program: r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r0, 0xc05064a7, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0], 0x1}) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) r3 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r4, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000000)={r5, 0x0, 0x33, 0x0, 0x1, [0x0], [], [0x1000], [0x6, 0xfffffffffffffffd, 0xfffffffffffffffc, 0xffffffffffffffff]}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000100)={r6}) r7 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r7, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r8, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r7, 0xc06864ce, &(0x7f0000000200)={r9, 0x0, 0x0, 0x0, 0x0, [0x0]}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r7, 0xc00c64d2, &(0x7f0000000040)={r10}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000140)={0x0}) r12 = syz_open_dev$dri(&(0x7f00000002c0), 0x20, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r12, 0xc01864c6, &(0x7f0000000480)={0x0}) r13 = syz_open_dev$dri(&(0x7f0000000040), 0x3400, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r13, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r12, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r14, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r13, 0xc06864ce, &(0x7f0000002240)={r15}) ioctl$DRM_IOCTL_MODE_GETFB(r12, 0xc01c64ad, &(0x7f0000000100)={r15}) ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f0000000180)={r15, 0x5, 0x3, 0x8, 0x0, [r6, r10, r11], [0xfff, 0x5, 0x9, 0x8], [0x6, 0x3ff, 0x3, 0x8], [0x7fffffffffffffff, 0xde1a, 0x9, 0x2]}) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x4, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0x3d}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0xb7}, @exit={0x95, 0x0, 0xc2}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195}, 0x70) [ 75.105917][ T5310] Bluetooth: hci0: command tx timeout [ 75.206929][ T5331] ------------[ cut here ]------------ [ 75.209119][ T5331] WARNING: drivers/gpu/drm/drm_prime.c:224 at drm_prime_destroy_file_private+0x4b/0x60, CPU#0: syz.0.0/5331 [ 75.214437][ T5331] Modules linked in: [ 75.216250][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.220565][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.224985][ T5331] RIP: 0010:drm_prime_destroy_file_private+0x4b/0x60 [ 75.227944][ T5331] Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 3d ad ed fc 48 83 3b 00 75 0c e8 b2 d0 85 fc 5b e9 bc fb 23 06 cc e8 a6 d0 85 fc 90 <0f> 0b 90 5b c3 cc cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 [ 75.237061][ T5331] RSP: 0018:ffffc9000c73fc20 EFLAGS: 00010293 [ 75.240285][ T5331] RAX: ffffffff853befaa RBX: ffff8880123bd410 RCX: ffff888037d28000 [ 75.243824][ T5331] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff8880123bd380 [ 75.247571][ T5331] RBP: ffff8880123bd2c8 R08: ffffc9000c73fba7 R09: 1ffff920018e7f74 [ 75.251094][ T5331] R10: dffffc0000000000 R11: fffff520018e7f75 R12: dffffc0000000000 [ 75.254654][ T5331] R13: dead000000000100 R14: 0000000000000000 R15: ffff8880123bd2d8 [ 75.258127][ T5331] FS: 000055557f784500(0000) GS:ffff88808d22f000(0000) knlGS:0000000000000000 [ 75.262096][ T5331] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.264995][ T5331] CR2: 000055557f784808 CR3: 00000000122ee000 CR4: 0000000000352ef0 [ 75.268444][ T5331] Call Trace: [ 75.270062][ T5331] [ 75.271353][ T5331] drm_file_free+0x7f2/0xa00 [ 75.273488][ T5331] drm_release+0x2de/0x3f0 [ 75.275422][ T5331] ? __pfx_drm_release+0x10/0x10 [ 75.277755][ T5331] __fput+0x44c/0xa70 [ 75.279571][ T5331] task_work_run+0x1d4/0x260 [ 75.281803][ T5331] ? __pfx_task_work_run+0x10/0x10 [ 75.284100][ T5331] ? __se_sys_close_range+0x4ed/0x650 [ 75.287097][ T5331] ? exit_to_user_mode_loop+0x55/0x4f0 [ 75.290241][ T5331] exit_to_user_mode_loop+0xff/0x4f0 [ 75.293085][ T5331] ? rcu_is_watching+0x15/0xb0 [ 75.295706][ T5331] do_syscall_64+0x2e3/0xf80 [ 75.298408][ T5331] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.301604][ T5331] ? clear_bhb_loop+0x60/0xb0 [ 75.303754][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.306257][ T5331] RIP: 0033:0x7ff9bd78f7c9 [ 75.308210][ T5331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.316630][ T5331] RSP: 002b:00007ffcced1dd68 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 75.320577][ T5331] RAX: 0000000000000000 RBX: 00000000000124de RCX: 00007ff9bd78f7c9 [ 75.324014][ T5331] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 75.327703][ T5331] RBP: 00007ff9bd9e7da0 R08: 0000000000000001 R09: 0000001aced1e05f [ 75.331211][ T5331] R10: 00007ff9bd5ff030 R11: 0000000000000246 R12: 00007ff9bd9e5fac [ 75.334661][ T5331] R13: 00007ff9bd9e5fa0 R14: ffffffffffffffff R15: 00007ffcced1de80 [ 75.338105][ T5331] [ 75.339395][ T5331] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 75.342469][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.346134][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.350824][ T5331] Call Trace: [ 75.352282][ T5331] [ 75.353583][ T5331] dump_stack_lvl+0x99/0x250 [ 75.355502][ T5331] ? __asan_memcpy+0x40/0x70 [ 75.357470][ T5331] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.359643][ T5331] ? __pfx__printk+0x10/0x10 [ 75.361524][ T5331] vpanic+0x237/0x6d0 [ 75.363077][ T5331] ? __pfx_vpanic+0x10/0x10 [ 75.364996][ T5331] ? is_bpf_text_address+0x292/0x2b0 [ 75.367196][ T5331] ? is_bpf_text_address+0x26/0x2b0 [ 75.369436][ T5331] panic+0xb9/0xc0 [ 75.371108][ T5331] ? __pfx_panic+0x10/0x10 [ 75.373085][ T5331] __warn+0x317/0x4b0 [ 75.374717][ T5331] ? drm_prime_destroy_file_private+0x4b/0x60 [ 75.377345][ T5331] ? drm_prime_destroy_file_private+0x4b/0x60 [ 75.380095][ T5331] __report_bug+0x288/0x500 [ 75.381964][ T5331] ? drm_prime_destroy_file_private+0x4b/0x60 [ 75.384478][ T5331] ? __pfx___report_bug+0x10/0x10 [ 75.386511][ T5331] ? drm_file_free+0x78b/0xa00 [ 75.388670][ T5331] ? drm_prime_destroy_file_private+0x4b/0x60 [ 75.391294][ T5331] report_bug+0x16a/0x220 [ 75.393232][ T5331] ? drm_prime_destroy_file_private+0x4b/0x60 [ 75.395801][ T5331] ? drm_prime_destroy_file_private+0x4d/0x60 [ 75.398392][ T5331] handle_bug+0x98/0x200 [ 75.400449][ T5331] exc_invalid_op+0x1a/0x50 [ 75.402451][ T5331] asm_exc_invalid_op+0x1a/0x20 [ 75.404725][ T5331] RIP: 0010:drm_prime_destroy_file_private+0x4b/0x60 [ 75.407546][ T5331] Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 3d ad ed fc 48 83 3b 00 75 0c e8 b2 d0 85 fc 5b e9 bc fb 23 06 cc e8 a6 d0 85 fc 90 <0f> 0b 90 5b c3 cc cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 [ 75.415028][ T5331] RSP: 0018:ffffc9000c73fc20 EFLAGS: 00010293 [ 75.417365][ T5331] RAX: ffffffff853befaa RBX: ffff8880123bd410 RCX: ffff888037d28000 [ 75.420689][ T5331] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff8880123bd380 [ 75.424284][ T5331] RBP: ffff8880123bd2c8 R08: ffffc9000c73fba7 R09: 1ffff920018e7f74 [ 75.427768][ T5331] R10: dffffc0000000000 R11: fffff520018e7f75 R12: dffffc0000000000 [ 75.431225][ T5331] R13: dead000000000100 R14: 0000000000000000 R15: ffff8880123bd2d8 [ 75.434643][ T5331] ? drm_prime_destroy_file_private+0x4a/0x60 [ 75.437197][ T5331] drm_file_free+0x7f2/0xa00 [ 75.439220][ T5331] drm_release+0x2de/0x3f0 [ 75.441166][ T5331] ? __pfx_drm_release+0x10/0x10 [ 75.443300][ T5331] __fput+0x44c/0xa70 [ 75.445045][ T5331] task_work_run+0x1d4/0x260 [ 75.447070][ T5331] ? __pfx_task_work_run+0x10/0x10 [ 75.449429][ T5331] ? __se_sys_close_range+0x4ed/0x650 [ 75.451887][ T5331] ? exit_to_user_mode_loop+0x55/0x4f0 [ 75.454323][ T5331] exit_to_user_mode_loop+0xff/0x4f0 [ 75.456651][ T5331] ? rcu_is_watching+0x15/0xb0 [ 75.458727][ T5331] do_syscall_64+0x2e3/0xf80 [ 75.460850][ T5331] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.463333][ T5331] ? clear_bhb_loop+0x60/0xb0 [ 75.465343][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.467892][ T5331] RIP: 0033:0x7ff9bd78f7c9 [ 75.470011][ T5331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.478515][ T5331] RSP: 002b:00007ffcced1dd68 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 75.482189][ T5331] RAX: 0000000000000000 RBX: 00000000000124de RCX: 00007ff9bd78f7c9 [ 75.485716][ T5331] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 75.489198][ T5331] RBP: 00007ff9bd9e7da0 R08: 0000000000000001 R09: 0000001aced1e05f [ 75.492482][ T5331] R10: 00007ff9bd5ff030 R11: 0000000000000246 R12: 00007ff9bd9e5fac [ 75.495808][ T5331] R13: 00007ff9bd9e5fa0 R14: ffffffffffffffff R15: 00007ffcced1de80 [ 75.499340][ T5331] [ 75.501078][ T5331] Kernel Offset: disabled [ 75.503047][ T5331] Rebooting in 86400 seconds..