program:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000001000000000000000000850000005300000095"], &(0x7f0000000040)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000080)="0c00547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)
close(r0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @empty, 0x4000006}, 0x1c)
listen(r2, 0x6)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r4 = accept(r0, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r6, 0x4038ae7a, &(0x7f0000000040)={0x2, 0x40000105, 0x0, 0x0})
r7 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r7, 0xc1105511, &(0x7f0000000040)={0x7, 0x3, 0x40, 0x10000, 'syz1\x00', 0x4000041})
perf_event_open(&(0x7f0000000600)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x8000ef, 0x1af1ed, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
recvmsg$unix(r8, &(0x7f00000004c0)={&(0x7f0000000180), 0x6e, &(0x7f0000000100)=[{&(0x7f00000006c0)=""/179, 0x33fe0}], 0x1}, 0x0)
sendmsg$inet(r9, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x4)
ioctl$KVM_SET_CPUID2(r11, 0x4048aecb, &(0x7f0000000080)=ANY=[@ANYBLOB='\a'])
ioctl$KVM_RUN(r11, 0xae80, 0x0)
r12 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r13=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000000)={'lo\x00', <r14=>0x0})
sendmsg$nl_route_sched(r12, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000540)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x3, {0x60, 0x0, 0x0, r14, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x6d, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x40000}}]}}]}, 0x48}}, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[], 0xfffffdef}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

[   75.298141][ T5302] Bluetooth: hci0: command tx timeout
[   75.535530][ T5323] ------------[ cut here ]------------
[   75.538360][ T5323] WARNING: CPU: 0 PID: 5323 at arch/x86/kvm/../../../virt/kvm/pfncache.c:267 __kvm_gpc_refresh+0x1187/0x1310
[   75.545639][ T5323] Modules linked in:
[   75.547820][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.552139][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.556795][ T5323] RIP: 0010:__kvm_gpc_refresh+0x1187/0x1310
[   75.559993][ T5323] Code: c6 05 74 4b 27 0e 01 48 c7 c7 74 e1 6f 8d be 35 04 00 00 48 c7 c2 40 ea 61 8b e8 d4 ce 5d 00 e9 fe f1 ff ff e8 8a 65 80 00 90 <0f> 0b 90 bb ea ff ff ff e9 7e fe ff ff e8 77 65 80 00 90 0f 0b 90
[   75.568804][ T5323] RSP: 0018:ffffc9000ede7340 EFLAGS: 00010283
[   75.571638][ T5323] RAX: ffffffff813fadc6 RBX: ffff888000000000 RCX: 0000000000100000
[   75.575000][ T5323] RDX: ffffc9000dd2a000 RSI: 0000000000000767 RDI: 0000000000000768
[   75.579009][ T5323] RBP: ffffc9000ede74c8 R08: ffffffff8f7d0f77 R09: 1ffffffff1efa1ee
[   75.582583][ T5323] R10: dffffc0000000000 R11: fffffbfff1efa1ef R12: ffff888051f1d3e0
[   75.586324][ T5323] R13: dffffc0000000000 R14: ffff888000000000 R15: ffffffffffffff01
[   75.590004][ T5323] FS:  00007f234185e6c0(0000) GS:ffff88808d72f000(0000) knlGS:0000000000000000
[   75.594693][ T5323] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   75.597778][ T5323] CR2: 0000200000034000 CR3: 0000000041ab5000 CR4: 0000000000352ef0
[   75.601451][ T5323] Call Trace:
[   75.602900][ T5323]  <TASK>
[   75.604312][ T5323]  ? _raw_read_unlock_irqrestore+0x85/0x110
[   75.607100][ T5323]  ? kvm_gpc_refresh+0x31/0x140
[   75.609402][ T5323]  ? __pfx___kvm_gpc_refresh+0x10/0x10
[   75.611949][ T5323]  ? kvm_xen_set_evtchn+0x138/0x230
[   75.614378][ T5323]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.617206][ T5323]  kvm_gpc_refresh+0xe1/0x140
[   75.620246][ T5323]  ? kvm_xen_set_evtchn+0x138/0x230
[   75.623117][ T5323]  kvm_xen_set_evtchn+0x164/0x230
[   75.625867][ T5323]  kvm_xen_inject_timer_irqs+0xfd/0x200
[   75.628936][ T5323]  vcpu_run+0xc2c/0x7040
[   75.630899][ T5323]  ? unwind_get_return_address+0x4d/0x90
[   75.633498][ T5323]  ? __pfx_vcpu_run+0x10/0x10
[   75.635743][ T5323]  ? kvm_arch_vcpu_ioctl_run+0x293/0x1cb0
[   75.639112][ T5323]  ? rcu_is_watching+0x15/0xb0
[   75.641430][ T5323]  kvm_arch_vcpu_ioctl_run+0x116c/0x1cb0
[   75.644163][ T5323]  ? check_path+0x21/0x40
[   75.646204][ T5323]  ? kvm_arch_vcpu_ioctl_run+0x293/0x1cb0
[   75.649113][ T5323]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[   75.651674][ T5323]  ? __lock_acquire+0xab9/0xd20
[   75.653824][ T5323]  kvm_vcpu_ioctl+0x95c/0xe90
[   75.656127][ T5323]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[   75.658709][ T5323]  ? __fget_files+0x2a/0x420
[   75.660890][ T5323]  ? __fget_files+0x3a0/0x420
[   75.663060][ T5323]  ? __fget_files+0x2a/0x420
[   75.665200][ T5323]  ? bpf_lsm_file_ioctl+0x9/0x20
[   75.667934][ T5323]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[   75.670916][ T5323]  __se_sys_ioctl+0xfc/0x170
[   75.672926][ T5323]  do_syscall_64+0xfa/0xfa0
[   75.675033][ T5323]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.677359][ T5323]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.680693][ T5323]  ? clear_bhb_loop+0x60/0xb0
[   75.682726][ T5323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.685241][ T5323] RIP: 0033:0x7f234098f749
[   75.687250][ T5323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.697194][ T5323] RSP: 002b:00007f234185e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   75.700996][ T5323] RAX: ffffffffffffffda RBX: 00007f2340be5fa0 RCX: 00007f234098f749
[   75.704295][ T5323] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 000000000000000f
[   75.707811][ T5323] RBP: 00007f2340a13f91 R08: 0000000000000000 R09: 0000000000000000
[   75.711400][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.714923][ T5323] R13: 00007f2340be6038 R14: 00007f2340be5fa0 R15: 00007ffe68946598
[   75.719187][ T5323]  </TASK>
[   75.720976][ T5323] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   75.724635][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.728384][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.733248][ T5323] Call Trace:
[   75.734752][ T5323]  <TASK>
[   75.736143][ T5323]  dump_stack_lvl+0x99/0x250
[   75.738274][ T5323]  ? __asan_memcpy+0x40/0x70
[   75.740283][ T5323]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.742574][ T5323]  ? __pfx__printk+0x10/0x10
[   75.744647][ T5323]  vpanic+0x237/0x6d0
[   75.746529][ T5323]  ? __pfx_vpanic+0x10/0x10
[   75.748466][ T5323]  panic+0xb9/0xc0
[   75.750042][ T5323]  ? __pfx_panic+0x10/0x10
[   75.752029][ T5323]  __warn+0x31b/0x4b0
[   75.753762][ T5323]  ? __kvm_gpc_refresh+0x1187/0x1310
[   75.756217][ T5323]  ? __kvm_gpc_refresh+0x1187/0x1310
[   75.758747][ T5323]  report_bug+0x2be/0x4f0
[   75.760793][ T5323]  ? __kvm_gpc_refresh+0x1187/0x1310
[   75.763296][ T5323]  ? __kvm_gpc_refresh+0x1187/0x1310
[   75.765715][ T5323]  ? __kvm_gpc_refresh+0x1189/0x1310
[   75.767994][ T5323]  handle_bug+0x84/0x160
[   75.769906][ T5323]  exc_invalid_op+0x1a/0x50
[   75.771890][ T5323]  asm_exc_invalid_op+0x1a/0x20
[   75.773999][ T5323] RIP: 0010:__kvm_gpc_refresh+0x1187/0x1310
[   75.776621][ T5323] Code: c6 05 74 4b 27 0e 01 48 c7 c7 74 e1 6f 8d be 35 04 00 00 48 c7 c2 40 ea 61 8b e8 d4 ce 5d 00 e9 fe f1 ff ff e8 8a 65 80 00 90 <0f> 0b 90 bb ea ff ff ff e9 7e fe ff ff e8 77 65 80 00 90 0f 0b 90
[   75.785044][ T5323] RSP: 0018:ffffc9000ede7340 EFLAGS: 00010283
[   75.788016][ T5323] RAX: ffffffff813fadc6 RBX: ffff888000000000 RCX: 0000000000100000
[   75.791738][ T5323] RDX: ffffc9000dd2a000 RSI: 0000000000000767 RDI: 0000000000000768
[   75.795230][ T5323] RBP: ffffc9000ede74c8 R08: ffffffff8f7d0f77 R09: 1ffffffff1efa1ee
[   75.798700][ T5323] R10: dffffc0000000000 R11: fffffbfff1efa1ef R12: ffff888051f1d3e0
[   75.802179][ T5323] R13: dffffc0000000000 R14: ffff888000000000 R15: ffffffffffffff01
[   75.805736][ T5323]  ? __kvm_gpc_refresh+0x1186/0x1310
[   75.808217][ T5323]  ? _raw_read_unlock_irqrestore+0x85/0x110
[   75.810918][ T5323]  ? kvm_gpc_refresh+0x31/0x140
[   75.813145][ T5323]  ? __pfx___kvm_gpc_refresh+0x10/0x10
[   75.816137][ T5323]  ? kvm_xen_set_evtchn+0x138/0x230
[   75.818658][ T5323]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.820819][ T5323]  kvm_gpc_refresh+0xe1/0x140
[   75.822854][ T5323]  ? kvm_xen_set_evtchn+0x138/0x230
[   75.825192][ T5323]  kvm_xen_set_evtchn+0x164/0x230
[   75.827381][ T5323]  kvm_xen_inject_timer_irqs+0xfd/0x200
[   75.829907][ T5323]  vcpu_run+0xc2c/0x7040
[   75.831675][ T5323]  ? unwind_get_return_address+0x4d/0x90
[   75.834180][ T5323]  ? __pfx_vcpu_run+0x10/0x10
[   75.836330][ T5323]  ? kvm_arch_vcpu_ioctl_run+0x293/0x1cb0
[   75.839299][ T5323]  ? rcu_is_watching+0x15/0xb0
[   75.841486][ T5323]  kvm_arch_vcpu_ioctl_run+0x116c/0x1cb0
[   75.843523][ T5323]  ? check_path+0x21/0x40
[   75.845168][ T5323]  ? kvm_arch_vcpu_ioctl_run+0x293/0x1cb0
[   75.847417][ T5323]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[   75.849974][ T5323]  ? __lock_acquire+0xab9/0xd20
[   75.851975][ T5323]  kvm_vcpu_ioctl+0x95c/0xe90
[   75.854245][ T5323]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[   75.856627][ T5323]  ? __fget_files+0x2a/0x420
[   75.858749][ T5323]  ? __fget_files+0x3a0/0x420
[   75.860974][ T5323]  ? __fget_files+0x2a/0x420
[   75.863119][ T5323]  ? bpf_lsm_file_ioctl+0x9/0x20
[   75.865331][ T5323]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[   75.867761][ T5323]  __se_sys_ioctl+0xfc/0x170
[   75.869919][ T5323]  do_syscall_64+0xfa/0xfa0
[   75.872120][ T5323]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.874671][ T5323]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.877246][ T5323]  ? clear_bhb_loop+0x60/0xb0
[   75.879565][ T5323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.882425][ T5323] RIP: 0033:0x7f234098f749
[   75.884463][ T5323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.893047][ T5323] RSP: 002b:00007f234185e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   75.896326][ T5323] RAX: ffffffffffffffda RBX: 00007f2340be5fa0 RCX: 00007f234098f749
[   75.900030][ T5323] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 000000000000000f
[   75.903470][ T5323] RBP: 00007f2340a13f91 R08: 0000000000000000 R09: 0000000000000000
[   75.907166][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.910679][ T5323] R13: 00007f2340be6038 R14: 00007f2340be5fa0 R15: 00007ffe68946598
[   75.914126][ T5323]  </TASK>
[   75.915860][ T5323] Kernel Offset: disabled
[   75.917707][ T5323] Rebooting in 86400 seconds..