program: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r1 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r2, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000440)={r3, 0x0, 0x0, 0x0, 0x0, [0x0]}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)={r4, 0x0, 0xffffffffffffffff}) ioctl$VIDIOC_S_FREQUENCY(0xffffffffffffffff, 0x402c5639, &(0x7f0000000380)={0x0, 0x2, 0x300}) ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, 0x0) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000280)={r3, 0x0, 0x0, 0x0, 0x0, [0x0], [], [0x0, 0x0, 0x8, 0x8000], [0x0, 0x3, 0x400000006]}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000100)={r6}) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000340)={r3, 0x0, 0x0, 0x0, 0x0, [0x0], [0xffffffff], [], [0xfffffffffffffffc]}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r5}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c64d2, &(0x7f0000000040)={r7}) [ 67.854997][ T5336] faux_driver vgem: [drm] Unknown color mode 181; guessing buffer size. [ 67.872760][ T4683] Bluetooth: hci0: command tx timeout [ 67.915058][ T5335] ------------[ cut here ]------------ [ 67.917612][ T5335] WARNING: drivers/gpu/drm/drm_prime.c:224 at drm_prime_destroy_file_private+0x4b/0x60, CPU#0: syz.0.0/5335 [ 67.923060][ T5335] Modules linked in: [ 67.924688][ T5335] CPU: 0 UID: 0 PID: 5335 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 67.928659][ T5335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 67.933333][ T5335] RIP: 0010:drm_prime_destroy_file_private+0x4b/0x60 [ 67.936039][ T5335] Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 ed 7e ed fc 48 83 3b 00 75 0c e8 02 d4 85 fc 5b e9 8c 3e 23 06 cc e8 f6 d3 85 fc 90 <0f> 0b 90 5b e9 7c 3e 23 06 cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 [ 67.944864][ T5335] RSP: 0018:ffffc9000f0cfc40 EFLAGS: 00010293 [ 67.947759][ T5335] RAX: ffffffff853b315a RBX: ffff888011597410 RCX: ffff88803ee64980 [ 67.951522][ T5335] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888011597380 [ 67.955779][ T5335] RBP: ffff8880115972c8 R08: ffffc9000f0cfbc7 R09: 1ffff92001e19f78 [ 67.959758][ T5335] R10: dffffc0000000000 R11: fffff52001e19f79 R12: dffffc0000000000 [ 67.963572][ T5335] R13: dead000000000100 R14: 0000000000000000 R15: ffff8880115972d8 [ 67.966954][ T5335] FS: 000055555e8c2500(0000) GS:ffff88808d416000(0000) knlGS:0000000000000000 [ 67.971232][ T5335] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 67.974236][ T5335] CR2: 00007fe53822dfc8 CR3: 000000003f8d7000 CR4: 0000000000352ef0 [ 67.978004][ T5335] Call Trace: [ 67.979739][ T5335] [ 67.981415][ T5335] drm_file_free+0x7f2/0xa00 [ 67.983678][ T5335] drm_release+0x2de/0x3f0 [ 67.985392][ T5335] ? __pfx_drm_release+0x10/0x10 [ 67.987868][ T5335] __fput+0x44c/0xa70 [ 67.989754][ T5335] task_work_run+0x1d4/0x260 [ 67.992177][ T5335] ? __pfx_task_work_run+0x10/0x10 [ 67.994506][ T5335] exit_to_user_mode_loop+0xef/0x4e0 [ 67.996929][ T5335] ? rcu_is_watching+0x15/0xb0 [ 67.999028][ T5335] do_syscall_64+0x2b7/0xf80 [ 68.001264][ T5335] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.004103][ T5335] ? trace_irq_disable+0x37/0x100 [ 68.006354][ T5335] ? clear_bhb_loop+0x60/0xb0 [ 68.008673][ T5335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.011497][ T5335] RIP: 0033:0x7fe53738f7c9 [ 68.013557][ T5335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.021548][ T5335] RSP: 002b:00007ffd29f5ef48 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 68.024826][ T5335] RAX: 0000000000000000 RBX: 00007fe5375e7da0 RCX: 00007fe53738f7c9 [ 68.028188][ T5335] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 68.032111][ T5335] RBP: 00007fe5375e7da0 R08: 000000000000e9f4 R09: 0000000f29f5f23f [ 68.035461][ T5335] R10: 0000000000df13d8 R11: 0000000000000246 R12: 0000000000010b9e [ 68.038494][ T5335] R13: 00007fe5375e6090 R14: ffffffffffffffff R15: 00007ffd29f5f060 [ 68.041896][ T5335] [ 68.043264][ T5335] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 68.046186][ T5335] CPU: 0 UID: 0 PID: 5335 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 68.049660][ T5335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.053896][ T5335] Call Trace: [ 68.055258][ T5335] [ 68.056461][ T5335] vpanic+0x1e0/0x670 [ 68.058048][ T5335] panic+0xb9/0xc0 [ 68.059618][ T5335] ? __pfx_panic+0x10/0x10 [ 68.061372][ T5335] __warn+0x317/0x4b0 [ 68.063284][ T5335] ? drm_prime_destroy_file_private+0x4b/0x60 [ 68.066014][ T5335] ? drm_prime_destroy_file_private+0x4b/0x60 [ 68.068713][ T5335] __report_bug+0x288/0x500 [ 68.070588][ T5335] ? drm_prime_destroy_file_private+0x4b/0x60 [ 68.073243][ T5335] ? __pfx___report_bug+0x10/0x10 [ 68.075506][ T5335] ? drm_file_free+0x78b/0xa00 [ 68.077752][ T5335] ? drm_prime_destroy_file_private+0x4b/0x60 [ 68.080487][ T5335] report_bug+0x16a/0x220 [ 68.082547][ T5335] ? drm_prime_destroy_file_private+0x4b/0x60 [ 68.085284][ T5335] ? drm_prime_destroy_file_private+0x4d/0x60 [ 68.087873][ T5335] handle_bug+0x98/0x200 [ 68.089705][ T5335] exc_invalid_op+0x1a/0x50 [ 68.091693][ T5335] asm_exc_invalid_op+0x1a/0x20 [ 68.093897][ T5335] RIP: 0010:drm_prime_destroy_file_private+0x4b/0x60 [ 68.096923][ T5335] Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 ed 7e ed fc 48 83 3b 00 75 0c e8 02 d4 85 fc 5b e9 8c 3e 23 06 cc e8 f6 d3 85 fc 90 <0f> 0b 90 5b e9 7c 3e 23 06 cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 [ 68.105436][ T5335] RSP: 0018:ffffc9000f0cfc40 EFLAGS: 00010293 [ 68.108299][ T5335] RAX: ffffffff853b315a RBX: ffff888011597410 RCX: ffff88803ee64980 [ 68.112202][ T5335] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888011597380 [ 68.115801][ T5335] RBP: ffff8880115972c8 R08: ffffc9000f0cfbc7 R09: 1ffff92001e19f78 [ 68.119232][ T5335] R10: dffffc0000000000 R11: fffff52001e19f79 R12: dffffc0000000000 [ 68.122688][ T5335] R13: dead000000000100 R14: 0000000000000000 R15: ffff8880115972d8 [ 68.126269][ T5335] ? drm_prime_destroy_file_private+0x4a/0x60 [ 68.128917][ T5335] drm_file_free+0x7f2/0xa00 [ 68.130960][ T5335] drm_release+0x2de/0x3f0 [ 68.132970][ T5335] ? __pfx_drm_release+0x10/0x10 [ 68.135196][ T5335] __fput+0x44c/0xa70 [ 68.136951][ T5335] task_work_run+0x1d4/0x260 [ 68.138975][ T5335] ? __pfx_task_work_run+0x10/0x10 [ 68.141268][ T5335] exit_to_user_mode_loop+0xef/0x4e0 [ 68.143711][ T5335] ? rcu_is_watching+0x15/0xb0 [ 68.145902][ T5335] do_syscall_64+0x2b7/0xf80 [ 68.147824][ T5335] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.150174][ T5335] ? trace_irq_disable+0x37/0x100 [ 68.152409][ T5335] ? clear_bhb_loop+0x60/0xb0 [ 68.154402][ T5335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.157023][ T5335] RIP: 0033:0x7fe53738f7c9 [ 68.158891][ T5335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.167254][ T5335] RSP: 002b:00007ffd29f5ef48 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 68.170888][ T5335] RAX: 0000000000000000 RBX: 00007fe5375e7da0 RCX: 00007fe53738f7c9 [ 68.174250][ T5335] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 68.177666][ T5335] RBP: 00007fe5375e7da0 R08: 000000000000e9f4 R09: 0000000f29f5f23f [ 68.181039][ T5335] R10: 0000000000df13d8 R11: 0000000000000246 R12: 0000000000010b9e [ 68.184626][ T5335] R13: 00007fe5375e6090 R14: ffffffffffffffff R15: 00007ffd29f5f060 [ 68.188031][ T5335] [ 68.189773][ T5335] Kernel Offset: disabled [ 68.191717][ T5335] Rebooting in 86400 seconds..