program:
r0 = memfd_create(&(0x7f0000000540)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d \x06\x00\x00\x00\x97A\xc2\xd8\xf0Uq!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8d\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\x16\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xf1k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9k\x83\xfc\xa4\xad4\x03\xa2X\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xdfY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96?\x00\x00\x00\x00\x00\x00\x00\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcb\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01O\xd3r\xa2\xa9u\x93>m\xd7q\'\xdf\xfajo\xd8n\xa7\xecJi\xde\xdf\x7f\xe3\xc4*Z 4\xe8S$\xa1H=\xdf\x05\xf3\xe3T\xd1\xdd\xc6f\xa4\xb4\x96\\\xa0\xf9\x0f\x17\x11{\xb6\x9d\xd21\xc1\x90Vj\x13r\x00\x00\xde\x03\xab\xff\x8as0\xc6E\xca\"\xd9*\x9a\x15\xb95r\x8f\xaaj\x82\xd6\xd2%\xed\xa2WQ\xec2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xccX\xfdRB\xffU\xe9\xfa\x1f\xf6\xce\b\xde@\x061\xc6z\xe4\xe0\xc9?\xa7\x94>\x9c\xd1\xa5o\x04\xaaim\xae\xfe\xc7f\xa3\x96\xd7\xb4c)r{\r#\xddI&\n\xf2\xec\xd4\xff\x9f\x136zZ-2\x80\xfbH+\x9b8\xf3\xed\xdf\xa2my\xb28c[\xc3\xfe\xb5M\x84\x97\xa5\'s\xe9\xdc=)I\xabLt2\x9c\v\xd9S', 0x6)
fallocate(r0, 0x0, 0x0, 0x400)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (fail_nth: 14)

[   71.242678][ T5093] Bluetooth: hci0: command tx timeout
[   72.195844][ T5108] FAULT_INJECTION: forcing a failure.
[   72.195844][ T5108] name failslab, interval 1, probability 0, space 0, times 1
[   72.213655][ T5108] CPU: 0 UID: 0 PID: 5108 Comm: syz.0.0 Not tainted 6.11.0-syzkaller-08068-g1ec6d097897a #0
[   72.218124][ T5108] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   72.222832][ T5108] Call Trace:
[   72.224256][ T5108]  <TASK>
[   72.225532][ T5108]  dump_stack_lvl+0x241/0x360
[   72.227882][ T5108]  ? __pfx_dump_stack_lvl+0x10/0x10
[   72.230144][ T5108]  ? __pfx__printk+0x10/0x10
[   72.232122][ T5108]  ? kmem_cache_alloc_noprof+0x44/0x2a0
[   72.234474][ T5108]  ? __pfx___might_resched+0x10/0x10
[   72.236841][ T5108]  should_fail_ex+0x3b0/0x4e0
[   72.238963][ T5108]  ? mas_alloc_nodes+0x26c/0x840
[   72.241751][ T5108]  should_failslab+0xac/0x100
[   72.243913][ T5108]  ? mas_alloc_nodes+0x26c/0x840
[   72.246203][ T5108]  kmem_cache_alloc_noprof+0x6c/0x2a0
[   72.248729][ T5108]  mas_alloc_nodes+0x26c/0x840
[   72.250749][ T5108]  mas_preallocate+0x554/0x8c0
[   72.252531][ T5108]  ? shmem_get_inode+0xad5/0xd70
[   72.254574][ T5108]  ? __pfx_mas_preallocate+0x10/0x10
[   72.256930][ T5108]  ? __shmem_file_setup+0x263/0x2c0
[   72.259916][ T5108]  ? shmem_zero_setup+0x12b/0x140
[   72.262775][ T5108]  mmap_region+0x1ea1/0x2990
[   72.265719][ T5108]  ? __pfx_mmap_region+0x10/0x10
[   72.268650][ T5108]  ? get_pid_task+0x23/0x1f0
[   72.270842][ T5108]  ? mm_get_unmapped_area+0xa8/0xd0
[   72.273382][ T5108]  ? bpf_lsm_mmap_addr+0x9/0x10
[   72.275629][ T5108]  ? security_mmap_addr+0x6f/0x250
[   72.277928][ T5108]  ? __get_unmapped_area+0x2ed/0x350
[   72.281678][ T5108]  do_mmap+0x8f0/0x1000
[   72.283675][ T5108]  ? __pfx_do_mmap+0x10/0x10
[   72.285774][ T5108]  ? __pfx_down_write_killable+0x10/0x10
[   72.288375][ T5108]  ? apparmor_mmap_file+0xc3/0xe0
[   72.290706][ T5108]  vm_mmap_pgoff+0x1dd/0x3d0
[   72.292821][ T5108]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[   72.295047][ T5108]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   72.297964][ T5108]  ? do_syscall_64+0x100/0x230
[   72.299977][ T5108]  ? ksys_mmap_pgoff+0xdf/0x720
[   72.302288][ T5108]  ? __x64_sys_mmap+0x7f/0x140
[   72.304543][ T5108]  do_syscall_64+0xf3/0x230
[   72.306742][ T5108]  ? clear_bhb_loop+0x35/0x90
[   72.308911][ T5108]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.311566][ T5108] RIP: 0033:0x7f50bb17def9
[   72.313591][ T5108] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   72.323347][ T5108] RSP: 002b:00007f50bbf84038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   72.328523][ T5108] RAX: ffffffffffffffda RBX: 00007f50bb335f80 RCX: 00007f50bb17def9
[   72.333915][ T5108] RDX: b635773f06ebbeee RSI: 0000000000b36000 RDI: 0000000020000000
[   72.337834][ T5108] RBP: 00007f50bbf84090 R08: ffffffffffffffff R09: 0000000000000000
[   72.342999][ T5108] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000002
[   72.346921][ T5108] R13: 0000000000000000 R14: 00007f50bb335f80 R15: 00007ffd44bad9d8
[   72.352487][ T5108]  </TASK>
[   72.583995][ T5108] ------------[ cut here ]------------
[   72.591802][ T5108] kernel BUG at mm/page_table_check.c:90!
[   72.598463][ T5108] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
[   72.602725][ T5108] CPU: 0 UID: 0 PID: 5108 Comm: syz.0.0 Not tainted 6.11.0-syzkaller-08068-g1ec6d097897a #0
[   72.611902][ T5108] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   72.615712][ T5108] RIP: 0010:page_table_check_clear+0x395/0x550
[   72.618106][ T5108] Code: c1 0f 8c 57 fd ff ff 48 89 df e8 26 25 f3 ff e9 4a fd ff ff e8 cc 66 8a ff 90 0f 0b e8 c4 66 8a ff 90 0f 0b e8 bc 66 8a ff 90 <0f> 0b e8 b4 66 8a ff 90 0f 0b e8 ac 66 8a ff 90 0f 0b f3 0f 1e fa
[   72.625610][ T5108] RSP: 0018:ffffc9000b03f1a0 EFLAGS: 00010293
[   72.639050][ T5108] RAX: ffffffff820a4e24 RBX: ffff88801b8c8098 RCX: ffff88801aa7a440
[   72.642162][ T5108] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   72.645391][ T5108] RBP: 00000000ffffffff R08: ffffffff820a4c86 R09: 1ffff11003719013
[   72.648639][ T5108] R10: dffffc0000000000 R11: ffffed1003719014 R12: 0000000000000000
[   72.652798][ T5108] R13: ffff88801b8c8050 R14: 00000000000001fe R15: 1ffffffff3483da4
[   72.655837][ T5108] FS:  00007f50bbf846c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   72.659409][ T5108] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   72.662063][ T5108] CR2: 00007f98ec951580 CR3: 0000000000dea000 CR4: 0000000000350ef0
[   72.665940][ T5108] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   72.669362][ T5108] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   72.672428][ T5108] Call Trace:
[   72.673759][ T5108]  <TASK>
[   72.675271][ T5108]  ? __die_body+0x5f/0xb0
[   72.676991][ T5108]  ? die+0x9e/0xc0
[   72.678471][ T5108]  ? do_trap+0x15a/0x3a0
[   72.680108][ T5108]  ? page_table_check_clear+0x395/0x550
[   72.682601][ T5108]  ? do_error_trap+0x1dc/0x2c0
[   72.684643][ T5108]  ? page_table_check_clear+0x395/0x550
[   72.687190][ T5108]  ? __pfx_do_error_trap+0x10/0x10
[   72.689192][ T5108]  ? handle_invalid_op+0x34/0x40
[   72.691153][ T5108]  ? page_table_check_clear+0x395/0x550
[   72.693339][ T5108]  ? exc_invalid_op+0x38/0x50
[   72.695226][ T5108]  ? asm_exc_invalid_op+0x1a/0x20
[   72.697025][ T5108]  ? page_table_check_clear+0x1f6/0x550
[   72.698926][ T5108]  ? page_table_check_clear+0x394/0x550
[   72.700920][ T5108]  ? page_table_check_clear+0x395/0x550
[   72.703135][ T5108]  zap_huge_pmd+0x940/0xc40
[   72.704887][ T5108]  unmap_page_range+0x762/0x40e0
[   72.706872][ T5108]  ? __pfx_validate_chain+0x10/0x10
[   72.709736][ T5108]  ? __lock_acquire+0x1384/0x2050
[   72.711681][ T5108]  ? __pfx_unmap_page_range+0x10/0x10
[   72.713661][ T5108]  ? __pfx_lock_acquire+0x10/0x10
[   72.715525][ T5108]  ? unmap_vmas+0x1f1/0x5f0
[   72.717183][ T5108]  ? __pfx_lock_release+0x10/0x10
[   72.719082][ T5108]  ? unmap_single_vma+0x1bd/0x2b0
[   72.720901][ T5108]  unmap_vmas+0x3cc/0x5f0
[   72.722508][ T5108]  ? __pfx_unmap_vmas+0x10/0x10
[   72.724333][ T5108]  ? tlb_gather_mmu+0x24e/0x310
[   72.726228][ T5108]  unmap_region+0x214/0x380
[   72.728306][ T5108]  ? __pfx_unmap_region+0x10/0x10
[   72.730922][ T5108]  ? __mas_set_range+0x133/0x3c0
[   72.733421][ T5108]  ? fput+0x1af/0x230
[   72.734873][ T5108]  mmap_region+0x22f9/0x2990
[   72.736523][ T5108]  ? __pfx_mmap_region+0x10/0x10
[   72.738303][ T5108]  ? get_pid_task+0x23/0x1f0
[   72.739960][ T5108]  ? mm_get_unmapped_area+0xa8/0xd0
[   72.741776][ T5108]  ? bpf_lsm_mmap_addr+0x9/0x10
[   72.743601][ T5108]  ? security_mmap_addr+0x6f/0x250
[   72.745599][ T5108]  ? __get_unmapped_area+0x2ed/0x350
[   72.747864][ T5108]  do_mmap+0x8f0/0x1000
[   72.750152][ T5108]  ? __pfx_do_mmap+0x10/0x10
[   72.752697][ T5108]  ? __pfx_down_write_killable+0x10/0x10
[   72.755512][ T5108]  ? apparmor_mmap_file+0xc3/0xe0
[   72.757249][ T5108]  vm_mmap_pgoff+0x1dd/0x3d0
[   72.758924][ T5108]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[   72.760815][ T5108]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   72.763676][ T5108]  ? do_syscall_64+0x100/0x230
[   72.766584][ T5108]  ? ksys_mmap_pgoff+0xdf/0x720
[   72.769499][ T5108]  ? __x64_sys_mmap+0x7f/0x140
[   72.773370][ T5108]  do_syscall_64+0xf3/0x230
[   72.775748][ T5108]  ? clear_bhb_loop+0x35/0x90
[   72.779350][ T5108]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.781704][ T5108] RIP: 0033:0x7f50bb17def9
[   72.783299][ T5108] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   72.792991][ T5108] RSP: 002b:00007f50bbf84038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   72.797312][ T5108] RAX: ffffffffffffffda RBX: 00007f50bb335f80 RCX: 00007f50bb17def9
[   72.800614][ T5108] RDX: b635773f06ebbeee RSI: 0000000000b36000 RDI: 0000000020000000
[   72.804340][ T5108] RBP: 00007f50bbf84090 R08: ffffffffffffffff R09: 0000000000000000
[   72.809642][ T5108] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000002
[   72.814637][ T5108] R13: 0000000000000000 R14: 00007f50bb335f80 R15: 00007ffd44bad9d8
[   72.820188][ T5108]  </TASK>
[   72.821825][ T5108] Modules linked in:
[   72.824450][ T5108] ---[ end trace 0000000000000000 ]---
[   72.843474][ T5108] RIP: 0010:page_table_check_clear+0x395/0x550
[   72.845959][ T5108] Code: c1 0f 8c 57 fd ff ff 48 89 df e8 26 25 f3 ff e9 4a fd ff ff e8 cc 66 8a ff 90 0f 0b e8 c4 66 8a ff 90 0f 0b e8 bc 66 8a ff 90 <0f> 0b e8 b4 66 8a ff 90 0f 0b e8 ac 66 8a ff 90 0f 0b f3 0f 1e fa
[   72.853768][ T5108] RSP: 0018:ffffc9000b03f1a0 EFLAGS: 00010293
[   72.856236][ T5108] RAX: ffffffff820a4e24 RBX: ffff88801b8c8098 RCX: ffff88801aa7a440
[   72.875132][ T5108] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[   72.877920][ T5108] RBP: 00000000ffffffff R08: ffffffff820a4c86 R09: 1ffff11003719013
[   72.881158][ T5108] R10: dffffc0000000000 R11: ffffed1003719014 R12: 0000000000000000
[   72.884374][ T5108] R13: ffff88801b8c8050 R14: 00000000000001fe R15: 1ffffffff3483da4
[   72.902968][ T5108] FS:  00007f50bbf846c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   72.906510][ T5108] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   72.909182][ T5108] CR2: 00007f98ec951580 CR3: 0000000000dea000 CR4: 0000000000350ef0
[   72.912396][ T5108] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   72.931789][ T5108] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   72.935011][ T5108] Kernel panic - not syncing: Fatal exception
[   72.937744][ T5108] Kernel Offset: disabled
[   72.939544][ T5108] Rebooting in 86400 seconds..