CVE-2026-53190

In the Linux kernel, the following vulnerability has been resolved:

drm/virtio: fix dma fence refcount leak on error in virtio gpu dma fence wait()

dma fence unwrap for each() internally calls dma fence unwrap first() which does cursor->chain = dma fence get(head), taking an extra reference. On normal loop completion, dma fence unwrap next() releases this via dma fence chain walk() -> dma fence put().

When virtio gpu do fence wait() fails and the function returns early from inside the loop, the cursor->chain reference is never released. This is the only caller in the entire kernel that does an early return inside dma fence unwrap for each.

Add dma fence put(itr.chain) before the early return.