program:
open(&(0x7f00009e1000)='./file0\x00', 0xc162, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x3)
r3 = memfd_create(&(0x7f0000000480)='\xff\x00l\x1e\xa0</\x00\x8eO4._\x14zC\x8a\xe8\xe0u\xe0\xff\xf1\xb2\xfd\xf6nz\x05-]\xc2Vk\xaeky\xd3\x83\xe2\xc7\xd3\xe6M^\x98ox\x14\t\xe9Q1\x1dK\x9a\x045\xd37\xb22\xfdD(\xd2\xdd\xa0\xff\x0f\x00\x00\x00\x00\x00\x00v\n\xd8?]k\x14N\x18\xf4\xc2j\xed6g\xfd\xd2\xd4\xe3\x1f\xa6 \xa0\x8d\xb5\x9aE<2`]<\x8cR\xd69\x0fO\xbf\xc3\xbd\xb0\x96\x90\x91k\x86\x1a\x10\xd2\xf5\x8b\xfc\xf4\xd0[\x12\xf5+\x1aS\x02/Yx\xf2jJb\x97\x9c/\x1f5i\xc6\x861\x9a\xff\xc3\xe7\xbfU\xd5\xac\xccB=\x8f\xfd\x84\xeepQ\x93nn\x0f\xc6\xa9?\xad\x8b~\x96@i=G\x9ft\x1d\xcc\xc6Ys7\x7f\x8ehv\xd3$\x13s\xa0\xbfi\xfaFS\xa9=Xe\xf8tI\x15\x882\x8b\x8e-X\xb8\xf2\x9du\x15S^\xec\xce\xfaf$S\x9f\xe7Ed\n\x84\\ u\xd2\x16\xc1\xa5\xa0\xaa\xe8.i\xc8\x0e\vt\xe2\xf1lA\x93\xdd\xce\x8f$\x06v\xbe\xe7\x95nN\xc5\xaa\x1ev\xc6P\x9c\\G&y\x8bYA\xc3}\xd9\x86[\xb2\xf3\x0f\x90%\xcb\x81\xe8\xea\xbcs\x95\xe9\x8eXH\x19m\xdfOY\xf1E9-\xc8\xe7\x13^+(\x034\x82\xafiOO\x14\x8f^\x8c', 0x7)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xa, 0x12, r3, 0x0)
fcntl$addseals(r3, 0x409, 0x2)
r4 = openat$udambuf(0xffffff9c, &(0x7f0000000000), 0x2)
ioctl$UDMABUF_CREATE(r4, 0x40187542, &(0x7f0000000040)={r3, 0x1, 0x0, 0x8000})

[   68.700335][ T4664] Bluetooth: hci0: command tx timeout
[   69.089091][ T5321] ------------[ cut here ]------------
[   69.091535][ T5321] kernel BUG at mm/hugetlb.c:2333!
[   69.093491][ T5321] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
[   69.096417][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.14.0-rc2-syzkaller-00185-g128c8f96eb86 #0
[   69.101402][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.105526][ T5321] RIP: 0010:alloc_hugetlb_folio_reserve+0xbc/0xc0
[   69.108041][ T5321] Code: 1f eb 05 e8 76 4c 9f ff 48 c7 c7 40 56 81 8e e8 7a 7a e8 09 4c 89 f0 5b 41 5c 41 5e 41 5f 5d c3 cc cc cc cc e8 55 4c 9f ff 90 <0f> 0b 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f
[   69.115286][ T5321] RSP: 0018:ffffc9000d4477f8 EFLAGS: 00010083
[   69.117985][ T5321] RAX: ffffffff82226b0b RBX: 0000000000000000 RCX: 0000000000100000
[   69.121744][ T5321] RDX: ffffc9000f394000 RSI: 00000000000003a1 RDI: 00000000000003a2
[   69.124605][ T5321] RBP: 1ffffffff34d50d1 R08: ffffffff82226ac3 R09: 1ffffd4000094005
[   69.127587][ T5321] R10: dffffc0000000000 R11: fffff94000094006 R12: dffffc0000000000
[   69.130515][ T5321] R13: dffffc0000000000 R14: ffffea00004a0000 R15: ffffffff9a6a8688
[   69.133617][ T5321] FS:  00007f84b031a6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   69.137343][ T5321] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   69.140949][ T5321] CR2: 0000400000000000 CR3: 000000001cb04000 CR4: 0000000000352ef0
[   69.144778][ T5321] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   69.147998][ T5321] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   69.150828][ T5321] Call Trace:
[   69.152086][ T5321]  <TASK>
[   69.153167][ T5321]  ? __die_body+0x5f/0xb0
[   69.154781][ T5321]  ? die+0x9e/0xc0
[   69.156198][ T5321]  ? do_trap+0x15a/0x3a0
[   69.157832][ T5321]  ? alloc_hugetlb_folio_reserve+0xbc/0xc0
[   69.160064][ T5321]  ? do_error_trap+0x1dc/0x2c0
[   69.162300][ T5321]  ? alloc_hugetlb_folio_reserve+0xbc/0xc0
[   69.164560][ T5321]  ? __pfx_do_error_trap+0x10/0x10
[   69.166517][ T5321]  ? report_bug+0x3cd/0x500
[   69.168490][ T5321]  ? handle_invalid_op+0x34/0x40
[   69.170499][ T5321]  ? alloc_hugetlb_folio_reserve+0xbc/0xc0
[   69.173427][ T5321]  ? exc_invalid_op+0x38/0x50
[   69.175996][ T5321]  ? asm_exc_invalid_op+0x1a/0x20
[   69.178603][ T5321]  ? alloc_hugetlb_folio_reserve+0x73/0xc0
[   69.181120][ T5321]  ? alloc_hugetlb_folio_reserve+0xbb/0xc0
[   69.183745][ T5321]  ? alloc_hugetlb_folio_reserve+0xbc/0xc0
[   69.186421][ T5321]  ? alloc_hugetlb_folio_reserve+0xbb/0xc0
[   69.188881][ T5321]  memfd_alloc_folio+0x1bd/0x370
[   69.191009][ T5321]  memfd_pin_folios+0xf10/0x1570
[   69.193654][ T5321]  ? __pfx_memfd_pin_folios+0x10/0x10
[   69.196922][ T5321]  ? __fget_files+0x2a/0x410
[   69.198979][ T5321]  ? __fget_files+0x395/0x410
[   69.200887][ T5321]  ? __fget_files+0x2a/0x410
[   69.202676][ T5321]  udmabuf_create+0x70e/0x10c0
[   69.204594][ T5321]  ? __pfx_udmabuf_create+0x10/0x10
[   69.206586][ T5321]  ? __might_fault+0xaa/0x120
[   69.208379][ T5321]  udmabuf_ioctl+0x301/0x4e0
[   69.211255][ T5321]  ? __pfx_udmabuf_ioctl+0x10/0x10
[   69.214246][ T5321]  ? __fget_files+0x2a/0x410
[   69.216208][ T5321]  ? __pfx_udmabuf_ioctl+0x10/0x10
[   69.218118][ T5321]  __se_sys_ioctl+0xf5/0x170
[   69.220052][ T5321]  do_syscall_64+0xf3/0x230
[   69.221799][ T5321]  ? clear_bhb_loop+0x35/0x90
[   69.223512][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.225889][ T5321] RIP: 0033:0x7f84af58cde9
[   69.227761][ T5321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.235693][ T5321] RSP: 002b:00007f84b031a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   69.239486][ T5321] RAX: ffffffffffffffda RBX: 00007f84af7a6160 RCX: 00007f84af58cde9
[   69.242976][ T5321] RDX: 0000400000000040 RSI: 0000000040187542 RDI: 0000000000000008
[   69.246089][ T5321] RBP: 00007f84af60e2a0 R08: 0000000000000000 R09: 0000000000000000
[   69.249163][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   69.252150][ T5321] R13: 0000000000000000 R14: 00007f84af7a6160 R15: 00007fffead7fa08
[   69.255851][ T5321]  </TASK>
[   69.257588][ T5321] Modules linked in:
[   69.259326][ T5321] ---[ end trace 0000000000000000 ]---
[   69.261386][ T5321] RIP: 0010:alloc_hugetlb_folio_reserve+0xbc/0xc0
[   69.264039][ T5321] Code: 1f eb 05 e8 76 4c 9f ff 48 c7 c7 40 56 81 8e e8 7a 7a e8 09 4c 89 f0 5b 41 5c 41 5e 41 5f 5d c3 cc cc cc cc e8 55 4c 9f ff 90 <0f> 0b 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f
[   69.271428][ T5321] RSP: 0018:ffffc9000d4477f8 EFLAGS: 00010083
[   69.273824][ T5321] RAX: ffffffff82226b0b RBX: 0000000000000000 RCX: 0000000000100000
[   69.277663][ T5321] RDX: ffffc9000f394000 RSI: 00000000000003a1 RDI: 00000000000003a2
[   69.281331][ T5321] RBP: 1ffffffff34d50d1 R08: ffffffff82226ac3 R09: 1ffffd4000094005
[   69.284193][ T5321] R10: dffffc0000000000 R11: fffff94000094006 R12: dffffc0000000000
[   69.287310][ T5321] R13: dffffc0000000000 R14: ffffea00004a0000 R15: ffffffff9a6a8688
[   69.290165][ T5321] FS:  00007f84b031a6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   69.293587][ T5321] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   69.296450][ T5321] CR2: 0000400000000000 CR3: 000000001cb04000 CR4: 0000000000352ef0
[   69.299961][ T5321] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   69.303163][ T5321] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   69.306164][ T5321] Kernel panic - not syncing: Fatal exception
[   69.308869][ T5321] Kernel Offset: disabled
[   69.310684][ T5321] Rebooting in 86400 seconds..