program: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00'}) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x2, 0x70bd26, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKMODE={0x5, 0x11, 0x9}, @IFLA_IFNAME={0x14, 0x3, 'bridge0\x00'}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000881}, 0x0) syz_emit_ethernet(0x15, &(0x7f0000000300)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa08"], 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='map_files\x00') getdents(r2, &(0x7f0000000280)=""/4097, 0x1001) getdents(r2, 0x0, 0x0) r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000100)={0x20004, r0}) r5 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r4}) ioctl$DRM_IOCTL_GEM_FLINK(r5, 0xc00864d2, &(0x7f0000000300)={r6}) [ 84.935361][ T5322] ------------[ cut here ]------------ [ 84.937432][ T5322] !RB_EMPTY_ROOT(&prime_fpriv->dmabufs) [ 84.937439][ T5322] WARNING: drivers/gpu/drm/drm_prime.c:224 at drm_prime_destroy_file_private+0x4b/0x60, CPU#0: syz.0.0/5322 [ 84.944418][ T5322] Modules linked in: [ 84.946257][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 84.950295][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 84.955128][ T5322] RIP: 0010:drm_prime_destroy_file_private+0x4b/0x60 [ 84.958718][ T5322] Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 2d c9 c6 fc 48 83 3b 00 75 0c e8 72 fd 59 fc 5b e9 cc e4 41 06 cc e8 66 fd 59 fc 90 <0f> 0b 90 5b e9 bc e4 41 06 cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 [ 84.967315][ T5322] RSP: 0018:ffffc9000dcb7c40 EFLAGS: 00010293 [ 84.969924][ T5322] RAX: ffffffff856bd3da RBX: ffff88800e5ba3b0 RCX: ffff88801fb4a500 [ 84.976395][ T5322] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff88800e5ba328 [ 84.984631][ T5322] RBP: ffff88800e5ba278 R08: ffffc9000dcb7bc7 R09: 1ffff92001b96f78 [ 84.990475][ T5322] R10: dffffc0000000000 R11: fffff52001b96f79 R12: dffffc0000000000 [ 84.997390][ T5322] R13: dead000000000100 R14: 0000000000000000 R15: ffff88800e5ba288 [ 85.001033][ T5322] FS: 000055555622f540(0000) GS:ffff88808c881000(0000) knlGS:0000000000000000 [ 85.004831][ T5322] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.007702][ T5322] CR2: 00007fb284786480 CR3: 000000000e513000 CR4: 0000000000352ef0 [ 85.010880][ T5322] Call Trace: [ 85.012293][ T5322] [ 85.013585][ T5322] drm_file_free+0x7f1/0xa00 [ 85.015570][ T5322] drm_release+0x2de/0x3f0 [ 85.017858][ T5322] ? __pfx_drm_release+0x10/0x10 [ 85.019901][ T5322] __fput+0x44f/0xa60 [ 85.021649][ T5322] task_work_run+0x1d9/0x270 [ 85.023556][ T5322] ? __pfx_task_work_run+0x10/0x10 [ 85.025689][ T5322] exit_to_user_mode_loop+0xf3/0x4d0 [ 85.028007][ T5322] ? rcu_is_watching+0x15/0xb0 [ 85.030070][ T5322] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.032710][ T5322] do_syscall_64+0x33e/0xf80 [ 85.034682][ T5322] ? clear_bhb_loop+0x40/0x90 [ 85.036719][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.039139][ T5322] RIP: 0033:0x7fb28479ce59 [ 85.041124][ T5322] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.049283][ T5322] RSP: 002b:00007fffd988eeb8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 85.053906][ T5322] RAX: 0000000000000000 RBX: 00007fffd988efa0 RCX: 00007fb28479ce59 [ 85.057380][ T5322] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 85.060903][ T5322] RBP: 0000000000014b1e R08: 0000000000000001 R09: 0000000000000000 [ 85.064336][ T5322] R10: 00007fb2845ff02c R11: 0000000000000246 R12: 00007fffd988efe0 [ 85.067779][ T5322] R13: 00007fb284a15fac R14: 0000000000014b5b R15: 00007fb284a15fa0 [ 85.071104][ T5322] [ 85.072407][ T5322] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 85.075673][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.079691][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.083790][ T5322] Call Trace: [ 85.085175][ T5322] [ 85.086510][ T5322] vpanic+0x56c/0xa60 [ 85.088244][ T5322] ? __pfx__printk+0x10/0x10 [ 85.090150][ T5322] ? __pfx_vpanic+0x10/0x10 [ 85.092016][ T5322] ? is_bpf_text_address+0x292/0x2b0 [ 85.094198][ T5322] ? is_bpf_text_address+0x26/0x2b0 [ 85.096430][ T5322] panic+0xc5/0xd0 [ 85.097984][ T5322] ? __pfx_panic+0x10/0x10 [ 85.099763][ T5322] __warn+0x315/0x4c0 [ 85.101428][ T5322] ? drm_prime_destroy_file_private+0x4b/0x60 [ 85.103994][ T5322] ? drm_prime_destroy_file_private+0x4b/0x60 [ 85.106678][ T5322] __report_bug+0x29a/0x540 [ 85.108629][ T5322] ? drm_prime_destroy_file_private+0x4b/0x60 [ 85.111177][ T5322] ? __pfx___report_bug+0x10/0x10 [ 85.113354][ T5322] ? drm_file_free+0x78a/0xa00 [ 85.115513][ T5322] ? drm_prime_destroy_file_private+0x4b/0x60 [ 85.118234][ T5322] report_bug+0x16a/0x220 [ 85.120194][ T5322] ? drm_prime_destroy_file_private+0x4b/0x60 [ 85.122872][ T5322] ? drm_prime_destroy_file_private+0x4d/0x60 [ 85.125576][ T5322] handle_bug+0x9c/0x200 [ 85.127469][ T5322] exc_invalid_op+0x1a/0x50 [ 85.129477][ T5322] asm_exc_invalid_op+0x1a/0x20 [ 85.131618][ T5322] RIP: 0010:drm_prime_destroy_file_private+0x4b/0x60 [ 85.134517][ T5322] Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 2d c9 c6 fc 48 83 3b 00 75 0c e8 72 fd 59 fc 5b e9 cc e4 41 06 cc e8 66 fd 59 fc 90 <0f> 0b 90 5b e9 bc e4 41 06 cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 [ 85.142879][ T5322] RSP: 0018:ffffc9000dcb7c40 EFLAGS: 00010293 [ 85.145481][ T5322] RAX: ffffffff856bd3da RBX: ffff88800e5ba3b0 RCX: ffff88801fb4a500 [ 85.148796][ T5322] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff88800e5ba328 [ 85.152153][ T5322] RBP: ffff88800e5ba278 R08: ffffc9000dcb7bc7 R09: 1ffff92001b96f78 [ 85.155585][ T5322] R10: dffffc0000000000 R11: fffff52001b96f79 R12: dffffc0000000000 [ 85.158986][ T5322] R13: dead000000000100 R14: 0000000000000000 R15: ffff88800e5ba288 [ 85.162245][ T5322] ? drm_prime_destroy_file_private+0x4a/0x60 [ 85.164852][ T5322] drm_file_free+0x7f1/0xa00 [ 85.166856][ T5322] drm_release+0x2de/0x3f0 [ 85.168847][ T5322] ? __pfx_drm_release+0x10/0x10 [ 85.170890][ T5322] __fput+0x44f/0xa60 [ 85.172636][ T5322] task_work_run+0x1d9/0x270 [ 85.174661][ T5322] ? __pfx_task_work_run+0x10/0x10 [ 85.176902][ T5322] exit_to_user_mode_loop+0xf3/0x4d0 [ 85.179097][ T5322] ? rcu_is_watching+0x15/0xb0 [ 85.181140][ T5322] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.183593][ T5322] do_syscall_64+0x33e/0xf80 [ 85.185672][ T5322] ? clear_bhb_loop+0x40/0x90 [ 85.187682][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.190125][ T5322] RIP: 0033:0x7fb28479ce59 [ 85.192135][ T5322] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.200510][ T5322] RSP: 002b:00007fffd988eeb8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 85.204049][ T5322] RAX: 0000000000000000 RBX: 00007fffd988efa0 RCX: 00007fb28479ce59 [ 85.207301][ T5322] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 85.210632][ T5322] RBP: 0000000000014b1e R08: 0000000000000001 R09: 0000000000000000 [ 85.214073][ T5322] R10: 00007fb2845ff02c R11: 0000000000000246 R12: 00007fffd988efe0 [ 85.217314][ T5322] R13: 00007fb284a15fac R14: 0000000000014b5b R15: 00007fb284a15fa0 [ 85.220734][ T5322] [ 85.222481][ T5322] Kernel Offset: disabled [ 85.224397][ T5322] Rebooting in 86400 seconds..