[ 63.4922749] panic: kernel diagnostic assertion "ret == 0" failed: file "/syzkaller/managers/ci2-netbsd/kernel/sys/dev/usb/vhci.c", line 1028 uhub5: device problem, disabling port 1 [ 63.5052831] cpu0: Begin traceback... [ 63.5222682] vpanic() at netbsd:vpanic+0x258 sys/kern/subr_prf.c:290 [ 63.5522661] _sub_D_65535_0() at netbsd:_sub_D_65535_0+-0x6c08 [ 63.5822679] vhci_fd_close() at netbsd:vhci_fd_close+0xd1 sys/dev/usb/vhci.c:1028 [ 63.6122677] closef() at netbsd:closef+0x152 sys/kern/kern_descrip.c:832 [ 63.6422688] fd_close() at netbsd:fd_close+0x340 sys/kern/kern_descrip.c:715 [ 63.6722675] sys_close() at netbsd:sys_close+0x3e sys/kern/sys_descrip.c:516 [ 63.7022707] syscall() at netbsd:syscall+0x25a sy_call sys/sys/syscallvar.h:65 [inline] [ 63.7022707] syscall() at netbsd:syscall+0x25a sy_invoke sys/sys/syscallvar.h:94 [inline] [ 63.7022707] syscall() at netbsd:syscall+0x25a sys/arch/x86/x86/syscall.c:138 [ 63.7134460] --- syscall (number 6) --- [ 63.7247866] netbsd:syscall+0x25a: [ 63.7347361] cpu0: End traceback... [ 63.7347361] fatal breakpoint trap in supervisor mode [ 63.7438293] trap type 1 code 0 rip 0xffffffff80220a2d cs 0x8 rflags 0x282 cr2 0x79354dabde50 ilevel 0 rsp 0xffffb0019dcb5b20 [ 63.7550980] curlwp 0xffffb00012cc6200 pid 1091.2100 lowest kstack 0xffffb0019dcae2c0 Stopped in pid 1091.2100 (syz-executor.4) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:69 vpanic() at netbsd:vpanic+0x258 sys/kern/subr_prf.c:290 _sub_D_65535_0() at netbsd:_sub_D_65535_0+-0x6c08 vhci_fd_close() at netbsd:vhci_fd_close+0xd1 sys/dev/usb/vhci.c:1028 closef() at netbsd:closef+0x152 sys/kern/kern_descrip.c:832 fd_close() at netbsd:fd_close+0x340 sys/kern/kern_descrip.c:715 sys_close() at netbsd:sys_close+0x3e sys/kern/sys_descrip.c:516 syscall() at netbsd:syscall+0x25a sy_call sys/sys/syscallvar.h:65 [inline] syscall() at netbsd:syscall+0x25a sy_invoke sys/sys/syscallvar.h:94 [inline] syscall() at netbsd:syscall+0x25a sys/arch/x86/x86/syscall.c:138 --- syscall (number 6) --- netbsd:syscall+0x25a: Panic string: kernel diagnostic assertion "ret == 0" failed: file "/syzkaller/managers/ci2-netbsd/kernel/sys/dev/usb/vhci.c", line 1028 PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 1711 1711 2 0 0 ffffb00012cab5c0 syz-executor.0 1840 1878 2 0 40100 ffffb00012c98140 syz-executor.1 1840 1840 2 1 10040000 ffffb00012cc6640 syz-executor.1 1822 1850 2 1 100 ffffb00012c98580 syz-executor.3 1822 1822 2 1 10040000 ffffb00012965680 syz-executor.3 1872 1097 2 0 40100 ffffb00012cd6240 syz-executor.2 1872 1872 2 1 10040000 ffffb00012c0cb40 syz-executor.2 1091 >2100 7 0 0 ffffb00012cc6200 syz-executor.4 1091 2102 3 0 180 ffffb00012d744c0 syz-executor.4 parked 1091 1981 2 1 40000 ffffb0001340bb80 syz-executor.4 1091 1091 2 1 10040140 ffffb00012c3f300 syz-executor.4 2101 1966 2 0 0 ffffb000132ff500 syz-executor.5 2101 2105 2 0 0 ffffb00012c989c0 syz-executor.5 2101 2001 2 0 40100 ffffb00012c7d0c0 syz-executor.5 2101 >2101 7 1 10040000 ffffb00012caba00 syz-executor.5 1239 1239 2 0 140 ffffb00013d10b00 syz-executor.3 1237 1237 2 0 140 ffffb00013d10280 syz-executor.2 988 988 2 0 140 ffffb00013ce5680 syz-executor.4 1130 1130 2 0 140 ffffb00013ca9a40 syz-executor.5 1086 1086 2 0 140 ffffb00013ca9600 syz-executor.1 1222 1222 2 1 40 ffffb00013ca91c0 syz-executor.0 1113 989 3 1 180 ffffb00013cd6640 syz-execprog kqueue 1113 1231 3 0 180 ffffb00013cd6200 syz-execprog parked 1113 1227 3 0 180 ffffb00013ca1a00 syz-execprog parked 1113 421 3 0 180 ffffb00013ca15c0 syz-execprog parked 1113 1223 3 1 180 ffffb00012b390c0 syz-execprog parked 1113 1107 3 0 180 ffffb00013ca1180 syz-execprog parked 1113 1224 3 1 180 ffffb0001338ea80 syz-execprog parked 1113 1220 3 0 180 ffffb0001338e640 syz-execprog parked 1113 984 2 0 140 ffffb000133bb280 syz-execprog 1113 1113 3 0 180 ffffb00012b39500 syz-execprog parked 1001 1001 3 1 180 ffffb00012a92080 sshd select 1126 1126 3 0 180 ffffb00013435500 getty nanoslp 1255 1255 3 0 180 ffffb0001267b740 getty nanoslp 1252 1252 3 1 180 ffffb00013467140 getty nanoslp 1068 1068 3 0 1c0 ffffb00012c8e540 getty ttyraw 1066 1066 3 1 180 ffffb00013380600 sshd select 951 951 3 1 180 ffffb00012d33340 powerd kqueue 690 690 3 0 180 ffffb000133bbb00 syslogd kqueue 739 739 3 1 180 ffffb00012c0c700 dhcpcd poll 741 741 3 1 180 ffffb00012c75900 dhcpcd poll 602 602 3 1 180 ffffb00012c3fb80 dhcpcd poll 589 589 3 0 180 ffffb00012c4c340 dhcpcd poll 289 289 3 0 180 ffffb00012d74080 dhcpcd poll 288 288 3 0 180 ffffb00012d5b8c0 dhcpcd poll 351 351 3 1 180 ffffb00012d5b480 dhcpcd poll 1 1 3 0 180 ffffb000127f49c0 init wait 0 819 3 0 200 ffffb00012965ac0 physiod physiod 0 194 3 0 200 ffffb0001297bb00 pooldrain pooldrain 0 193 3 0 200 ffffb0001297b6c0 ioflush syncer 0 192 3 1 200 ffffb0001297b280 pgdaemon pgdaemon 0 168 3 1 200 ffffb00012965240 usb7 usbevt 0 166 3 1 200 ffffb0001291ea80 usb6 usbevt 0 164 3 1 200 ffffb0001291e640 usb5 usbevt 0 163 3 1 200 ffffb0001291e200 usb4 usbdly 0 31 3 0 200 ffffb000128d2a40 usb3 usbevt 0 63 3 1 240 ffffb000128d2600 usb2 usbxfer 0 126 3 1 240 ffffb000128d21c0 usb1 usbxfer 0 125 3 1 200 ffffb00012859a00 usb0 usbevt 0 124 3 1 200 ffffb000128595c0 usbtask-dr usbtsk 0 123 3 1 200 ffffb000120b36c0 usbtask-hc usbtsk 0 122 3 0 200 ffffb00012859180 npfgc0 npfgcw 0 121 3 1 200 ffffb000127f4580 rt_free rt_free 0 120 3 1 200 ffffb000127f4140 unpgc unpgc 0 119 3 0 200 ffffb000127ee980 key_timehandler key_timehandler 0 118 3 1 200 ffffb000127ee540 icmp6_wqinput/1 icmp6_wqinput 0 117 3 0 200 ffffb000127ee100 icmp6_wqinput/0 icmp6_wqinput 0 116 3 0 200 ffffb000127e3940 nd6_timer nd6_timer 0 115 3 1 200 ffffb000127e3500 carp6_wqinput/1 carp6_wqinput 0 114 3 0 200 ffffb000127e30c0 carp6_wqinput/0 carp6_wqinput 0 113 3 1 200 ffffb000127d5900 carp_wqinput/1 carp_wqinput 0 112 3 0 200 ffffb000127d54c0 carp_wqinput/0 carp_wqinput 0 111 3 1 200 ffffb000127d5080 icmp_wqinput/1 icmp_wqinput 0 110 3 0 200 ffffb000127c48c0 icmp_wqinput/0 icmp_wqinput 0 109 3 0 200 ffffb000127c4480 rt_timer rt_timer 0 108 3 0 200 ffffb000127c4040 vmem_rehash vmem_rehash 0 107 3 0 200 ffffb0001267c780 entbutler entropy 0 98 3 0 200 ffffb000120b7700 viomb balloon 0 97 3 1 200 ffffb000120b72c0 vioif0_txrx/1 vioif0_txrx 0 96 3 0 200 ffffb000120b3b00 vioif0_txrx/0 vioif0_txrx 0 29 3 0 200 ffffb000120b3280 scsibus0 sccomp 0 28 3 0 200 ffffb00010cb9ac0 pms0 pmsreset 0 27 3 1 200 ffffb00010cb9680 xcall/1 xcall 0 26 1 1 200 ffffb00010cb9240 softser/1 0 25 1 1 200 ffffb00010cb8a80 softclk/1 0 24 1 1 200 ffffb00010cb8640 softbio/1 0 23 1 1 200 ffffb00010cb8200 softnet/1 0 22 1 1 201 ffffb0000fb55a40 idle/1 0 21 3 0 200 ffffb0000fb55600 lnxsyswq lnxsyswq 0 20 3 0 200 ffffb0000fb551c0 lnxubdwq lnxubdwq 0 19 3 0 200 ffffb0000fb53a00 lnxpwrwq lnxpwrwq 0 18 3 0 200 ffffb0000fb535c0 lnxlngwq lnxlngwq 0 17 3 0 200 ffffb0000fb53180 lnxhipwq lnxhipwq 0 16 3 0 200 ffffb0000fb4b9c0 lnxrcugc lnxrcugc 0 15 3 0 200 ffffb0000fb4b580 sysmon smtaskq 0 14 3 0 200 ffffb0000fb4b140 pmfsuspend pmfsuspend 0 13 3 0 200 ffffb0000fb47980 pmfevent pmfevent 0 12 3 0 200 ffffb0000fb47540 sopendfree sopendfr 0 11 3 0 200 ffffb0000fb47100 iflnkst iflnkst 0 10 3 0 200 ffffb0000fb3c940 nfssilly nfssilly 0 9 3 0 200 ffffb0000fb3c500 vdrain vdrain 0 8 3 1 200 ffffb0000fb3c0c0 modunload mod_unld 0 7 3 0 200 ffffb0000fb32900 xcall/0 xcall 0 6 1 0 200 ffffb0000fb324c0 softser/0 0 5 1 0 200 ffffb0000fb32080 softclk/0 0 4 1 0 200 ffffb0000fb308c0 softbio/0 0 3 1 0 200 ffffb0000fb30480 softnet/0 0 2 1 0 201 ffffb0000fb30040 idle/0 0 0 3 1 200 ffffffff83336080 swapper uvm [Locks tracked through LWPs] ****** LWP 1091.1981 (syz-executor.4) @ 0xffffb0001340bb80, l_stat=2 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at vhci_attach) lock address : 0xffffb000126944b0 type : sleep/adaptive initialized : 0xffffffff80c05e45 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 1 relevant cpu : 1 last held: 1 relevant lwp : 0xffffb0001340bb80 last held: 000000000000000000 last locked : 0xffffffff8071b4f8 unlocked*: 0xffffffff8071c9f5 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 2101.2101 (syz-executor.5) @ 0xffffb00012caba00, l_stat=7 *** Locks held: * Lock 0 (initialized at amap_ctor) lock address : 0xffffb00013c01740 type : sleep/adaptive initialized : 0xffffffff81a33b4b shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffffb00012caba00 last held: 0xffffb00012caba00 last locked* : 0xffffffff81a44684 unlocked : 0xffffffff81a42efd owner/count : 000000000000000000 flags : 000000000000000000 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at pmap_ctor) lock address : 0xffffb00012cad380 type : sleep/adaptive initialized : 0xffffffff8093fef9 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffffb00012caba00 last held: 0xffffb00012caba00 last locked* : 0xffffffff8093fb5a unlocked : 0xffffffff80942740 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 1222.1222 (syz-executor.0) @ 0xffffb00013ca91c0, l_stat=2 *** Locks held: * Lock 0 (initialized at vcache_alloc) lock address : 0xffffb00013cb3780 type : sleep/adaptive initialized : 0xffffffff81c77460 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffffb00013ca91c0 last held: 0xffffb00013ca91c0 last locked* : 0xffffffff81cac520 unlocked : 0xffffffff81cac582 owner/count : 000000000000000000 flags : 000000000000000000 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at vcache_alloc) lock address : 0xffffb0001267d480 type : sleep/adaptive initialized : 0xffffffff81c77460 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffffb00013ca91c0 last held: 0xffffb00013ca91c0 last locked* : 0xffffffff81cac520 unlocked : 000000000000000000 owner/count : 000000000000000000 flags : 000000000000000000 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 741.741 (dhcpcd) @ 0xffffb00012c75900, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at module_hook_init) lock address : 0xffffffff83467980 type : sleep/adaptive initialized : 0xffffffff81af0ab1 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 0 relevant lwp : 0xffffb00012c75900 last held: 000000000000000000 last locked : 000000000000000000 unlocked*: 000000000000000000 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 602.602 (dhcpcd) @ 0xffffb00012c3fb80, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at module_hook_init) lock address : 0xffffffff83467980 type : sleep/adaptive initialized : 0xffffffff81af0ab1 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 0 relevant lwp : 0xffffb00012c3fb80 last held: 000000000000000000 last locked : 000000000000000000 unlocked*: 000000000000000000 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 288.288 (dhcpcd) @ 0xffffb00012d5b8c0, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at module_hook_init) lock address : 0xffffffff83467980 type : sleep/adaptive initialized : 0xffffffff81af0ab1 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffb00012d5b8c0 last held: 000000000000000000 last locked : 000000000000000000 unlocked*: 000000000000000000 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 351.351 (dhcpcd) @ 0xffffb00012d5b480, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at module_hook_init) lock address : 0xffffffff83467980 type : sleep/adaptive initialized : 0xffffffff81af0ab1 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 0 relevant lwp : 0xffffb00012d5b480 last held: 000000000000000000 last locked : 000000000000000000 unlocked*: 000000000000000000 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 0.11 (iflnkst) @ 0xffffb0000fb47100, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at module_hook_init) lock address : 0xffffffff83467980 type : sleep/adaptive initialized : 0xffffffff81af0ab1 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffb0000fb47100 last held: 000000000000000000 last locked : 000000000000000000 unlocke