> Date: Thu, 27 Apr 2023 13:10:19 +0200 > From: Timo Buhrmester <t...@math.uni-bonn.de> > > | uvm_fault(0xfffffe82574c2458, 0x0, 1) -> e > | fatal page fault in supervisor mode > | trap type 6 code 0 rip 0xffffffff802f627e cs 0x8 rflags 0x10246 cr2 0x2 > ilevel 6 (NB: could be ilevel 0 as well) rsp 0xffff80013f482c10 > | curlwp 0xfffffe83002b2000 pid 8393.1 lowest kstack 0xffff80013f4802c0 > | kernel: page fault trap, code=0 > | Stopped in pid 8393.1 (nutdrv_qx_usb) at netbsd:ugen_get_cdesc+0xb1: > | movzwl 2(%rax),%edx > | db{2}> bt > | ugen_get_cdesc() at netbsd:ugen_get_cdesc+0xb1 > | ugenioctl() at netbsd:ugenioctl+0x9a4
This is a null pointer dereference somewhere in ugen_get_cdesc, via some ioctl. I'm not sure exactly where in ugen_get_cdesc this was, or what ioctl it was, but there's a good chance this was fixed in ugen.c rev. 1.148. Perhaps that should be pulled up to netbsd-8. If you have netbsd.gdb handy for this kernel, you could confirm by asking it about: list *(ugen_get_cdesc+0xb1) list *(ugenioctl+0x9a4) commit db5abd10e31668e7ad07666b52d59dc2aee554d2 Author: bouyer <bou...@netbsd.org> Date: Wed Dec 11 11:54:23 2019 +0000 reading usbdi.c it looks like usbd_get_config_descriptor() can actually return NULL, so check for this. I got NULL pointer dereference here with a device showing: [ 303.732632] ugen0: autoconfiguration error: setting configuration index 0 failed diff --git a/sys/dev/usb/ugen.c b/sys/dev/usb/ugen.c index 19f349e96f52..2f34b6def874 100644 --- a/sys/dev/usb/ugen.c +++ b/sys/dev/usb/ugen.c [...] @@ -1406,6 +1406,8 @@ ugen_get_cdesc(struct ugen_softc *sc, int index, int *lenp) if (index == USB_CURRENT_CONFIG_INDEX) { tdesc = usbd_get_config_descriptor(sc->sc_udev); + if (tdesc == NULL) + return NULL;