program:
r0 = syz_open_dev$dri(&(0x7f0000000140), 0x3, 0x460000) (async)
ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000200)={0x2, 0x0, &(0x7f0000000180)=[0x0, <r1=>0x0]})
r2 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000040)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000002c0)={0x0, 0x0, r3, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000440)={r4, 0x0, 0x0, 0x0, 0x0, [<r5=>0x0]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000100)={r5})
ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f0000000240)={0x0, <r6=>0x0}) (async)
r7 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r8=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r7, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r8, <r9=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r7, 0xc06864ce, &(0x7f0000000200)={r9, 0x0, 0x0, 0x0, 0x0, [<r10=>0x0]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r7, 0xc00c64d2, &(0x7f0000000040)={r10}) (async)
ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f0000000280)={r1, 0xfffffff8, 0xb, 0x7e1c, 0x1, [r5, 0x0, r6, r10], [0x5, 0x2, 0x800], [0xd, 0x8, 0xfffffff7, 0x5], [0xfffffffffffffff0, 0x8, 0x7, 0x5590]}) (async)
perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xef, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x954b, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x1ef7}, 0x11cfa, 0x4, 0x98, 0x0, 0x2, 0xfffff271, 0xfffc, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) (async, rerun: 64)
syz_mount_image$iso9660(&(0x7f0000000680), &(0x7f00000006c0)='./file0\x00', 0x0, &(0x7f0000000700), 0x1, 0x651, &(0x7f0000000dc0)="$eJzs3WFvE+cdAPC/KdkiT6qmbUIIUXqFTQKJBtspQVFfeedzcq3ts+6cCl5VqIQKEdoJOmnwjjdsk7YP0bf7ENsnqvYRNvns0ABJzIAmDP1+FjyPff+753+OdX89ie8uAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBopL1Wq92IQT7aup4cLO2VxfCQ5bvb+9czzSHjRjSm/2J5OU7PXjr9mx8Xn5r+dz7Ozp6djeVmRCzHo1+c+uWnvz55Ynf9QxI6Eg8ePrp7c2dn+/5xJ3JMNrJRXhX5sLuRJXlVJOtra60rm/0q6eeDrLpRTbJhkpZZd1KUycX0UtJeX19NspUbxdZoo9cdZLsvXvu402qtJZ+tjLNuWRWjK5+tVOlmPhjko406Zrp4GnNt+kH8PJ8kk6w7TJLbd3a2VxclOQ1qv0xQZ1FQp9XptNudTnvt6vrVa63WyRdeaD0nXog4/g8tx+tNH8LhlZ1Iez+rO4PIYxRbcT2SfR9p9KKMIoYHLJ/brf+/u5IdOu7e+r9b5U//uPhM1PX/3OzZuViOfev/Abm84cfSwcsexMN4FHfjZuzETmzH/aPJ6K15bEQWo8ijiiLyGEa3fiWZv5LEeqzFWrTiy9iMflSRRD/yGEQWVdyIKiaR1Z+oNMrIohuTKKKMJC5GGpciiXasx3qsRhJZrMSNKGIrRrERvejWW7kdd+r3ffWQHJ8GtV8mqHNIkPrP63vTh3B4Zf+Zz/8BAACAd1ej/u37dP6/FB/UvX4+yFrHnRYAAADwBtV/+T87bZamvQ+iYf4PAAAA75pGfY5dIyKa8eGst3smlF8CAAAAwDui/vv/uWnTnPY+jIb5PwAAALxr/rLnGvux7zV2q/HPG//8d5TlUuPx+PpvG/e607juvfdm6733/BYn/TON9+cbqZu1k/NnaXa2Mb/65dOLYP4wb24vyqPxBhKIv8VHs5iPbs3aW7tLZqM0+/kgW0mLwaft6HbfPzHJrk/++M2dP0W9+38dDd9vxO07O9srX327c6vO5fF0K4/vzS+g+MJ1FA/J5bv6egv1ORf77vFSfSLGfNzmbNzW3v0/MVv9xP8w5pM4P4s535y1zWf3f3k6ZnvloL2fZ9F+zT1/EhdmMRcuXpg1+2TRWZRFZ28Wr/RevEQWq4uyWH3NLACOy+0FVajxYuF/haPc0VT3J3FxFnPxTH1gPXlmnyN6a9ERvfWa1e0fcWkWc2k3+KAaOx33789V1e+nK3x/4LjVoNOYvoXvfXfvD3HqwcNHH9+5d/Pr7a+3v+l0Vtdan7RaVzuxVO/GvFF7ANjH4nvsLIxofLJgVv2rp18pWImv4tvYiVtxuT7boP7Gwb5bbe75GsLlBbPW5p47vFxeMKtr7rnRy8vHrh7BTwIAjs75BXX4Zer/5QXz7mdr+eGz4721HAD4aWTlD43m5M+NsszHX7bX19vdyWaWlEX6eVLmvY0syUeTrEw3u6ONLBmXxaRIi8G080Xey6qk2hqPi3KS9IsyGRdVfr2+83syv/V7lQ27o0meVuNB1q2yJC1Gk246SXp5lSbjrd8P8mozK+uVq3GW5v087U7yYpRUxVaZZitJUmXZnsC8l40meT+fdkfJuMyH3fJG8kUx2BpmSS+r0jIfT4rZBnfHykf9ohzWm1057jcbAN4SDx4+untzZ2f7/k/YOe59BACepUoDAAAAAAAAAAAAAMDb7yjO/9PR0fl/6xz3kQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXvTfAAAA//9cmleL") (async, rerun: 64)
r11 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x44402, 0x0) (async)
r12 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file2\x00', 0x6042, 0x0)
sendfile(r12, r11, 0x0, 0x80000002) (async)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000000)={<r13=>0x0, @in6={{0xa, 0x4e23, 0x400, @mcast1, 0x101}}, 0x1, 0xffff}, &(0x7f00000000c0)=0x90)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r11, 0x84, 0x72, &(0x7f0000000100)={r13, 0x0, 0x30}, 0xc)

[   86.507043][ T4682] Bluetooth: hci0: command tx timeout
[   86.617750][ T5344] loop0: detected capacity change from 0 to 764
[   87.335122][ T5339] ------------[ cut here ]------------
[   87.337310][ T5339] WARNING: drivers/gpu/drm/drm_prime.c:224 at drm_prime_destroy_file_private+0x4b/0x60, CPU#0: syz.0.0/5339
[   87.342249][ T5339] Modules linked in:
[   87.343660][ T5339] CPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   87.346947][ T5339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   87.352707][ T5339] RIP: 0010:drm_prime_destroy_file_private+0x4b/0x60
[   87.355431][ T5339] Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 bd 12 ee fc 48 83 3b 00 75 0c e8 82 36 86 fc 5b e9 4c b1 23 06 cc e8 76 36 86 fc 90 <0f> 0b 90 5b e9 3c b1 23 06 cc 66 66 2e 0f 1f 84 00 00 00 00 00 90
[   87.363073][ T5339] RSP: 0018:ffffc9000b4afc20 EFLAGS: 00010293
[   87.365472][ T5339] RAX: ffffffff853b8a1a RBX: ffff8880385ae410 RCX: ffff888034d4c980
[   87.368842][ T5339] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff8880385ae380
[   87.372484][ T5339] RBP: ffff8880385ae2c8 R08: ffffc9000b4afba7 R09: 1ffff92001695f74
[   87.375989][ T5339] R10: dffffc0000000000 R11: fffff52001695f75 R12: dffffc0000000000
[   87.379423][ T5339] R13: dead000000000100 R14: 0000000000000000 R15: ffff8880385ae2d8
[   87.383046][ T5339] FS:  000055557f264500(0000) GS:ffff88808d23e000(0000) knlGS:0000000000000000
[   87.386865][ T5339] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   87.389727][ T5339] CR2: 00007f873465f000 CR3: 000000000b739000 CR4: 0000000000352ef0
[   87.393418][ T5339] Call Trace:
[   87.394997][ T5339]  <TASK>
[   87.396326][ T5339]  drm_file_free+0x7f2/0xa00
[   87.398349][ T5339]  drm_release+0x2de/0x3f0
[   87.400459][ T5339]  ? __pfx_drm_release+0x10/0x10
[   87.402673][ T5339]  __fput+0x44c/0xa70
[   87.404521][ T5339]  task_work_run+0x1d4/0x260
[   87.406500][ T5339]  ? __pfx_task_work_run+0x10/0x10
[   87.408696][ T5339]  ? __se_sys_close_range+0x4ed/0x650
[   87.411056][ T5339]  ? exit_to_user_mode_loop+0x55/0x4f0
[   87.413947][ T5339]  exit_to_user_mode_loop+0xff/0x4f0
[   87.416320][ T5339]  ? rcu_is_watching+0x15/0xb0
[   87.418460][ T5339]  do_syscall_64+0x2e3/0xf80
[   87.420853][ T5339]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.423354][ T5339]  ? clear_bhb_loop+0x60/0xb0
[   87.425443][ T5339]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.428019][ T5339] RIP: 0033:0x7f874078f7c9
[   87.430010][ T5339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.439169][ T5339] RSP: 002b:00007ffebfc99de8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   87.442984][ T5339] RAX: 0000000000000000 RBX: 00007f87409e7da0 RCX: 00007f874078f7c9
[   87.446509][ T5339] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[   87.450209][ T5339] RBP: 00007f87409e7da0 R08: 0000000000000000 R09: 00000015bfc9a0df
[   87.453739][ T5339] R10: 0000000000dffd00 R11: 0000000000000246 R12: 00000000000154c2
[   87.457334][ T5339] R13: 00007f87409e5fa0 R14: ffffffffffffffff R15: 00007ffebfc99f00
[   87.460888][ T5339]  </TASK>
[   87.462292][ T5339] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   87.465425][ T5339] CPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   87.469159][ T5339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   87.473802][ T5339] Call Trace:
[   87.475387][ T5339]  <TASK>
[   87.476808][ T5339]  dump_stack_lvl+0x99/0x250
[   87.478863][ T5339]  ? __asan_memcpy+0x40/0x70
[   87.480850][ T5339]  ? __pfx_dump_stack_lvl+0x10/0x10
[   87.483146][ T5339]  ? __pfx__printk+0x10/0x10
[   87.485211][ T5339]  vpanic+0x237/0x6d0
[   87.487027][ T5339]  ? __pfx_vpanic+0x10/0x10
[   87.488993][ T5339]  ? is_bpf_text_address+0x292/0x2b0
[   87.491387][ T5339]  ? is_bpf_text_address+0x26/0x2b0
[   87.493650][ T5339]  panic+0xb9/0xc0
[   87.495401][ T5339]  ? __pfx_panic+0x10/0x10
[   87.497339][ T5339]  __warn+0x317/0x4b0
[   87.499158][ T5339]  ? drm_prime_destroy_file_private+0x4b/0x60
[   87.501732][ T5339]  ? drm_prime_destroy_file_private+0x4b/0x60
[   87.504317][ T5339]  __report_bug+0x288/0x500
[   87.506262][ T5339]  ? drm_prime_destroy_file_private+0x4b/0x60
[   87.508747][ T5339]  ? __pfx___report_bug+0x10/0x10
[   87.510729][ T5339]  ? drm_file_free+0x78b/0xa00
[   87.512556][ T5339]  ? drm_prime_destroy_file_private+0x4b/0x60
[   87.514986][ T5339]  report_bug+0x16a/0x220
[   87.516675][ T5339]  ? drm_prime_destroy_file_private+0x4b/0x60
[   87.518989][ T5339]  ? drm_prime_destroy_file_private+0x4d/0x60
[   87.521500][ T5339]  handle_bug+0x98/0x200
[   87.523476][ T5339]  exc_invalid_op+0x1a/0x50
[   87.525440][ T5339]  asm_exc_invalid_op+0x1a/0x20
[   87.527555][ T5339] RIP: 0010:drm_prime_destroy_file_private+0x4b/0x60
[   87.530329][ T5339] Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 bd 12 ee fc 48 83 3b 00 75 0c e8 82 36 86 fc 5b e9 4c b1 23 06 cc e8 76 36 86 fc 90 <0f> 0b 90 5b e9 3c b1 23 06 cc 66 66 2e 0f 1f 84 00 00 00 00 00 90
[   87.538579][ T5339] RSP: 0018:ffffc9000b4afc20 EFLAGS: 00010293
[   87.541295][ T5339] RAX: ffffffff853b8a1a RBX: ffff8880385ae410 RCX: ffff888034d4c980
[   87.544741][ T5339] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff8880385ae380
[   87.548188][ T5339] RBP: ffff8880385ae2c8 R08: ffffc9000b4afba7 R09: 1ffff92001695f74
[   87.551738][ T5339] R10: dffffc0000000000 R11: fffff52001695f75 R12: dffffc0000000000
[   87.555154][ T5339] R13: dead000000000100 R14: 0000000000000000 R15: ffff8880385ae2d8
[   87.558549][ T5339]  ? drm_prime_destroy_file_private+0x4a/0x60
[   87.561287][ T5339]  drm_file_free+0x7f2/0xa00
[   87.563366][ T5339]  drm_release+0x2de/0x3f0
[   87.565340][ T5339]  ? __pfx_drm_release+0x10/0x10
[   87.567511][ T5339]  __fput+0x44c/0xa70
[   87.569294][ T5339]  task_work_run+0x1d4/0x260
[   87.571337][ T5339]  ? __pfx_task_work_run+0x10/0x10
[   87.573589][ T5339]  ? __se_sys_close_range+0x4ed/0x650
[   87.575962][ T5339]  ? exit_to_user_mode_loop+0x55/0x4f0
[   87.578345][ T5339]  exit_to_user_mode_loop+0xff/0x4f0
[   87.580606][ T5339]  ? rcu_is_watching+0x15/0xb0
[   87.582785][ T5339]  do_syscall_64+0x2e3/0xf80
[   87.584759][ T5339]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.587542][ T5339]  ? clear_bhb_loop+0x60/0xb0
[   87.589622][ T5339]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.592202][ T5339] RIP: 0033:0x7f874078f7c9
[   87.594163][ T5339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.602456][ T5339] RSP: 002b:00007ffebfc99de8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   87.606144][ T5339] RAX: 0000000000000000 RBX: 00007f87409e7da0 RCX: 00007f874078f7c9
[   87.609631][ T5339] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[   87.613139][ T5339] RBP: 00007f87409e7da0 R08: 0000000000000000 R09: 00000015bfc9a0df
[   87.616650][ T5339] R10: 0000000000dffd00 R11: 0000000000000246 R12: 00000000000154c2
[   87.620109][ T5339] R13: 00007f87409e5fa0 R14: ffffffffffffffff R15: 00007ffebfc99f00
[   87.623587][ T5339]  </TASK>
[   87.625267][ T5339] Kernel Offset: disabled
[   87.627200][ T5339] Rebooting in 86400 seconds..