[ 62.5362029] panic: kernel diagnostic assertion "ret == 0" failed: file "/syzkaller/managers/ci2-netbsd/kernel/sys/dev/usb/vhci.c", line 1054 [ 62.5488713] cpu0: Begin traceback... [ 62.5561922] vpanic() at netbsd:vpanic+0x258 sys/kern/subr_prf.c:290 [ 62.5861943] _sub_D_65535_0() at netbsd:_sub_D_65535_0+-0x2407b [ 62.6161922] vhci_fd_close() at netbsd:vhci_fd_close+0xd1 sys/dev/usb/vhci.c:1054 [ 62.6461944] closef() at netbsd:closef+0x152 sys/kern/kern_descrip.c:832 [ 62.6761914] fd_close() at netbsd:fd_close+0x340 sys/kern/kern_descrip.c:715 [ 62.7061923] sys_close() at netbsd:sys_close+0x3e sys/kern/sys_descrip.c:516 [ 62.7361925] syscall() at netbsd:syscall+0x25a sy_call sys/sys/syscallvar.h:65 [inline] [ 62.7361925] syscall() at netbsd:syscall+0x25a sy_invoke sys/sys/syscallvar.h:94 [inline] [ 62.7361925] syscall() at netbsd:syscall+0x25a sys/arch/x86/x86/syscall.c:138 [ 62.7470615] --- syscall (number 6) --- [ 62.7561919] netbsd:syscall+0x25a: [ 62.7561919] cpu0: End traceback... [ 62.7561919] fatal breakpoint trap in supervisor mode [ 62.7680813] trap type 1 code 0 rip 0xffffffff80220a2d cs 0x8 rflags 0x282 cr2 0x608000 ilevel 0 rsp 0xffffb4819d827b20 [ 62.7805455] curlwp 0xffffb4801335a580 pid 1205.1239 lowest kstack 0xffffb4819d8202c0 Stopped in pid 1205.1239 (syz-executor2929) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:69 vpanic() at netbsd:vpanic+0x258 sys/kern/subr_prf.c:290 _sub_D_65535_0() at netbsd:_sub_D_65535_0+-0x2407b vhci_fd_close() at netbsd:vhci_fd_close+0xd1 sys/dev/usb/vhci.c:1054 closef() at netbsd:closef+0x152 sys/kern/kern_descrip.c:832 fd_close() at netbsd:fd_close+0x340 sys/kern/kern_descrip.c:715 sys_close() at netbsd:sys_close+0x3e sys/kern/sys_descrip.c:516 syscall() at netbsd:syscall+0x25a sy_call sys/sys/syscallvar.h:65 [inline] syscall() at netbsd:syscall+0x25a sy_invoke sys/sys/syscallvar.h:94 [inline] syscall() at netbsd:syscall+0x25a sys/arch/x86/x86/syscall.c:138 --- syscall (number 6) --- netbsd:syscall+0x25a: Panic string: kernel diagnostic assertion "ret == 0" failed: file "/syzkaller/managers/ci2-netbsd/kernel/sys/dev/usb/vhci.c", line 1054 PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 1205 >1239 7 0 140 ffffb4801335a580 syz-executor2929 1205 1214 2 0 140 ffffb48013332100 syz-executor2929 1205 1205 2 1 10000000 ffffb48012c8d540 syz-executor2929 1084 1084 2 0 140 ffffb48012b38500 syz-executor2929 973 973 3 0 180 ffffb48012a92080 sshd select 1070 1070 3 0 180 ffffb4801267cbc0 getty nanoslp 1073 1073 3 0 180 ffffb480134629c0 getty nanoslp 1074 1074 3 1 180 ffffb48013462140 getty nanoslp 1258 1258 3 1 1c0 ffffb48012c8d100 getty ttyraw 844 844 3 1 180 ffffb4801337f600 sshd select 941 941 3 1 180 ffffb48012ce16c0 powerd kqueue 687 687 3 0 180 ffffb480133b5b00 syslogd kqueue 739 739 3 0 180 ffffb48012beeac0 dhcpcd poll 464 464 3 0 180 ffffb48012c744c0 dhcpcd poll 600 600 3 0 180 ffffb48012bee680 dhcpcd poll 587 587 3 0 180 ffffb48012c3e300 dhcpcd poll 289 289 3 0 180 ffffb48012d73080 dhcpcd poll 288 288 3 0 180 ffffb48012d5b8c0 dhcpcd poll 351 351 3 0 180 ffffb48012d5b480 dhcpcd poll 1 1 3 0 180 ffffb480127fa9c0 init wait 0 819 3 0 200 ffffb48012965ac0 physiod physiod 0 194 3 1 200 ffffb4801297bb00 pooldrain pooldrain 0 193 2 0 240 ffffb4801297b6c0 ioflush 0 192 3 0 200 ffffb4801297b280 pgdaemon pgdaemon 0 168 3 1 200 ffffb48012965240 usb7 usbevt 0 166 3 1 200 ffffb4801291ea80 usb6 usbevt 0 164 3 1 200 ffffb4801291e640 usb5 usbevt 0 163 3 0 200 ffffb4801291e200 usb4 usbevt 0 31 3 0 200 ffffb480128d2a40 usb3 usbevt 0 63 3 0 200 ffffb480128d2600 usb2 usbevt 0 126 3 0 200 ffffb480128d21c0 usb1 usbevt 0 125 2 1 240 ffffb48012868a00 usb0 0 124 3 0 200 ffffb480128685c0 usbtask-dr usbtsk 0 123 3 0 200 ffffb480120b36c0 usbtask-hc usbtsk 0 122 3 1 200 ffffb48012868180 npfgc0 npfgcw 0 121 3 0 200 ffffb480127fa580 rt_free rt_free 0 120 3 0 200 ffffb480127fa140 unpgc unpgc 0 119 2 0 200 ffffb480127ef980 key_timehandler 0 118 3 1 200 ffffb480127ef540 icmp6_wqinput/1 icmp6_wqinput 0 117 3 0 200 ffffb480127ef100 icmp6_wqinput/0 icmp6_wqinput 0 116 2 0 200 ffffb480127e5940 nd6_timer 0 115 3 1 200 ffffb480127e5500 carp6_wqinput/1 carp6_wqinput 0 114 3 0 200 ffffb480127e50c0 carp6_wqinput/0 carp6_wqinput 0 113 3 1 200 ffffb480127d7900 carp_wqinput/1 carp_wqinput 0 112 3 0 200 ffffb480127d74c0 carp_wqinput/0 carp_wqinput 0 111 3 1 200 ffffb480127d7080 icmp_wqinput/1 icmp_wqinput 0 110 3 0 200 ffffb480127c58c0 icmp_wqinput/0 icmp_wqinput 0 109 2 0 200 ffffb480127c5480 rt_timer 0 108 3 1 200 ffffb480127c5040 vmem_rehash vmem_rehash 0 107 3 0 200 ffffb4801267c780 entbutler entropy 0 98 3 1 200 ffffb480120b7700 viomb balloon 0 97 3 1 200 ffffb480120b72c0 vioif0_txrx/1 vioif0_txrx 0 96 3 0 200 ffffb480120b3b00 vioif0_txrx/0 vioif0_txrx 0 29 3 0 200 ffffb480120b3280 scsibus0 sccomp 0 28 3 0 200 ffffb48010cb9ac0 pms0 pmsreset 0 27 3 1 200 ffffb48010cb9680 xcall/1 xcall 0 26 1 1 200 ffffb48010cb9240 softser/1 0 25 1 1 200 ffffb48010cb8a80 softclk/1 0 24 1 1 200 ffffb48010cb8640 softbio/1 0 23 1 1 200 ffffb48010cb8200 softnet/1 0 22 1 1 201 ffffb4800fb55a40 idle/1 0 21 3 0 200 ffffb4800fb55600 lnxsyswq lnxsyswq 0 20 3 0 200 ffffb4800fb551c0 lnxubdwq lnxubdwq 0 19 3 0 200 ffffb4800fb53a00 lnxpwrwq lnxpwrwq 0 18 3 0 200 ffffb4800fb535c0 lnxlngwq lnxlngwq 0 17 3 0 200 ffffb4800fb53180 lnxhipwq lnxhipwq 0 16 3 0 200 ffffb4800fb4b9c0 lnxrcugc lnxrcugc 0 15 3 0 200 ffffb4800fb4b580 sysmon smtaskq 0 14 3 0 200 ffffb4800fb4b140 pmfsuspend pmfsuspend 0 13 3 0 200 ffffb4800fb47980 pmfevent pmfevent 0 12 3 0 200 ffffb4800fb47540 sopendfree sopendfr 0 11 3 1 200 ffffb4800fb47100 iflnkst iflnkst 0 10 3 0 200 ffffb4800fb3c940 nfssilly nfssilly 0 9 3 0 200 ffffb4800fb3c500 vdrain vdrain 0 8 3 1 200 ffffb4800fb3c0c0 modunload mod_unld 0 7 3 0 200 ffffb4800fb32900 xcall/0 xcall 0 6 1 0 200 ffffb4800fb324c0 softser/0 0 5 1 0 200 ffffb4800fb32080 softclk/0 0 4 1 0 200 ffffb4800fb308c0 softbio/0 0 3 1 0 200 ffffb4800fb30480 softnet/0 0 2 1 0 201 ffffb4800fb30040 idle/0 0 > 0 7 1 240 ffffffff83335ac0 swapper [Locks tracked through LWPs] ****** LWP 1205.1214 (syz-executor2929) @ 0xffffb48013332100, l_stat=2 *** Locks held: * Lock 0 (initialized at vhci_attach) lock address : 0xffffb480126866d8 type : sleep/adaptive initialized : 0xffffffff80c01185 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffb48013332100 last held: 0xffffb48013332100 last locked* : 0xffffffff80c03bf7 unlocked : 0xffffffff80c04230 owner field : 0xffffb48013332100 wait/spin: 0/0 Turnstile: no active turnstile for this lock. *** Locks wanted: * Lock 0 (initialized at uhub_attach) lock address : 0xffffb48012891ea0 type : sleep/adaptive initialized : 0xffffffff80734866 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 1 relevant cpu : 0 last held: 0 relevant lwp : 0xffffb48013332100 last held: 000000000000000000 last locked : 0xffffffff807323a7 unlocked*: 0xffffffff80732467 owner field : 0xffffb48013332100 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 464.464 (dhcpcd) @ 0xffffb48012c744c0, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at module_hook_init) lock address : 0xffffffff83467300 type : sleep/adaptive initialized : 0xffffffff81aebc11 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffb48012c744c0 last held: 000000000000000000 last locked : 000000000000000000 unlocked*: 000000000000000000 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 600.600 (dhcpcd) @ 0xffffb48012bee680, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at module_hook_init) lock address : 0xffffffff83467300 type : sleep/adaptive initialized : 0xffffffff81aebc11 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffb48012bee680 last held: 000000000000000000 last locked : 000000000000000000 unlocked*: 000000000000000000 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 288.288 (dhcpcd) @ 0xffffb48012d5b8c0, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at module_hook_init) lock address : 0xffffffff83467300 type : sleep/adaptive initialized : 0xffffffff81aebc11 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffb48012d5b8c0 last held: 000000000000000000 last locked : 000000000000000000 unlocked*: 000000000000000000 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 351.351 (dhcpcd) @ 0xffffb48012d5b480, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at module_hook_init) lock address : 0xffffffff83467300 type : sleep/adaptive initialized : 0xffffffff81aebc11 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffb48012d5b480 last held: 000000000000000000 last locked : 000000000000000000 unlocked*: 000000000000000000 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 0.11 (iflnkst) @ 0xffffb4800fb47100, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at module_hook_init) lock address : 0xffffffff83467300 type : sleep/adaptive initialized : 0xffffffff81aebc11 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 0 relevant lwp : 0xffffb4800fb47100 last held: 000000000000000000 last locked : 000000000000000000 unlocked*: 000000000000000000 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 0.5 (softclk/0) @ 0xffffb4800fb32080, l_stat=1 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at module_hook_init) lock address : 0xffffffff83467300 type : sleep/adaptive initialized : 0xffffffff81aebc11 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffb4800fb32080 last held: 000000000000000000 last locked : 000000000000000000 unlocked*: 000000000000000000 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 0.0 (swapper) @ 0xffffffff83335ac0, l_stat=7 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at module_hook_init) lock address : 0xffffffff83467300 type : sleep/adaptive initialized : 0xffffffff81aebc11 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 0 relevant lwp : 0xffffffff83335ac0 last held: 000000000000000000 last locked : 000000000000000000 unlocked*: 000000000000000000 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. [Locks tracked through CPUs] PAGE FLAG PQ UOBJECT UANON 0xffffb48000017180 0041 00000000 0x0 0x0 0xffffb48000017200 0041 00000000 0x0 0x0 0xffffb48000017280 0041 00000000 0x0 0x0 0xffffb48000017300 0041 00000000 0x0 0x0 0xffffb48000017380 0041 00000000 0x0 0x0 0xffffb48000017400 0041 00000000 0x0 0x0 0xffffb48000017480 0041 00000000 0x0 0x0 0xffffb48000017500 0041 00000000 0x0 0x0 0xffffb48000017580 0041 00000000 0x0 0x0 0xffffb48000017600 0041 00000000 0x0 0x0 0xffffb48000017680 0041 00000000 0x0 0x0 0xffffb48000017700 0041 00000000 0x0 0x0 0xffffb48000017780 0041 00000000 0x0 0x0 0xffffb48000017800 0041 00000000 0x0 0x0 0xffffb48000017880 0041 00000000 0x0 0x0 0xffffb48000017900 0041 00000000 0x0 0x0 0xffffb48000017980 0041 00000000 0x0 0x0 0xffffb48000017a00 0041 00000000 0x0 0x0 0xffffb48000017a80 0041 00000000 0x0 0x0 0xffffb48000017b00 0041 00000000 0x0 0x0 0xffffb48000017b80 0041 00000000 0x0 0x0 0xffffb48000017c00 0041 00000000 0x0 0x0 0xffffb48000017c80 0041 00000000 0x0 0x0 0xffffb48000017d00 0041 00000000 0x0 0x0 0xffffb48000017d80 0041 00000000 0x0 0x0 0xffffb48000017e00 0041 00000000 0x0 0x0 0xffffb48000017e80 0041 00000000 0x0 0x0 0xffffb48000017f00 0041 00000000 0x0 0x0 0xffffb48000017f80 0041 00000000 0x0 0x0 0xffffb48000018000 0041 00000000 0x0 0x0 0xffffb48000018080 0041 00000000 0x0 0x0 0xffffb48000018100 0041 00000000 0x0 0x0 0xffffb48000018180 0041 00000000 0x0 0x0 0xffffb48000018200 0041 00000000 0x0 0x0 0xffffb48000018280 0041 00000000 0x0 0x0 0xffffb48000018300 0041 00000000 0x0 0x0 0xffffb48000018380 0041 00000000 0x0 0x0 0xffffb48000018400 0041 00000000 0x0 0x0 0xffffb48000018480 0041 00000000 0x0 0x0 0xffffb48000018500 0041 00000000 0x0 0x0 0xffffb48000018580 0041 00000000 0x0 0x0 0xffffb48000018600 0041 00000000 0x0 0x0 0xffffb48000018680 0041 00000000 0x0 0x0 0xffffb48000018700 0041 00000000 0x0 0x0 0xffffb48000018780 0041 00000000 0x0 0x0 0xffffb48000018800 0041 00000000 0x0 0x0 0xffffb48000018880 0041 00000000 0x0 0x0 0xffffb48000018900 0041 00000000 0x0 0x0 0xffffb48000018980 0041 00000000