program: r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r1 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r2, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000440)={r3, 0x0, 0x0, 0x0, 0x0, [0x0]}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)={r4, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000280)={r3, 0x0, 0x0, 0x0, 0x0, [0x0], [], [0x0, 0x0, 0x8, 0x8000], [0x0, 0x3, 0x400000006]}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000100)={r6}) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000340)={r3, 0x0, 0x0, 0x0, 0x0, [0x0], [0xffffffff], [], [0xfffffffffffffffc]}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r5}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c64d2, &(0x7f0000000040)={r7}) [ 76.844352][ T5296] Bluetooth: hci0: command tx timeout [ 76.848266][ T1313] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.850794][ T1313] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.933103][ T5315] ------------[ cut here ]------------ [ 76.935847][ T5315] WARNING: CPU: 0 PID: 5315 at drivers/gpu/drm/drm_prime.c:223 drm_prime_destroy_file_private+0x4b/0x60 [ 76.940918][ T5315] Modules linked in: [ 76.942437][ T5315] CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 76.946636][ T5315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.951201][ T5315] RIP: 0010:drm_prime_destroy_file_private+0x4b/0x60 [ 76.954649][ T5315] Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 1d 5a f2 fc 48 83 3b 00 75 0c e8 22 1b 8b fc 5b e9 8c 49 16 06 cc e8 16 1b 8b fc 90 <0f> 0b 90 5b e9 7c 49 16 06 cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 [ 76.963532][ T5315] RSP: 0018:ffffc9000f577c60 EFLAGS: 00010293 [ 76.966050][ T5315] RAX: ffffffff8534fb1a RBX: ffff88803ec76410 RCX: ffff88801f30c900 [ 76.969342][ T5315] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff88803ec76380 [ 76.972825][ T5315] RBP: ffff88803ec762c8 R08: ffffc9000f577be7 R09: 1ffff92001eaef7c [ 76.976801][ T5315] R10: dffffc0000000000 R11: fffff52001eaef7d R12: dffffc0000000000 [ 76.980365][ T5315] R13: dead000000000100 R14: 0000000000000000 R15: ffff88803ec762d8 [ 76.983640][ T5315] FS: 000055556e982500(0000) GS:ffff88808d730000(0000) knlGS:0000000000000000 [ 76.987098][ T5315] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.989824][ T5315] CR2: 000055b9a98a1168 CR3: 000000004194f000 CR4: 0000000000352ef0 [ 76.993124][ T5315] Call Trace: [ 76.995029][ T5315] [ 76.996528][ T5315] drm_file_free+0x7f2/0xa00 [ 76.998623][ T5315] drm_release+0x2de/0x3f0 [ 77.000578][ T5315] ? __pfx_drm_release+0x10/0x10 [ 77.002721][ T5315] __fput+0x44c/0xa70 [ 77.004437][ T5315] task_work_run+0x1d4/0x260 [ 77.006355][ T5315] ? __pfx_task_work_run+0x10/0x10 [ 77.008559][ T5315] ? exit_to_user_mode_loop+0x40/0x130 [ 77.010778][ T5315] exit_to_user_mode_loop+0xe9/0x130 [ 77.012989][ T5315] do_syscall_64+0x2bd/0xfa0 [ 77.015066][ T5315] ? lockdep_hardirqs_on+0x9c/0x150 [ 77.017072][ T5315] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.019719][ T5315] ? clear_bhb_loop+0x60/0xb0 [ 77.021742][ T5315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.024535][ T5315] RIP: 0033:0x7f209678f6c9 [ 77.026372][ T5315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 77.034354][ T5315] RSP: 002b:00007ffe3caac7b8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 77.037790][ T5315] RAX: 0000000000000000 RBX: 0000000000012bc5 RCX: 00007f209678f6c9 [ 77.041127][ T5315] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 77.044462][ T5315] RBP: 00007f20969e7da0 R08: 0000000000000001 R09: 0000000c3caacaaf [ 77.047530][ T5315] R10: 00007f20965ff02c R11: 0000000000000246 R12: 00007f20969e5fac [ 77.050698][ T5315] R13: 00007f20969e5fa0 R14: ffffffffffffffff R15: 00007ffe3caac8d0 [ 77.054149][ T5315] [ 77.055515][ T5315] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 77.058515][ T5315] CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 77.062299][ T5315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 77.066594][ T5315] Call Trace: [ 77.067881][ T5315] [ 77.069196][ T5315] dump_stack_lvl+0x99/0x250 [ 77.071286][ T5315] ? __asan_memcpy+0x40/0x70 [ 77.073340][ T5315] ? __pfx_dump_stack_lvl+0x10/0x10 [ 77.075591][ T5315] ? __pfx__printk+0x10/0x10 [ 77.077576][ T5315] vpanic+0x237/0x6d0 [ 77.079388][ T5315] ? __pfx_vpanic+0x10/0x10 [ 77.081424][ T5315] panic+0xb9/0xc0 [ 77.083116][ T5315] ? __pfx_panic+0x10/0x10 [ 77.085076][ T5315] __warn+0x31b/0x4b0 [ 77.086886][ T5315] ? drm_prime_destroy_file_private+0x4b/0x60 [ 77.089701][ T5315] ? drm_prime_destroy_file_private+0x4b/0x60 [ 77.092355][ T5315] report_bug+0x2be/0x4f0 [ 77.094314][ T5315] ? drm_prime_destroy_file_private+0x4b/0x60 [ 77.097096][ T5315] ? drm_prime_destroy_file_private+0x4b/0x60 [ 77.099931][ T5315] ? drm_prime_destroy_file_private+0x4d/0x60 [ 77.102388][ T5315] handle_bug+0x84/0x160 [ 77.104233][ T5315] exc_invalid_op+0x1a/0x50 [ 77.106171][ T5315] asm_exc_invalid_op+0x1a/0x20 [ 77.108101][ T5315] RIP: 0010:drm_prime_destroy_file_private+0x4b/0x60 [ 77.110846][ T5315] Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 1d 5a f2 fc 48 83 3b 00 75 0c e8 22 1b 8b fc 5b e9 8c 49 16 06 cc e8 16 1b 8b fc 90 <0f> 0b 90 5b e9 7c 49 16 06 cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 [ 77.118709][ T5315] RSP: 0018:ffffc9000f577c60 EFLAGS: 00010293 [ 77.121063][ T5315] RAX: ffffffff8534fb1a RBX: ffff88803ec76410 RCX: ffff88801f30c900 [ 77.124021][ T5315] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff88803ec76380 [ 77.127195][ T5315] RBP: ffff88803ec762c8 R08: ffffc9000f577be7 R09: 1ffff92001eaef7c [ 77.130489][ T5315] R10: dffffc0000000000 R11: fffff52001eaef7d R12: dffffc0000000000 [ 77.133371][ T5315] R13: dead000000000100 R14: 0000000000000000 R15: ffff88803ec762d8 [ 77.136229][ T5315] ? drm_prime_destroy_file_private+0x4a/0x60 [ 77.138495][ T5315] drm_file_free+0x7f2/0xa00 [ 77.140271][ T5315] drm_release+0x2de/0x3f0 [ 77.142041][ T5315] ? __pfx_drm_release+0x10/0x10 [ 77.144028][ T5315] __fput+0x44c/0xa70 [ 77.145770][ T5315] task_work_run+0x1d4/0x260 [ 77.148254][ T5315] ? __pfx_task_work_run+0x10/0x10 [ 77.150624][ T5315] ? exit_to_user_mode_loop+0x40/0x130 [ 77.153102][ T5315] exit_to_user_mode_loop+0xe9/0x130 [ 77.155634][ T5315] do_syscall_64+0x2bd/0xfa0 [ 77.157652][ T5315] ? lockdep_hardirqs_on+0x9c/0x150 [ 77.159917][ T5315] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.162437][ T5315] ? clear_bhb_loop+0x60/0xb0 [ 77.164449][ T5315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.166996][ T5315] RIP: 0033:0x7f209678f6c9 [ 77.168875][ T5315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 77.177246][ T5315] RSP: 002b:00007ffe3caac7b8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 77.180830][ T5315] RAX: 0000000000000000 RBX: 0000000000012bc5 RCX: 00007f209678f6c9 [ 77.184183][ T5315] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 77.187483][ T5315] RBP: 00007f20969e7da0 R08: 0000000000000001 R09: 0000000c3caacaaf [ 77.190738][ T5315] R10: 00007f20965ff02c R11: 0000000000000246 R12: 00007f20969e5fac [ 77.193968][ T5315] R13: 00007f20969e5fa0 R14: ffffffffffffffff R15: 00007ffe3caac8d0 [ 77.197332][ T5315] [ 77.198945][ T5315] Kernel Offset: disabled [ 77.200668][ T5315] Rebooting in 86400 seconds..