program:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000240)={0x2, 0xda0, 0x0, 0x0})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000240)={0x2, 0xda0, 0x0, 0x0}) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)

[   74.217205][ T5305] Bluetooth: hci0: command tx timeout
[   74.311000][ T5320] 
[   74.311982][ T5320] =============================
[   74.313824][ T5320] WARNING: suspicious RCU usage
[   74.315741][ T5320] 6.13.0-syzkaller-09585-gb4b0881156fb #0 Not tainted
[   74.318546][ T5320] -----------------------------
[   74.320478][ T5320] ./include/linux/kvm_host.h:1059 suspicious rcu_dereference_check() usage!
[   74.323764][ T5320] 
[   74.323764][ T5320] other info that might help us debug this:
[   74.323764][ T5320] 
[   74.327812][ T5320] 
[   74.327812][ T5320] rcu_scheduler_active = 2, debug_locks = 1
[   74.330866][ T5320] no locks held by syz.0.0/5320.
[   74.332708][ T5320] 
[   74.332708][ T5320] stack backtrace:
[   74.334897][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0
[   74.334912][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   74.334919][ T5320] Call Trace:
[   74.334925][ T5320]  <TASK>
[   74.334930][ T5320]  dump_stack_lvl+0x241/0x360
[   74.335031][ T5320]  ? __pfx_dump_stack_lvl+0x10/0x10
[   74.335042][ T5320]  ? __pfx__printk+0x10/0x10
[   74.335087][ T5320]  lockdep_rcu_suspicious+0x226/0x340
[   74.335106][ T5320]  kvm_vcpu_gfn_to_memslot+0x429/0x4c0
[   74.335125][ T5320]  kvm_vcpu_write_guest+0x7c/0x130
[   74.335139][ T5320]  kvm_xen_write_hypercall_page+0x50a/0x5f0
[   74.335158][ T5320]  ? __pfx_kvm_xen_write_hypercall_page+0x10/0x10
[   74.335179][ T5320]  kvm_set_msr_common+0x154/0x3b10
[   74.335190][ T5320]  ? kvm_clear_async_pf_completion_queue+0x3a7/0x3f0
[   74.335207][ T5320]  ? __pfx_lock_release+0x10/0x10
[   74.335220][ T5320]  ? __pfx_kvm_set_msr_common+0x10/0x10
[   74.335234][ T5320]  ? do_raw_spin_unlock+0x58/0x8b0
[   74.335248][ T5320]  vmx_set_msr+0x151d/0x26f0
[   74.335263][ T5320]  ? _raw_spin_unlock+0x28/0x50
[   74.335302][ T5320]  ? kvm_clear_async_pf_completion_queue+0x3a7/0x3f0
[   74.335319][ T5320]  kvm_vcpu_reset+0xbea/0x1740
[   74.335335][ T5320]  ? __pfx_kvm_vcpu_reset+0x10/0x10
[   74.335346][ T5320]  ? kvm_vcpu_after_set_cpuid+0x1277/0x1620
[   74.335369][ T5320]  kvm_arch_vcpu_create+0x8f4/0xa80
[   74.335387][ T5320]  kvm_vm_ioctl_create_vcpu+0x3d8/0x8b0
[   74.335405][ T5320]  kvm_vm_ioctl+0x7e2/0xd30
[   74.335418][ T5320]  ? mark_lock+0x9a/0x360
[   74.335434][ T5320]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[   74.335452][ T5320]  ? tomoyo_path_number_perm+0x206/0x860
[   74.335491][ T5320]  ? __pfx_lock_release+0x10/0x10
[   74.335505][ T5320]  ? tomoyo_path_number_perm+0x679/0x860
[   74.335518][ T5320]  ? tomoyo_path_number_perm+0x679/0x860
[   74.335532][ T5320]  ? tomoyo_path_number_perm+0x6f9/0x860
[   74.335543][ T5320]  ? __lock_acquire+0x1397/0x2100
[   74.335557][ T5320]  ? tomoyo_path_number_perm+0x206/0x860
[   74.335571][ T5320]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   74.335598][ T5320]  ? __fget_files+0x2a/0x410
[   74.335611][ T5320]  ? __fget_files+0x2a/0x410
[   74.335624][ T5320]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[   74.335638][ T5320]  __se_sys_ioctl+0xf5/0x170
[   74.335652][ T5320]  do_syscall_64+0xf3/0x230
[   74.335667][ T5320]  ? clear_bhb_loop+0x35/0x90
[   74.335683][ T5320]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.335697][ T5320] RIP: 0033:0x7f03d178cda9
[   74.335713][ T5320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   74.335722][ T5320] RSP: 002b:00007f03d2603038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   74.335734][ T5320] RAX: ffffffffffffffda RBX: 00007f03d19a5fa0 RCX: 00007f03d178cda9
[   74.335740][ T5320] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[   74.335746][ T5320] RBP: 00007f03d180e2a0 R08: 0000000000000000 R09: 0000000000000000
[   74.335753][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   74.335758][ T5320] R13: 0000000000000000 R14: 00007f03d19a5fa0 R15: 00007ffec9dffee8
[   74.335772][ T5320]  </TASK>