program:
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x4b)
close(r0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x2})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000300)={0x0, 0xfffffffffffffe7a, r2, <r3=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000000600)={r3, 0x0, 0x1000, 0x10000, 0x3, [<r4=>0x0, 0x0, 0x0, <r5=>0x0], [0x800000, 0x800, 0xfffffffd], [0x0, 0x1001000, 0xfffffffc], [0x0, 0x0, 0xe8a6]})
ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0x34325241, 0x1, [r4, 0x0, 0x0, r5], [0x2b8], [0x0, 0x0, 0x0, 0x1]})

[   74.241539][ T5316] Bluetooth: hci0: command tx timeout
[   74.278355][ T5336] ------------[ cut here ]------------
[   74.281522][ T5336] WARNING: CPU: 0 PID: 5336 at drivers/gpu/drm/drm_gem.c:286 drm_gem_object_handle_put_unlocked+0x28f/0x340
[   74.286062][ T5336] Modules linked in:
[   74.296354][ T5336] CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller-00286-gc435a4f487e8 #0 PREEMPT(full) 
[   74.302230][ T5336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   74.306592][ T5336] RIP: 0010:drm_gem_object_handle_put_unlocked+0x28f/0x340
[   74.309608][ T5336] Code: 89 ee e8 54 ee 5d fc 85 ed 7e 2f e8 0b ea 5d fc 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 f2 e9 5d fc 90 <0f> 0b 90 eb e1 e8 e7 e9 5d fc 90 0f 0b 90 eb d6 e8 dc e9 5d fc 4c
[   74.317770][ T5336] RSP: 0018:ffffc9000d3ffb10 EFLAGS: 00010293
[   74.320558][ T5336] RAX: ffffffff856274ae RBX: ffff888034351008 RCX: ffff8880332f2440
[   74.323947][ T5336] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   74.327338][ T5336] RBP: 0000000000000000 R08: ffffffff8fa1e7f7 R09: 1ffffffff1f43cfe
[   74.330822][ T5336] R10: dffffc0000000000 R11: fffffbfff1f43cff R12: ffff888034351004
[   74.334190][ T5336] R13: 1ffff1100686a200 R14: ffff888030eba000 R15: 1ffff1100686a201
[   74.337317][ T5336] FS:  000055556a707500(0000) GS:ffff88808d21c000(0000) knlGS:0000000000000000
[   74.341146][ T5336] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   74.343986][ T5336] CR2: 00007f2df4d86538 CR3: 0000000011e19000 CR4: 0000000000352ef0
[   74.347361][ T5336] Call Trace:
[   74.348952][ T5336]  <TASK>
[   74.350308][ T5336]  ? __pfx_virtio_gpu_gem_object_close+0x10/0x10
[   74.352965][ T5336]  drm_gem_object_release_handle+0xa2/0xc0
[   74.355448][ T5336]  idr_for_each+0x1b5/0x290
[   74.357385][ T5336]  ? __pfx_drm_fb_release+0x10/0x10
[   74.359557][ T5336]  ? __pfx_drm_gem_object_release_handle+0x10/0x10
[   74.362446][ T5336]  ? __pfx_idr_for_each+0x10/0x10
[   74.364634][ T5336]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   74.367221][ T5336]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   74.369624][ T5336]  ? idr_destroy+0x218/0x290
[   74.371601][ T5336]  drm_gem_release+0x28/0x40
[   74.373489][ T5336]  drm_file_free+0x6c7/0x960
[   74.375348][ T5336]  drm_release+0x2de/0x3f0
[   74.377056][ T5336]  ? __pfx_drm_release+0x10/0x10
[   74.378996][ T5336]  __fput+0x44c/0xa70
[   74.380725][ T5336]  task_work_run+0x1d1/0x260
[   74.382716][ T5336]  ? __pfx_task_work_run+0x10/0x10
[   74.385165][ T5336]  ? exit_to_user_mode_loop+0x40/0x110
[   74.387391][ T5336]  exit_to_user_mode_loop+0xec/0x110
[   74.389591][ T5336]  do_syscall_64+0x2bd/0x3b0
[   74.392089][ T5336]  ? lockdep_hardirqs_on+0x9c/0x150
[   74.394352][ T5336]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.396878][ T5336]  ? clear_bhb_loop+0x60/0xb0
[   74.398906][ T5336]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.401672][ T5336] RIP: 0033:0x7f2df4b8e929
[   74.403459][ T5336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   74.411425][ T5336] RSP: 002b:00007fff88c2fdf8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   74.414882][ T5336] RAX: 0000000000000000 RBX: 000000000001217c RCX: 00007f2df4b8e929
[   74.418177][ T5336] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[   74.421550][ T5336] RBP: 00007f2df4db7ba0 R08: 0000000000000001 R09: 0000000788c300ef
[   74.424758][ T5336] R10: 00007f2df49ff02c R11: 0000000000000246 R12: 00007f2df4db5fac
[   74.428088][ T5336] R13: 00007f2df4db5fa0 R14: ffffffffffffffff R15: 00007fff88c2ff10
[   74.431550][ T5336]  </TASK>
[   74.432911][ T5336] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   74.435850][ T5336] CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller-00286-gc435a4f487e8 #0 PREEMPT(full) 
[   74.440536][ T5336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   74.444944][ T5336] Call Trace:
[   74.446399][ T5336]  <TASK>
[   74.447643][ T5336]  dump_stack_lvl+0x99/0x250
[   74.449603][ T5336]  ? __asan_memcpy+0x40/0x70
[   74.451535][ T5336]  ? __pfx_dump_stack_lvl+0x10/0x10
[   74.453601][ T5336]  ? __pfx__printk+0x10/0x10
[   74.455492][ T5336]  panic+0x2db/0x790
[   74.457166][ T5336]  ? __pfx_panic+0x10/0x10
[   74.459083][ T5336]  __warn+0x31b/0x4b0
[   74.460750][ T5336]  ? drm_gem_object_handle_put_unlocked+0x28f/0x340
[   74.463415][ T5336]  ? drm_gem_object_handle_put_unlocked+0x28f/0x340
[   74.466115][ T5336]  report_bug+0x2be/0x4f0
[   74.467910][ T5336]  ? drm_gem_object_handle_put_unlocked+0x28f/0x340
[   74.470733][ T5336]  ? drm_gem_object_handle_put_unlocked+0x28f/0x340
[   74.473436][ T5336]  ? drm_gem_object_handle_put_unlocked+0x291/0x340
[   74.476090][ T5336]  handle_bug+0x84/0x160
[   74.477813][ T5336]  exc_invalid_op+0x1a/0x50
[   74.479680][ T5336]  asm_exc_invalid_op+0x1a/0x20
[   74.481795][ T5336] RIP: 0010:drm_gem_object_handle_put_unlocked+0x28f/0x340
[   74.484866][ T5336] Code: 89 ee e8 54 ee 5d fc 85 ed 7e 2f e8 0b ea 5d fc 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 f2 e9 5d fc 90 <0f> 0b 90 eb e1 e8 e7 e9 5d fc 90 0f 0b 90 eb d6 e8 dc e9 5d fc 4c
[   74.493139][ T5336] RSP: 0018:ffffc9000d3ffb10 EFLAGS: 00010293
[   74.495793][ T5336] RAX: ffffffff856274ae RBX: ffff888034351008 RCX: ffff8880332f2440
[   74.499259][ T5336] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   74.502874][ T5336] RBP: 0000000000000000 R08: ffffffff8fa1e7f7 R09: 1ffffffff1f43cfe
[   74.506363][ T5336] R10: dffffc0000000000 R11: fffffbfff1f43cff R12: ffff888034351004
[   74.510012][ T5336] R13: 1ffff1100686a200 R14: ffff888030eba000 R15: 1ffff1100686a201
[   74.513538][ T5336]  ? drm_gem_object_handle_put_unlocked+0x28e/0x340
[   74.516698][ T5336]  ? __pfx_virtio_gpu_gem_object_close+0x10/0x10
[   74.519537][ T5336]  drm_gem_object_release_handle+0xa2/0xc0
[   74.522124][ T5336]  idr_for_each+0x1b5/0x290
[   74.524189][ T5336]  ? __pfx_drm_fb_release+0x10/0x10
[   74.526548][ T5336]  ? __pfx_drm_gem_object_release_handle+0x10/0x10
[   74.529507][ T5336]  ? __pfx_idr_for_each+0x10/0x10
[   74.531742][ T5336]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   74.534264][ T5336]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   74.536666][ T5336]  ? idr_destroy+0x218/0x290
[   74.538719][ T5336]  drm_gem_release+0x28/0x40
[   74.540869][ T5336]  drm_file_free+0x6c7/0x960
[   74.542937][ T5336]  drm_release+0x2de/0x3f0
[   74.544782][ T5336]  ? __pfx_drm_release+0x10/0x10
[   74.546751][ T5336]  __fput+0x44c/0xa70
[   74.548355][ T5336]  task_work_run+0x1d1/0x260
[   74.550151][ T5336]  ? __pfx_task_work_run+0x10/0x10
[   74.552322][ T5336]  ? exit_to_user_mode_loop+0x40/0x110
[   74.554606][ T5336]  exit_to_user_mode_loop+0xec/0x110
[   74.556894][ T5336]  do_syscall_64+0x2bd/0x3b0
[   74.558944][ T5336]  ? lockdep_hardirqs_on+0x9c/0x150
[   74.561143][ T5336]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.563846][ T5336]  ? clear_bhb_loop+0x60/0xb0
[   74.565895][ T5336]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.568332][ T5336] RIP: 0033:0x7f2df4b8e929
[   74.570323][ T5336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   74.578547][ T5336] RSP: 002b:00007fff88c2fdf8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   74.582259][ T5336] RAX: 0000000000000000 RBX: 000000000001217c RCX: 00007f2df4b8e929
[   74.585795][ T5336] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[   74.589407][ T5336] RBP: 00007f2df4db7ba0 R08: 0000000000000001 R09: 0000000788c300ef
[   74.593008][ T5336] R10: 00007f2df49ff02c R11: 0000000000000246 R12: 00007f2df4db5fac
[   74.596303][ T5336] R13: 00007f2df4db5fa0 R14: ffffffffffffffff R15: 00007fff88c2ff10
[   74.599945][ T5336]  </TASK>
[   74.601715][ T5336] Kernel Offset: disabled
[   74.603652][ T5336] Rebooting in 86400 seconds..