[ 239.4672441] vpanic() at netbsd:vpanic+0x2f2 sys/kern/subr_prf.c:293
[ 239.4672441] Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352
[ 239.4672441] HandleTypeMismatch() at netbsd:HandleTypeMismatch+0x1fb sys/../common/lib/libc/misc/ubsan.c:429
[ 239.4672441] wskbd_do_ioctl() at netbsd:wskbd_do_ioctl+0x77b wskbd_do_ioctl_sc sys/dev/wscons/wskbd.c:1020 [inline]
[ 239.4672441] wskbd_do_ioctl() at netbsd:wskbd_do_ioctl+0x77b sys/dev/wscons/wskbd.c:993
[ 239.4672441] cdev_ioctl() at netbsd:cdev_ioctl+0x18d sys/kern/subr_devsw.c:1248
[ 239.4672441] spec_ioctl() at netbsd:spec_ioctl+0xf2 sys/miscfs/specfs/spec_vnops.c:1294
[ 239.4672441] VOP_IOCTL() at netbsd:VOP_IOCTL+0x147 sys/kern/vnode_if.c:934
[ 239.4672441] vn_ioctl() at netbsd:vn_ioctl+0x195 sys/kern/vfs_vnops.c:865
[ 239.4672441] sys_ioctl() at netbsd:sys_ioctl+0xd88 sys/kern/sys_generic.c:675
[ 239.4672441] sys___syscall() at netbsd:sys___syscall+0x1e4 sy_call sys/sys/syscallvar.h:65 [inline]
[ 239.4672441] sys___syscall() at netbsd:sys___syscall+0x1e4 sys/kern/sys_syscall.c:90
[ 239.4672441] syscall() at netbsd:syscall+0x2da sy_call sys/sys/syscallvar.h:65 [inline]
[ 239.4672441] syscall() at netbsd:syscall+0x2da sy_invoke sys/sys/syscallvar.h:94 [inline]
[ 239.4672441] syscall() at netbsd:syscall+0x2da sys/arch/x86/x86/syscall.c:138
[ 239.4672441] --- syscall (number 54 via SYS_syscall) ---
[ 239.4672441] netbsd:syscall+0x2da:
[ 239.4672441] cpu0: End traceback...
[ 239.4672441] fatal breakpoint trap in supervisor mode
[ 239.4672441] trap type 1 code 0 rip 0xffffffff80221ab5 cs 0x8 rflags 0x246 cr2 0x7dc968800000 ilevel 0x8 rsp 0xffff8880d14c4d30
[ 239.4672441] curlwp 0xffff85488e8a9bc0 pid 6326.5263 lowest kstack 0xffff8880d14c12c0
[ 239.4672441] uvm_fault(0xffff854877e922f8, 0x0, 1) -> e
[ 239.4672441] fatal page fault in supervisor mode
[ 239.4672441] trap type 6 code 0 rip 0xffffffff830b6b5b cs 0x8 rflags 0x10217 cr2 0x1e8 ilevel 0x8 rsp 0xffff8880d14c4960
[ 239.4672441] curlwp 0xffff85488e8a9bc0 pid 6326.5263 lowest kstack 0xffff8880d14c12c0
kernel: page fault trap, code=0
[ 239.4672441] uvm_fault(0xffff854877e922f8, 0x0, 1) -> e
[ 239.4672441] fatal page fault in supervisor mode
[ 239.4672441] trap type 6 code 0 rip 0xffffffff830b6b5b cs 0x8 rflags 0x10217 cr2 0x1e8 ilevel 0x8 rsp 0xffff8880d14c4590
[ 239.4672441] curlwp 0xffff85488e8a9bc0 pid 6326.5263 lowest kstack 0xffff8880d14c12c0
kernel: page fault trap, code=0
[ 239.4672441] uvm_fault(0xffff854877e922f8, 0x0, 1) -> e
[ 239.4672441] fatal page fault in supervisor mode
[ 239.4672441] trap type 6 code 0 rip 0xffffffff830b6b5b cs 0x8 rflags 0x10217 cr2 0x1e8 ilevel 0x8 rsp 0xffff8880d14c41c0
[ 239.4672441] curlwp 0xffff85488e8a9bc0 pid 6326.5263 lowest kstack 0xffff8880d14c12c0
kernel: page fault trap, code=0
[ 239.4672441] uvm_fault(0xffff854877e922f8, 0x0, 1) -> e
[ 239.4672441] fatal page fault in supervisor mode
[ 239.4672441] trap type 6 code 0 rip 0xffffffff830b6b5b cs 0x8 rflags 0x10217 cr2 0x1e8 ilevel 0x8 rsp 0xffff8880d14c3df0
[ 239.4672441] curlwp 0xffff85488e8a9bc0 pid 6326.5263 lowest kstack 0xffff8880d14c12c0
kernel: page fault trap, code=0
[ 239.4672441] uvm_fault(0xffff854877e922f8, 0x0, 1) -> e
[ 239.4672441] fatal page fault in supervisor mode
[ 239.4672441] trap type 6 code 0 rip 0xffffffff830b6b5b cs 0x8 rflags 0x10217 cr2 0x1e8 ilevel 0x8 rsp 0xffff8880d14c3a20
[ 239.4672441] curlwp 0xffff85488e8a9bc0 pid 6326.5263 lowest kstack 0xffff8880d14c12c0
kernel: page fault trap, code=0
[ 239.4672441] uvm_fault(0xffff854877e922f8, 0x0, 1) -> e