Assert that reference count is always positive.

Refcnt objects are always initialized to 1.  When the counter drops
to 0, the referenced object can be destroyed at any time.  In
refcnt_take() atomic_inc_int_nv() returns the incremented counter.
That means if refs == 1, it has been 0 before.  That would be a bug
that should be caught.

from Christian Ludwig; OK mvs@ kettenis@ a while ago

Author: bluhm

sys/kern/kern_synch.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_synch.c,v 1.226 2025/06/05 08:49:09 claudio Exp $	*/
+/*	$OpenBSD: kern_synch.c,v 1.227 2025/06/20 13:54:59 bluhm Exp $	*/
 /*	$NetBSD: kern_synch.c,v 1.37 1996/04/22 01:38:37 christos Exp $	*/
 
 /*
@@ -913,7 +913,7 @@ refcnt_take(struct refcnt *r)
 	u_int refs;
 
 	refs = atomic_inc_int_nv(&r->r_refs);
-	KASSERT(refs != 0);
+	KASSERT(refs > 1);
 	TRACEINDEX(refcnt, r->r_traceidx, r, refs - 1, +1);
 	(void)refs;
 }