[ 428.8987521] panic: The psref isn't in the list (releasing unused psref?): psref=0xffffba82487107e0 target=0xffffba80120bb3a8
[ 428.9087418] cpu1: Begin traceback...
[ 428.9287409] vpanic() at netbsd:vpanic+0x282 sys/kern/subr_prf.c:288
1970/01/01 00:00:48 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF
[ 428.9787411] panic() at netbsd:panic+0x9e sys/kern/subr_prf.c:1084
[ 429.0287445] psref_release() at netbsd:psref_release+0x14f sys/kern/subr_psref.c:376
[ 429.0787410] doifioctl() at netbsd:doifioctl+0x74d x86_curlwp sys/arch/amd64/compile/obj/GENERIC_SYZKALLER/./machine/cpu.h:76 [inline]
[ 429.0787410] doifioctl() at netbsd:doifioctl+0x74d curlwp_bindx sys/sys/lwp.h:521 [inline]
[ 429.0787410] doifioctl() at netbsd:doifioctl+0x74d sys/net/if.c:3612
[ 429.1187411] soo_ioctl() at netbsd:soo_ioctl+0x3cc sys/kern/sys_socket.c:215
[ 429.1687412] sys_ioctl() at netbsd:sys_ioctl+0x8f6 sys/kern/sys_generic.c:675
[ 429.2087429] sys___syscall() at netbsd:sys___syscall+0x10e sy_call sys/sys/syscallvar.h:65 [inline]
[ 429.2087429] sys___syscall() at netbsd:sys___syscall+0x10e sys/kern/sys_syscall.c:90
[ 429.2487415] syscall() at netbsd:syscall+0x246 sy_call sys/sys/syscallvar.h:65 [inline]
[ 429.2487415] syscall() at netbsd:syscall+0x246 sy_invoke sys/sys/syscallvar.h:94 [inline]
[ 429.2487415] syscall() at netbsd:syscall+0x246 sys/arch/x86/x86/syscall.c:137
[ 429.2687444] --- syscall (number 54 via SYS_syscall) ---
[ 429.2787402] netbsd:syscall+0x246:
[ 429.2887451] cpu1: End traceback...
[ 429.2887451] fatal breakpoint trap in supervisor mode
[ 429.2887451] trap type 1 code 0 rip 0xffffffff8023240d cs 0x8 rflags 0x286 cr2 0x20000180 ilevel 0x4 rsp 0xffffba82487104f0
[ 429.3087415] curlwp 0xffffba8014c8a200 pid 7652.9452 lowest kstack 0xffffba82487092c0
Stopped in pid 7652.9452 (syz-executor.1) at    netbsd:breakpoint+0x5:  leave
?
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:71
vpanic() at netbsd:vpanic+0x282 sys/kern/subr_prf.c:288
panic() at netbsd:panic+0x9e sys/kern/subr_prf.c:1084
psref_release() at netbsd:psref_release+0x14f sys/kern/subr_psref.c:376
doifioctl() at netbsd:doifioctl+0x74d x86_curlwp sys/arch/amd64/compile/obj/GENERIC_SYZKALLER/./machine/cpu.h:76 [inline]
doifioctl() at netbsd:doifioctl+0x74d curlwp_bindx sys/sys/lwp.h:521 [inline]
doifioctl() at netbsd:doifioctl+0x74d sys/net/if.c:3612
soo_ioctl() at netbsd:soo_ioctl+0x3cc sys/kern/sys_socket.c:215
sys_ioctl() at netbsd:sys_ioctl+0x8f6 sys/kern/sys_generic.c:675
sys___syscall() at netbsd:sys___syscall+0x10e sy_call sys/sys/syscallvar.h:65 [inline]
sys___syscall() at netbsd:sys___syscall+0x10e sys/kern/sys_syscall.c:90
syscall() at netbsd:syscall+0x246 sy_call sys/sys/syscallvar.h:65 [inline]
syscall() at netbsd:syscall+0x246 sy_invoke sys/sys/syscallvar.h:94 [inline]
syscall() at netbsd:syscall+0x246 sys/arch/x86/x86/syscall.c:137
--- syscall (number 54 via SYS_syscall) ---
netbsd:syscall+0x246:
Panic string: The psref isn't in the list (releasing unused psref?): psref=0xffffba82487107e0 target=0xffffba80120bb3a8
PID     LID S CPU     FLAGS       STRUCT LWP *               NAME WAIT
7652 > 9452 7   1         0   ffffba8014c8a200     syz-executor.1
7652   7568 3   0       180   ffffba8012d59340     syz-executor.1 netio
7652   7652 2   1  10000000   ffffba8012d29300     syz-executor.1
7299   7299 2   1         0   ffffba8012d0db00     syz-executor.2
9678   9678 2   0     40000   ffffba801343d780                 sh
9561   9561 3   1       180   ffffba80147c5040                 sh wait
6308   6308 2   0     40000   ffffba801339a1c0                 sh
9056   9056 4   1   1000100   ffffba8012ab3080     syz-executor.1
9428   9428 2   1   1000000   ffffba8012d05240     syz-executor.4
8799   8799 2   1         0   ffffba8012cd6a00     syz-executor.0
6139   6139 2   0       140   ffffba8012d0d280     syz-executor.2
8904   8904 3   0       180   ffffba801337d180                 sh pipe_rd
8138   8138 3   1       180   ffffba8014661300                 sh wait
7628   7628 3   1       180   ffffba8012d788c0             dhcpcd poll
8781   8781 3   1       180   ffffba8012d78040             dhcpcd poll
6552   6642 2   0   1140000   ffffba8012cce9c0     syz-executor.5
6552   6552 2   0  11000040   ffffba8012c69740     syz-executor.5
6805   6805 3   0       180   ffffba8013450900     syz-executor.5 wait
6791   6791 3   0       180   ffffba801347f140               init nanoslp
7480   7480 3   0       180   ffffba8012c99480     syz-executor.2 parked
6991   6991 3   1       180   ffffba8014258680     syz-executor.0 parked
7857   7857 3   0       180   ffffba80134504c0     syz-executor.0 parked
6846   6846 3   0       180   ffffba8012d59780     syz-executor.0 parked
6177   6177 3   1       180   ffffba8012ceba40     syz-executor.0 parked
7476   7476 3   1       180   ffffba8012b9e9c0     syz-executor.1 parked
6367   6367 3   0       180   ffffba8012ceb1c0     syz-executor.2 parked
4747   5222 2   0   1140000   ffffba8012cb3940     syz-executor.0
4747   4747 3   1  11000000   ffffba80141995c0     syz-executor.0 lwpwait
4135   4135 3   1       180   ffffba801425eb00     syz-executor.3 parked
4502   5434 3   1   5100000   ffffba8014255640     syz-executor.3 vfork
4502   4502 3   1  11000000   ffffba8013f94780     syz-executor.3 lwpwait
4715   4715 3   0       180   ffffba8013433b80     syz-executor.4 parked
6491   6491 3   1       180   ffffba8012b9e140     syz-executor.5 parked
3718   3718 3   1       180   ffffba8013446040     syz-executor.4 parked
3365   3365 3   1       180   ffffba8014661b80     syz-executor.2 parked
3205   3205 3   0       180   ffffba8012bed1c0     syz-executor.0 parked
3068   3068 3   1       180   ffffba8012ada500     syz-executor.1 parked
3063   3063 3   1       180   ffffba8012ada0c0     syz-executor.1 parked
3434   2953 3   1  11100000   ffffba801343d340     syz-executor.1 vfork
3434   3434 3   1  11000000   ffffba80133b2240     syz-executor.1 lwpwait
4942   4942 3   1       180   fff