program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)={0x90, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x59, 0xe, {{{}, {}, @device_b, @device_b}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @void, @val={0x3, 0x1}, @void, @void, @val={0x5, 0x3}, @val={0x25, 0x3}, @val={0x2a, 0x1}, @void, @void, @val={0x72, 0x6}, @val={0x71, 0x7}, @val={0x76, 0x6}}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x971}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x90}}, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)={0x1c, r1, 0x5, 0x0, 0x0, {{0x5d}, {@val={0x8, 0x3, r4}, @void}}}, 0x1c}}, 0x0)
r5 = memfd_create(&(0x7f0000000480)='\xff\x00l\x1e\xa0</\x00\x8eO4._\x14zC\x8a\xe8\xe0u\xe0\xff\xf1\xb2\xfd\xf6nz\x05-]\xc2Vk\xaeky\xd3\x83\xe2\xc7\xd3\xe6M^\x98ox\x14\t\xe9Q1\x1dK\x9a\x045\xd37\xb22\xfdD(\xd2\xdd\xa0\xff\x0f\x00\x00\x00\x00\x00\x00v\n\xd8?]k\x14N\x18\xf4\xc2j\xed6g\xfd\xd2\xd4\xe3\x1f\xa6 \xa0\x8d\xb5\x9aE<2`]<\x8cR\xd69\x0fO\xbf\xc3\xbd\xb0\x96\x90\x91k\x86\x1a\x10\xd2\xf5\x8b\xfc\xf4\xd0[\x12\xf5+\x1aS\x02/Yx\xf2jJb\x97\x9c/\x1f5i\xc6\x861\x9a\xff\xc3\xe7\xbfU\xd5\xac\xccB=\x8f\xfd\x84\xeepQ\x93nn\x0f\xc6\xa9?\xad\x8b~\x96@i=G\x9ft\x1d\xcc\xc6Ys7\x7f\x8ehv\xd3$\x13s\xa0\xbfi\xfaFS\xa9=Xe\xf8tI\x15\x882\x8b\x8e-X\xb8\xf2\x9du\x15S^\xec\xce\xfaf$S\x9f\xe7Ed\n\x84\\ u\xd2\x16\xc1\xa5\xa0\xaa\xe8.i\xc8\x0e\vt\xe2\xf1lA\x93\xdd\xce\x8f$\x06v\xbe\xe7\x95nN\xc5\xaa\x1ev\xc6P\x9c\\G&y\x8bYA\xc3}\xd9\x86[\xb2\xf3\x0f\x90%\xcb\x81\xe8\xea\xbcs\x95\xe9\x8eXH\x19m\xdfOY\xf1E9-\xc8\xe7\x13^+(\x034\x82\xafiOO\x14\x8f^\x8c', 0x7)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0xa, 0x12, r5, 0x0)
fcntl$addseals(r5, 0x409, 0x2)
r6 = openat$udambuf(0xffffff9c, &(0x7f0000000000), 0x2)
ioctl$UDMABUF_CREATE(r6, 0x40187542, &(0x7f0000000040)={r5, 0x0, 0x0, 0x2000})

[   86.297077][ T5303] Bluetooth: hci0: command tx timeout
[   86.386345][ T5318] ------------[ cut here ]------------
[   86.388686][ T5318] kernel BUG at mm/hugetlb.c:2360!
[   86.390737][ T5318] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
[   86.393410][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT(full) 
[   86.397405][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.402012][ T5318] RIP: 0010:alloc_hugetlb_folio_reserve+0xc3/0xd0
[   86.404849][ T5318] Code: e8 e2 1b a4 ff 48 c7 c7 80 66 c1 8d e8 c6 f6 3c 09 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 be 1b a4 ff 90 <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90
[   86.412707][ T5318] RSP: 0018:ffffc9000d11f830 EFLAGS: 00010083
[   86.415179][ T5318] RAX: ffffffff821bb492 RBX: ffffffff99863468 RCX: 0000000000100000
[   86.418098][ T5318] RDX: ffffc9000dfa2000 RSI: 0000000000000397 RDI: 0000000000000398
[   86.421718][ T5318] RBP: 0000000000142cc0 R08: ffffea000047002f R09: 1ffffd400008e005
[   86.425095][ T5318] R10: dffffc0000000000 R11: fffff9400008e006 R12: dffffc0000000000
[   86.428562][ T5318] R13: 1ffffffff330c68d R14: ffffea0000470000 R15: 0000000000000000
[   86.431949][ T5318] FS:  00007f7903cbd6c0(0000) GS:ffff88808d6cb000(0000) knlGS:0000000000000000
[   86.435877][ T5318] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   86.438735][ T5318] CR2: 0000200000000000 CR3: 000000003db62000 CR4: 0000000000352ef0
[   86.442104][ T5318] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   86.445607][ T5318] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   86.449003][ T5318] Call Trace:
[   86.450498][ T5318]  <TASK>
[   86.451754][ T5318]  memfd_alloc_folio+0x1bf/0x380
[   86.453942][ T5318]  memfd_pin_folios+0xe9c/0x13d0
[   86.456064][ T5318]  ? lockdep_unlock+0x89/0x120
[   86.458210][ T5318]  ? __pfx_memfd_pin_folios+0x10/0x10
[   86.460365][ T5318]  ? lockdep_unlock+0x89/0x120
[   86.462046][ T5318]  ? shmem_mapping+0xd/0x50
[   86.463996][ T5318]  ? memfd_fcntl+0x239/0x630
[   86.465979][ T5318]  ? down_read+0x1ad/0x2e0
[   86.467693][ T5318]  udmabuf_create+0x7b5/0xf70
[   86.470190][ T5318]  ? __lock_acquire+0xaac/0xd20
[   86.472615][ T5318]  ? __pfx_udmabuf_create+0x10/0x10
[   86.474902][ T5318]  udmabuf_ioctl+0x1d1/0x2c0
[   86.477601][ T5318]  ? __pfx_udmabuf_ioctl+0x10/0x10
[   86.480614][ T5318]  ? __fget_files+0x3a0/0x420
[   86.482713][ T5318]  ? __fget_files+0x2a/0x420
[   86.484694][ T5318]  ? bpf_lsm_file_ioctl+0x9/0x20
[   86.486787][ T5318]  ? __pfx_udmabuf_ioctl+0x10/0x10
[   86.488975][ T5318]  __se_sys_ioctl+0xf9/0x170
[   86.490856][ T5318]  do_syscall_64+0xf6/0x210
[   86.492882][ T5318]  ? clear_bhb_loop+0x45/0xa0
[   86.494823][ T5318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.497715][ T5318] RIP: 0033:0x7f7902d8e969
[   86.499608][ T5318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   86.507714][ T5318] RSP: 002b:00007f7903cbd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   86.511339][ T5318] RAX: ffffffffffffffda RBX: 00007f7902fb5fa0 RCX: 00007f7902d8e969
[   86.515268][ T5318] RDX: 0000200000000040 RSI: 0000000040187542 RDI: 0000000000000006
[   86.518809][ T5318] RBP: 00007f7902e10ab1 R08: 0000000000000000 R09: 0000000000000000
[   86.521962][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.525089][ T5318] R13: 0000000000000000 R14: 00007f7902fb5fa0 R15: 00007ffdf8193068
[   86.528332][ T5318]  </TASK>
[   86.529563][ T5318] Modules linked in:
[   86.531147][ T5318] ---[ end trace 0000000000000000 ]---
[   86.533418][ T5318] RIP: 0010:alloc_hugetlb_folio_reserve+0xc3/0xd0
[   86.536082][ T5318] Code: e8 e2 1b a4 ff 48 c7 c7 80 66 c1 8d e8 c6 f6 3c 09 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 be 1b a4 ff 90 <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90
[   86.544241][ T5318] RSP: 0018:ffffc9000d11f830 EFLAGS: 00010083
[   86.547751][ T5318] RAX: ffffffff821bb492 RBX: ffffffff99863468 RCX: 0000000000100000
[   86.551176][ T5318] RDX: ffffc9000dfa2000 RSI: 0000000000000397 RDI: 0000000000000398
[   86.554655][ T5318] RBP: 0000000000142cc0 R08: ffffea000047002f R09: 1ffffd400008e005
[   86.558192][ T5318] R10: dffffc0000000000 R11: fffff9400008e006 R12: dffffc0000000000
[   86.561531][ T5318] R13: 1ffffffff330c68d R14: ffffea0000470000 R15: 0000000000000000
[   86.564900][ T5318] FS:  00007f7903cbd6c0(0000) GS:ffff88808d6cb000(0000) knlGS:0000000000000000
[   86.568702][ T5318] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   86.571470][ T5318] CR2: 0000200000000000 CR3: 000000003db62000 CR4: 0000000000352ef0
[   86.574792][ T5318] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   86.578124][ T5318] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   86.581318][ T5318] Kernel panic - not syncing: Fatal exception
[   86.584122][ T5318] Kernel Offset: disabled
[   86.585849][ T5318] Rebooting in 86400 seconds..