assert "refs > NUM" failed in kern

login: panic: kernel diagnostic assertion "refs > 1" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_synch.c", line 920
Stopped at      db_enter+0x25:  addq    $0x8,%rsp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
  15385   3711      0           0          0    0  syz-executor
*100605  49175      0           0  0x4000000    1  syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff834522ec) at panic+0x1e5 sys/kern/subr_prf.c:198
__assert(ffffffff83490b1b,ffffffff8349eb95,398,ffffffff8345ae1a) at __assert+0x29 sys/kern/subr_prf.c:-1
refcnt_take(ffff8000015fe008) at refcnt_take+0x109 sys/kern/kern_synch.c:921
if_getgroupmembers(ffff80002a285da0) at if_getgroupmembers+0x11d sys/net/if.c:3256
sys_ioctl(ffff8000357b4d20,ffff80002a285f80,ffff80002a285ed0) at sys_ioctl+0x674 sys/kern/sys_generic.c:-1
syscall(ffff80002a285f80) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a285f80) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x2fccab52530, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb{1}> 
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: kernel diagnostic assertion "refs > 1" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_synch.c", line 920
ddb{1}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff834522ec) at panic+0x1e5 sys/kern/subr_prf.c:198
__assert(ffffffff83490b1b,ffffffff8349eb95,398,ffffffff8345ae1a) at __assert+0x29 sys/kern/subr_prf.c:-1
refcnt_take(ffff8000015fe008) at refcnt_take+0x109 sys/kern/kern_synch.c:921
if_getgroupmembers(ffff80002a285da0) at if_getgroupmembers+0x11d sys/net/if.c:3256
sys_ioctl(ffff8000357b4d20,ffff80002a285f80,ffff80002a285ed0) at sys_ioctl+0x674 sys/kern/sys_generic.c:-1
syscall(ffff80002a285f80) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a285f80) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x2fccab52530, count: -8
ddb{1}>

Time	Kernel	Commit	Syzkaller	Config	Log	Report	Assets (help?)	Manager	Title
2026/04/27 15:39	openbsd	80ba1745ccfd	0f700595	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	assert "refs > NUM" failed in kern_synch.c
2026/04/06 19:02	openbsd	8a4a3a78bbe7	4b3d9a38	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	assert "refs > NUM" failed in kern_synch.c
2026/02/09 07:36	openbsd	e6ae0557afc8	018ebef2	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-main	assert "refs > NUM" failed in kern_synch.c
2026/01/26 07:23	openbsd	401b985036af	55756628	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	assert "refs > NUM" failed in kern_synch.c
2025/11/30 12:16	openbsd	0086034dedf2	01c07bfe	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	assert "refs > NUM" failed in kern_synch.c
2025/10/23 11:36	openbsd	22e0e8faf4c6	c0460fcd	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-main	assert "refs > NUM" failed in kern_synch.c
2025/09/09 19:40	openbsd	3efab2192dd6	fdeaa69b	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	assert "refs > NUM" failed in kern_synch.c