[    9.324872][ T2615] 8021q: adding VLAN 0 to HW filter on device bond0
[    9.334880][ T2615] eql: remember to turn off Van-Jacobson compression on your slave devices
[    9.357838][  T135] gvnic 0000:00:00.0 enp0s0: Device link is up.
[    9.361359][ T2524] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.60' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   30.766999][ T3029] ------------[ cut here ]------------
[   30.768316][ T3029] refcount_t: underflow; use-after-free.
[   30.769850][ T3029] WARNING: CPU: 0 PID: 3029 at lib/refcount.c:28 refcount_warn_saturate+0x1a0/0x1c8
[   30.771983][ T3029] Modules linked in:
[   30.772953][ T3029] CPU: 0 PID: 3029 Comm: syz-executor717 Not tainted 6.0.0-rc2-syzkaller-16455-ga41a877bc12d #0
[   30.775369][ T3029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[   30.777738][ T3029] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   30.779748][ T3029] pc : refcount_warn_saturate+0x1a0/0x1c8
[   30.781030][ T3029] lr : refcount_warn_saturate+0x1a0/0x1c8
[   30.782331][ T3029] sp : ffff80001200baa0
[   30.783316][ T3029] x29: ffff80001200baa0 x28: 00000000000a201d x27: 0000000000002000
[   30.785211][ T3029] x26: dead000000000100 x25: 0000000000000000 x24: 0000000000000001
[   30.787053][ T3029] x23: 0000000000000001 x22: 0000000000000000 x21: 0000000000000000
[   30.788915][ T3029] x20: 0000000000000003 x19: ffff80000d937000 x18: 00000000000000c0
[   30.790772][ T3029] x17: ffff80000dd7a698 x16: ffff80000dbb8658 x15: ffff0000c10a4f80
[   30.792648][ T3029] x14: 0000000000000000 x13: 00000000ffffffff x12: ffff0000c10a4f80
[   30.794768][ T3029] x11: ff808000081c39dc x10: 0000000000000000 x9 : 9016e5cf66052a00
[   30.796652][ T3029] x8 : 9016e5cf66052a00 x7 : ffff800008197c8c x6 : 0000000000000000
[   30.798707][ T3029] x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000
[   30.800386][ T3029] x2 : 0000000000000000 x1 : 0000000100000000 x0 : 0000000000000026
[   30.801940][ T3029] Call trace:
[   30.802565][ T3029]  refcount_warn_saturate+0x1a0/0x1c8
[   30.803744][ T3029]  drm_gem_object_handle_put_unlocked+0x178/0x190
[   30.805256][ T3029]  drm_gem_object_release_handle+0x90/0xa8
[   30.806574][ T3029]  idr_for_each+0xf0/0x174
[   30.807589][ T3029]  drm_gem_release+0x30/0x48
[   30.808585][ T3029]  drm_file_free+0x220/0x2cc
[   30.809640][ T3029]  drm_release+0x108/0x22c
[   30.810705][ T3029]  __fput+0x198/0x3bc
[   30.811466][ T3029]  ____fput+0x20/0x30
[   30.812249][ T3029]  task_work_run+0xc4/0x208
[   30.813125][ T3029]  do_exit+0x26c/0xbb8
[   30.813900][ T3029]  do_group_exit+0x60/0xe8
[   30.814862][ T3029]  __wake_up_parent+0x0/0x40
[   30.815892][ T3029]  el0_svc_common+0x138/0x220
[   30.817040][ T3029]  do_el0_svc+0x48/0x154
[   30.818077][ T3029]  el0_svc+0x58/0x150
[   30.818987][ T3029]  el0t_64_sync_handler+0x84/0xf0
[   30.820190][ T3029]  el0t_64_sync+0x18c/0x190
[   30.821239][ T3029] irq event stamp: 12698
[   30.822228][ T3029] hardirqs last  enabled at (12697): [<ffff8000081c1c48>] __up_console_sem+0xb0/0xfc
[   30.824424][ T3029] hardirqs last disabled at (12698): [<ffff80000bffe9cc>] el1_dbg+0x24/0x5c
[   30.826461][ T3029] softirqs last  enabled at (12442): [<ffff8000080102e4>] _stext+0x2e4/0x37c
[   30.828626][ T3029] softirqs last disabled at (12417): [<ffff800008104658>] invoke_softirq+0x70/0xbc
[   30.830804][ T3029] ---[ end trace 0000000000000000 ]---