program: r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r1 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r2, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000440)={r3, 0x0, 0x0, 0x0, 0x0, [0x0]}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)={r4, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000280)={r3, 0x0, 0x0, 0x0, 0x0, [0x0], [], [0x0, 0x0, 0x8, 0x8000], [0x0, 0x3, 0x400000006]}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000100)={r6}) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000340)={r3, 0x0, 0x0, 0x0, 0x0, [0x0], [0xffffffff], [], [0xfffffffffffffffc]}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r5}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c64d2, &(0x7f0000000040)={r7}) [ 74.938635][ T5297] Bluetooth: hci0: command tx timeout [ 75.031479][ T5317] ------------[ cut here ]------------ [ 75.033731][ T5317] WARNING: CPU: 0 PID: 5317 at drivers/gpu/drm/drm_prime.c:223 drm_prime_destroy_file_private+0x4b/0x60 [ 75.038382][ T5317] Modules linked in: [ 75.040146][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.043818][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.048418][ T5317] RIP: 0010:drm_prime_destroy_file_private+0x4b/0x60 [ 75.051189][ T5317] Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 1d 5a f2 fc 48 83 3b 00 75 0c e8 22 1b 8b fc 5b e9 8c 29 16 06 cc e8 16 1b 8b fc 90 <0f> 0b 90 5b e9 7c 29 16 06 cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 [ 75.059911][ T5317] RSP: 0018:ffffc9000d3cfc60 EFLAGS: 00010293 [ 75.062674][ T5317] RAX: ffffffff8534fb1a RBX: ffff888051cc6410 RCX: ffff888000b90000 [ 75.065988][ T5317] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888051cc6380 [ 75.069182][ T5317] RBP: ffff888051cc62c8 R08: ffffc9000d3cfbe7 R09: 1ffff92001a79f7c [ 75.072281][ T5317] R10: dffffc0000000000 R11: fffff52001a79f7d R12: dffffc0000000000 [ 75.075274][ T5317] R13: dead000000000100 R14: 0000000000000000 R15: ffff888051cc62d8 [ 75.078559][ T5317] FS: 000055556af64500(0000) GS:ffff88808d732000(0000) knlGS:0000000000000000 [ 75.082475][ T5317] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.085105][ T5317] CR2: 00007fb5633d3730 CR3: 0000000042837000 CR4: 0000000000352ef0 [ 75.088427][ T5317] Call Trace: [ 75.089871][ T5317] [ 75.091539][ T5317] drm_file_free+0x7f2/0xa00 [ 75.093531][ T5317] drm_release+0x2de/0x3f0 [ 75.095419][ T5317] ? __pfx_drm_release+0x10/0x10 [ 75.097672][ T5317] __fput+0x44c/0xa70 [ 75.099450][ T5317] task_work_run+0x1d4/0x260 [ 75.101557][ T5317] ? __pfx_task_work_run+0x10/0x10 [ 75.103741][ T5317] ? exit_to_user_mode_loop+0x40/0x130 [ 75.105953][ T5317] exit_to_user_mode_loop+0xe9/0x130 [ 75.108216][ T5317] do_syscall_64+0x2bd/0xfa0 [ 75.110189][ T5317] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.112618][ T5317] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.115339][ T5317] ? clear_bhb_loop+0x60/0xb0 [ 75.117733][ T5317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.120167][ T5317] RIP: 0033:0x7fb56318f6c9 [ 75.122160][ T5317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.130262][ T5317] RSP: 002b:00007ffcd66c4a68 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 75.133776][ T5317] RAX: 0000000000000000 RBX: 000000000001243b RCX: 00007fb56318f6c9 [ 75.137107][ T5317] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 75.140397][ T5317] RBP: 00007fb5633e7da0 R08: 0000000000000001 R09: 0000000cd66c4d5f [ 75.143580][ T5317] R10: 00007fb562fff02c R11: 0000000000000246 R12: 00007fb5633e5fac [ 75.146853][ T5317] R13: 00007fb5633e5fa0 R14: ffffffffffffffff R15: 00007ffcd66c4b80 [ 75.150097][ T5317] [ 75.151396][ T5317] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 75.154327][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.157947][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.162384][ T5317] Call Trace: [ 75.163875][ T5317] [ 75.165231][ T5317] dump_stack_lvl+0x99/0x250 [ 75.167240][ T5317] ? __asan_memcpy+0x40/0x70 [ 75.169220][ T5317] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.171581][ T5317] ? __pfx__printk+0x10/0x10 [ 75.173532][ T5317] vpanic+0x237/0x6d0 [ 75.175110][ T5317] ? __pfx_vpanic+0x10/0x10 [ 75.176947][ T5317] panic+0xb9/0xc0 [ 75.178471][ T5317] ? __pfx_panic+0x10/0x10 [ 75.180315][ T5317] __warn+0x31b/0x4b0 [ 75.182008][ T5317] ? drm_prime_destroy_file_private+0x4b/0x60 [ 75.184480][ T5317] ? drm_prime_destroy_file_private+0x4b/0x60 [ 75.186725][ T5317] report_bug+0x2be/0x4f0 [ 75.188466][ T5317] ? drm_prime_destroy_file_private+0x4b/0x60 [ 75.190886][ T5317] ? drm_prime_destroy_file_private+0x4b/0x60 [ 75.193488][ T5317] ? drm_prime_destroy_file_private+0x4d/0x60 [ 75.196042][ T5317] handle_bug+0x84/0x160 [ 75.197806][ T5317] exc_invalid_op+0x1a/0x50 [ 75.199731][ T5317] asm_exc_invalid_op+0x1a/0x20 [ 75.201914][ T5317] RIP: 0010:drm_prime_destroy_file_private+0x4b/0x60 [ 75.204677][ T5317] Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 1d 5a f2 fc 48 83 3b 00 75 0c e8 22 1b 8b fc 5b e9 8c 29 16 06 cc e8 16 1b 8b fc 90 <0f> 0b 90 5b e9 7c 29 16 06 cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 [ 75.212429][ T5317] RSP: 0018:ffffc9000d3cfc60 EFLAGS: 00010293 [ 75.214945][ T5317] RAX: ffffffff8534fb1a RBX: ffff888051cc6410 RCX: ffff888000b90000 [ 75.218146][ T5317] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888051cc6380 [ 75.221674][ T5317] RBP: ffff888051cc62c8 R08: ffffc9000d3cfbe7 R09: 1ffff92001a79f7c [ 75.225205][ T5317] R10: dffffc0000000000 R11: fffff52001a79f7d R12: dffffc0000000000 [ 75.228457][ T5317] R13: dead000000000100 R14: 0000000000000000 R15: ffff888051cc62d8 [ 75.231581][ T5317] ? drm_prime_destroy_file_private+0x4a/0x60 [ 75.234076][ T5317] drm_file_free+0x7f2/0xa00 [ 75.236016][ T5317] drm_release+0x2de/0x3f0 [ 75.237876][ T5317] ? __pfx_drm_release+0x10/0x10 [ 75.240033][ T5317] __fput+0x44c/0xa70 [ 75.241751][ T5317] task_work_run+0x1d4/0x260 [ 75.243697][ T5317] ? __pfx_task_work_run+0x10/0x10 [ 75.245853][ T5317] ? exit_to_user_mode_loop+0x40/0x130 [ 75.248059][ T5317] exit_to_user_mode_loop+0xe9/0x130 [ 75.250096][ T5317] do_syscall_64+0x2bd/0xfa0 [ 75.252135][ T5317] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.254495][ T5317] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.257131][ T5317] ? clear_bhb_loop+0x60/0xb0 [ 75.259159][ T5317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.261680][ T5317] RIP: 0033:0x7fb56318f6c9 [ 75.263505][ T5317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.271589][ T5317] RSP: 002b:00007ffcd66c4a68 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 75.275136][ T5317] RAX: 0000000000000000 RBX: 000000000001243b RCX: 00007fb56318f6c9 [ 75.278452][ T5317] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 75.281853][ T5317] RBP: 00007fb5633e7da0 R08: 0000000000000001 R09: 0000000cd66c4d5f [ 75.285173][ T5317] R10: 00007fb562fff02c R11: 0000000000000246 R12: 00007fb5633e5fac [ 75.288489][ T5317] R13: 00007fb5633e5fa0 R14: ffffffffffffffff R15: 00007ffcd66c4b80 [ 75.291861][ T5317] [ 75.293504][ T5317] Kernel Offset: disabled [ 75.295339][ T5317] Rebooting in 86400 seconds..