program: r0 = socket$inet6(0xa, 0x2, 0x3a) r1 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]}) r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000100)={0x20004, r2, 0x2}) r5 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r4}) ioctl$DRM_IOCTL_GEM_FLINK(r5, 0xc008640a, &(0x7f0000000300)={r6, 0x0}) ioctl$DRM_IOCTL_GEM_OPEN(r1, 0xc010640b, &(0x7f0000000140)={r7, 0x0}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r5, 0xc00c64d2, &(0x7f0000000180)={r8}) setsockopt$inet6_int(r0, 0x29, 0x10, &(0x7f0000000000), 0x4) sendto$inet6(r0, &(0x7f0000000180)="800037bbfa9ba1ce", 0x8, 0x488c0, &(0x7f00000003c0)={0xa, 0x1, 0x0, @dev={0xfe, 0x80, '\x00', 0x2d}, 0x9}, 0x1c) r9 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$FUSE_OPEN(r9, &(0x7f0000000080)={0x20, 0x8000000000000007, 0x0, {0x0, 0x11}}, 0x20) getsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000100)={0x0, 0xfffffff3, 0x1, 0xc01}, &(0x7f0000000140)=0x10) migrate_pages(0x0, 0x3, &(0x7f0000000300)=0x3, &(0x7f0000000340)=0x101) r10 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000040)='syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r10, &(0x7f00000000c0)='cgroup.stat\x00', 0x0, 0x0) [ 74.881173][ T5312] Bluetooth: hci0: command tx timeout [ 75.002387][ T5332] ------------[ cut here ]------------ [ 75.004914][ T5332] WARNING: drivers/gpu/drm/drm_prime.c:224 at drm_prime_destroy_file_private+0x4b/0x60, CPU#0: syz.0.0/5332 [ 75.011166][ T5332] Modules linked in: [ 75.013694][ T5332] CPU: 0 UID: 0 PID: 5332 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.019352][ T5332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.024193][ T5332] RIP: 0010:drm_prime_destroy_file_private+0x4b/0x60 [ 75.027263][ T5332] Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 6d 80 ed fc 48 83 3b 00 75 0c e8 82 d5 85 fc 5b e9 0c 40 23 06 cc e8 76 d5 85 fc 90 <0f> 0b 90 5b e9 fc 3f 23 06 cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 [ 75.036040][ T5332] RSP: 0018:ffffc9000e81fc40 EFLAGS: 00010293 [ 75.038971][ T5332] RAX: ffffffff853b2fda RBX: ffff8880411e0410 RCX: ffff8880008a4980 [ 75.042703][ T5332] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff8880411e0380 [ 75.047067][ T5332] RBP: ffff8880411e02c8 R08: ffffc9000e81fbc7 R09: 1ffff92001d03f78 [ 75.051644][ T5332] R10: dffffc0000000000 R11: fffff52001d03f79 R12: dffffc0000000000 [ 75.055328][ T5332] R13: dead000000000100 R14: 0000000000000000 R15: ffff8880411e02d8 [ 75.059076][ T5332] FS: 0000555564d64500(0000) GS:ffff88808d416000(0000) knlGS:0000000000000000 [ 75.063228][ T5332] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.066421][ T5332] CR2: 000056428fb10168 CR3: 0000000043210000 CR4: 0000000000352ef0 [ 75.070326][ T5332] Call Trace: [ 75.071926][ T5332] [ 75.073279][ T5332] drm_file_free+0x7f2/0xa00 [ 75.075563][ T5332] drm_release+0x2de/0x3f0 [ 75.077884][ T5332] ? __pfx_drm_release+0x10/0x10 [ 75.080198][ T5332] __fput+0x44c/0xa70 [ 75.082108][ T5332] task_work_run+0x1d4/0x260 [ 75.084044][ T5332] ? __pfx_task_work_run+0x10/0x10 [ 75.086439][ T5332] exit_to_user_mode_loop+0xef/0x4e0 [ 75.088648][ T5332] ? rcu_is_watching+0x15/0xb0 [ 75.090891][ T5332] do_syscall_64+0x2b7/0xf80 [ 75.093238][ T5332] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.096368][ T5332] ? trace_irq_disable+0x37/0x100 [ 75.098639][ T5332] ? clear_bhb_loop+0x60/0xb0 [ 75.100655][ T5332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.103378][ T5332] RIP: 0033:0x7fb343b8f7c9 [ 75.105270][ T5332] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.113920][ T5332] RSP: 002b:00007fffa1988c78 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 75.117701][ T5332] RAX: 0000000000000000 RBX: 0000000000012431 RCX: 00007fb343b8f7c9 [ 75.121044][ T5332] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 75.125285][ T5332] RBP: 00007fb343de7da0 R08: 0000000000000001 R09: 00000012a1988f6f [ 75.129060][ T5332] R10: 00007fb3439ff02c R11: 0000000000000246 R12: 00007fb343de5fac [ 75.132529][ T5332] R13: 00007fb343de5fa0 R14: ffffffffffffffff R15: 00007fffa1988d90 [ 75.136780][ T5332] [ 75.138626][ T5332] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 75.142034][ T5332] CPU: 0 UID: 0 PID: 5332 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.146379][ T5332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.151136][ T5332] Call Trace: [ 75.152634][ T5332] [ 75.153950][ T5332] vpanic+0x1e0/0x670 [ 75.155696][ T5332] panic+0xb9/0xc0 [ 75.157333][ T5332] ? __pfx_panic+0x10/0x10 [ 75.159307][ T5332] __warn+0x317/0x4b0 [ 75.161061][ T5332] ? drm_prime_destroy_file_private+0x4b/0x60 [ 75.163758][ T5332] ? drm_prime_destroy_file_private+0x4b/0x60 [ 75.166467][ T5332] __report_bug+0x288/0x500 [ 75.168581][ T5332] ? drm_prime_destroy_file_private+0x4b/0x60 [ 75.171292][ T5332] ? __pfx___report_bug+0x10/0x10 [ 75.173650][ T5332] ? drm_file_free+0x78b/0xa00 [ 75.175973][ T5332] ? drm_prime_destroy_file_private+0x4b/0x60 [ 75.178857][ T5332] report_bug+0x16a/0x220 [ 75.180927][ T5332] ? drm_prime_destroy_file_private+0x4b/0x60 [ 75.183745][ T5332] ? drm_prime_destroy_file_private+0x4d/0x60 [ 75.186420][ T5332] handle_bug+0x98/0x200 [ 75.188370][ T5332] exc_invalid_op+0x1a/0x50 [ 75.190382][ T5332] asm_exc_invalid_op+0x1a/0x20 [ 75.192590][ T5332] RIP: 0010:drm_prime_destroy_file_private+0x4b/0x60 [ 75.195538][ T5332] Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 6d 80 ed fc 48 83 3b 00 75 0c e8 82 d5 85 fc 5b e9 0c 40 23 06 cc e8 76 d5 85 fc 90 <0f> 0b 90 5b e9 fc 3f 23 06 cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 [ 75.203950][ T5332] RSP: 0018:ffffc9000e81fc40 EFLAGS: 00010293 [ 75.206781][ T5332] RAX: ffffffff853b2fda RBX: ffff8880411e0410 RCX: ffff8880008a4980 [ 75.210429][ T5332] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff8880411e0380 [ 75.213731][ T5332] RBP: ffff8880411e02c8 R08: ffffc9000e81fbc7 R09: 1ffff92001d03f78 [ 75.217176][ T5332] R10: dffffc0000000000 R11: fffff52001d03f79 R12: dffffc0000000000 [ 75.220659][ T5332] R13: dead000000000100 R14: 0000000000000000 R15: ffff8880411e02d8 [ 75.224360][ T5332] ? drm_prime_destroy_file_private+0x4a/0x60 [ 75.227070][ T5332] drm_file_free+0x7f2/0xa00 [ 75.229096][ T5332] drm_release+0x2de/0x3f0 [ 75.231163][ T5332] ? __pfx_drm_release+0x10/0x10 [ 75.233403][ T5332] __fput+0x44c/0xa70 [ 75.235231][ T5332] task_work_run+0x1d4/0x260 [ 75.237286][ T5332] ? __pfx_task_work_run+0x10/0x10 [ 75.239707][ T5332] exit_to_user_mode_loop+0xef/0x4e0 [ 75.242333][ T5332] ? rcu_is_watching+0x15/0xb0 [ 75.244578][ T5332] do_syscall_64+0x2b7/0xf80 [ 75.246739][ T5332] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.249383][ T5332] ? trace_irq_disable+0x37/0x100 [ 75.251966][ T5332] ? clear_bhb_loop+0x60/0xb0 [ 75.254463][ T5332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.257160][ T5332] RIP: 0033:0x7fb343b8f7c9 [ 75.259392][ T5332] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.268289][ T5332] RSP: 002b:00007fffa1988c78 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 75.271963][ T5332] RAX: 0000000000000000 RBX: 0000000000012431 RCX: 00007fb343b8f7c9 [ 75.275463][ T5332] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 75.278887][ T5332] RBP: 00007fb343de7da0 R08: 0000000000000001 R09: 00000012a1988f6f [ 75.282110][ T5332] R10: 00007fb3439ff02c R11: 0000000000000246 R12: 00007fb343de5fac [ 75.285366][ T5332] R13: 00007fb343de5fa0 R14: ffffffffffffffff R15: 00007fffa1988d90 [ 75.288679][ T5332] [ 75.290458][ T5332] Kernel Offset: disabled [ 75.292541][ T5332] Rebooting in 86400 seconds..