syzbot

[ 269.9208802] panic: [ 269.9808911] vpanic() at netbsd:vpanic+0x27a sys/kern/subr_prf.c:288
1970/01/01 00:01:05 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF
[ 270.0109091] _sub_D_65535_0() at netbsd:_sub_D_65535_0+-0xca60
[ 270.0509278] spec_close() at netbsd:spec_close+0x737 sys/miscfs/specfs/spec_vnops.c:1705
[ 270.0809430] VOP_CLOSE() at netbsd:VOP_CLOSE+0xfc sys/kern/vnode_if.c:605
[ 270.1109582] vn_close() at netbsd:vn_close+0x55 sys/kern/vfs_vnops.c:493
[ 270.1509762] closef() at netbsd:closef+0x1e2 sys/kern/kern_descrip.c:861
[ 270.1809921] fd_free() at netbsd:fd_free+0x57e sys/kern/kern_descrip.c:1597
[ 270.2110056] exit1() at netbsd:exit1+0x2f7 sys/kern/kern_exit.c:302
[ 270.2410223] sys_exit() at netbsd:sys_exit+0x94 sys/kern/kern_exit.c:181
[ 270.2810424] syscall() at netbsd:syscall+0x35c sy_call sys/sys/syscallvar.h:65 [inline]
[ 270.2810424] syscall() at netbsd:syscall+0x35c sy_invoke sys/sys/syscallvar.h:94 [inline]
[ 270.2810424] syscall() at netbsd:syscall+0x35c sys/arch/x86/x86/syscall.c:137
[ 270.2910485] --- syscall (number 1) ---
[ 270.3010525] netbsd:syscall+0x35c:
[ 270.3010525] cpu1: End traceback...
[ 270.3110561] fatal breakpoint trap in supervisor mode
[ 270.3110561] trap type 1 code 0 rip 0xffffffff8023240d cs 0x8 rflags 0x286 cr2 0x20000180 ilevel 0 rsp 0xffffc18256ff9830
[ 270.3210597] curlwp 0xffffc18012c10240 pid 8390.8390 lowest kstack 0xffffc18256ff22c0
Stopped in pid 8390.8390 (syz-executor.1) at    netbsd:breakpoint+0x5:  leave
?
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:71
vpanic() at netbsd:vpanic+0x27a sys/kern/subr_prf.c:288
_sub_D_65535_0() at netbsd:_sub_D_65535_0+-0xca60
spec_close() at netbsd:spec_close+0x737 sys/miscfs/specfs/spec_vnops.c:1705
VOP_CLOSE() at netbsd:VOP_CLOSE+0xfc sys/kern/vnode_if.c:605
vn_close() at netbsd:vn_close+0x55 sys/kern/vfs_vnops.c:493
closef() at netbsd:closef+0x1e2 sys/kern/kern_descrip.c:861
fd_free() at netbsd:fd_free+0x57e sys/kern/kern_descrip.c:1597
exit1() at netbsd:exit1+0x2f7 sys/kern/kern_exit.c:302
sys_exit() at netbsd:sys_exit+0x94 sys/kern/kern_exit.c:181
syscall() at netbsd:syscall+0x35c sy_call sys/sys/syscallvar.h:65 [inline]
syscall() at netbsd:syscall+0x35c sy_invoke sys/sys/syscallvar.h:94 [inline]
syscall() at netbsd:syscall+0x35c sys/arch/x86/x86/syscall.c:137
--- syscall (number 1) ---
netbsd:syscall+0x35c:
Panic string: kernel diagnostic assertion "sn->sn_opencnt" failed: file "/syzkaller/managers/ci2-netbsd/kernel/sys/miscfs/specfs/spec_vnops.c", line 1705
PID     LID S CPU     FLAGS       STRUCT LWP *               NAME WAIT
8390 > 8390 7   1  10000000   ffffc18012c10240     syz-executor.1
6024   6024 2   0         0   ffffc180147dd940                 sh
6469   6469 2   1   1000000   ffffc18013467100     syz-executor.4
6050   6050 3   1       180   ffffc18013440bc0     syz-executor.3 wait
6116   6116 3   1       180   ffffc18014553b80               init nanoslp
4031   6029 3   1       180   ffffc18012d7d8c0     syz-executor.0 parked
4031   6271 3   1       180   ffffc18013e1f680     syz-executor.0 lockf
4031   4031 2   0  10000140   ffffc18012a6c8c0     syz-executor.0
7474   7474 2   1       140   ffffc18014045500     syz-executor.1
5333   5333 2   1       140   ffffc18014108140     syz-executor.0
6764   6764 3   0       180   ffffc180140ff980     syz-executor.5 parked
5626   5626 3   1       180   ffffc18012a6c040     syz-executor.3 parked
4496   4496 3   1       180   ffffc18014108580     sy