program:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000040)={0x2, 0x40000105, 0x0, 0x0})
r2 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r2, 0xc1105511, &(0x7f0000000040)={0x7, 0x3, 0x40, 0x10000, 'syz1\x00', 0x4000041})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_CPUID2(r4, 0x4048aecb, &(0x7f0000000080)=ANY=[@ANYBLOB='\a'])
ioctl$KVM_RUN(r4, 0xae80, 0x0)

[   76.139427][ T5299] Bluetooth: hci0: command tx timeout
[   76.306764][ T5319] ------------[ cut here ]------------
[   76.309405][ T5319] WARNING: CPU: 0 PID: 5319 at arch/x86/kvm/../../../virt/kvm/pfncache.c:267 __kvm_gpc_refresh+0x1187/0x1310
[   76.314233][ T5319] Modules linked in:
[   76.316719][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   76.320547][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.326215][ T5319] RIP: 0010:__kvm_gpc_refresh+0x1187/0x1310
[   76.329109][ T5319] Code: c6 05 64 48 27 0e 01 48 c7 c7 cd df 6f 8d be 35 04 00 00 48 c7 c2 40 ea 61 8b e8 c4 ce 5d 00 e9 fe f1 ff ff e8 8a 65 80 00 90 <0f> 0b 90 bb ea ff ff ff e9 7e fe ff ff e8 77 65 80 00 90 0f 0b 90
[   76.337935][ T5319] RSP: 0018:ffffc9000d587340 EFLAGS: 00010287
[   76.340861][ T5319] RAX: ffffffff813fadd6 RBX: ffff888000000000 RCX: 0000000000100000
[   76.344683][ T5319] RDX: ffffc9000e35a000 RSI: 0000000000000832 RDI: 0000000000000833
[   76.348812][ T5319] RBP: ffffc9000d5874c8 R08: ffffffff8f7d0c77 R09: 1ffffffff1efa18e
[   76.352984][ T5319] R10: dffffc0000000000 R11: fffffbfff1efa18f R12: ffff8880411ad3e0
[   76.357844][ T5319] R13: dffffc0000000000 R14: ffff888000000000 R15: ffffffffffffff01
[   76.361644][ T5319] FS:  00007fc3d2ef86c0(0000) GS:ffff88808d730000(0000) knlGS:0000000000000000
[   76.366564][ T5319] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   76.369889][ T5319] CR2: 00005565462e0660 CR3: 0000000011a39000 CR4: 0000000000352ef0
[   76.373311][ T5319] Call Trace:
[   76.374592][ T5319]  <TASK>
[   76.376017][ T5319]  ? _raw_read_unlock_irqrestore+0x85/0x110
[   76.379035][ T5319]  ? kvm_gpc_refresh+0x31/0x140
[   76.381630][ T5319]  ? __pfx___kvm_gpc_refresh+0x10/0x10
[   76.384127][ T5319]  ? kvm_xen_set_evtchn+0x138/0x230
[   76.386915][ T5319]  kvm_gpc_refresh+0xe1/0x140
[   76.389528][ T5319]  ? kvm_xen_set_evtchn+0x138/0x230
[   76.392053][ T5319]  kvm_xen_set_evtchn+0x164/0x230
[   76.394018][ T5319]  kvm_xen_inject_timer_irqs+0xfd/0x200
[   76.398546][ T5319]  vcpu_run+0xc2c/0x7040
[   76.400358][ T5319]  ? unwind_get_return_address+0x4d/0x90
[   76.403095][ T5319]  ? __pfx_vcpu_run+0x10/0x10
[   76.405232][ T5319]  ? kvm_arch_vcpu_ioctl_run+0x293/0x1cb0
[   76.408319][ T5319]  ? rcu_is_watching+0x15/0xb0
[   76.410755][ T5319]  kvm_arch_vcpu_ioctl_run+0x116c/0x1cb0
[   76.413476][ T5319]  ? check_path+0x21/0x40
[   76.415366][ T5319]  ? kvm_arch_vcpu_ioctl_run+0x293/0x1cb0
[   76.418201][ T5319]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[   76.420799][ T5319]  ? __lock_acquire+0xab9/0xd20
[   76.423044][ T5319]  kvm_vcpu_ioctl+0x95c/0xe90
[   76.425005][ T5319]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[   76.427354][ T5319]  ? __fget_files+0x2a/0x420
[   76.429426][ T5319]  ? __fget_files+0x3a0/0x420
[   76.431738][ T5319]  ? __fget_files+0x2a/0x420
[   76.434028][ T5319]  ? bpf_lsm_file_ioctl+0x9/0x20
[   76.436445][ T5319]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[   76.438729][ T5319]  __se_sys_ioctl+0xfc/0x170
[   76.440844][ T5319]  do_syscall_64+0xfa/0xfa0
[   76.443043][ T5319]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.445409][ T5319]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.448257][ T5319]  ? clear_bhb_loop+0x60/0xb0
[   76.450727][ T5319]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.454099][ T5319] RIP: 0033:0x7fc3d1f8f6c9
[   76.456456][ T5319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.464305][ T5319] RSP: 002b:00007fc3d2ef8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   76.468156][ T5319] RAX: ffffffffffffffda RBX: 00007fc3d21e5fa0 RCX: 00007fc3d1f8f6c9
[   76.471761][ T5319] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008
[   76.475214][ T5319] RBP: 00007fc3d2011f91 R08: 0000000000000000 R09: 0000000000000000
[   76.479606][ T5319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.483326][ T5319] R13: 00007fc3d21e6038 R14: 00007fc3d21e5fa0 R15: 00007ffd493ce408
[   76.486851][ T5319]  </TASK>
[   76.488257][ T5319] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   76.491440][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   76.495488][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.500797][ T5319] Call Trace:
[   76.502501][ T5319]  <TASK>
[   76.503968][ T5319]  dump_stack_lvl+0x99/0x250
[   76.505957][ T5319]  ? __asan_memcpy+0x40/0x70
[   76.508042][ T5319]  ? __pfx_dump_stack_lvl+0x10/0x10
[   76.510389][ T5319]  ? __pfx__printk+0x10/0x10
[   76.512505][ T5319]  vpanic+0x237/0x6d0
[   76.514446][ T5319]  ? __pfx_vpanic+0x10/0x10
[   76.516544][ T5319]  panic+0xb9/0xc0
[   76.518335][ T5319]  ? __pfx_panic+0x10/0x10
[   76.520443][ T5319]  __warn+0x31b/0x4b0
[   76.522353][ T5319]  ? __kvm_gpc_refresh+0x1187/0x1310
[   76.524730][ T5319]  ? __kvm_gpc_refresh+0x1187/0x1310
[   76.527125][ T5319]  report_bug+0x2be/0x4f0
[   76.529055][ T5319]  ? __kvm_gpc_refresh+0x1187/0x1310
[   76.531548][ T5319]  ? __kvm_gpc_refresh+0x1187/0x1310
[   76.534175][ T5319]  ? __kvm_gpc_refresh+0x1189/0x1310
[   76.536829][ T5319]  handle_bug+0x84/0x160
[   76.539070][ T5319]  exc_invalid_op+0x1a/0x50
[   76.541217][ T5319]  asm_exc_invalid_op+0x1a/0x20
[   76.543503][ T5319] RIP: 0010:__kvm_gpc_refresh+0x1187/0x1310
[   76.546115][ T5319] Code: c6 05 64 48 27 0e 01 48 c7 c7 cd df 6f 8d be 35 04 00 00 48 c7 c2 40 ea 61 8b e8 c4 ce 5d 00 e9 fe f1 ff ff e8 8a 65 80 00 90 <0f> 0b 90 bb ea ff ff ff e9 7e fe ff ff e8 77 65 80 00 90 0f 0b 90
[   76.554615][ T5319] RSP: 0018:ffffc9000d587340 EFLAGS: 00010287
[   76.557314][ T5319] RAX: ffffffff813fadd6 RBX: ffff888000000000 RCX: 0000000000100000
[   76.560824][ T5319] RDX: ffffc9000e35a000 RSI: 0000000000000832 RDI: 0000000000000833
[   76.564559][ T5319] RBP: ffffc9000d5874c8 R08: ffffffff8f7d0c77 R09: 1ffffffff1efa18e
[   76.568109][ T5319] R10: dffffc0000000000 R11: fffffbfff1efa18f R12: ffff8880411ad3e0
[   76.571859][ T5319] R13: dffffc0000000000 R14: ffff888000000000 R15: ffffffffffffff01
[   76.575103][ T5319]  ? __kvm_gpc_refresh+0x1186/0x1310
[   76.577528][ T5319]  ? _raw_read_unlock_irqrestore+0x85/0x110
[   76.580526][ T5319]  ? kvm_gpc_refresh+0x31/0x140
[   76.582592][ T5319]  ? __pfx___kvm_gpc_refresh+0x10/0x10
[   76.584869][ T5319]  ? kvm_xen_set_evtchn+0x138/0x230
[   76.587000][ T5319]  kvm_gpc_refresh+0xe1/0x140
[   76.588999][ T5319]  ? kvm_xen_set_evtchn+0x138/0x230
[   76.591272][ T5319]  kvm_xen_set_evtchn+0x164/0x230
[   76.593485][ T5319]  kvm_xen_inject_timer_irqs+0xfd/0x200
[   76.595864][ T5319]  vcpu_run+0xc2c/0x7040
[   76.597839][ T5319]  ? unwind_get_return_address+0x4d/0x90
[   76.600563][ T5319]  ? __pfx_vcpu_run+0x10/0x10
[   76.602894][ T5319]  ? kvm_arch_vcpu_ioctl_run+0x293/0x1cb0
[   76.605354][ T5319]  ? rcu_is_watching+0x15/0xb0
[   76.607362][ T5319]  kvm_arch_vcpu_ioctl_run+0x116c/0x1cb0
[   76.609801][ T5319]  ? check_path+0x21/0x40
[   76.611594][ T5319]  ? kvm_arch_vcpu_ioctl_run+0x293/0x1cb0
[   76.613983][ T5319]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[   76.616685][ T5319]  ? __lock_acquire+0xab9/0xd20
[   76.619422][ T5319]  kvm_vcpu_ioctl+0x95c/0xe90
[   76.622333][ T5319]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[   76.625804][ T5319]  ? __fget_files+0x2a/0x420
[   76.628320][ T5319]  ? __fget_files+0x3a0/0x420
[   76.630618][ T5319]  ? __fget_files+0x2a/0x420
[   76.632644][ T5319]  ? bpf_lsm_file_ioctl+0x9/0x20
[   76.634799][ T5319]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[   76.636991][ T5319]  __se_sys_ioctl+0xfc/0x170
[   76.638961][ T5319]  do_syscall_64+0xfa/0xfa0
[   76.641055][ T5319]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.643402][ T5319]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.646122][ T5319]  ? clear_bhb_loop+0x60/0xb0
[   76.648183][ T5319]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.650674][ T5319] RIP: 0033:0x7fc3d1f8f6c9
[   76.652735][ T5319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.661074][ T5319] RSP: 002b:00007fc3d2ef8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   76.664540][ T5319] RAX: ffffffffffffffda RBX: 00007fc3d21e5fa0 RCX: 00007fc3d1f8f6c9
[   76.667977][ T5319] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008
[   76.671561][ T5319] RBP: 00007fc3d2011f91 R08: 0000000000000000 R09: 0000000000000000
[   76.675408][ T5319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.678976][ T5319] R13: 00007fc3d21e6038 R14: 00007fc3d21e5fa0 R15: 00007ffd493ce408
[   76.682800][ T5319]  </TASK>
[   76.684667][ T5319] Kernel Offset: disabled
[   76.686742][ T5319] Rebooting in 86400 seconds..