Warning: Permanently added '10.128.0.2' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   28.103163][ T3028] ------------[ cut here ]------------
[   28.104627][ T3028] refcount_t: underflow; use-after-free.
[   28.106084][ T3028] WARNING: CPU: 0 PID: 3028 at lib/refcount.c:28 refcount_warn_saturate+0x1a0/0x1c8
[   28.108291][ T3028] Modules linked in:
[   28.109273][ T3028] CPU: 0 PID: 3028 Comm: syz-executor274 Not tainted 6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0
[   28.111706][ T3028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022
[   28.114107][ T3028] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   28.116060][ T3028] pc : refcount_warn_saturate+0x1a0/0x1c8
[   28.117440][ T3028] lr : refcount_warn_saturate+0x1a0/0x1c8
[   28.118834][ T3028] sp : ffff80001275baa0
[   28.119849][ T3028] x29: ffff80001275baa0 x28: 00000000000a201d x27: 0000000000002000
[   28.121764][ T3028] x26: dead000000000100 x25: 0000000000000000 x24: 0000000000000001
[   28.123756][ T3028] x23: 0000000000000001 x22: 0000000000000000 x21: 0000000000000000
[   28.125697][ T3028] x20: 0000000000000003 x19: ffff80000d8c8000 x18: 00000000000000c0
[   28.127686][ T3028] x17: ffff80000dd0b198 x16: ffff80000db49158 x15: ffff0000c3cdcf80
[   28.129644][ T3028] x14: 0000000000000000 x13: 00000000ffffffff x12: ffff0000c3cdcf80
[   28.131615][ T3028] x11: ff808000081c0d5c x10: 0000000000000000 x9 : 098332b724824700
[   28.133585][ T3028] x8 : 098332b724824700 x7 : ffff80000819545c x6 : 0000000000000000
[   28.135553][ T3028] x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000
[   28.137540][ T3028] x2 : 0000000000000000 x1 : 0000000100000000 x0 : 0000000000000026
[   28.139494][ T3028] Call trace:
[   28.140282][ T3028]  refcount_warn_saturate+0x1a0/0x1c8
[   28.141626][ T3028]  drm_gem_object_handle_put_unlocked+0x178/0x1a0
[   28.143181][ T3028]  drm_gem_object_release_handle+0x68/0x80
[   28.144647][ T3028]  idr_for_each+0xf0/0x174
[   28.145716][ T3028]  drm_gem_release+0x30/0x48
[   28.146818][ T3028]  drm_file_free+0x220/0x2cc
[   28.147934][ T3028]  drm_release+0x108/0x240
[   28.149018][ T3028]  __fput+0x198/0x3dc
[   28.149978][ T3028]  ____fput+0x20/0x30
[   28.150966][ T3028]  task_work_run+0xc4/0x14c
[   28.152073][ T3028]  do_exit+0x26c/0xbe0
[   28.153058][ T3028]  do_group_exit+0x60/0xe8
[   28.154127][ T3028]  __wake_up_parent+0x0/0x40
[   28.155264][ T3028]  el0_svc_common+0x138/0x220
[   28.156424][ T3028]  do_el0_svc+0x48/0x164
[   28.157439][ T3028]  el0_svc+0x58/0x150
[   28.158438][ T3028]  el0t_64_sync_handler+0x84/0xf0
[   28.159694][ T3028]  el0t_64_sync+0x18c/0x190
[   28.160794][ T3028] irq event stamp: 12610
[   28.161822][ T3028] hardirqs last  enabled at (12609): [<ffff8000081befc8>] __up_console_sem+0xb0/0xfc
[   28.164172][ T3028] hardirqs last disabled at (12610): [<ffff80000bfb5fbc>] el1_dbg+0x24/0x5c
[   28.166266][ T3028] softirqs last  enabled at (12594): [<ffff8000080102e4>] _stext+0x2e4/0x37c
[   28.168378][ T3028] softirqs last disabled at (12585): [<ffff800008017c14>] ____do_softirq+0x14/0x20
[   28.170653][ T3028] ---[ end trace 0000000000000000 ]---