------------[ cut here ]------------
refcount_t: underflow; use-after-free.
WARNING: CPU: 0 PID: 9 at lib/refcount.c:28 refcount_warn_saturate+0xb4/0x140 lib/refcount.c:28
Modules linked in:
CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(undef) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Workqueue: md_misc mddev_delayed_delete
RIP: 0010:refcount_warn_saturate+0xb4/0x140 lib/refcount.c:28
Code: ff 90 0f 0b 90 90 e9 26 83 68 ff cc 80 3d 7f 34 1a 02 00 75 90 c6 05 76 34 1a 02 01 90 48 c7 c7 b1 51 52 83 e8 fd 63 78 ff 90 <0f> 0b 90 90 e9 fe 82 68 ff cc 80 3d 54 34 1a 02 00 0f 85 64 ff ff
RSP: 0018:ffffc90000053e00 EFLAGS: 00010246
RAX: bae91aacbeddf400 RBX: ffff888100a8c240 RCX: 0000000000000000
RDX: 0000000000000002 RSI: 00000000ffffdfff RDI: 00000000ffffffff
RBP: ffffffff812e7652 R08: 0000000000001fff R09: ffffffff838fcf10
R10: 0000000000005ffd R11: 00000000ffffdfff R12: ffff888101ef1800
R13: ffff888237c2acc0 R14: ffff8881012a8000 R15: ffff888101736448
FS:  0000000000000000(0000) GS:ffff8882b343f000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f32793b1d58 CR3: 00000000038aa000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0x314/0x6b0 kernel/workqueue.c:3321
 worker_thread+0x1df/0x2f0 kernel/workqueue.c:3402
 kthread+0x23f/0x270 kernel/kthread.c:464
 ret_from_fork+0x9f/0x1b0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>