program:
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf0b, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xfff2}}}, 0x24}}, 0x0)
r0 = socket(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="16000000070000000400000008000000141000001d79a670dca3518df4a3fd12d85bc710d8f80ec6de4a937014298bb4b832d53d", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000000)={r1, 0x0, 0x0}, 0x20)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0c040000049d46e2dc2e7b569400000000400000", @ANYRES32, @ANYBLOB="8c00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000300"/28], 0x50)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={r2, &(0x7f0000000300), 0x20000000}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)={r2, &(0x7f0000000240), &(0x7f0000000280)=""/30}, 0x20)
r3 = socket(0x10, 0x803, 0x0)
r4 = socket(0x10, 0x2, 0xfffffffd)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r4)
getsockname$packet(r4, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=@newtfilter={0x60, 0x2c, 0xd27, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, r5, {0xd, 0x8}, {}, {0xa, 0xffff}}, [@filter_kind_options=@f_flow={{0x9}, {0x30, 0x2, [@TCA_FLOW_POLICE={0x10, 0xa, 0x0, 0x1, [@TCA_POLICE_RATE64={0xc}]}, @TCA_FLOW_POLICE={0x4}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0x5}, @TCA_FLOW_ADDEND={0x8, 0x5, 0x8}, @TCA_FLOW_KEYS={0x8, 0x1, 0xe974}]}}]}, 0x60}}, 0x4080)
r6 = socket(0x21, 0x2, 0x80)
r7 = memfd_create(&(0x7f0000000480)='\xff\x00l\x1e\xa0</\x00\x8eO4._\x14zC\x8a\xe8\xe0u\xe0\xff\xf1\xb2\xfd\xf6nz\x05-]\xc2Vk\xaeky\xd3\x83\xe2\xc7\xd3\xe6M^\x98ox\x14\t\xe9Q1\x1dK\x9a\x045\xd37\xb22\xfdD(\xd2\xdd\xa0\xff\x0f\x00\x00\x00\x00\x00\x00v\n\xd8?]k\x14N\x18\xf4\xc2j\xed6g\xfd\xd2\xd4\xe3\x1f\xa6 \xa0\x8d\xb5\x9aE<2`]<\x8cR\xd69\x0fO\xbf\xc3\xbd\xb0\x96\x90\x91k\x86\x1a\x10\xd2\xf5\x8b\xfc\xf4\xd0[\x12\xf5+\x1aS\x02/Yx\xf2jJb\x97\x9c/\x1f5i\xc6\x861\x9a\xff\xc3\xe7\xbfU\xd5\xac\xccB=\x8f\xfd\x84\xeepQ\x93nn\x0f\xc6\xa9?\xad\x8b~\x96@i=G\x9ft\x1d\xcc\xc6Ys7\x7f\x8ehv\xd3$\x13s\xa0\xbfi\xfaFS\xa9=Xe\xf8tI\x15\x882\x8b\x8e-X\xb8\xf2\x9du\x15S^\xec\xce\xfaf$S\x9f\xe7Ed\n\x84\\ u\xd2\x16\xc1\xa5\xa0\xaa\xe8.i\xc8\x0e\vt\xe2\xf1lA\x93\xdd\xce\x8f$\x06v\xbe\xe7\x95nN\xc5\xaa\x1ev\xc6P\x9c\\G&y\x8bYA\xc3}\xd9\x86[\xb2\xf3\x0f\x90%\xcb\x81\xe8\xea\xbcs\x95\xe9\x8eXH\x19m\xdfOY\xf1E9-\xc8\xe7\x13^+(\x034\x82\xafiOO\x14\x8f^\x8c', 0x7)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xa, 0x4d091, r7, 0x400000)
fcntl$addseals(r7, 0x409, 0x2)
r8 = openat$udambuf(0xffffff9c, &(0x7f0000000000), 0x2)
ioctl$UDMABUF_CREATE(r8, 0x40187542, &(0x7f0000000040)={r7, 0x1, 0x0, 0x100000})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000029000)={<r9=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r10=>0x0})
rename(&(0x7f00000002c0)='./file0\x00', 0x0)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r12, &(0x7f0000000200), 0xf000)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r11, 0x0)
r13 = socket$inet_dccp(0x2, 0x6, 0x0)
getsockopt$inet_int(r13, 0x10d, 0xf3, 0x0, &(0x7f00000000c0))
bind$packet(r6, &(0x7f0000000180)={0x11, 0x0, r10, 0x1, 0x0, 0x6, @multicast}, 0x14)
getsockname$packet(r6, &(0x7f00000015c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)

[   72.245308][ T4661] Bluetooth: hci0: command tx timeout
[   72.331346][ T5315] ------------[ cut here ]------------
[   72.333131][ T5315] kernel BUG at mm/hugetlb.c:2403!
[   72.334988][ T5315] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
[   72.337407][ T5315] CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted 6.13.0-rc5-syzkaller-00161-g63676eefb7a0 #0
[   72.341150][ T5315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   72.345163][ T5315] RIP: 0010:alloc_hugetlb_folio_reserve+0xbc/0xc0
[   72.347375][ T5315] Code: 1f eb 05 e8 56 18 a0 ff 48 c7 c7 40 56 61 8e e8 ba 21 cc 09 4c 89 f0 5b 41 5c 41 5e 41 5f 5d c3 cc cc cc cc e8 35 18 a0 ff 90 <0f> 0b 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f
[   72.354036][ T5315] RSP: 0018:ffffc9000d3d77f8 EFLAGS: 00010087
[   72.356118][ T5315] RAX: ffffffff81ff6beb RBX: 0000000000000000 RCX: 0000000000100000
[   72.358740][ T5315] RDX: ffffc9000e51a000 RSI: 00000000000003ec RDI: 00000000000003ed
[   72.361473][ T5315] RBP: 1ffffffff34810d9 R08: ffffffff81ff6ba3 R09: 1ffffd4000093005
[   72.364308][ T5315] R10: dffffc0000000000 R11: fffff94000093006 R12: dffffc0000000000
[   72.367102][ T5315] R13: dffffc0000000000 R14: ffffea0000498000 R15: ffffffff9a4086c8
[   72.370001][ T5315] FS:  00007f77ac12e6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   72.373178][ T5315] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   72.375289][ T5315] CR2: 00007f77ab54b170 CR3: 0000000040b70000 CR4: 0000000000352ef0
[   72.378108][ T5315] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   72.380907][ T5315] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   72.383697][ T5315] Call Trace:
[   72.384963][ T5315]  <TASK>
[   72.385887][ T5315]  ? __die_body+0x5f/0xb0
[   72.387350][ T5315]  ? die+0x9e/0xc0
[   72.388674][ T5315]  ? do_trap+0x15a/0x3a0
[   72.390267][ T5315]  ? alloc_hugetlb_folio_reserve+0xbc/0xc0
[   72.392267][ T5315]  ? do_error_trap+0x1dc/0x2c0
[   72.393981][ T5315]  ? alloc_hugetlb_folio_reserve+0xbc/0xc0
[   72.396022][ T5315]  ? __pfx_do_error_trap+0x10/0x10
[   72.397717][ T5315]  ? report_bug+0x3cd/0x500
[   72.399322][ T5315]  ? handle_invalid_op+0x34/0x40
[   72.401146][ T5315]  ? alloc_hugetlb_folio_reserve+0xbc/0xc0
[   72.403110][ T5315]  ? exc_invalid_op+0x38/0x50
[   72.404801][ T5315]  ? asm_exc_invalid_op+0x1a/0x20
[   72.406457][ T5315]  ? alloc_hugetlb_folio_reserve+0x73/0xc0
[   72.408370][ T5315]  ? alloc_hugetlb_folio_reserve+0xbb/0xc0
[   72.410460][ T5315]  ? alloc_hugetlb_folio_reserve+0xbc/0xc0
[   72.412521][ T5315]  ? alloc_hugetlb_folio_reserve+0xbb/0xc0
[   72.414517][ T5315]  memfd_alloc_folio+0x1bd/0x370
[   72.416273][ T5315]  memfd_pin_folios+0xf10/0x1570
[   72.418088][ T5315]  ? __pfx_memfd_pin_folios+0x10/0x10
[   72.420007][ T5315]  ? __fget_files+0x2a/0x410
[   72.421550][ T5315]  ? __fget_files+0x395/0x410
[   72.423072][ T5315]  ? __fget_files+0x2a/0x410
[   72.424670][ T5315]  udmabuf_create+0x70e/0x10c0
[   72.426579][ T5315]  ? __pfx_udmabuf_create+0x10/0x10
[   72.428321][ T5315]  ? __might_fault+0xc6/0x120
[   72.429975][ T5315]  udmabuf_ioctl+0x301/0x4e0
[   72.431504][ T5315]  ? __pfx_udmabuf_ioctl+0x10/0x10
[   72.433317][ T5315]  ? __fget_files+0x2a/0x410
[   72.434857][ T5315]  ? __pfx_udmabuf_ioctl+0x10/0x10
[   72.436544][ T5315]  __se_sys_ioctl+0xf5/0x170
[   72.438142][ T5315]  do_syscall_64+0xf3/0x230
[   72.439748][ T5315]  ? clear_bhb_loop+0x35/0x90
[   72.441384][ T5315]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.443513][ T5315] RIP: 0033:0x7f77ab385d29
[   72.445066][ T5315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   72.451502][ T5315] RSP: 002b:00007f77ac12e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   72.454498][ T5315] RAX: ffffffffffffffda RBX: 00007f77ab575fa0 RCX: 00007f77ab385d29
[   72.456900][ T5315] RDX: 0000000020000040 RSI: 0000000040187542 RDI: 0000000000000006
[   72.459449][ T5315] RBP: 00007f77ab401b08 R08: 0000000000000000 R09: 0000000000000000
[   72.462129][ T5315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   72.465171][ T5315] R13: 0000000000000000 R14: 00007f77ab575fa0 R15: 00007fff748b7238
[   72.467930][ T5315]  </TASK>
[   72.469036][ T5315] Modules linked in:
[   72.470498][ T5315] ---[ end trace 0000000000000000 ]---
[   72.472457][ T5315] RIP: 0010:alloc_hugetlb_folio_reserve+0xbc/0xc0
[   72.474875][ T5315] Code: 1f eb 05 e8 56 18 a0 ff 48 c7 c7 40 56 61 8e e8 ba 21 cc 09 4c 89 f0 5b 41 5c 41 5e 41 5f 5d c3 cc cc cc cc e8 35 18 a0 ff 90 <0f> 0b 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f
[   72.481766][ T5315] RSP: 0018:ffffc9000d3d77f8 EFLAGS: 00010087
[   72.484008][ T5315] RAX: ffffffff81ff6beb RBX: 0000000000000000 RCX: 0000000000100000
[   72.486433][ T5315] RDX: ffffc9000e51a000 RSI: 00000000000003ec RDI: 00000000000003ed
[   72.489323][ T5315] RBP: 1ffffffff34810d9 R08: ffffffff81ff6ba3 R09: 1ffffd4000093005
[   72.492190][ T5315] R10: dffffc0000000000 R11: fffff94000093006 R12: dffffc0000000000
[   72.495011][ T5315] R13: dffffc0000000000 R14: ffffea0000498000 R15: ffffffff9a4086c8
[   72.497899][ T5315] FS:  00007f77ac12e6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   72.501216][ T5315] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   72.503491][ T5315] CR2: 00007f77ab54b170 CR3: 0000000040b70000 CR4: 0000000000352ef0
[   72.506209][ T5315] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   72.508826][ T5315] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   72.511306][ T5315] Kernel panic - not syncing: Fatal exception
[   72.513430][ T5315] Kernel Offset: disabled
[   72.514734][ T5315] Rebooting in 86400 seconds..