program:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000b00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000b40)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_STATION(r3, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)={0x30, r4, 0x1, 0x70bd27, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_STA_FLAGS={0x8, 0x11, 0x0, 0x1, [@NL80211_STA_FLAG_ASSOCIATED={0x4}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x81}, 0x0)
syz_emit_ethernet(0x646, &(0x7f0000000800)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb6515", 0x610, 0x3a, 0xff, @dev, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x25, 0xe, "7db4000004ffa3b46521199ea778d105c24ab977edb940e63f49a7129f45462e5eecc39f468544e3c13aa9017ccd638e784912ef2c2589d0d45cf0ed4bbe909218459bcbeaf63697aef1702b895af582b2e3b5cd435f497d415f29c5d941df10c1ca58197441e0e9b3400d983b10420fa979a3"}, {0x0, 0x9, "1518a4a8a719ffe0621615f6d04dcae3360546cf06f20100ae1296931fd1d71c1f7e8f222b9ddc4e0bfb5e569a484353b785e79b4d8181cfffffff7f000000edb8ecd20000000000"}, {0x0, 0x4, "d429145c793e823829b4376332b2c98aee2dae3e1cb11adb2b381eb30650ac6c45f9"}, {0x0, 0xa2, "130c3826a2eaac43f1a6efc4f7772852ea05bff405aa28758ba53e0f2060e4e027f24bb723a5571d0da2ebeb3fe47f34e606cb39439e6ec04b1878646b773758e143f6be25d6965fcca35155fec3f970e2067f5db8a5de787eaf96b5957e6b988c02ae9fe26ec3118d9fdcca129d1269b290f687cde5b4eaba737c806335ca0d1e43697d144c6df4dc0d31e84004bc22e87b6e2daab5674479c76a1be360d309e7e7e5fa089032b331a3ceea18d92124681c0b78a0f1665ffcba0bee11950f6b4912bb302b3e648fad7ff4862ccc823e720fdb20af8ab0a6a09dfcdacf69923d60a0efeacf81e1e7e17db9547a4962bdec794c013af7210e54d43f3fe7da2f88c674f4cfd818f6a7461368bf62f1d5f98fd9394eb74bf0559f1c6b1ebec57dba007f143108ca4be3fa330cc21a411b0b7af23ebd9282be17fb702a5ca61650b283eec78e0280e4f2713b42bd4e3615c48c55c1abe5827601038109736f9c6b7242e7c9c917309397b864eedf5ca71db1debb609b6381b54955706017731319e0cc41083f99bd11da748b47d8715080899eb15caf19df36632b73bb22596b8e16186a2e51e277f8c78df609ca44a83914e8f7a8b053210573941b560ff8b114326678c6851c74596300b1c2a1ddc0af5b4cb5f15fa61e42214341368152275070973f3063f35fded9eeb535a0837783921dc2b705e0a0ceacca1882ff23813bc9199a9be39559c9f82a7452ce6113780cd7d26f532b72603afbfe994f5baf7257c9a33b9ac1ecd0b69da263daa9ac7e6a8d4400341926ed1f0c0e9086009c7945c0b255716f5b0dac45a9af480dc1f17beba2a2cddeafed29ecc91ce704895e28d0c46e639591c667a7f34500ea98ef557801dccf733fa61f3cf6740e40418745a42a738440ba9fc2ec415ba0fbf34800e6987b902302d552cf869eb350a9a862cd946f8285b03f03067dc9bae653dc701d97c7e6f7c1f0767624ac9e48b041c51697968b1e1733921270e569ac0b1ac7c25d00936ad05f14d67d3225d6a8cecd9fb63205ab14131e2e742977860e4a38ec056cda185aa357a059d0180056816a7902bdc0951253005099039bd945a6a4e525123cd4fcb8c5b335626464707fc21e92039b9190020eb9ef84c61cddede466a4c3ea2572927153997c33433ce9de0a7d2ed0b5fb0dce9cc6630bd0635a66be0cb490689169618184e896233d49b8f0e0717ae5d557333d54887ed8d983ee01091326af86e76583131104c66753efd58c32e499be23a05249b98e505c4c0237e2e70506fed29a33169d02b74ba5cbefad267e1107f4468e1144ece9656d35b88e405405fbb1438510f0395752c61e57e760de178a58a8da65040946656220817732fa0cd36189027287597cc5ebe709ca9d9a507babd39f1e56a37657326c7ffb654ce5e2773e92e99783e3152562a21a574f521022314da92315c13a6a696122b211e29a85e81ba7a8fb4dee770d1cacaa2fb02d5fb97676d6402513cccc770ff1a9b9d3b1454ff071d6ed6c4e84249607b64a034b8127893a00aac7ce06a0c2820f7084a8d8e61fc6868c0c2c74005af049ea328a94d5d4534aa99c49208a5f339dec460f5231d6a3e42e4b314c913da4d4127f3d8407e7edbbb044d2e034d6c14c0b86de30afe2d0b92bcaa10cb48c54576114ab1844e25eabc3a8c7906e917b052dfe31e110aaf94876488e3ef926f2d6e6cb635836cb11dbd146a83e2034b7d41ebdaa959f4f74444aceab064af4fb73b5ac964eca5e12834cc5c6d280855bc19c25ce7a5a3dd1a64c1fba0001ee7eebfd25e67ebb5ca47dd6c08543f96a01"}, {0x1f, 0x1, "cb38e54093d9"}]}}}}}}, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x8140aecc, &(0x7f0000000140)=@x86={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x3, 0x9, 0x8, 0x2, 0x0, 0x2, 0x0, 0x8})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r7, 0x4008ae6a, &(0x7f0000000280)={0x1, 0x0, [{0x3, 0x5, 0x0, 0x0, @adapter={0x5, 0x7fffffffffffffff, 0x8000000000000001, 0x80, 0x5}}]})
ioctl$KVM_IRQ_LINE_STATUS(r7, 0xc008ae67, &(0x7f0000000000)={0x3, 0x434})

[   74.126813][ T5336] Bluetooth: hci0: command tx timeout
[   74.248525][ T5359] ------------[ cut here ]------------
[   74.250567][ T5359] WARNING: CPU: 0 PID: 5359 at arch/x86/kvm/../../../virt/kvm/pfncache.c:267 __kvm_gpc_refresh+0x1187/0x1310
[   74.255611][ T5359] Modules linked in:
[   74.257848][ T5359] CPU: 0 UID: 0 PID: 5359 Comm: syz.0.0 Not tainted 6.17.0-rc2-syzkaller-00028-gbe48bcf004f9 #0 PREEMPT(full) 
[   74.263314][ T5359] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   74.267949][ T5359] RIP: 0010:__kvm_gpc_refresh+0x1187/0x1310
[   74.270547][ T5359] Code: c6 05 1e 0d 4d 0e 01 48 c7 c7 18 51 9a 8d be 25 04 00 00 48 c7 c2 c0 e8 81 8b e8 54 2a 5d 00 e9 fe f1 ff ff e8 8a 5f 7f 00 90 <0f> 0b 90 bb ea ff ff ff e9 7e fe ff ff e8 77 5f 7f 00 90 0f 0b 90
[   74.279221][ T5359] RSP: 0018:ffffc9000fe47600 EFLAGS: 00010287
[   74.281964][ T5359] RAX: ffffffff81405aa6 RBX: ffff888000000000 RCX: 0000000000100000
[   74.285799][ T5359] RDX: ffffc9000dd5a000 RSI: 00000000000003a2 RDI: 00000000000003a3
[   74.289745][ T5359] RBP: ffffc9000fe47790 R08: ffffffff8fa3a437 R09: 1ffffffff1f47486
[   74.293703][ T5359] R10: dffffc0000000000 R11: fffffbfff1f47487 R12: ffff8880361c93c0
[   74.297578][ T5359] R13: dffffc0000000000 R14: ffff888000000000 R15: ffffffffffffff01
[   74.301246][ T5359] FS:  00007fc265ff56c0(0000) GS:ffff88808d210000(0000) knlGS:0000000000000000
[   74.305268][ T5359] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   74.308319][ T5359] CR2: 00007ffcc122ccb4 CR3: 000000003f09f000 CR4: 0000000000352ef0
[   74.311753][ T5359] Call Trace:
[   74.313332][ T5359]  <TASK>
[   74.314790][ T5359]  ? rcu_is_watching+0x15/0xb0
[   74.317070][ T5359]  ? rcu_is_watching+0x15/0xb0
[   74.319262][ T5359]  ? kvm_gpc_refresh+0x31/0x140
[   74.321279][ T5359]  ? __pfx___kvm_gpc_refresh+0x10/0x10
[   74.323758][ T5359]  ? rcu_is_watching+0x15/0xb0
[   74.325927][ T5359]  ? lock_release+0x4b/0x3e0
[   74.328224][ T5359]  ? kvm_xen_set_evtchn+0x138/0x230
[   74.330545][ T5359]  ? rcu_is_watching+0x15/0xb0
[   74.332693][ T5359]  ? lock_acquire+0x5f/0x360
[   74.334796][ T5359]  kvm_gpc_refresh+0xe1/0x140
[   74.337012][ T5359]  ? kvm_xen_set_evtchn+0x138/0x230
[   74.339308][ T5359]  kvm_xen_set_evtchn+0x164/0x230
[   74.341520][ T5359]  ? __pfx_evtchn_set_fn+0x10/0x10
[   74.343439][ T5359]  kvm_set_irq+0x26d/0x500
[   74.345163][ T5359]  ? __pfx_kvm_set_irq+0x10/0x10
[   74.347219][ T5359]  ? __pfx_evtchn_set_fn+0x10/0x10
[   74.349135][ T5359]  ? rcu_is_watching+0x15/0xb0
[   74.350903][ T5359]  ? lock_release+0x4b/0x3e0
[   74.352597][ T5359]  ? __might_fault+0xb0/0x130
[   74.354296][ T5359]  kvm_vm_ioctl_irq_line+0x8c/0x130
[   74.356146][ T5359]  kvm_vm_ioctl+0x88d/0xc60
[   74.357837][ T5359]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[   74.359944][ T5359]  ? rcu_is_watching+0x15/0xb0
[   74.361803][ T5359]  ? rcu_is_watching+0x15/0xb0
[   74.363718][ T5359]  ? lock_release+0x4b/0x3e0
[   74.365671][ T5359]  ? tomoyo_path_number_perm+0x47a/0x5a0
[   74.368007][ T5359]  ? kfree+0x18e/0x440
[   74.369812][ T5359]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[   74.372218][ T5359]  ? do_vfs_ioctl+0xbe8/0x1430
[   74.374657][ T5359]  ? __pfx_do_vfs_ioctl+0x10/0x10
[   74.377125][ T5359]  ? __might_fault+0xb0/0x130
[   74.379271][ T5359]  ? lock_release+0x4b/0x3e0
[   74.381396][ T5359]  ? __fget_files+0x2a/0x420
[   74.383196][ T5359]  ? __fget_files+0x3a0/0x420
[   74.385112][ T5359]  ? __fget_files+0x2a/0x420
[   74.386895][ T5359]  ? bpf_lsm_file_ioctl+0x9/0x20
[   74.389028][ T5359]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[   74.391583][ T5359]  __se_sys_ioctl+0xf9/0x170
[   74.393798][ T5359]  do_syscall_64+0xfa/0x3b0
[   74.395938][ T5359]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.398764][ T5359]  ? clear_bhb_loop+0x60/0xb0
[   74.401041][ T5359]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.403672][ T5359] RIP: 0033:0x7fc269b8ebe9
[   74.405660][ T5359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   74.413887][ T5359] RSP: 002b:00007fc265ff5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   74.417381][ T5359] RAX: ffffffffffffffda RBX: 00007fc269db5fa0 RCX: 00007fc269b8ebe9
[   74.420769][ T5359] RDX: 0000200000000000 RSI: 00000000c008ae67 RDI: 0000000000000008
[   74.423945][ T5359] RBP: 00007fc269c11e19 R08: 0000000000000000 R09: 0000000000000000
[   74.427540][ T5359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   74.430933][ T5359] R13: 00007fc269db6038 R14: 00007fc269db5fa0 R15: 00007ffdcc010258
[   74.434119][ T5359]  </TASK>
[   74.435391][ T5359] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   74.438294][ T5359] CPU: 0 UID: 0 PID: 5359 Comm: syz.0.0 Not tainted 6.17.0-rc2-syzkaller-00028-gbe48bcf004f9 #0 PREEMPT(full) 
[   74.442916][ T5359] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   74.447492][ T5359] Call Trace:
[   74.448997][ T5359]  <TASK>
[   74.450451][ T5359]  dump_stack_lvl+0x99/0x250
[   74.452744][ T5359]  ? __asan_memcpy+0x40/0x70
[   74.454848][ T5359]  ? __pfx_dump_stack_lvl+0x10/0x10
[   74.457217][ T5359]  ? __pfx__printk+0x10/0x10
[   74.459047][ T5359]  vpanic+0x281/0x750
[   74.460673][ T5359]  ? __pfx__printk+0x10/0x10
[   74.462547][ T5359]  ? __pfx_vpanic+0x10/0x10
[   74.464437][ T5359]  ? is_bpf_text_address+0x26/0x2b0
[   74.466260][ T5359]  panic+0xb9/0xc0
[   74.467648][ T5359]  ? __pfx_panic+0x10/0x10
[   74.469252][ T5359]  __warn+0x31b/0x4b0
[   74.470807][ T5359]  ? __kvm_gpc_refresh+0x1187/0x1310
[   74.473096][ T5359]  ? __kvm_gpc_refresh+0x1187/0x1310
[   74.475127][ T5359]  report_bug+0x2be/0x4f0
[   74.476967][ T5359]  ? __kvm_gpc_refresh+0x1187/0x1310
[   74.479499][ T5359]  ? __kvm_gpc_refresh+0x1187/0x1310
[   74.481894][ T5359]  ? __kvm_gpc_refresh+0x1189/0x1310
[   74.484101][ T5359]  handle_bug+0x84/0x160
[   74.485908][ T5359]  exc_invalid_op+0x1a/0x50
[   74.487996][ T5359]  asm_exc_invalid_op+0x1a/0x20
[   74.490224][ T5359] RIP: 0010:__kvm_gpc_refresh+0x1187/0x1310
[   74.492827][ T5359] Code: c6 05 1e 0d 4d 0e 01 48 c7 c7 18 51 9a 8d be 25 04 00 00 48 c7 c2 c0 e8 81 8b e8 54 2a 5d 00 e9 fe f1 ff ff e8 8a 5f 7f 00 90 <0f> 0b 90 bb ea ff ff ff e9 7e fe ff ff e8 77 5f 7f 00 90 0f 0b 90
[   74.500356][ T5359] RSP: 0018:ffffc9000fe47600 EFLAGS: 00010287
[   74.502834][ T5359] RAX: ffffffff81405aa6 RBX: ffff888000000000 RCX: 0000000000100000
[   74.506224][ T5359] RDX: ffffc9000dd5a000 RSI: 00000000000003a2 RDI: 00000000000003a3
[   74.509747][ T5359] RBP: ffffc9000fe47790 R08: ffffffff8fa3a437 R09: 1ffffffff1f47486
[   74.513279][ T5359] R10: dffffc0000000000 R11: fffffbfff1f47487 R12: ffff8880361c93c0
[   74.516624][ T5359] R13: dffffc0000000000 R14: ffff888000000000 R15: ffffffffffffff01
[   74.520047][ T5359]  ? __kvm_gpc_refresh+0x1186/0x1310
[   74.522512][ T5359]  ? rcu_is_watching+0x15/0xb0
[   74.524762][ T5359]  ? rcu_is_watching+0x15/0xb0
[   74.526869][ T5359]  ? kvm_gpc_refresh+0x31/0x140
[   74.529125][ T5359]  ? __pfx___kvm_gpc_refresh+0x10/0x10
[   74.531568][ T5359]  ? rcu_is_watching+0x15/0xb0
[   74.533862][ T5359]  ? lock_release+0x4b/0x3e0
[   74.535960][ T5359]  ? kvm_xen_set_evtchn+0x138/0x230
[   74.538274][ T5359]  ? rcu_is_watching+0x15/0xb0
[   74.540496][ T5359]  ? lock_acquire+0x5f/0x360
[   74.542482][ T5359]  kvm_gpc_refresh+0xe1/0x140
[   74.544457][ T5359]  ? kvm_xen_set_evtchn+0x138/0x230
[   74.546538][ T5359]  kvm_xen_set_evtchn+0x164/0x230
[   74.548645][ T5359]  ? __pfx_evtchn_set_fn+0x10/0x10
[   74.550929][ T5359]  kvm_set_irq+0x26d/0x500
[   74.553018][ T5359]  ? __pfx_kvm_set_irq+0x10/0x10
[   74.555380][ T5359]  ? __pfx_evtchn_set_fn+0x10/0x10
[   74.557772][ T5359]  ? rcu_is_watching+0x15/0xb0
[   74.559749][ T5359]  ? lock_release+0x4b/0x3e0
[   74.561865][ T5359]  ? __might_fault+0xb0/0x130
[   74.563607][ T5359]  kvm_vm_ioctl_irq_line+0x8c/0x130
[   74.566012][ T5359]  kvm_vm_ioctl+0x88d/0xc60
[   74.568146][ T5359]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[   74.570467][ T5359]  ? rcu_is_watching+0x15/0xb0
[   74.572690][ T5359]  ? rcu_is_watching+0x15/0xb0
[   74.574915][ T5359]  ? lock_release+0x4b/0x3e0
[   74.577162][ T5359]  ? tomoyo_path_number_perm+0x47a/0x5a0
[   74.579800][ T5359]  ? kfree+0x18e/0x440
[   74.581691][ T5359]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[   74.584289][ T5359]  ? do_vfs_ioctl+0xbe8/0x1430
[   74.586534][ T5359]  ? __pfx_do_vfs_ioctl+0x10/0x10
[   74.588837][ T5359]  ? __might_fault+0xb0/0x130
[   74.591156][ T5359]  ? lock_release+0x4b/0x3e0
[   74.593580][ T5359]  ? __fget_files+0x2a/0x420
[   74.595907][ T5359]  ? __fget_files+0x3a0/0x420
[   74.598089][ T5359]  ? __fget_files+0x2a/0x420
[   74.600139][ T5359]  ? bpf_lsm_file_ioctl+0x9/0x20
[   74.602263][ T5359]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[   74.604438][ T5359]  __se_sys_ioctl+0xf9/0x170
[   74.606512][ T5359]  do_syscall_64+0xfa/0x3b0
[   74.608640][ T5359]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.611272][ T5359]  ? clear_bhb_loop+0x60/0xb0
[   74.613399][ T5359]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.615891][ T5359] RIP: 0033:0x7fc269b8ebe9
[   74.617881][ T5359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   74.626408][ T5359] RSP: 002b:00007fc265ff5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   74.630142][ T5359] RAX: ffffffffffffffda RBX: 00007fc269db5fa0 RCX: 00007fc269b8ebe9
[   74.633655][ T5359] RDX: 0000200000000000 RSI: 00000000c008ae67 RDI: 0000000000000008
[   74.637304][ T5359] RBP: 00007fc269c11e19 R08: 0000000000000000 R09: 0000000000000000
[   74.640921][ T5359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   74.644441][ T5359] R13: 00007fc269db6038 R14: 00007fc269db5fa0 R15: 00007ffdcc010258
[   74.647833][ T5359]  </TASK>
[   74.649607][ T5359] Kernel Offset: disabled
[   74.651510][ T5359] Rebooting in 86400 seconds..