program:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000100)='./mnt\x00', 0x2200054, &(0x7f0000000000)={[{@jqfmt_vfsold}, {@bh}]}, 0x1, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x401, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)) (async)
r3 = ioctl$KVM_CREATE_GUEST_MEMFD(r2, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x1}) (async)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]})
r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, &(0x7f0000000100)={0x20004, <r6=>r4}) (async)
r7 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r7, 0xc00c642e, &(0x7f00000000c0)={<r8=>0x0, 0x0, r6})
ioctl$DRM_IOCTL_GEM_FLINK(r7, 0xc00864d2, &(0x7f0000000300)={r8}) (async)
ioctl$KVM_RESET_DIRTY_RINGS(r2, 0xaec7) (async)
r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, r9, 0x3000001, 0x11, r3, 0x0) (async)
r10 = socket(0xa, 0x3, 0xff)
connect$inet6(r10, &(0x7f0000000000)={0xa, 0x4e1f, 0x2, @mcast2, 0x9}, 0x1c) (async)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x84100, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0xfffffffc, 0x0, 0x40}, 0x0, 0x4000000000, 0xffffffffffffffff, 0x0)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
close(r4) (async)
write$binfmt_script(r11, &(0x7f0000000100), 0xfecc)

[   84.611398][ T5290] Bluetooth: hci0: command tx timeout
[   84.742537][ T5328] loop0: detected capacity change from 0 to 128
[   84.787842][ T5328] =======================================================
[   84.787842][ T5328] WARNING: The mand mount option has been deprecated and
[   84.787842][ T5328]          and is ignored by this kernel. Remove the mand
[   84.787842][ T5328]          option from the mount to silence this warning.
[   84.787842][ T5328] =======================================================
[   84.869761][ T5328] EXT4-fs: Ignoring removed bh option
[   84.932352][ T5328] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   84.955219][ T5328] ext4 filesystem being mounted at /0/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   85.021123][ T5327] ------------[ cut here ]------------
[   85.023139][ T5327] !RB_EMPTY_ROOT(&prime_fpriv->dmabufs)
[   85.023146][ T5327] WARNING: drivers/gpu/drm/drm_prime.c:224 at drm_prime_destroy_file_private+0x4b/0x60, CPU#0: syz.0.0/5327
[   85.030055][ T5327] Modules linked in:
[   85.031945][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.036410][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.040871][ T5327] RIP: 0010:drm_prime_destroy_file_private+0x4b/0x60
[   85.043621][ T5327] Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 2d c9 c6 fc 48 83 3b 00 75 0c e8 72 fd 59 fc 5b e9 cc e4 41 06 cc e8 66 fd 59 fc 90 <0f> 0b 90 5b e9 bc e4 41 06 cc 66 66 2e 0f 1f 84 00 00 00 00 00 90
[   85.052190][ T5327] RSP: 0018:ffffc9000dcffc40 EFLAGS: 00010293
[   85.055062][ T5327] RAX: ffffffff856bd3da RBX: ffff8880120293b0 RCX: ffff888038422500
[   85.058608][ T5327] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888012029328
[   85.062318][ T5327] RBP: ffff888012029278 R08: ffffc9000dcffbc7 R09: 1ffff92001b9ff78
[   85.065848][ T5327] R10: dffffc0000000000 R11: fffff52001b9ff79 R12: dffffc0000000000
[   85.069659][ T5327] R13: dead000000000100 R14: 0000000000000000 R15: ffff888012029288
[   85.073758][ T5327] FS:  0000555559560540(0000) GS:ffff88808c881000(0000) knlGS:0000000000000000
[   85.077750][ T5327] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.080491][ T5327] CR2: 0000200000000103 CR3: 000000001fce7000 CR4: 0000000000352ef0
[   85.083902][ T5327] Call Trace:
[   85.085384][ T5327]  <TASK>
[   85.086767][ T5327]  drm_file_free+0x7f1/0xa00
[   85.088745][ T5327]  drm_release+0x2de/0x3f0
[   85.090778][ T5327]  ? __pfx_drm_release+0x10/0x10
[   85.093368][ T5327]  __fput+0x44f/0xa60
[   85.095294][ T5327]  task_work_run+0x1d9/0x270
[   85.097307][ T5327]  ? __pfx_task_work_run+0x10/0x10
[   85.099521][ T5327]  exit_to_user_mode_loop+0xf3/0x4d0
[   85.101787][ T5327]  ? rcu_is_watching+0x15/0xb0
[   85.105088][ T5327]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.107967][ T5327]  do_syscall_64+0x33e/0xf80
[   85.110090][ T5327]  ? trace_irq_disable+0x3b/0x140
[   85.112177][ T5327]  ? clear_bhb_loop+0x40/0x90
[   85.114420][ T5327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.117016][ T5327] RIP: 0033:0x7f32cf79ce59
[   85.119054][ T5327] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.126500][ T5327] RSP: 002b:00007fff733fe538 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   85.129809][ T5327] RAX: 0000000000000000 RBX: 00007f32cfa17da0 RCX: 00007f32cf79ce59
[   85.133143][ T5327] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[   85.136355][ T5327] RBP: 00007f32cfa17da0 R08: 00007f32cfa16038 R09: 0000000000000000
[   85.139339][ T5327] R10: 0000000000dffd00 R11: 0000000000000246 R12: 0000000000014d8a
[   85.142630][ T5327] R13: 00007f32cfa1609c R14: 0000000000014bc4 R15: 00007f32cfa16090
[   85.146008][ T5327]  </TASK>
[   85.147483][ T5327] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   85.151221][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.154834][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.158684][ T5327] Call Trace:
[   85.160008][ T5327]  <TASK>
[   85.161227][ T5327]  vpanic+0x56c/0xa60
[   85.162858][ T5327]  ? __pfx__printk+0x10/0x10
[   85.164733][ T5327]  ? __pfx_vpanic+0x10/0x10
[   85.166569][ T5327]  ? is_bpf_text_address+0x292/0x2b0
[   85.168726][ T5327]  ? is_bpf_text_address+0x26/0x2b0
[   85.170942][ T5327]  panic+0xc5/0xd0
[   85.172621][ T5327]  ? __pfx_panic+0x10/0x10
[   85.174506][ T5327]  __warn+0x315/0x4c0
[   85.176207][ T5327]  ? drm_prime_destroy_file_private+0x4b/0x60
[   85.178886][ T5327]  ? drm_prime_destroy_file_private+0x4b/0x60
[   85.181611][ T5327]  __report_bug+0x29a/0x540
[   85.183672][ T5327]  ? drm_prime_destroy_file_private+0x4b/0x60
[   85.186320][ T5327]  ? __pfx___report_bug+0x10/0x10
[   85.188630][ T5327]  ? drm_file_free+0x78a/0xa00
[   85.190805][ T5327]  ? drm_prime_destroy_file_private+0x4b/0x60
[   85.193486][ T5327]  report_bug+0x16a/0x220
[   85.195329][ T5327]  ? drm_prime_destroy_file_private+0x4b/0x60
[   85.197975][ T5327]  ? drm_prime_destroy_file_private+0x4d/0x60
[   85.200593][ T5327]  handle_bug+0x9c/0x200
[   85.202441][ T5327]  exc_invalid_op+0x1a/0x50
[   85.204427][ T5327]  asm_exc_invalid_op+0x1a/0x20
[   85.206482][ T5327] RIP: 0010:drm_prime_destroy_file_private+0x4b/0x60
[   85.209282][ T5327] Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 2d c9 c6 fc 48 83 3b 00 75 0c e8 72 fd 59 fc 5b e9 cc e4 41 06 cc e8 66 fd 59 fc 90 <0f> 0b 90 5b e9 bc e4 41 06 cc 66 66 2e 0f 1f 84 00 00 00 00 00 90
[   85.217349][ T5327] RSP: 0018:ffffc9000dcffc40 EFLAGS: 00010293
[   85.219941][ T5327] RAX: ffffffff856bd3da RBX: ffff8880120293b0 RCX: ffff888038422500
[   85.223323][ T5327] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888012029328
[   85.226561][ T5327] RBP: ffff888012029278 R08: ffffc9000dcffbc7 R09: 1ffff92001b9ff78
[   85.229884][ T5327] R10: dffffc0000000000 R11: fffff52001b9ff79 R12: dffffc0000000000
[   85.233262][ T5327] R13: dead000000000100 R14: 0000000000000000 R15: ffff888012029288
[   85.236719][ T5327]  ? drm_prime_destroy_file_private+0x4a/0x60
[   85.239497][ T5327]  drm_file_free+0x7f1/0xa00
[   85.241604][ T5327]  drm_release+0x2de/0x3f0
[   85.243634][ T5327]  ? __pfx_drm_release+0x10/0x10
[   85.245874][ T5327]  __fput+0x44f/0xa60
[   85.247691][ T5327]  task_work_run+0x1d9/0x270
[   85.249783][ T5327]  ? __pfx_task_work_run+0x10/0x10
[   85.251934][ T5327]  exit_to_user_mode_loop+0xf3/0x4d0
[   85.254330][ T5327]  ? rcu_is_watching+0x15/0xb0
[   85.256498][ T5327]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.259279][ T5327]  do_syscall_64+0x33e/0xf80
[   85.261313][ T5327]  ? trace_irq_disable+0x3b/0x140
[   85.263591][ T5327]  ? clear_bhb_loop+0x40/0x90
[   85.265709][ T5327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.268119][ T5327] RIP: 0033:0x7f32cf79ce59
[   85.269894][ T5327] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.277454][ T5327] RSP: 002b:00007fff733fe538 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   85.280774][ T5327] RAX: 0000000000000000 RBX: 00007f32cfa17da0 RCX: 00007f32cf79ce59
[   85.284148][ T5327] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[   85.287467][ T5327] RBP: 00007f32cfa17da0 R08: 00007f32cfa16038 R09: 0000000000000000
[   85.290795][ T5327] R10: 0000000000dffd00 R11: 0000000000000246 R12: 0000000000014d8a
[   85.294258][ T5327] R13: 00007f32cfa1609c R14: 0000000000014bc4 R15: 00007f32cfa16090
[   85.297715][ T5327]  </TASK>
[   85.299557][ T5327] Kernel Offset: disabled
[   85.301476][ T5327] Rebooting in 86400 seconds..