syzbot

panic: kernel diagnostic assertion "refs != ~0" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_synch.c", line 955
Stopped at      db_enter+0x25:  addq    $0x8,%rsp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
 218506    975      0           0          0    1  syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83453db8) at panic+0x1e5 sys/kern/subr_prf.c:198
__assert(ffffffff8348f8a1,ffffffff8349d9c6,3bb,ffffffff834c5f82) at __assert+0x29 sys/kern/subr_prf.c:-1
refcnt_finalize(ffff8000327a7770,ffffffff83443422) at refcnt_finalize+0x1db sys/kern/kern_synch.c:956
pppx_if_destroy(285b9e,ffff8000327a7768) at pppx_if_destroy+0x3d sys/net/if_pppx.c:794
pppxclose(285b9e,41,2000,ffff8000393c8550) at pppxclose+0xa0 sys/net/if_pppx.c:541
spec_close(ffff80002a238ee0) at spec_close+0x417 sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffd806b870048,41,fffffd80097fd4e0,ffff8000393c8550) at VOP_CLOSE+0x132 sys/kern/vfs_vops.c:156
vn_closefile(fffffd806f386008,ffff8000393c8550) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:298 [inline]
vn_closefile(fffffd806f386008,ffff8000393c8550) at vn_closefile+0x12b sys/kern/vfs_vnops.c:621
fdrop(fffffd806f386008,ffff8000393c8550) at fdrop+0x121 sys/kern/kern_descrip.c:1281
closef(fffffd806f386008,ffff8000393c8550) at closef+0x192 sys/kern/kern_descrip.c:1265
fdfree(ffff8000393c8550) at fdfree+0x116 sys/kern/kern_descrip.c:1196
exit1(ffff8000393c8550,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215
sys_exit(ffff8000393c8550,ffff80002a239250,ffff80002a2391a0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
end trace frame: 0xffff80002a239240, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb{0}> 
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: kernel diagnostic assertion "refs != ~0" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_synch.c", line 955
ddb{0}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83453db8) at panic+0x1e5 sys/kern/subr_prf.c:198
__assert(ffffffff8348f8a1,ffffffff8349d9c6,3bb,ffffffff834c5f82) at __assert+0x29 sys/kern/subr_prf.c:-1
refcnt_finalize(ffff8000327a7770,ffffffff83443422) at refcnt_finalize+0x1db sys/kern/kern_synch.c:956
pppx_if_destroy(285b9e,ffff8000327a7768) at pppx_if_destroy+0x3d sys/net/if_pppx.c:794
pppxclose(285b9e,41,2000,ffff8000393c8550) at pppxclose+0xa0 sys/net/if_pppx.c:541
spec_close(ffff80002a238ee0) at spec_close+0x417 sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffd806b870048,41,fffffd80097fd4e0,ffff8000393c8550) at VOP_CLOSE+0x132 sys/kern/vfs_vops.c:156
vn_closefile(fffffd806f386008,ffff8000393c8550) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:298 [inline]
vn_closefile(fffffd806f386008,ffff8000393c8550) at vn_closefile+0x12b sys/kern/vfs_vnops.c:621
fdrop(fffffd806f386008,ffff8000393c8550) at fdrop+0x121 sys/kern/kern_descrip.c:1281
closef(fffffd806f386008,ffff8000393c8550) at closef+0x192 sys/kern/kern_descrip.c:1265
fdfree(ffff8000393c8550) at fdfree+0x116 sys/kern/kern_descrip.c:1196
exit1(ffff8000393c8550,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215
sys_exit(ffff8000393c8550,ffff80002a239250,ffff80002a2391a0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a239250) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a239250) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x6fdd1b346040, count: -16
ddb{0}> show registers
rdi                                0
rsi                              0x1
rbp               0xffff80002a238cb0
rbx               0xffffffff83916e07    cpu_info_full_primary+0x2e07
rdx                                0
rcx               0xffff8000393c8550
rax               0xffffffff83915ff0    cpu_info_full_primary+0x1ff0
r8                 0x101010101010101
r9                0x8080808080808080
r10               0x8059064317fcac6e
r11               0xd6a71daedae3f988
r12               0xffffffff83916c08    cpu_info_full_primary+0x2c08
r13                                0
r14                                0
r15                              0x1
rip               0xffffffff82e68e25    db_enter+0x25
cs                               0x8
rflags                         0x246
rsp               0xffff80002a238ca0
ss                                 0
db_enter+0x25:  addq    $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor) tid=254783 pid=64054 tcnt=0 stat=onproc
    flags process=1008<EXITING,SINGLEEXIT> proc=2000<WEXIT>
    runpri=32, usrpri=86, slppri=32, nice=20
    wchan=0x0, wmesg=, ps_single=0xffff8000393c8550 scnt=-1 ecnt=1
    forw=0xffffffffffffffff, list=0xffff8000393c8020,0xffff8000393c8fc0
    process=0xffff80003c3e5830 user=0xffff80002a234000, vmspace=0xfffffd800b063988
    estcpu=36, cpticks=4, pctcpu=0.0, user=0, sys=1, intr=0
ddb{0}>