=============================
[ BUG: Invalid wait context ]
6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 Not tainted
-----------------------------
syz.0.0/5336 is trying to lock:
ffffc900019f7410 (&gpc->lock){....}-{3:3}, at: kvm_xen_set_evtchn_fast+0x1fb/0x9b0 arch/x86/kvm/xen.c:1820
other info that might help us debug this:
context-{2:2}
8 locks held by syz.0.0/5336:
 #0: ffff888054780278 (&c->state_lock){++++}-{4:4}, at: bch2_check_allocations+0xef/0x57b0 fs/bcachefs/btree_gc.c:1075
 #1: ffff8880547a6710 (&c->gc_lock){++++}-{4:4}, at: bch2_check_allocations+0x103/0x57b0 fs/bcachefs/btree_gc.c:1076
 #2: ffff888054784398 (&c->btree_trans_barrier){.+.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:161 [inline]
 #2: ffff888054784398 (&c->btree_trans_barrier){.+.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:253 [inline]
 #2: ffff888054784398 (&c->btree_trans_barrier){.+.+}-{0:0}, at: bch2_trans_srcu_lock+0xaf/0x220 fs/bcachefs/btree_iter.c:3299
 #3: ffff888052ae81b0 (bcachefs_btree){+.+.}-{0:0}, at: trans_set_locked fs/bcachefs/btree_locking.h:206 [inline]
 #3: ffff888052ae81b0 (bcachefs_btree){+.+.}-{0:0}, at: bch2_trans_begin+0xbe0/0x2310 fs/bcachefs/btree_iter.c:3403
 #4: ffff8880547e1358 (&c->fsck_error_msgs_lock){+.+.}-{4:4}, at: __bch2_fsck_err+0x3a3/0x1000 fs/bcachefs/error.c:504
 #5: ffffffff8e133360 (console_lock){+.+.}-{0:0}, at: bch2_print_string_as_lines+0x35/0x250 fs/bcachefs/util.c:275
 #6: ffffffff8e01ac30 (console_srcu){....}-{0:0}, at: rcu_try_lock_acquire include/linux/rcupdate.h:336 [inline]
 #6: ffffffff8e01ac30 (console_srcu){....}-{0:0}, at: srcu_read_lock_nmisafe include/linux/srcu.h:346 [inline]
 #6: ffffffff8e01ac30 (console_srcu){....}-{0:0}, at: console_srcu_read_lock kernel/printk/printk.c:288 [inline]
 #6: ffffffff8e01ac30 (console_srcu){....}-{0:0}, at: console_flush_all+0x13a/0xc40 kernel/printk/printk.c:3203
 #7: ffffc900019f7960 (&kvm->srcu){.?.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:161 [inline]
 #7: ffffc900019f7960 (&kvm->srcu){.?.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:253 [inline]
 #7: ffffc900019f7960 (&kvm->srcu){.?.+}-{0:0}, at: kvm_xen_set_evtchn_fast+0x1c3/0x9b0 arch/x86/kvm/xen.c:1818
stack backtrace:
CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <IRQ>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 print_lock_invalid_wait_context kernel/locking/lockdep.c:4833 [inline]
 check_wait_context kernel/locking/lockdep.c:4905 [inline]
 __lock_acquire+0xbcb/0xd20 kernel/locking/lockdep.c:5190
 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5871
 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
 _raw_read_lock_irqsave+0xaf/0x100 kernel/locking/spinlock.c:236
 kvm_xen_set_evtchn_fast+0x1fb/0x9b0 arch/x86/kvm/xen.c:1820
 xen_timer_callback+0x109/0x220 arch/x86/kvm/xen.c:140
 __run_hrtimer kernel/time/hrtimer.c:1761 [inline]
 __hrtimer_run_queues+0x4e0/0xc60 kernel/time/hrtimer.c:1825
 hrtimer_interrupt+0x45b/0xaa0 kernel/time/hrtimer.c:1887
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1039 [inline]
 __sysvec_apic_timer_interrupt+0x108/0x410 arch/x86/kernel/apic/apic.c:1056
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1050
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:console_flush_all+0x7f7/0xc40 kernel/printk/printk.c:3227
Code: 48 21 c3 0f 85 e9 01 00 00 e8 55 f0 1e 00 48 8b 5c 24 20 4d 85 f6 75 07 e8 46 f0 1e 00 eb 06 e8 3f f0 1e 00 fb 48 8b 44 24 28 <42> 80 3c 20 00 74 08 48 89 df e8 ca 70 82 00 48 8b 1b 48 8b 44 24
RSP: 0018:ffffc9000d6ae120 EFLAGS: 00000287
RAX: 1ffffffff1d36b3f RBX: ffffffff8e9b59f8 RCX: 0000000000100000
RDX: ffffc9000dfa2000 RSI: 000000000008e0a5 RDI: 000000000008e0a6
RBP: ffffc9000d6ae270 R08: ffffffff8fa1fbf7 R09: 1ffffffff1f43f7e
R10: dffffc0000000000 R11: fffffbfff1f43f7f R12: dffffc0000000000
R13: 0000000000000001 R14: 0000000000000200 R15: ffffffff8e9b59a0
 __console_flush_and_unlock kernel/printk/printk.c:3285 [inline]
 console_unlock+0xc4/0x270 kernel/printk/printk.c:3325
 __bch2_fsck_err+0xb99/0x1000 fs/bcachefs/error.c:618
 bch2_check_fix_ptr fs/bcachefs/buckets.c:146 [inline]
 bch2_check_fix_ptrs+0x1c4f/0x6350 fs/bcachefs/buckets.c:291
 bch2_trigger_extent+0x7ef/0x960 fs/bcachefs/buckets.c:902
 bch2_key_trigger fs/bcachefs/bkey_methods.h:88 [inline]
 bch2_gc_mark_key+0x531/0xd30 fs/bcachefs/btree_gc.c:691
 bch2_gc_btree fs/bcachefs/btree_gc.c:758 [inline]
 bch2_gc_btrees fs/bcachefs/btree_gc.c:792 [inline]
 bch2_check_allocations+0x2141/0x57b0 fs/bcachefs/btree_gc.c:1094
 bch2_run_recovery_pass fs/bcachefs/recovery_passes.c:484 [inline]
 __bch2_run_recovery_passes+0x395/0x1010 fs/bcachefs/recovery_passes.c:539
 bch2_run_recovery_passes+0x184/0x210 fs/bcachefs/recovery_passes.c:610
 bch2_fs_recovery+0x2690/0x3a50 fs/bcachefs/recovery.c:1016
 bch2_fs_start+0xaaf/0xda0 fs/bcachefs/super.c:1213
 bch2_fs_get_tree+0xb39/0x1520 fs/bcachefs/fs.c:2488
 vfs_get_tree+0x92/0x2b0 fs/super.c:1804
 do_new_mount+0x24a/0xa40 fs/namespace.c:3902
 do_mount fs/namespace.c:4239 [inline]
 __do_sys_mount fs/namespace.c:4450 [inline]
 __se_sys_mount+0x317/0x410 fs/namespace.c:4427
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7feab7b9014a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007feab8a98e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007feab8a98ef0 RCX: 00007feab7b9014a
RDX: 000020000000fec0 RSI: 000020000000ff00 RDI: 00007feab8a98eb0
RBP: 000020000000fec0 R08: 00007feab8a98ef0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000020000000ff00
R13: 00007feab8a98eb0 R14: 000000000000fe88 R15: 000020000000ff40
 </TASK>
----------------
Code disassembly (best guess):
   0:	48 21 c3             	and    %rax,%rbx
   3:	0f 85 e9 01 00 00    	jne    0x1f2
   9:	e8 55 f0 1e 00       	call   0x1ef063
   e:	48 8b 5c 24 20       	mov    0x20(%rsp),%rbx
  13:	4d 85 f6             	test   %r14,%r14
  16:	75 07                	jne    0x1f
  18:	e8 46 f0 1e 00       	call   0x1ef063
  1d:	eb 06                	jmp    0x25
  1f:	e8 3f f0 1e 00       	call   0x1ef063
  24:	fb                   	sti
  25:	48 8b 44 24 28       	mov    0x28(%rsp),%rax
* 2a:	42 80 3c 20 00       	cmpb   $0x0,(%rax,%r12,1) <-- trapping instruction
  2f:	74 08                	je     0x39
  31:	48 89 df             	mov    %rbx,%rdi
  34:	e8 ca 70 82 00       	call   0x827103
  39:	48 8b 1b             	mov    (%rbx),%rbx
  3c:	48                   	rex.W
  3d:	8b                   	.byte 0x8b
  3e:	44                   	rex.R
  3f:	24                   	.byte 0x24