[ 161.7314485] panic: kernel diagnostic assertion "vrefcnt(vp) > 0" failed: file "/syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/kern/vfs_vnops.c", line 1373 
[ 161.7414364] cpu1: Begin traceback...
[ 161.7614392] vpanic() at netbsd:vpanic+0x2f0 sys/kern/subr_prf.c:288
[ 161.8414370] kern_assert() at netbsd:kern_assert+0x65 sys/arch/amd64/amd64/db_disasm.c:1074
[ 161.9014372] vn_lock() at netbsd:vn_lock+0x528 sys/kern/vfs_vnops.c:1373
[ 161.9514377] vn_close() at netbsd:vn_close+0x26 sys/kern/vfs_vnops.c:487
[ 162.0014373] closef() at netbsd:closef+0x249 sys/kern/kern_descrip.c:861
[ 162.0514401] fd_close() at netbsd:fd_close+0x443 sys/kern/kern_descrip.c:740
[ 162.1014364] sys_close() at netbsd:sys_close+0x4b sys/kern/sys_descrip.c:522
[ 162.1514359] syscall() at netbsd:syscall+0x28b sy_call sys/sys/syscallvar.h:65 [inline]
[ 162.1514359] syscall() at netbsd:syscall+0x28b sy_invoke sys/sys/syscallvar.h:94 [inline]
[ 162.1514359] syscall() at netbsd:syscall+0x28b sys/arch/x86/x86/syscall.c:137
[ 162.1714390] --- syscall (number 6) ---
[ 162.1914370] netbsd:syscall+0x28b:
[ 162.1914370] cpu1: End traceback...
[ 162.1914370] fatal breakpoint trap in supervisor mode
[ 162.2014358] trap type 1 code 0 rip 0xffffffff80235475 cs 0x8 rflags 0x246 cr2 0x7e059cd9d338 ilevel 0 rsp 0xffffae0248b31d20
[ 162.2114357] curlwp 0xffffe4e06b87e680 pid 2811.2811 lowest kstack 0xffffae0248b2d2c0
Stopped in pid 2811.2811 (syz-executor.1) at    netbsd:breakpoint+0x5:  leave
?
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0xec sys/ddb/db_panic.c:71
vpanic() at netbsd:vpanic+0x2f0 sys/kern/subr_prf.c:288
kern_assert() at netbsd:kern_assert+0x65 sys/arch/amd64/amd64/db_disasm.c:1074
vn_lock() at netbsd:vn_lock+0x528 sys/kern/vfs_vnops.c:1373
vn_close() at netbsd:vn_close+0x26 sys/kern/vfs_vnops.c:487
closef() at netbsd:closef+0x249 sys/kern/kern_descrip.c:861
fd_close() at netbsd:fd_close+0x443 sys/kern/kern_descrip.c:740
sys_close() at netbsd:sys_close+0x4b sys/kern/sys_descrip.c:522
syscall() at netbsd:syscall+0x28b sy_call sys/sys/syscallvar.h:65 [inline]
syscall() at netbsd:syscall+0x28b sy_invoke sys/sys/syscallvar.h:94 [inline]
syscall() at netbsd:syscall+0x28b sys/arch/x86/x86/syscall.c:137
--- syscall (number 6) ---
netbsd:syscall+0x28b:
Panic string: kernel diagnostic assertion "vrefcnt(vp) > 0" failed: file "/syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/kern/vfs_vnops.c", line 1373
PID     LID S CPU     FLAGS       STRUCT LWP *               NAME WAIT
3525   3525 3   0         0   ffffe4e071bd9780           ifconfig xclow
3221   3221 3   0  10040000   ffffe4e0759b9b00     syz-executor.3 biolock
4456   4456 3   0     40180   ffffe4e06f7584c0     syz-executor.0 wait
3069   3069 3   0         0   ffffe4e078508ac0     syz-executor.2 biolock
2882   2882 3   0         0   ffffe4e0781a95c0     syz-executor.5 biolock
3007   3007 2   1         0   ffffe4e071bd9bc0     syz-executor.4
4155 > 4155 7   0       140   ffffe4e06f758080     syz-executor.3
2811 > 2811 7   1       100   ffffe4e06b87e680     syz-executor.1
3654   3654 3   1       180   ffffe4e06d4e1480     syz-executor.3 parked
3678   3678 3   1       180   ffffe4e06d4e1040     syz-executor.4 parked
2210   2210 3   0       180   ffffe4e06fdd5b40     syz-executor.3 parked
3032   3032 3   1       180   ffffe4e0687294c0     syz-executor.5 parked
1524   1578 3   1   1100000   ffffe4e06fdd52c0     syz-executor.5 vfork
1524   1524 3   0  11000000   ffffe4e0781769c0     syz-executor.5 lwpwait
2101   2101 3   1       180   ffffe4e070c4d0c0     syz-executor.1 parked
2108   2108 3   1       180   ffffe4e073904980     syz-executor.2 parked
613     613 3   1       180   ffffe4e073904100     syz-executor.3 parked
1326   1326 3   0       180   ffffe4e0759b96c0     syz-executor.1 parked
1328   1328 3   1       180   ffffe4e068108180     syz-executor.5 parked
1742   1501 3   0   1000000   ffffe4e068ca0500     syz-executor.5 lwpwait
1742   1632 3   1  11100000   ffffe4e0685b39c0     syz-executor.5 vfork
1639   1639 3   0       180   ffffe4e0683f28c0     syz-executor.2 parked
1068   1022 3   0       180   ffffe4e0798a1200         syz-fuzzer wait
1068   1337 3   0       180   ffffe4e06b87eac0         syz-fuzzer wait
1068   1205 3   1       180   ffffe4e068ca00c0         syz-fuzzer wait
1068   1204 2   1         0   ffffe4e0683f2480         syz-fuzzer
1068   1387 3   0       180   ffffe4e0685b3140         syz-fuzzer wait
1068   1236 3   0       180   ffffe4e0685b3580         syz-fuzzer parked
1068   1239 3   0       180   ffffe4e06b87e240         syz-fuzzer wait
1068   1243 3   1       180   ffffe4e0677e72c0         syz-fuzzer wait
1068    979 3   0       180   ffffe4e06928a1c0         syz-fuzzer parked
1068    941 3   1       180   ffffe4e067603b00         syz-fuzzer parked
1068    929 3   1       180   ffffe4e067906b80         syz-fuzzer parked
1068   1226 3   1       180   ffffe4e068108a00         syz-fuzzer parked
1068   1231 3   0       180   ffffe4e069ad2640         syz-fuzzer parked
1068   1068 3   1       180   ffffe4e06838b540         syz-fuzzer parked
1233   1233 3   0       180   ffffe4e067603280               sshd select
1222   1222 3   0       180   ffffe4e069ad2200              getty nanoslp
1184   1184 3   0       180   ffffe4e06729eac0              getty nanoslp
1216   1216 3   1       180   ffffe4e0676036c0              getty nanoslp
1195   1195 3   0       180   ffffe4e06724b640              getty ttyraw
1096   1096 3   0       180   ffffe4e06928aa40               sshd select
1095   1095 3   1       180   ffffe4e06928a600