program: r0 = syz_open_dev$dri(&(0x7f0000000040), 0x0, 0x1) (async) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000180)={&(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0], &(0x7f0000000100)=[0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0], 0x5, 0x1, 0x2, 0x4}) (async) r2 = syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000000)={0x8, 0x2, 0x7}) (async) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000280)={0x0, &(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) bind$tipc(r3, &(0x7f0000000480)=@name={0x1e, 0x2, 0x1, {{0x1, 0x2}, 0x3}}, 0x10) (async) ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000540)={0x0, 0x0, r5, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000400)={r6, 0x0, 0x0, 0x0, 0x0, [0x0], [0x0, 0x0, 0xf], [0x1000], [0x0, 0x0, 0x0, 0xffffffffffffffff]}) ioctl$DRM_IOCTL_AGP_ALLOC(r3, 0xc0206434, &(0x7f0000000340)={0x2, 0x0, 0x1}) ioctl$DRM_IOCTL_AGP_FREE(r2, 0x40206435, &(0x7f0000000380)={0x0, r8}) (async) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f0000000100)={r7, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r9}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r4, 0xc00c642d, &(0x7f00000001c0)={r10}) r11 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r11, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r11, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r12, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r11, 0xc06864ce, &(0x7f0000000200)={r13, 0x0, 0x0, 0x0, 0x0, [0x0]}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r11, 0xc00c64d2, &(0x7f0000000040)={r14}) ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f0000000200)={0x0, 0x0}) (async) ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f0000000240)={0x0, 0x0}) ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f00000002c0)={r1, 0xfffffffa, 0x3, 0x0, 0x0, [r10, r14, r15, r16], [0x4, 0xfff, 0x1, 0x8], [0x4, 0x7, 0x12000, 0x7], [0xffffffffffff0001, 0x58, 0xf13, 0x5]}) (async) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x8004, 0x0, 0x81, 0xffffffff}) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x15, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b700000001000000bfa30000000000000703000030feffff620af0fff8ffffff71a4f0ff000000002d040300000000003d030000000000006504000001ed000079601800000000006c440000000000007b0ab0fe000000007913000000000000b5000000000000009500000000000000023bc065b7a379d17cf9333379fc9e94af05000000f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a715bc5181554a090f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128c4e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c26f71b29ee35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d0800af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8ea8fcb913466aaa7f6d150352e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d390dd65be2467b373eafd9aa58f2077184b6a89adaf17b0a6041bdef728d236619074d6ebdf098bc908f523d228a40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c5da18ec0ae563f721c5363092adaa1d8964162a27afea62d84f3a10746443d64364f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b93d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d710b651f898ba749e40bc6980fe78683ac5c0c31030699ddd71063be9261b2e1aab1675b34a220488c126aeef5f510a8f1aded94a129e4aec6ffc3a15d96c2ea3e2e04cfe0e669e51731b2875353193f82ade69d0540059fe6c7fe7cd86975023cb08cc7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed82641687f3b3a70bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c5538a294270a1ad10c80fef7c24c87afce829ba0f85da6d888f18ea40ab959f6074ab2a4009b9e5f07ab513cdc6c0e57fb1c1ca571380d7b4ead35a655e0b4a26b702396df7e0cbe02b6e4114f244a9bf93f05beb72f0861f75c345edcb84ac7eeedcf2ba1a9508f9d6aba5823a34a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a9b702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b728fe26e37037f27f277b8a8346962a350845ffa0d829e4f79adc287906943408e6df3adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d0a874c74b777df005c55fc30511d00000000c85265b2bd83d64a532869d708000000000000007baa5b6a682b50f0937f778af083e055f6138a757ebd0ed91114a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a9037d2283c42efc54fa84323a56edbd287eba0af35c35d91f3c62a0ca74836a640224de85f2b4a5fee500bbc584328a6a7a4628c4378c9b71dff64075b74a6520adb187b40d2cccbcb08c0634ee74658d3e23bf511c8b0bf1b69d2b3782b3f481c320e7bd4615dbbf24c06ac95bd639e68d0e6aa7f0d07bf69a93365f803f0144af37236ea133c2255b0613bf8ba1d538e06c2411e8d70053b712084fd0e313de9bb19266e49a3a2190cb039c6f89610acd896319b9c8d1b8aac2eaa5a4f8be7419a09e3fb5be3be2fcdadd2299839cc40e684e6e2b4e1385fde7a0bad3b0be672110268a34dad364fddee69e564119cebb6940c6356ff83ca527c573d700000000000000c6299263e6d9097f225de969485bce3d7dc471c0669bb6a467cf0de54dfcc1857048fe22a19dbb1b3cb9babaa839f1f6e817a62d95a5b971ff96a5c66c338c6f2a2da4644519f40761402e9c81013d76c7152c95ba5efa24ce1930f23a2277f057ffb6b0144f3b434a2adc456ef4d2fbdf7c6238c2bb00ffcf2d23d68cb9b027f3b225ec4e09b089f7956b66c5692b46ea03abb6a404c8ccceaa4ba4161409fcb54b86eaca26b2a0c4b81f7b71cbfcef"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48) [ 86.426144][ T4682] Bluetooth: hci0: command tx timeout [ 86.550346][ T5339] faux_driver vkms: [drm] Unknown color mode 7; guessing buffer size. [ 86.702012][ T5339] ------------[ cut here ]------------ [ 86.704552][ T5339] WARNING: drivers/gpu/drm/drm_prime.c:224 at drm_prime_destroy_file_private+0x4b/0x60, CPU#0: syz.0.0/5339 [ 86.709627][ T5339] Modules linked in: [ 86.711744][ T5339] CPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 86.715481][ T5339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.719986][ T5339] RIP: 0010:drm_prime_destroy_file_private+0x4b/0x60 [ 86.722866][ T5339] Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 4d 18 ed fc 48 83 3b 00 75 0c e8 02 37 85 fc 5b e9 fc 11 24 06 cc e8 f6 36 85 fc 90 <0f> 0b 90 5b c3 cc cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 [ 86.730561][ T5339] RSP: 0018:ffffc9000ed7f860 EFLAGS: 00010293 [ 86.734007][ T5339] RAX: ffffffff853c89aa RBX: ffff888044c32410 RCX: ffff88801c748000 [ 86.737447][ T5339] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888044c32380 [ 86.740682][ T5339] RBP: ffff888044c322c8 R08: ffffc9000ed7f7e7 R09: 1ffff92001dafefc [ 86.744099][ T5339] R10: dffffc0000000000 R11: fffff52001dafefd R12: dffffc0000000000 [ 86.747380][ T5339] R13: dead000000000100 R14: 0000000000000000 R15: ffff888044c322d8 [ 86.750771][ T5339] FS: 0000000000000000(0000) GS:ffff88808d22a000(0000) knlGS:0000000000000000 [ 86.754680][ T5339] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.757591][ T5339] CR2: 000055dff017c660 CR3: 000000000df3a000 CR4: 0000000000352ef0 [ 86.760999][ T5339] Call Trace: [ 86.762697][ T5339] [ 86.764057][ T5339] drm_file_free+0x7f2/0xa00 [ 86.766168][ T5339] drm_release+0x2de/0x3f0 [ 86.768180][ T5339] ? __pfx_drm_release+0x10/0x10 [ 86.770336][ T5339] __fput+0x44c/0xa70 [ 86.772031][ T5339] task_work_run+0x1d4/0x260 [ 86.774094][ T5339] ? __pfx_task_work_run+0x10/0x10 [ 86.776225][ T5339] ? do_raw_spin_unlock+0x4d/0x240 [ 86.778260][ T5339] do_exit+0x6c5/0x2310 [ 86.779902][ T5339] ? do_raw_spin_lock+0x121/0x290 [ 86.781988][ T5339] ? __pfx_do_exit+0x10/0x10 [ 86.784100][ T5339] do_group_exit+0x21c/0x2d0 [ 86.786214][ T5339] ? lockdep_hardirqs_on+0x98/0x140 [ 86.788568][ T5339] get_signal+0x1285/0x1340 [ 86.790537][ T5339] arch_do_signal_or_restart+0x9a/0x7a0 [ 86.793060][ T5339] ? __pfx_drm_ioctl+0x10/0x10 [ 86.795096][ T5339] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 86.797809][ T5339] ? exit_to_user_mode_loop+0x55/0x4f0 [ 86.800175][ T5339] exit_to_user_mode_loop+0x87/0x4f0 [ 86.802699][ T5339] ? rcu_is_watching+0x15/0xb0 [ 86.804815][ T5339] do_syscall_64+0x2d0/0xf80 [ 86.806817][ T5339] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.809402][ T5339] ? clear_bhb_loop+0x60/0xb0 [ 86.811486][ T5339] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.814330][ T5339] RIP: 0033:0x7f408558f7c9 [ 86.816332][ T5339] Code: Unable to access opcode bytes at 0x7f408558f79f. [ 86.819362][ T5339] RSP: 002b:00007f40819f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 86.823103][ T5339] RAX: 0000000000000000 RBX: 00007f40857e5fa0 RCX: 00007f408558f7c9 [ 86.826727][ T5339] RDX: 0000200000000000 RSI: 00000000c02064b2 RDI: 0000000000000005 [ 86.830632][ T5339] RBP: 00007f4085613f91 R08: 0000000000000000 R09: 0000000000000000 [ 86.834241][ T5339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.837746][ T5339] R13: 00007f40857e6038 R14: 00007f40857e5fa0 R15: 00007ffe4cdcbca8 [ 86.841312][ T5339] [ 86.842895][ T5339] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 86.846019][ T5339] CPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 86.849845][ T5339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.854339][ T5339] Call Trace: [ 86.855906][ T5339] [ 86.857264][ T5339] dump_stack_lvl+0x99/0x250 [ 86.859343][ T5339] ? __asan_memcpy+0x40/0x70 [ 86.861356][ T5339] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.863614][ T5339] ? __pfx__printk+0x10/0x10 [ 86.865617][ T5339] vpanic+0x237/0x6d0 [ 86.867394][ T5339] ? __pfx_vpanic+0x10/0x10 [ 86.869391][ T5339] ? is_bpf_text_address+0x292/0x2b0 [ 86.871714][ T5339] ? is_bpf_text_address+0x26/0x2b0 [ 86.874095][ T5339] panic+0xb9/0xc0 [ 86.875747][ T5339] ? __pfx_panic+0x10/0x10 [ 86.877721][ T5339] __warn+0x317/0x4b0 [ 86.879559][ T5339] ? drm_prime_destroy_file_private+0x4b/0x60 [ 86.882166][ T5339] ? drm_prime_destroy_file_private+0x4b/0x60 [ 86.884786][ T5339] __report_bug+0x288/0x500 [ 86.886749][ T5339] ? drm_prime_destroy_file_private+0x4b/0x60 [ 86.889370][ T5339] ? __pfx___report_bug+0x10/0x10 [ 86.891471][ T5339] ? drm_file_free+0x78b/0xa00 [ 86.893464][ T5339] ? drm_prime_destroy_file_private+0x4b/0x60 [ 86.896087][ T5339] report_bug+0x16a/0x220 [ 86.898015][ T5339] ? drm_prime_destroy_file_private+0x4b/0x60 [ 86.900655][ T5339] ? drm_prime_destroy_file_private+0x4d/0x60 [ 86.903368][ T5339] handle_bug+0x98/0x200 [ 86.905203][ T5339] exc_invalid_op+0x1a/0x50 [ 86.907213][ T5339] asm_exc_invalid_op+0x1a/0x20 [ 86.909312][ T5339] RIP: 0010:drm_prime_destroy_file_private+0x4b/0x60 [ 86.912199][ T5339] Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 4d 18 ed fc 48 83 3b 00 75 0c e8 02 37 85 fc 5b e9 fc 11 24 06 cc e8 f6 36 85 fc 90 <0f> 0b 90 5b c3 cc cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 [ 86.920128][ T5339] RSP: 0018:ffffc9000ed7f860 EFLAGS: 00010293 [ 86.922534][ T5339] RAX: ffffffff853c89aa RBX: ffff888044c32410 RCX: ffff88801c748000 [ 86.926004][ T5339] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888044c32380 [ 86.929323][ T5339] RBP: ffff888044c322c8 R08: ffffc9000ed7f7e7 R09: 1ffff92001dafefc [ 86.932809][ T5339] R10: dffffc0000000000 R11: fffff52001dafefd R12: dffffc0000000000 [ 86.936174][ T5339] R13: dead000000000100 R14: 0000000000000000 R15: ffff888044c322d8 [ 86.939613][ T5339] ? drm_prime_destroy_file_private+0x4a/0x60 [ 86.942311][ T5339] drm_file_free+0x7f2/0xa00 [ 86.944304][ T5339] drm_release+0x2de/0x3f0 [ 86.946323][ T5339] ? __pfx_drm_release+0x10/0x10 [ 86.948508][ T5339] __fput+0x44c/0xa70 [ 86.950229][ T5339] task_work_run+0x1d4/0x260 [ 86.952218][ T5339] ? __pfx_task_work_run+0x10/0x10 [ 86.954568][ T5339] ? do_raw_spin_unlock+0x4d/0x240 [ 86.956879][ T5339] do_exit+0x6c5/0x2310 [ 86.958591][ T5339] ? do_raw_spin_lock+0x121/0x290 [ 86.960796][ T5339] ? __pfx_do_exit+0x10/0x10 [ 86.962875][ T5339] do_group_exit+0x21c/0x2d0 [ 86.964885][ T5339] ? lockdep_hardirqs_on+0x98/0x140 [ 86.967185][ T5339] get_signal+0x1285/0x1340 [ 86.969071][ T5339] arch_do_signal_or_restart+0x9a/0x7a0 [ 86.971155][ T5339] ? __pfx_drm_ioctl+0x10/0x10 [ 86.973077][ T5339] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 86.975591][ T5339] ? exit_to_user_mode_loop+0x55/0x4f0 [ 86.977905][ T5339] exit_to_user_mode_loop+0x87/0x4f0 [ 86.979989][ T5339] ? rcu_is_watching+0x15/0xb0 [ 86.982008][ T5339] do_syscall_64+0x2d0/0xf80 [ 86.983867][ T5339] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.986461][ T5339] ? clear_bhb_loop+0x60/0xb0 [ 86.989048][ T5339] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.992049][ T5339] RIP: 0033:0x7f408558f7c9 [ 86.994410][ T5339] Code: Unable to access opcode bytes at 0x7f408558f79f. [ 86.997713][ T5339] RSP: 002b:00007f40819f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 87.001064][ T5339] RAX: 0000000000000000 RBX: 00007f40857e5fa0 RCX: 00007f408558f7c9 [ 87.004322][ T5339] RDX: 0000200000000000 RSI: 00000000c02064b2 RDI: 0000000000000005 [ 87.007761][ T5339] RBP: 00007f4085613f91 R08: 0000000000000000 R09: 0000000000000000 [ 87.010948][ T5339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 87.014217][ T5339] R13: 00007f40857e6038 R14: 00007f40857e5fa0 R15: 00007ffe4cdcbca8 [ 87.018060][ T5339] [ 87.019857][ T5339] Kernel Offset: disabled [ 87.021899][ T5339] Rebooting in 86400 seconds..