program:
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x46032, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f0000000240)={{&(0x7f0000c00000/0x400000)=nil, 0x400000}})
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x2000007, 0x401d031, 0xffffffffffffffff, 0x0) (fail_nth: 9)
[ 60.547836][ T4532] Bluetooth: hci0: command tx timeout
[ 60.607474][ T5104] FAULT_INJECTION: forcing a failure.
[ 60.607474][ T5104] name failslab, interval 1, probability 0, space 0, times 1
[ 60.612144][ T5104] CPU: 0 UID: 0 PID: 5104 Comm: syz.0.0 Not tainted 6.12.0-rc4-syzkaller-00085-g4e46774408d9 #0
[ 60.615961][ T5104] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 60.619899][ T5104] Call Trace:
[ 60.621134][ T5104]
[ 60.622275][ T5104] dump_stack_lvl+0x241/0x360
[ 60.624135][ T5104] ? __pfx_dump_stack_lvl+0x10/0x10
[ 60.626030][ T5104] ? __pfx__printk+0x10/0x10
[ 60.627789][ T5104] ? kmem_cache_alloc_noprof+0x44/0x2a0
[ 60.629962][ T5104] ? __pfx___might_resched+0x10/0x10
[ 60.631994][ T5104] should_fail_ex+0x3b0/0x4e0
[ 60.633685][ T5104] ? mas_alloc_nodes+0x26c/0x840
[ 60.635266][ T5104] should_failslab+0xac/0x100
[ 60.636973][ T5104] ? mas_alloc_nodes+0x26c/0x840
[ 60.638800][ T5104] kmem_cache_alloc_noprof+0x6c/0x2a0
[ 60.640717][ T5104] mas_alloc_nodes+0x26c/0x840
[ 60.642313][ T5104] mas_preallocate+0x554/0x8c0
[ 60.644020][ T5104] ? shmem_get_inode+0xad5/0xd70
[ 60.645902][ T5104] ? __pfx_mas_preallocate+0x10/0x10
[ 60.647829][ T5104] ? __shmem_file_setup+0x263/0x2c0
[ 60.649765][ T5104] ? shmem_zero_setup+0x12b/0x140
[ 60.651621][ T5104] mmap_region+0x1fd6/0x2a30
[ 60.653384][ T5104] ? __pfx_mmap_region+0x10/0x10
[ 60.655213][ T5104] ? __pfx_lock_acquire+0x10/0x10
[ 60.657130][ T5104] ? mm_get_unmapped_area+0xa8/0xd0
[ 60.659037][ T5104] ? bpf_lsm_mmap_addr+0x9/0x10
[ 60.660808][ T5104] ? security_mmap_addr+0x6f/0x250
[ 60.662734][ T5104] ? __get_unmapped_area+0x2ed/0x350
[ 60.664743][ T5104] do_mmap+0x8f0/0x1000
[ 60.666320][ T5104] ? __pfx_do_mmap+0x10/0x10
[ 60.668045][ T5104] ? __pfx_down_write_killable+0x10/0x10
[ 60.670051][ T5104] ? apparmor_mmap_file+0xc3/0xe0
[ 60.671941][ T5104] vm_mmap_pgoff+0x1dd/0x3d0
[ 60.673683][ T5104] ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 60.675548][ T5104] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 60.677673][ T5104] ? do_syscall_64+0x100/0x230
[ 60.679380][ T5104] ? ksys_mmap_pgoff+0xdf/0x720
[ 60.681188][ T5104] ? __x64_sys_mmap+0x7f/0x140
[ 60.682906][ T5104] do_syscall_64+0xf3/0x230
[ 60.684530][ T5104] ? clear_bhb_loop+0x35/0x90
[ 60.686342][ T5104] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 60.688357][ T5104] RIP: 0033:0x7f1422d7e719
[ 60.690033][ T5104] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 60.696831][ T5104] RSP: 002b:00007f1423b72038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 60.699826][ T5104] RAX: ffffffffffffffda RBX: 00007f1422f35f80 RCX: 00007f1422d7e719
[ 60.702493][ T5104] RDX: 0000000002000007 RSI: 0000000000c00000 RDI: 0000000020400000
[ 60.705222][ T5104] RBP: 00007f1423b72090 R08: ffffffffffffffff R09: 0000000000000000
[ 60.708167][ T5104] R10: 000000000401d031 R11: 0000000000000246 R12: 0000000000000001
[ 60.711076][ T5104] R13: 0000000000000000 R14: 00007f1422f35f80 R15: 00007ffec297f088
[ 60.713965][ T5104]
[ 60.724610][ T5104] ------------[ cut here ]------------
[ 60.727425][ T5104] kernel BUG at mm/huge_memory.c:2085!
[ 60.729452][ T5104] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
[ 60.731966][ T5104] CPU: 0 UID: 0 PID: 5104 Comm: syz.0.0 Not tainted 6.12.0-rc4-syzkaller-00085-g4e46774408d9 #0
[ 60.735684][ T5104] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 60.739479][ T5104] RIP: 0010:zap_huge_pmd+0x953/0xc40
[ 60.741431][ T5104] Code: fe ff ff f3 0f 1e fa e8 ab 16 92 ff 48 89 df 4c 89 fe e8 50 ba 08 00 e9 2c f8 ff ff e8 96 16 92 ff 90 0f 0b e8 8e 16 92 ff 90 <0f> 0b e8 86 16 92 ff 4c 89 ef 48 c7 c6 20 65 17 8c e8 37 a2 dd ff
[ 60.748687][ T5104] RSP: 0018:ffffc9000ddef1e0 EFLAGS: 00010293
[ 60.751023][ T5104] RAX: ffffffff8202c152 RBX: 000000000000001e RCX: ffff88801f750000
[ 60.753990][ T5104] RDX: 0000000000000000 RSI: 000000000000001f RDI: 000000000000001a
[ 60.756980][ T5104] RBP: 000000000000001f R08: ffffffff8202bca6 R09: 1ffff11007a89906
[ 60.760025][ T5104] R10: dffffc0000000000 R11: ffffed1007a89907 R12: 0000000000000000
[ 60.763009][ T5104] R13: ffffc9000ddef750 R14: 0000000020e00000 R15: fffffffffffffa00
[ 60.765848][ T5104] FS: 00007f1423b726c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[ 60.769068][ T5104] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 60.772222][ T5104] CR2: 00007f1423a6d9b8 CR3: 000000003a73a000 CR4: 0000000000352ef0
[ 60.775244][ T5104] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 60.778390][ T5104] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 60.781468][ T5104] Call Trace:
[ 60.782746][ T5104]
[ 60.784007][ T5104] ? __die_body+0x5f/0xb0
[ 60.785742][ T5104] ? die+0x9e/0xc0
[ 60.787241][ T5104] ? do_trap+0x15a/0x3a0
[ 60.788890][ T5104] ? zap_huge_pmd+0x953/0xc40
[ 60.790566][ T5104] ? do_error_trap+0x1dc/0x2c0
[ 60.792345][ T5104] ? zap_huge_pmd+0x953/0xc40
[ 60.794121][ T5104] ? __pfx_do_error_trap+0x10/0x10
[ 60.795940][ T5104] ? handle_invalid_op+0x34/0x40
[ 60.797689][ T5104] ? zap_huge_pmd+0x953/0xc40
[ 60.799249][ T5104] ? exc_invalid_op+0x38/0x50
[ 60.800984][ T5104] ? asm_exc_invalid_op+0x1a/0x20
[ 60.802833][ T5104] ? zap_huge_pmd+0x4a6/0xc40
[ 60.804555][ T5104] ? zap_huge_pmd+0x952/0xc40
[ 60.806280][ T5104] ? zap_huge_pmd+0x953/0xc40
[ 60.807975][ T5104] unmap_page_range+0x762/0x40e0
[ 60.809794][ T5104] ? __pfx_validate_chain+0x10/0x10
[ 60.811694][ T5104] ? __lock_acquire+0x1384/0x2050
[ 60.813600][ T5104] ? __pfx_unmap_page_range+0x10/0x10
[ 60.815452][ T5104] ? __pfx_lock_acquire+0x10/0x10
[ 60.817195][ T5104] ? unmap_vmas+0x1f1/0x5f0
[ 60.818907][ T5104] ? __pfx_lock_release+0x10/0x10
[ 60.820765][ T5104] ? unmap_single_vma+0x1bd/0x2b0
[ 60.822634][ T5104] unmap_vmas+0x3cc/0x5f0
[ 60.824260][ T5104] ? __pfx_unmap_vmas+0x10/0x10
[ 60.825963][ T5104] ? tlb_gather_mmu+0x24e/0x310
[ 60.827666][ T5104] unmap_region+0x214/0x380
[ 60.829232][ T5104] ? __pfx_unmap_region+0x10/0x10
[ 60.830988][ T5104] ? __mas_set_range+0x133/0x3c0
[ 60.832630][ T5104] ? fput+0x1af/0x230
[ 60.834004][ T5104] mmap_region+0x23fa/0x2a30
[ 60.835577][ T5104] ? __pfx_mmap_region+0x10/0x10
[ 60.837473][ T5104] ? __pfx_lock_acquire+0x10/0x10
[ 60.839358][ T5104] ? mm_get_unmapped_area+0xa8/0xd0
[ 60.841278][ T5104] ? bpf_lsm_mmap_addr+0x9/0x10
[ 60.843091][ T5104] ? security_mmap_addr+0x6f/0x250
[ 60.846183][ T5104] ? __get_unmapped_area+0x2ed/0x350
[ 60.848063][ T5104] do_mmap+0x8f0/0x1000
[ 60.849522][ T5104] ? __pfx_do_mmap+0x10/0x10
[ 60.851178][ T5104] ? __pfx_down_write_killable+0x10/0x10
[ 60.853236][ T5104] ? apparmor_mmap_file+0xc3/0xe0
[ 60.855014][ T5104] vm_mmap_pgoff+0x1dd/0x3d0
[ 60.856661][ T5104] ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 60.858615][ T5104] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 60.861032][ T5104] ? do_syscall_64+0x100/0x230
[ 60.862875][ T5104] ? ksys_mmap_pgoff+0xdf/0x720
[ 60.864560][ T5104] ? __x64_sys_mmap+0x7f/0x140
[ 60.866288][ T5104] do_syscall_64+0xf3/0x230
[ 60.868036][ T5104] ? clear_bhb_loop+0x35/0x90
[ 60.869784][ T5104] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 60.872018][ T5104] RIP: 0033:0x7f1422d7e719
[ 60.873797][ T5104] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 60.880787][ T5104] RSP: 002b:00007f1423b72038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 60.883618][ T5104] RAX: ffffffffffffffda RBX: 00007f1422f35f80 RCX: 00007f1422d7e719
[ 60.886376][ T5104] RDX: 0000000002000007 RSI: 0000000000c00000 RDI: 0000000020400000
[ 60.889261][ T5104] RBP: 00007f1423b72090 R08: ffffffffffffffff R09: 0000000000000000
[ 60.892328][ T5104] R10: 000000000401d031 R11: 0000000000000246 R12: 0000000000000001
[ 60.895315][ T5104] R13: 0000000000000000 R14: 00007f1422f35f80 R15: 00007ffec297f088
[ 60.898225][ T5104]
[ 60.899448][ T5104] Modules linked in:
[ 60.902534][ T5104] ---[ end trace 0000000000000000 ]---
[ 60.904500][ T5104] RIP: 0010:zap_huge_pmd+0x953/0xc40
[ 60.906805][ T5104] Code: fe ff ff f3 0f 1e fa e8 ab 16 92 ff 48 89 df 4c 89 fe e8 50 ba 08 00 e9 2c f8 ff ff e8 96 16 92 ff 90 0f 0b e8 8e 16 92 ff 90 <0f> 0b e8 86 16 92 ff 4c 89 ef 48 c7 c6 20 65 17 8c e8 37 a2 dd ff
[ 60.913650][ T5104] RSP: 0018:ffffc9000ddef1e0 EFLAGS: 00010293
[ 60.915924][ T5104] RAX: ffffffff8202c152 RBX: 000000000000001e RCX: ffff88801f750000
[ 60.918713][ T5104] RDX: 0000000000000000 RSI: 000000000000001f RDI: 000000000000001a
[ 60.921663][ T5104] RBP: 000000000000001f R08: ffffffff8202bca6 R09: 1ffff11007a89906
[ 60.924795][ T5104] R10: dffffc0000000000 R11: ffffed1007a89907 R12: 0000000000000000
[ 60.927820][ T5104] R13: ffffc9000ddef750 R14: 0000000020e00000 R15: fffffffffffffa00
[ 60.930650][ T5104] FS: 00007f1423b726c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[ 60.933821][ T5104] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 60.936257][ T5104] CR2: 00007f1423a6d9b8 CR3: 000000003a73a000 CR4: 0000000000352ef0
[ 60.939030][ T5104] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 60.941696][ T5104] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 60.944319][ T5104] Kernel panic - not syncing: Fatal exception
[ 60.946591][ T5104] Kernel Offset: disabled
[ 60.948049][ T5104] Rebooting in 86400 seconds..