program:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000040)={0x1, 0x0, [{0x3, 0x5, 0x0, 0x0, @adapter={0x5, 0x7fffffffffffffff, 0x8000000000000001, 0x80, 0x3}}]})
ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000000)={0x3, 0x8248})

[   75.787393][ T5317] Bluetooth: hci0: command tx timeout
[   75.868171][ T5339] ------------[ cut here ]------------
[   75.870672][ T5339] WARNING: arch/x86/kvm/../../../virt/kvm/pfncache.c:267 at __kvm_gpc_refresh+0x1187/0x1310, CPU#0: syz.0.0/5339
[   75.876101][ T5339] Modules linked in:
[   75.877743][ T5339] CPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.880612][ T5339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.885301][ T5339] RIP: 0010:__kvm_gpc_refresh+0x1187/0x1310
[   75.887661][ T5339] Code: c6 05 ec ff 2b 0e 01 48 c7 c7 a8 51 78 8d be 35 04 00 00 48 c7 c2 80 f2 61 8b e8 64 fa 5d 00 e9 fe f1 ff ff e8 9a c9 80 00 90 <0f> 0b 90 bb ea ff ff ff e9 7e fe ff ff e8 87 c9 80 00 90 0f 0b 90
[   75.895949][ T5339] RSP: 0018:ffffc9000e58f600 EFLAGS: 00010283
[   75.898601][ T5339] RAX: ffffffff81403dc6 RBX: ffff888000000000 RCX: 0000000000100000
[   75.903977][ T5339] RDX: ffffc90020ce2000 RSI: 000000000000036d RDI: 000000000000036e
[   75.907591][ T5339] RBP: ffffc9000e58f790 R08: ffffffff8f824677 R09: 1ffffffff1f048ce
[   75.911354][ T5339] R10: dffffc0000000000 R11: fffffbfff1f048cf R12: ffff888042fcd290
[   75.915309][ T5339] R13: dffffc0000000000 R14: ffff888000000000 R15: ffffffffffffff01
[   75.919075][ T5339] FS:  00007f9647e696c0(0000) GS:ffff88808d414000(0000) knlGS:0000000000000000
[   75.923023][ T5339] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   75.926061][ T5339] CR2: 00007f96471de0a8 CR3: 0000000044301000 CR4: 0000000000352ef0
[   75.929383][ T5339] Call Trace:
[   75.930869][ T5339]  <TASK>
[   75.932130][ T5339]  ? kvm_xen_set_evtchn_fast+0x1fb/0x9b0
[   75.934629][ T5339]  ? lock_acquire+0x107/0x340
[   75.936680][ T5339]  ? kvm_gpc_refresh+0x31/0x140
[   75.938736][ T5339]  ? __pfx___kvm_gpc_refresh+0x10/0x10
[   75.941003][ T5339]  ? kvm_xen_set_evtchn+0x138/0x230
[   75.942882][ T5339]  kvm_gpc_refresh+0xe1/0x140
[   75.944753][ T5339]  ? kvm_xen_set_evtchn+0x138/0x230
[   75.946823][ T5339]  kvm_xen_set_evtchn+0x164/0x230
[   75.948986][ T5339]  ? __pfx_evtchn_set_fn+0x10/0x10
[   75.951222][ T5339]  kvm_set_irq+0x260/0x4e0
[   75.953214][ T5339]  ? __pfx_kvm_set_irq+0x10/0x10
[   75.955593][ T5339]  ? __pfx_evtchn_set_fn+0x10/0x10
[   75.957968][ T5339]  kvm_vm_ioctl_irq_line+0x8c/0x130
[   75.960286][ T5339]  kvm_vm_ioctl+0x88d/0xc60
[   75.962953][ T5339]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[   75.965613][ T5339]  ? kasan_quarantine_put+0xbb/0x1f0
[   75.968038][ T5339]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[   75.970586][ T5339]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[   75.973071][ T5339]  ? do_vfs_ioctl+0xbe8/0x1430
[   75.975445][ T5339]  ? __pfx_do_vfs_ioctl+0x10/0x10
[   75.977597][ T5339]  ? do_futex+0x395/0x420
[   75.979523][ T5339]  ? __fget_files+0x2a/0x420
[   75.981654][ T5339]  ? __fget_files+0x2a/0x420
[   75.983950][ T5339]  ? __fget_files+0x3a0/0x420
[   75.986103][ T5339]  ? __fget_files+0x2a/0x420
[   75.988292][ T5339]  ? bpf_lsm_file_ioctl+0x9/0x20
[   75.990577][ T5339]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[   75.992777][ T5339]  __se_sys_ioctl+0xfc/0x170
[   75.994973][ T5339]  do_syscall_64+0xec/0xf80
[   75.997060][ T5339]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.999755][ T5339]  ? trace_irq_disable+0x37/0x100
[   76.002099][ T5339]  ? clear_bhb_loop+0x60/0xb0
[   76.004327][ T5339]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.006887][ T5339] RIP: 0033:0x7f9646f8f7c9
[   76.008915][ T5339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.017115][ T5339] RSP: 002b:00007f9647e69038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   76.021029][ T5339] RAX: ffffffffffffffda RBX: 00007f96471e5fa0 RCX: 00007f9646f8f7c9
[   76.024565][ T5339] RDX: 0000200000000000 RSI: 00000000c008ae67 RDI: 0000000000000004
[   76.028243][ T5339] RBP: 00007f9647013f91 R08: 0000000000000000 R09: 0000000000000000
[   76.031938][ T5339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.035612][ T5339] R13: 00007f96471e6038 R14: 00007f96471e5fa0 R15: 00007ffce1ae83d8
[   76.039244][ T5339]  </TASK>
[   76.040729][ T5339] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   76.043924][ T5339] CPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   76.047845][ T5339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.052518][ T5339] Call Trace:
[   76.054037][ T5339]  <TASK>
[   76.055440][ T5339]  vpanic+0x1e0/0x670
[   76.057341][ T5339]  panic+0xb9/0xc0
[   76.059077][ T5339]  ? __pfx_panic+0x10/0x10
[   76.061087][ T5339]  __warn+0x317/0x4b0
[   76.062929][ T5339]  ? __kvm_gpc_refresh+0x1187/0x1310
[   76.065346][ T5339]  ? __kvm_gpc_refresh+0x1187/0x1310
[   76.067725][ T5339]  __report_bug+0x288/0x500
[   76.069802][ T5339]  ? check_noncircular+0xda/0x150
[   76.072029][ T5339]  ? __kvm_gpc_refresh+0x1187/0x1310
[   76.074408][ T5339]  ? __pfx___report_bug+0x10/0x10
[   76.076700][ T5339]  ? __kvm_gpc_refresh+0x1187/0x1310
[   76.078956][ T5339]  report_bug+0x16a/0x220
[   76.080800][ T5339]  ? __kvm_gpc_refresh+0x1187/0x1310
[   76.083045][ T5339]  ? __kvm_gpc_refresh+0x1189/0x1310
[   76.085270][ T5339]  handle_bug+0x98/0x200
[   76.087130][ T5339]  exc_invalid_op+0x1a/0x50
[   76.089135][ T5339]  asm_exc_invalid_op+0x1a/0x20
[   76.091224][ T5339] RIP: 0010:__kvm_gpc_refresh+0x1187/0x1310
[   76.093768][ T5339] Code: c6 05 ec ff 2b 0e 01 48 c7 c7 a8 51 78 8d be 35 04 00 00 48 c7 c2 80 f2 61 8b e8 64 fa 5d 00 e9 fe f1 ff ff e8 9a c9 80 00 90 <0f> 0b 90 bb ea ff ff ff e9 7e fe ff ff e8 87 c9 80 00 90 0f 0b 90
[   76.101857][ T5339] RSP: 0018:ffffc9000e58f600 EFLAGS: 00010283
[   76.104434][ T5339] RAX: ffffffff81403dc6 RBX: ffff888000000000 RCX: 0000000000100000
[   76.107968][ T5339] RDX: ffffc90020ce2000 RSI: 000000000000036d RDI: 000000000000036e
[   76.111601][ T5339] RBP: ffffc9000e58f790 R08: ffffffff8f824677 R09: 1ffffffff1f048ce
[   76.114998][ T5339] R10: dffffc0000000000 R11: fffffbfff1f048cf R12: ffff888042fcd290
[   76.118645][ T5339] R13: dffffc0000000000 R14: ffff888000000000 R15: ffffffffffffff01
[   76.122336][ T5339]  ? __kvm_gpc_refresh+0x1186/0x1310
[   76.124800][ T5339]  ? kvm_xen_set_evtchn_fast+0x1fb/0x9b0
[   76.127400][ T5339]  ? lock_acquire+0x107/0x340
[   76.129682][ T5339]  ? kvm_gpc_refresh+0x31/0x140
[   76.131894][ T5339]  ? __pfx___kvm_gpc_refresh+0x10/0x10
[   76.134427][ T5339]  ? kvm_xen_set_evtchn+0x138/0x230
[   76.136841][ T5339]  kvm_gpc_refresh+0xe1/0x140
[   76.138951][ T5339]  ? kvm_xen_set_evtchn+0x138/0x230
[   76.141258][ T5339]  kvm_xen_set_evtchn+0x164/0x230
[   76.143533][ T5339]  ? __pfx_evtchn_set_fn+0x10/0x10
[   76.145873][ T5339]  kvm_set_irq+0x260/0x4e0
[   76.147861][ T5339]  ? __pfx_kvm_set_irq+0x10/0x10
[   76.150193][ T5339]  ? __pfx_evtchn_set_fn+0x10/0x10
[   76.152627][ T5339]  kvm_vm_ioctl_irq_line+0x8c/0x130
[   76.155048][ T5339]  kvm_vm_ioctl+0x88d/0xc60
[   76.157170][ T5339]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[   76.159640][ T5339]  ? kasan_quarantine_put+0xbb/0x1f0
[   76.161995][ T5339]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[   76.164513][ T5339]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[   76.167032][ T5339]  ? do_vfs_ioctl+0xbe8/0x1430
[   76.169264][ T5339]  ? __pfx_do_vfs_ioctl+0x10/0x10
[   76.171516][ T5339]  ? do_futex+0x395/0x420
[   76.173344][ T5339]  ? __fget_files+0x2a/0x420
[   76.175346][ T5339]  ? __fget_files+0x2a/0x420
[   76.177476][ T5339]  ? __fget_files+0x3a0/0x420
[   76.179655][ T5339]  ? __fget_files+0x2a/0x420
[   76.181671][ T5339]  ? bpf_lsm_file_ioctl+0x9/0x20
[   76.183793][ T5339]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[   76.186067][ T5339]  __se_sys_ioctl+0xfc/0x170
[   76.188092][ T5339]  do_syscall_64+0xec/0xf80
[   76.190085][ T5339]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.192727][ T5339]  ? trace_irq_disable+0x37/0x100
[   76.194857][ T5339]  ? clear_bhb_loop+0x60/0xb0
[   76.196879][ T5339]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.199452][ T5339] RIP: 0033:0x7f9646f8f7c9
[   76.201356][ T5339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.209070][ T5339] RSP: 002b:00007f9647e69038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   76.212431][ T5339] RAX: ffffffffffffffda RBX: 00007f96471e5fa0 RCX: 00007f9646f8f7c9
[   76.216028][ T5339] RDX: 0000200000000000 RSI: 00000000c008ae67 RDI: 0000000000000004
[   76.219791][ T5339] RBP: 00007f9647013f91 R08: 0000000000000000 R09: 0000000000000000
[   76.223312][ T5339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.226853][ T5339] R13: 00007f96471e6038 R14: 00007f96471e5fa0 R15: 00007ffce1ae83d8
[   76.230352][ T5339]  </TASK>
[   76.232111][ T5339] Kernel Offset: disabled
[   76.234101][ T5339] Rebooting in 86400 seconds..