[    9.485288][ T2614] 8021q: adding VLAN 0 to HW filter on device bond0
[    9.493624][ T2614] eql: remember to turn off Van-Jacobson compression on your slave devices
[    9.519549][  T264] gvnic 0000:00:00.0 enp0s0: Device link is up.
[    9.521175][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.115' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   27.072101][ T3029] ------------[ cut here ]------------
[   27.073216][ T3029] refcount_t: underflow; use-after-free.
[   27.074512][ T3029] WARNING: CPU: 0 PID: 3029 at lib/refcount.c:28 refcount_warn_saturate+0x1a0/0x1c8
[   27.076424][ T3029] Modules linked in:
[   27.077232][ T3029] CPU: 0 PID: 3029 Comm: syz-executor371 Not tainted 6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0
[   27.079538][ T3029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022
[   27.081711][ T3029] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   27.083419][ T3029] pc : refcount_warn_saturate+0x1a0/0x1c8
[   27.084636][ T3029] lr : refcount_warn_saturate+0x1a0/0x1c8
[   27.085863][ T3029] sp : ffff800012723aa0
[   27.086776][ T3029] x29: ffff800012723aa0 x28: 00000000000a201d x27: 0000000000002000
[   27.088506][ T3029] x26: dead000000000100 x25: 0000000000000000 x24: 0000000000000001
[   27.090275][ T3029] x23: 0000000000000001 x22: 0000000000000000 x21: 0000000000000000
[   27.092012][ T3029] x20: 0000000000000003 x19: ffff80000d8c8000 x18: 00000000000000c0
[   27.093903][ T3029] x17: ffff80000dd0b198 x16: ffff80000db49158 x15: ffff0000c3d10000
[   27.095902][ T3029] x14: 0000000000000000 x13: 00000000ffffffff x12: ffff0000c3d10000
[   27.097878][ T3029] x11: ff808000081c0d5c x10: 0000000000000000 x9 : b14db55493f9ec00
[   27.099835][ T3029] x8 : b14db55493f9ec00 x7 : ffff80000819545c x6 : 0000000000000000
[   27.101739][ T3029] x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000
[   27.103556][ T3029] x2 : 0000000000000000 x1 : 0000000100000000 x0 : 0000000000000026
[   27.105331][ T3029] Call trace:
[   27.106010][ T3029]  refcount_warn_saturate+0x1a0/0x1c8
[   27.107211][ T3029]  drm_gem_object_handle_put_unlocked+0x178/0x1a0
[   27.108741][ T3029]  drm_gem_object_release_handle+0x68/0x80
[   27.110020][ T3029]  idr_for_each+0xf0/0x174
[   27.110977][ T3029]  drm_gem_release+0x30/0x48
[   27.112059][ T3029]  drm_file_free+0x220/0x2cc
[   27.113101][ T3029]  drm_release+0x108/0x240
[   27.114070][ T3029]  __fput+0x198/0x3dc
[   27.114939][ T3029]  ____fput+0x20/0x30
[   27.115793][ T3029]  task_work_run+0xc4/0x14c
[   27.116764][ T3029]  do_exit+0x26c/0xbe0
[   27.117621][ T3029]  do_group_exit+0x60/0xe8
[   27.118528][ T3029]  __wake_up_parent+0x0/0x40
[   27.119482][ T3029]  el0_svc_common+0x138/0x220
[   27.120486][ T3029]  do_el0_svc+0x48/0x164
[   27.121378][ T3029]  el0_svc+0x58/0x150
[   27.122260][ T3029]  el0t_64_sync_handler+0x84/0xf0
[   27.123326][ T3029]  el0t_64_sync+0x18c/0x190
[   27.124386][ T3029] irq event stamp: 12600
[   27.125275][ T3029] hardirqs last  enabled at (12599): [<ffff8000081befc8>] __up_console_sem+0xb0/0xfc
[   27.127284][ T3029] hardirqs last disabled at (12600): [<ffff80000bfb5fbc>] el1_dbg+0x24/0x5c
[   27.129382][ T3029] softirqs last  enabled at (12254): [<ffff8000080102e4>] _stext+0x2e4/0x37c
[   27.131292][ T3029] softirqs last disabled at (12229): [<ffff800008017c14>] ____do_softirq+0x14/0x20
[   27.133347][ T3029] ---[ end trace 0000000000000000 ]---