Warning: Permanently added '10.128.0.84' (ECDSA) to the list of known hosts.
syzkaller login: [   28.228980][ T3029] cgroup: Unknown subsys name 'net'
[   28.487655][ T3029] cgroup: Unknown subsys name 'rlimit'
executing program
[   30.738256][ T3031] ------------[ cut here ]------------
[   30.739784][ T3031] refcount_t: underflow; use-after-free.
[   30.741347][ T3031] WARNING: CPU: 1 PID: 3031 at lib/refcount.c:28 refcount_warn_saturate+0x1a0/0x1c8
[   30.743650][ T3031] Modules linked in:
[   30.744641][ T3031] CPU: 1 PID: 3031 Comm: syz-executor859 Not tainted 6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0
[   30.747222][ T3031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022
[   30.749697][ T3031] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   30.751613][ T3031] pc : refcount_warn_saturate+0x1a0/0x1c8
[   30.753025][ T3031] lr : refcount_warn_saturate+0x1a0/0x1c8
[   30.754428][ T3031] sp : ffff800012713b90
[   30.755568][ T3031] x29: ffff800012713b90 x28: 00000000000a201d x27: 0000000000002000
[   30.757543][ T3031] x26: dead000000000100 x25: 0000000000000000 x24: 0000000000000001
[   30.759599][ T3031] x23: 0000000000000001 x22: 0000000000000000 x21: 0000000000000000
[   30.761563][ T3031] x20: 0000000000000003 x19: ffff80000d8c8000 x18: 00000000000000c0
[   30.763528][ T3031] x17: ffff80000dd0b198 x16: ffff80000db49158 x15: ffff0000c3ca0000
[   30.765489][ T3031] x14: 0000000000000000 x13: 00000000ffffffff x12: ffff0000c3ca0000
[   30.767440][ T3031] x11: ff808000081c0d5c x10: 0000000000000000 x9 : e142409ecabede00
[   30.769405][ T3031] x8 : e142409ecabede00 x7 : ffff80000819545c x6 : 0000000000000000
[   30.771324][ T3031] x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000
[   30.773295][ T3031] x2 : 0000000000000000 x1 : 0000000100000000 x0 : 0000000000000026
[   30.775400][ T3031] Call trace:
[   30.776158][ T3031]  refcount_warn_saturate+0x1a0/0x1c8
[   30.777365][ T3031]  drm_gem_object_handle_put_unlocked+0x178/0x1a0
[   30.778894][ T3031]  drm_gem_object_release_handle+0x68/0x80
[   30.780375][ T3031]  idr_for_each+0xf0/0x174
[   30.781413][ T3031]  drm_gem_release+0x30/0x48
[   30.782548][ T3031]  drm_file_free+0x220/0x2cc
[   30.783664][ T3031]  drm_release+0x108/0x240
[   30.784725][ T3031]  __fput+0x198/0x3dc
[   30.785687][ T3031]  ____fput+0x20/0x30
[   30.786644][ T3031]  task_work_run+0xc4/0x14c
[   30.787803][ T3031]  do_notify_resume+0x174/0x1f0
[   30.788889][ T3031]  el0_svc+0x9c/0x150
[   30.789792][ T3031]  el0t_64_sync_handler+0x84/0xf0
[   30.791061][ T3031]  el0t_64_sync+0x18c/0x190
[   30.792212][ T3031] irq event stamp: 1301834
[   30.793309][ T3031] hardirqs last  enabled at (1301833): [<ffff8000081befc8>] __up_console_sem+0xb0/0xfc
[   30.795688][ T3031] hardirqs last disabled at (1301834): [<ffff80000bfb5fbc>] el1_dbg+0x24/0x5c
[   30.797854][ T3031] softirqs last  enabled at (1301798): [<ffff80000801c33c>] local_bh_enable+0x10/0x34
[   30.800160][ T3031] softirqs last disabled at (1301796): [<ffff80000801c308>] local_bh_disable+0x10/0x34
[   30.802380][ T3031] ---[ end trace 0000000000000000 ]---
executing program
executing program
executing program
executing program
executing program