program:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x4, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000000, 0x8}, 0x0, 0x0, 0x1, 0x4, 0x7ff, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x9)
r2 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r2, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000004200), 0x0, 0x0)
sendmmsg(r0, &(0x7f0000000640)=[{{&(0x7f0000000100)=@generic={0x26, "4477dd57218bbec56024c77cee104cf964209f38bb2c0b7a07be03d618a0bed63593028003698802c1013a8abeae439583b94efae569733a0591cabc7cba88c1177f2e0b0dff87222320fab6cb231cf0b8dace8f0fd712eb18533e9f79aff4533a6b6fac79343f662eb8c8aeba8c45dba74544cb011836c981ba8d8872e5"}, 0x80, &(0x7f0000000480)=[{&(0x7f0000000180)="0289bee28ee73a61ca5f7cdd8ee9f90537ab0cb900ebbd29c3", 0x19}, {&(0x7f00000001c0)="42a4f9ba3a1c95027aa3313140d0b3250a1710528a092868ac22ae149cc8610618a215019eba7ad44f06fa6d4e881b976d6e221f9425282973f647ed8ae7abdd97b39398081f33ef8a846016aa9d0608ea58de97070bb6488ab3da0e918e97bbacd1a5ef49d23fc6594722640c5ab3ee56d4d1d209b0d597458d2a4e78f7d3fc53783d1d352b2c6c9cfdb0d1649e9bc25130ab4b4d7473ce43257132314d4900140589dc94dd8b9f64870e5c0574bc5f8e994d4a5024970c0a0b2bff325dc86de9ec16a81e3059942c50ff33", 0xcc}, {&(0x7f0000000300)="52c64e4bb8aee21627529649cee258d802ebc8fe44b63a1db758123505326bde2934ced9ea86d497080d11b58a5c7cb73fa66b003a56fc94dc4e83a385eb0ce25db9840f72993d81ba8a05758f4c165bbc01a5f99366fd6da198f7ac3d48b3684ca349b305d34182af9fb593dab709824800a37608c45a8e90ddb541d8d40223884567046325d7f2c8ddb984acaee1f7bde14ec915a07c692840a25dc634a56c8e4cef4c65047019bb43ad5cd143c1b234763419fa56c697e799", 0xba}, {&(0x7f00000003c0)="47843a09bb36a06462c384e510b791502a0c55b099c4751fdd87cbcf9a1a311ee99930f8f8376555ab8bda2f3088ba08cfcf82f7a30577a56cdbe35c6c2fd2", 0x3f}, {&(0x7f0000000400)="aac2d20a8b4e644b3cd49bea54d64be2c090885950cbbb186a19e853d1d48c919c6d85a517f92a1fad57bce9dcf282edf49f40b4fde5f7865bba2c2e0c6b557f99a7", 0x42}], 0x5, &(0x7f0000000500)=[{0xb0, 0xaee6bd4967f23023, 0xfa, "00369825f4bcecce7de8e942ce244ad85c376346e9c4957e343622538435b02d85821b0c62b58e91231196d9175d3934e61132f9a9adb4d0148f7c9adf046652ce662d3f213e7fbbda6d6c0eeac47d610701d4f2a0531ec8e5164beeb7f98e95ab843061f0eb207e4469c23d1aab5a5f591fa39853ad207fef0bdee146ee27f361d2bc4ecea98496b20f6a70ce3cee30143f08775b7d2a94d056"}, {0x38, 0x109, 0xfffffff9, "af28ea51347653ecc66383bdd8cb74d88056417228ea967d4b9fc13efd3a1027c07a90b7d9d1"}, {0x48, 0x85cdf5bc6494d425, 0x3, "a59e3f2fe6ad3e5a860221d591b1720f81acd6b5be11deca46e2663e4c82388efe4d0a8f9266c5572d3ec91eed82930d2a57c1"}], 0x130}}], 0x1, 0x400c0a4)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
r3 = inotify_init1(0x0)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
fcntl$getownex(r3, 0x10, &(0x7f0000000040)={0x0, <r4=>0x0})
ptrace$setopts(0x4206, r4, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8923, &(0x7f0000000000)={'veth0_vlan\x00', @random="0163014010ff"})

[   89.030281][   T48] Bluetooth: hci0: command tx timeout
[   90.399099][ T5114] ------------[ cut here ]------------
[   90.402685][ T5114] kernel BUG at arch/x86/mm/physaddr.c:28!
[   90.405117][ T5114] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
[   90.407976][ T5114] CPU: 0 UID: 0 PID: 5114 Comm: syz.0.0 Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0
[   90.412233][ T5114] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   90.416678][ T5114] RIP: 0010:__phys_addr+0x162/0x170
[   90.419289][ T5114] Code: e8 23 e8 51 00 48 c7 c7 c0 86 7a 8e 4c 89 f6 4c 89 fa e8 f1 98 b1 03 e9 45 ff ff ff e8 07 e8 51 00 90 0f 0b e8 ff e7 51 00 90 <0f> 0b e8 f7 e7 51 00 90 0f 0b 0f 1f 40 00 90 90 90 90 90 90 90 90
[   90.427648][ T5114] RSP: 0018:ffffc9000179f4c0 EFLAGS: 00010283
[   90.430118][ T5114] RAX: ffffffff8142ff51 RBX: 0000000000000001 RCX: 0000000000040000
[   90.433148][ T5114] RDX: ffffc9000b8e9000 RSI: 00000000000074c7 RDI: 00000000000074c8
[   90.436054][ T5114] RBP: ffffc9000179f5e8 R08: ffffffff8142fe9c R09: 312e64313a30303a
[   90.438907][ T5114] R10: dffffc0000000000 R11: fffff91ffff8823d R12: ffffe8ffffc411a0
[   90.441908][ T5114] R13: dffffc0000000000 R14: 000040800d2d9000 R15: 000000000000002e
[   90.444999][ T5114] FS:  00007f4924f4a6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   90.448528][ T5114] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   90.451146][ T5114] CR2: 00007f49242b84c0 CR3: 0000000011bf4000 CR4: 0000000000352ef0
[   90.454259][ T5114] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   90.457356][ T5114] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   90.460498][ T5114] Call Trace:
[   90.461866][ T5114]  <TASK>
[   90.463082][ T5114]  ? __die_body+0x5f/0xb0
[   90.464870][ T5114]  ? die+0x9e/0xc0
[   90.466426][ T5114]  ? do_trap+0x15a/0x3a0
[   90.468132][ T5114]  ? __phys_addr+0x162/0x170
[   90.469957][ T5114]  ? do_error_trap+0x1dc/0x2c0
[   90.471792][ T5114]  ? __phys_addr+0x162/0x170
[   90.473670][ T5114]  ? __pfx_do_error_trap+0x10/0x10
[   90.475719][ T5114]  ? handle_invalid_op+0x34/0x40
[   90.478416][ T5114]  ? __phys_addr+0x162/0x170
[   90.480527][ T5114]  ? exc_invalid_op+0x38/0x50
[   90.482549][ T5114]  ? asm_exc_invalid_op+0x1a/0x20
[   90.484623][ T5114]  ? __phys_addr+0xac/0x170
[   90.486507][ T5114]  ? __phys_addr+0x161/0x170
[   90.488406][ T5114]  ? __phys_addr+0x162/0x170
[   90.490252][ T5114]  perf_trace_dma_alloc+0x3dd/0x620
[   90.492202][ T5114]  ? __pfx_perf_trace_dma_alloc+0x10/0x10
[   90.494596][ T5114]  dma_alloc_attrs+0x46c/0x4e0
[   90.496738][ T5114]  ? __pfx_dma_alloc_attrs+0x10/0x10
[   90.500098][ T5114]  ? usbdev_mmap+0x219/0x900
[   90.502891][ T5114]  ? __kmalloc_cache_noprof+0x19c/0x2c0
[   90.505157][ T5114]  ? hcd_buffer_alloc_pages+0x12b/0x190
[   90.507487][ T5114]  usbdev_mmap+0x247/0x900
[   90.509229][ T5114]  ? __pfx_usbdev_mmap+0x10/0x10
[   90.511199][ T5114]  mmap_region+0x1add/0x2990
[   90.513118][ T5114]  ? __pfx_mmap_region+0x10/0x10
[   90.515171][ T5114]  ? __pfx_lock_acquire+0x10/0x10
[   90.517335][ T5114]  ? mm_get_unmapped_area_vmflags+0xb9/0xf0
[   90.519932][ T5114]  ? bpf_lsm_mmap_addr+0x9/0x10
[   90.522247][ T5114]  ? security_mmap_addr+0x6f/0x250
[   90.524493][ T5114]  ? __get_unmapped_area+0x2ed/0x350
[   90.526691][ T5114]  do_mmap+0x8f0/0x1000
[   90.528300][ T5114]  ? __pfx_do_mmap+0x10/0x10
[   90.530055][ T5114]  ? __pfx_down_write_killable+0x10/0x10
[   90.532250][ T5114]  ? common_file_perm+0x1a6/0x210
[   90.534786][ T5114]  vm_mmap_pgoff+0x1dd/0x3d0
[   90.537729][ T5114]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[   90.540649][ T5114]  ? __fget_files+0x29/0x470
[   90.542446][ T5114]  ? __fget_files+0x3f3/0x470
[   90.544304][ T5114]  ? __fget_files+0x29/0x470
[   90.546124][ T5114]  ksys_mmap_pgoff+0x4eb/0x720
[   90.548019][ T5114]  ? __x64_sys_mmap+0x7f/0x140
[   90.549894][ T5114]  do_syscall_64+0xf3/0x230
[   90.551752][ T5114]  ? clear_bhb_loop+0x35/0x90
[   90.553831][ T5114]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.556306][ T5114] RIP: 0033:0x7f492417dff9
[   90.558398][ T5114] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   90.567056][ T5114] RSP: 002b:00007f4924f4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   90.570274][ T5114] RAX: ffffffffffffffda RBX: 00007f4924335f80 RCX: 00007f492417dff9
[   90.573405][ T5114] RDX: 0000000001000002 RSI: 0000000000400000 RDI: 0000000020000000
[   90.576665][ T5114] RBP: 00007f49241f0296 R08: 0000000000000006 R09: 0000000000000000
[   90.581048][ T5114] R10: 0000000000011012 R11: 0000000000000246 R12: 0000000000000000
[   90.584927][ T5114] R13: 0000000000000000 R14: 00007f4924335f80 R15: 00007ffc56f48d48
[   90.588078][ T5114]  </TASK>
[   90.589267][ T5114] Modules linked in:
[   90.591683][ T5114] ---[ end trace 0000000000000000 ]---
[   90.593809][ T5114] RIP: 0010:__phys_addr+0x162/0x170
[   90.595914][ T5114] Code: e8 23 e8 51 00 48 c7 c7 c0 86 7a 8e 4c 89 f6 4c 89 fa e8 f1 98 b1 03 e9 45 ff ff ff e8 07 e8 51 00 90 0f 0b e8 ff e7 51 00 90 <0f> 0b e8 f7 e7 51 00 90 0f 0b 0f 1f 40 00 90 90 90 90 90 90 90 90
[   90.604737][ T5114] RSP: 0018:ffffc9000179f4c0 EFLAGS: 00010283
[   90.607375][ T5114] RAX: ffffffff8142ff51 RBX: 0000000000000001 RCX: 0000000000040000
[   90.610848][ T5114] RDX: ffffc9000b8e9000 RSI: 00000000000074c7 RDI: 00000000000074c8
[   90.614221][ T5114] RBP: ffffc9000179f5e8 R08: ffffffff8142fe9c R09: 312e64313a30303a
[   90.617740][ T5114] R10: dffffc0000000000 R11: fffff91ffff8823d R12: ffffe8ffffc411a0
[   90.621541][ T5114] R13: dffffc0000000000 R14: 000040800d2d9000 R15: 000000000000002e
[   90.624541][ T5114] FS:  00007f4924f4a6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   90.628075][ T5114] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   90.631037][ T5114] CR2: 00007f49242b84c0 CR3: 0000000011bf4000 CR4: 0000000000352ef0
[   90.634782][ T5114] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   90.638168][ T5114] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   90.641406][ T5114] Kernel panic - not syncing: Fatal exception
[   90.644684][ T5114] Kernel Offset: disabled
[   90.647527][ T5114] Rebooting in 86400 seconds..