program:
ftruncate(0xffffffffffffffff, 0xc17a) (async)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000180)={0x0, 0x1, 0x8, 0xfffffffb}) (async)
r0 = openat$ndctl0(0xffffffffffffff9c, &(0x7f0000000000), 0x8082, 0x0)
ioctl$DRM_IOCTL_GEM_FLINK(r0, 0xc008640a, &(0x7f0000000180))

[   70.713201][ T5310] Bluetooth: hci0: command tx timeout
[   70.793999][ T5325] ==================================================================
[   70.797185][ T5325] BUG: KASAN: vmalloc-out-of-bounds in acpi_nfit_ctl+0x20e8/0x24a0
[   70.800339][ T5325] Read of size 4 at addr ffffc90001156038 by task syz.0.0/5325
[   70.803101][ T5325] 
[   70.803980][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0
[   70.807819][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   70.811842][ T5325] Call Trace:
[   70.813132][ T5325]  <TASK>
[   70.814287][ T5325]  dump_stack_lvl+0x241/0x360
[   70.815997][ T5325]  ? __pfx_dump_stack_lvl+0x10/0x10
[   70.817776][ T5325]  ? __pfx__printk+0x10/0x10
[   70.819402][ T5325]  ? _printk+0xd5/0x120
[   70.820938][ T5325]  print_report+0x169/0x550
[   70.822490][ T5325]  ? __virt_addr_valid+0xbd/0x530
[   70.824311][ T5325]  ? acpi_nfit_ctl+0x20e8/0x24a0
[   70.826012][ T5325]  kasan_report+0x143/0x180
[   70.827825][ T5325]  ? acpi_nfit_ctl+0x20e8/0x24a0
[   70.829784][ T5325]  acpi_nfit_ctl+0x20e8/0x24a0
[   70.831764][ T5325]  ? __pfx___mutex_trylock_common+0x10/0x10
[   70.834086][ T5325]  ? trace_contention_end+0x3c/0x120
[   70.836110][ T5325]  ? __mutex_lock+0x2ef/0xd70
[   70.837861][ T5325]  ? __pfx_acpi_nfit_ctl+0x10/0x10
[   70.839844][ T5325]  ? nd_ioctl+0x162a/0x1fd0
[   70.841577][ T5325]  ? __pfx_lock_release+0x10/0x10
[   70.843679][ T5325]  ? __might_fault+0xc6/0x120
[   70.845608][ T5325]  ? walk_to_nvdimm_bus+0xb0/0x170
[   70.847510][ T5325]  ? acpi_nfit_clear_to_send+0x19e/0x1c0
[   70.849887][ T5325]  nd_ioctl+0x1844/0x1fd0
[   70.851578][ T5325]  ? __pfx_nd_ioctl+0x10/0x10
[   70.853304][ T5325]  ? __pfx_bus_ioctl+0x10/0x10
[   70.855192][ T5325]  __se_sys_ioctl+0xf9/0x170
[   70.856971][ T5325]  do_syscall_64+0xf3/0x230
[   70.858648][ T5325]  ? clear_bhb_loop+0x35/0x90
[   70.860344][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.862617][ T5325] RIP: 0033:0x7fb79b37e719
[   70.864514][ T5325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.871903][ T5325] RSP: 002b:00007fb79c0dd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   70.875049][ T5325] RAX: ffffffffffffffda RBX: 00007fb79b535f80 RCX: 00007fb79b37e719
[   70.878031][ T5325] RDX: 0000000020000180 RSI: 00000000c008640a RDI: 0000000000000003
[   70.880970][ T5325] RBP: 00007fb79b3f139e R08: 0000000000000000 R09: 0000000000000000
[   70.883879][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   70.886819][ T5325] R13: 0000000000000000 R14: 00007fb79b535f80 R15: 00007ffe955272f8
[   70.889735][ T5325]  </TASK>
[   70.890877][ T5325] 
[   70.891804][ T5325] The buggy address belongs to the virtual mapping at
[   70.891804][ T5325]  [ffffc90001156000, ffffc90001158000) created by:
[   70.891804][ T5325]  nd_ioctl+0x1594/0x1fd0
[   70.898219][ T5325] 
[   70.899205][ T5325] The buggy address belongs to the physical page:
[   70.901700][ T5325] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x43a1a
[   70.905101][ T5325] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   70.907821][ T5325] raw: 04fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   70.911078][ T5325] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   70.914316][ T5325] page dumped because: kasan: bad access detected
[   70.916678][ T5325] page_owner tracks the page as allocated
[   70.918701][ T5325] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2cc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN), pid 5325, tgid 5324 (syz.0.0), ts 70793946911, free_ts 70765572809
[   70.925138][ T5325]  post_alloc_hook+0x1f3/0x230
[   70.926857][ T5325]  get_page_from_freelist+0x303f/0x3190
[   70.928994][ T5325]  __alloc_pages_noprof+0x292/0x710
[   70.930919][ T5325]  alloc_pages_bulk_noprof+0x729/0xd40
[   70.932855][ T5325]  alloc_pages_bulk_array_mempolicy_noprof+0x8ea/0x1600
[   70.935437][ T5325]  __vmalloc_node_range_noprof+0x752/0x13f0
[   70.937767][ T5325]  vmalloc_noprof+0x79/0x90
[   70.939686][ T5325]  nd_ioctl+0x1594/0x1fd0
[   70.941391][ T5325]  __se_sys_ioctl+0xf9/0x170
[   70.943072][ T5325]  do_syscall_64+0xf3/0x230
[   70.944760][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.947013][ T5325] page last free pid 5305 tgid 5305 stack trace:
[   70.949368][ T5325]  free_unref_folios+0xf12/0x18d0
[   70.951287][ T5325]  folios_put_refs+0x76c/0x860
[   70.953082][ T5325]  free_pages_and_swap_cache+0x5c8/0x690
[   70.955158][ T5325]  tlb_flush_mmu+0x3a3/0x680
[   70.956799][ T5325]  tlb_finish_mmu+0xd4/0x200
[   70.958422][ T5325]  exit_mmap+0x496/0xc40
[   70.960037][ T5325]  __mmput+0x115/0x390
[   70.961596][ T5325]  exit_mm+0x220/0x310
[   70.963196][ T5325]  do_exit+0x9b2/0x28e0
[   70.964779][ T5325]  do_group_exit+0x207/0x2c0
[   70.966680][ T5325]  __x64_sys_exit_group+0x3f/0x40
[   70.968626][ T5325]  x64_sys_call+0x2634/0x2640
[   70.970365][ T5325]  do_syscall_64+0xf3/0x230
[   70.972094][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.974091][ T5325] 
[   70.974989][ T5325] Memory state around the buggy address:
[   70.976905][ T5325]  ffffc90001155f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   70.979821][ T5325]  ffffc90001155f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   70.982642][ T5325] >ffffc90001156000: 00 00 00 00 00 00 00 03 f8 f8 f8 f8 f8 f8 f8 f8
[   70.985525][ T5325]                                         ^
[   70.987849][ T5325]  ffffc90001156080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   70.991076][ T5325]  ffffc90001156100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   70.993995][ T5325] ==================================================================
[   71.012736][ T5325] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   71.015624][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0
[   71.019496][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   71.023138][ T5325] Call Trace:
[   71.024390][ T5325]  <TASK>
[   71.025532][ T5325]  dump_stack_lvl+0x241/0x360
[   71.027445][ T5325]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.029513][ T5325]  ? __pfx__printk+0x10/0x10
[   71.031390][ T5325]  ? preempt_schedule+0xe1/0xf0
[   71.033296][ T5325]  ? vscnprintf+0x5d/0x90
[   71.034973][ T5325]  panic+0x349/0x880
[   71.036542][ T5325]  ? check_panic_on_warn+0x21/0xb0
[   71.038456][ T5325]  ? __pfx_panic+0x10/0x10
[   71.040221][ T5325]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   71.042412][ T5325]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   71.044707][ T5325]  ? print_report+0x502/0x550
[   71.046521][ T5325]  check_panic_on_warn+0x86/0xb0
[   71.048347][ T5325]  ? acpi_nfit_ctl+0x20e8/0x24a0
[   71.050153][ T5325]  end_report+0x77/0x160
[   71.051911][ T5325]  kasan_report+0x154/0x180
[   71.053664][ T5325]  ? acpi_nfit_ctl+0x20e8/0x24a0
[   71.055502][ T5325]  acpi_nfit_ctl+0x20e8/0x24a0
[   71.057283][ T5325]  ? __pfx___mutex_trylock_common+0x10/0x10
[   71.059393][ T5325]  ? trace_contention_end+0x3c/0x120
[   71.061346][ T5325]  ? __mutex_lock+0x2ef/0xd70
[   71.063130][ T5325]  ? __pfx_acpi_nfit_ctl+0x10/0x10
[   71.065131][ T5325]  ? nd_ioctl+0x162a/0x1fd0
[   71.067000][ T5325]  ? __pfx_lock_release+0x10/0x10
[   71.069048][ T5325]  ? __might_fault+0xc6/0x120
[   71.070949][ T5325]  ? walk_to_nvdimm_bus+0xb0/0x170
[   71.072977][ T5325]  ? acpi_nfit_clear_to_send+0x19e/0x1c0
[   71.075218][ T5325]  nd_ioctl+0x1844/0x1fd0
[   71.076969][ T5325]  ? __pfx_nd_ioctl+0x10/0x10
[   71.078833][ T5325]  ? __pfx_bus_ioctl+0x10/0x10
[   71.080837][ T5325]  __se_sys_ioctl+0xf9/0x170
[   71.082433][ T5325]  do_syscall_64+0xf3/0x230
[   71.084139][ T5325]  ? clear_bhb_loop+0x35/0x90
[   71.085942][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.088099][ T5325] RIP: 0033:0x7fb79b37e719
[   71.089688][ T5325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   71.096950][ T5325] RSP: 002b:00007fb79c0dd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   71.100019][ T5325] RAX: ffffffffffffffda RBX: 00007fb79b535f80 RCX: 00007fb79b37e719
[   71.102854][ T5325] RDX: 0000000020000180 RSI: 00000000c008640a RDI: 0000000000000003
[   71.105750][ T5325] RBP: 00007fb79b3f139e R08: 0000000000000000 R09: 0000000000000000
[   71.108632][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   71.111681][ T5325] R13: 0000000000000000 R14: 00007fb79b535f80 R15: 00007ffe955272f8
[   71.114651][ T5325]  </TASK>
[   71.116141][ T5325] Kernel Offset: disabled
[   71.117730][ T5325] Rebooting in 86400 seconds..