[ 158.7672620] fatal page fault in supervisor mode [ 158.7749496] trap type 6 code 0 rip 0xffffffff81a09cc4 cs 0x8 rflags 0x10287 cr2 0xffff900000000000 ilevel 0 rsp 0xffffde019a6ecbc0 [ 158.8132191] curlwp 0xffffde001290c600 pid 0.63 lowest kstack 0xffffde019a6e52c0 kernel: page fault trap, code=0 Stopped in pid 0.63 (system) at netbsd:__asan_load1+0x50 kasan_shadow_1byte_isvalid sys/kern/subr_asan.c:310 [inline]: movzbl 0(%rax),%r8d Stopped in pid 0.63 (system) at netbsd:__asan_load1+0x50 kasan_shadow_check sys/kern/subr_asan.c:411 [inline]: movzbl 0(%rax),%r8d Stopped in pid 0.63 (system) at netbsd:__asan_load1+0x50 sys/kern/subr_asan.c:1204: movzbl 0(%rax),%r8d ? __asan_load1() at netbsd:__asan_load1+0x50 kasan_shadow_1byte_isvalid sys/kern/subr_asan.c:310 [inline] __asan_load1() at netbsd:__asan_load1+0x50 kasan_shadow_check sys/kern/subr_asan.c:411 [inline] __asan_load1() at netbsd:__asan_load1+0x50 sys/kern/subr_asan.c:1204 usb_free_device() at netbsd:usb_free_device+0x86 sys/dev/usb/usb_subr.c:1810 usb_disconnect_port() at netbsd:usb_disconnect_port+0x2de sys/dev/usb/usb_subr.c:1904 uhub_explore() at netbsd:uhub_explore+0x749 sys/dev/usb/uhub.c:663 usb_discover() at netbsd:usb_discover+0x1b7 sys/dev/usb/usb.c:1197 usb_event_thread() at netbsd:usb_event_thread+0x127 sys/dev/usb/usb.c:750 Panic string: (null) PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 1828 1828 2 0 0 ffffde00133629c0 syz-executor0539 1755 1755 2 0 40000 ffffde0013362580 syz-executor0539 2024 1791 2 1 40000 ffffde0013413700 syz-executor0539 2024 2024 2 0 10040000 ffffde0012bc6180 syz-executor0539 1710 1889 2 1 0 ffffde0013394600 syz-executor0539 1710 >1865 7 1 140 ffffde00133290c0 syz-executor0539 1710 1710 2 1 10040000 ffffde0012ca4540 syz-executor0539 1721 1614 2 0 40100 ffffde0012d0f700 syz-executor0539 1721 1721 2 0 10040000 ffffde0012c960c0 syz-executor0539 1860 1717 3 0 40180 ffffde0013341980 syz-executor0539 parked 1860 840 2 1 140 ffffde0012cc4a00 syz-executor0539 1860 1860 2 1 10040000 ffffde0012baa9c0 syz-executor0539 1076 1076 2 0 140 ffffde0012bf3a80 syz-executor0539 1052 1052 2 0 140 ffffde0012bf3640 syz-executor0539 1079 1079 2 0 140 ffffde001341e740 syz-executor0539 1086 1086 2 0 140 ffffde001341e300 syz-executor0539 956 956 2 0 140 ffffde0013429bc0 syz-executor0539 1093 1093 2 0 140 ffffde00133cc280 syz-executor0539 1253 1253 3 0 180 ffffde0012baa580 syz-executor0539 nanoslp 1083 1083 3 0 180 ffffde0012baa140 sshd select 1066 1066 3 0 180 ffffde00129fd700 getty nanoslp 1113 1113 3 0 180 ffffde00129fd2c0 getty nanoslp 698 698 3 0 180 ffffde00126ab300 getty nanoslp 1250 1250 3 0 1c0 ffffde00134404c0 getty ttyraw 957 957 3 1 180 ffffde0013394a40 sshd select 939 939 3 1 180 ffffde0012d91900 powerd kqueue 868 868 2 0 100 ffffde001341eb80 syslogd 598 598 3 1 180 ffffde0012c5bb80 dhcpcd poll 600 600 3 0 180 ffffde0012c8a900 dhcpcd poll 599 599 3 1 180 ffffde0012c5b300 dhcpcd poll 425 425 3 1 180 ffffde0012c5b740 dhcpcd poll 351 351 3 1 180 ffffde0012d91080 dhcpcd poll 350 350 3 0 180 ffffde0012d748c0 dhcpcd poll 349 349 3 1 180 ffffde0012d74480 dhcpcd poll 1 1 3 0 180 ffffde001286f140 init wait 0 800 3 0 200 ffffde0012986240 physiod physiod 0 192 3 0 200 ffffde0012988280 pooldrain pooldrain 0 165 3 1 200 ffffde0012986ac0 ioflush syncer 0 168 3 1 200 ffffde0012986680 pgdaemon pgdaemon 0 162 3 1 200 ffffde0012956640 usb7 usbevt 0 161 3 1 200 ffffde0012956200 usb6 usbevt 0 31 2 1 240 ffffde001290ca40 usb5 0 > 63 7 0 240 ffffde001290c600 usb4 0 126 2 0 240 ffffde001290c1c0 usb3 0 125 3 0 240 ffffde00128bfa00 usb2 tstile 0 124 3 0 200 ffffde00128bf5c0 usb1 usbevt 0 123 3 0 200 ffffde00128bf180 usb0 usbevt 0 122 3 1 200 ffffde001286f9c0 usbtask-dr usbtsk 0 121 3 1 200 ffffde0010d81ac0 usbtask-hc usbtsk 0 120 3 1 200 ffffde001286f580 npfgc0 npfgcw 0 119 3 1 200 ffffde0012862980 rt_free rt_free 0 118 3 1 200 ffffde0012862540 unpgc unpgc 0 117 3 0 200 ffffde0012862100 key_timehandler key_timehandler 0 116 3 1 200 ffffde0012859940 icmp6_wqinput/1 icmp6_wqinput 0 115 3 0 200 ffffde0012859500 icmp6_wqinput/0 icmp6_wqinput 0 114 3 0 200 ffffde00128590c0 nd6_timer nd6_timer 0 113 3 1 200 ffffde0012850900 carp6_wqinput/1 carp6_wqinput 0 112 3 0 200 ffffde00128504c0 carp6_wqinput/0 carp6_wqinput 0 111 3 1 200 ffffde0012850080 carp_wqinput/1 carp_wqinput 0 110 3 0 200 ffffde00128408c0 carp_wqinput/0 carp_wqinput 0 109 3 1 200 ffffde0012840480 icmp_wqinput/1 icmp_wqinput 0 108 3 0 200 ffffde0012840040 icmp_wqinput/0 icmp_wqinput 0 107 3 0 200 ffffde00126acbc0 rt_timer rt_timer 0 106 3 0 200 ffffde00126ac780 vmem_rehash vmem_rehash 0 105 3 1 200 ffffde00126a8700 entbutler entropy 0 96 2 0 240 ffffde00120c6b00 viomb 0 30 3 1 200 ffffde00120c66c0 vioif0_txrx/1 vioif0_txrx 0 29 3 0 200 ffffde00120c6280 vioif0_txrx/0 vioif0_txrx 0 27 3 0 200 ffffde0010d81680 scsibus0 sccomp 0 26 3 0 200 ffffde0010d81240 pms0 pmsreset 0 25 3 1 200 ffffde0010cc6a80 xcall/1 xcall 0 24 1 1 200 ffffde0010cc6640 softser/1 0 23 1 1 200 ffffde0010cc6200 softclk/1 0 22 1 1 200 ffffde0010cc4a40 softbio/1 0 21 1 1 200 ffffde0010cc4600 softnet/1 0 20 1 1 201 ffffde0010cc41c0 idle/1 0 19 3 1 200 ffffde000fb73a00 lnxpwrwq lnxpwrwq 0 18 3 0 200 ffffde000fb735c0 lnxlngwq lnxlngwq 0 17 3 1 200 ffffde000fb73180 lnxsyswq lnxsyswq 0 16 3 0 200 ffffde000fb6b9c0 lnxrcugc lnxrcugc 0 15 3 0 200 ffffde000fb6b580 sysmon smtaskq 0 14 3 0 200 ffffde000fb6b140 pmfsuspend pmfsuspend 0 13 3 0 200 ffffde000fb67980 pmfevent pmfevent 0 12 3 0 200 ffffde000fb67540 sopendfree sopendfr 0 11 3 0 200 ffffde000fb67100 iflnkst iflnkst 0 10 3 0 200 ffffde000fb5c940 nfssilly nfssilly 0 9 3 0 200 ffffde000fb5c500 vdrain vdrain 0 8 3 1 200 ffffde000fb5c0c0 modunload mod_unld 0 7 3 0 200 ffffde000fb52900 xcall/0 xcall 0 6 1 0 200 ffffde000fb524c0 softser/0 0 5 1 0 200 ffffde000fb52080 softclk/0 0 4 1 0 200 ffffde000fb508c0 softbio/0 0 3 1 0 200 ffffde000fb50480 softnet/0 0 2 1 0 201 ffffde000fb50040 idle/0 0 0 3 0 200 ffffffff82f04bc0 swapper uvm [Locks tracked through LWPs] ****** LWP 1828.1828 (syz-executor0539) @ 0xffffde00133629c0, l_stat=2 *** Locks held: * Lock 0 (initialized at pmap_ctor) lock address : 0xffffde0013376980 type : sleep/adaptive initialized : 0xffffffff8092ad59 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffde00133629c0 last held: 0xffffde00133629c0 last locked* : 0xffffffff8092cb8c unlocked : 0xffffffff8092ac21 owner field : 0xffffde00133629c0 wait/spin: 0/0 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 2024.1791 (syz-executor0539) @ 0xffffde0013413700, l_stat=2 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at vhci_attach) lock address : 0xffffde00126c26d8 type : sleep/adaptive initialized : 0xffffffff80bf2097 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 1 relevant cpu : 1 last held: 1 relevant lwp : 0xffffde0013413700 last held: 000000000000000000 last locked : 0xffffffff80bf3d5d unlocked*: 0xffffffff80bf4082 owner field : 0xffffde0013413700 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 1710.1889 (syz-executor0539) @ 0xffffde0013394600, l_stat=2 *** Locks held: * Lock 0 (initialized at vhci_attach) lock address : 0xffffde00126c04b0 type : sleep/adaptive initialized : 0xffffffff80bf204f shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 1 relevant cpu : 1 last held: 1 relevant lwp : 0xffffde0013394600 last held: 0xffffde0013394600 last locked* : 0xffffffff80bf55a8 unlocked : 0xffffffff8070ede0 owner field : 0xffffde0013394600 wait/spin: 1/0 Turnstile: => 0 waiting readers: => 1 waiting writers: 0xffffde00128bfa00 *** Locks wanted: * Lock 0 (initialized at vhci_attach) lock address : 0xffffde00126c06d8 type : sleep/adaptive initialized : 0xffffffff80bf2097 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 1 relevant cpu : 1 last held: 1 relevant lwp : 0xffffde0013394600 last held: 000000000000000000 last locked : 0xffffffff80bf3d5d unlocked*: 0xffffffff80bf4082 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 1721.1614 (syz-executor0539) @ 0xffffde0012d0f700, l_stat=2 *** Locks held: * Lock 0 (initialized at vhci_attach) lock address : 0xffffde00126c66d8 type : sleep/adaptive initialized : 0xffffffff80bf2097 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffde0012d0f700 last held: 0xffffde0012d0f700 last locked* : 0xffffffff80bf3d5d unlocked : 0xffffffff80bf4082 owner field : 0xffffde0012d0f700 wait/spin: 0/0 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 1860.840 (syz-executor0539) @ 0xffffde0012cc4a00, l_stat=2 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at vhci_attach) lock address : 0xffffde00126c46d8 type : sleep/adaptive initialized : 0xffffffff80bf2097 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 1 relevant cpu : 1 last held: 1 relevant lwp : 0xffffde0012cc4a00 last held: 000000000000000000 last locked : 0xffffffff80bf3d5d unlocked*: 0xffffffff80bf4082 owner field : 0xffffde0012cc4a00 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 600.600 (dhcpcd) @ 0xffffde0012c8a900, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at module_hook_init) lock address : 0xffffffff83013580 type : sleep/adaptive initialized : 0xffffffff8199b381 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffde0012c8a900 last held: 000000000000000000 last locked : 000000000000000000 unlocked*: 000000000000000000 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 599.599 (dhcpcd) @ 0xffffde0012c5b300, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at module_hook_init) lock address : 0xffffffff83013580 type : sleep/adaptive initialized : 0xffffffff8199b381 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 0 relevant lwp : 0xffffde0012c5b300 last held: 000000000000000000 last locked : 000000000000000000 unlocked*: 000000000000000000 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 350.350 (dhcpcd) @ 0xffffde0012d748c0, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at module_hook_init) lock address : 0xffffffff83013580 type : sleep/adaptive initialized : 0xffffffff8199b381 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffde0012d748c0 last held: 000000000000000000 last locked : 000000000000000000 unlocked*: 000000000000000000 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 349.349 (dhcpcd) @ 0xffffde0012d74480, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at module_hook_init) lock address : 0xffffffff83013580 type : sleep/adaptive initialized : 0xffffffff8199b381 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 0 relevant lwp : 0xffffde0012d74480 last held: 000000000000000000 last locked : 000000000000000000 unlocked*: 000000000000000000 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 0.125 (usb2) @ 0xffffde00128bfa00, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at vhci_attach) lock address : 0xffffde00126c04b0 type : sleep/adaptive initialized : 0xffffffff80bf204f shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 1 relevant cpu : 0 last held: 1 relevant lwp : 0xffffde00128bfa00 last held: 0xffffde0013394600 last locked* : 0xffffffff80bf55a8 unlocked : 0xffffffff8070ede0 owner field : 0xffffde0013394600 wait/spin: 1/0 Turnstile: => 0 waiting readers: => 1 waiting writers: 0xffffde00128bfa00 ****** LWP 0.11 (iflnkst) @ 0xffffde000fb67100, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at module_hook_init) lock address : 0xffffffff83013580 type : sleep/adaptive initialized : 0xffffffff8199b381 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffde000fb67100 last held: 000000000000000000 last locked : 000000000000000000 unlocked*: 000000000000000000 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 0.5 (softclk/0) @ 0xffffde000fb52080, l_stat=1 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at module_hook_init) lock address : 0xffffffff83013580 type : sleep/adapti