program: bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) getdents(0xffffffffffffffff, &(0x7f0000000380)=""/24, 0x18) getdents64(0xffffffffffffffff, 0xffffffffffffffff, 0x43) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x8, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0, 0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) eventfd(0x3fd) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) [ 58.111392][ T5335] [ 58.112348][ T5335] ============================= [ 58.114069][ T5335] [ BUG: Invalid wait context ] [ 58.115755][ T5335] 6.12.0-syzkaller-01892-g8f7c8b88bda4 #0 Not tainted [ 58.118533][ T5335] ----------------------------- [ 58.122407][ T5335] syz.0.0/5335 is trying to lock: [ 58.125325][ T5335] ffff88804331ea00 (&trie->lock){....}-{3:3}, at: trie_delete_elem+0x96/0x6a0 [ 58.129318][ T5335] other info that might help us debug this: [ 58.131537][ T5335] context-{5:5} [ 58.132823][ T5335] 2 locks held by syz.0.0/5335: [ 58.134573][ T5335] #0: ffff88801fc3ea98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 58.137960][ T5335] #1: ffffffff8e93c820 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run4+0x244/0x590 [ 58.141219][ T5335] stack backtrace: [ 58.142549][ T5335] CPU: 0 UID: 0 PID: 5335 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-01892-g8f7c8b88bda4 #0 [ 58.146269][ T5335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 58.150081][ T5335] Call Trace: [ 58.151223][ T5335] [ 58.152335][ T5335] dump_stack_lvl+0x241/0x360 [ 58.154249][ T5335] ? __pfx_dump_stack_lvl+0x10/0x10 [ 58.156524][ T5335] ? __pfx__printk+0x10/0x10 [ 58.158406][ T5335] __lock_acquire+0x15a8/0x2100 [ 58.160515][ T5335] lock_acquire+0x1ed/0x550 [ 58.161960][ T5335] ? trie_delete_elem+0x96/0x6a0 [ 58.163445][ T5335] ? __pfx_lock_acquire+0x10/0x10 [ 58.165214][ T5335] ? __lock_acquire+0x1397/0x2100 [ 58.167190][ T5335] _raw_spin_lock_irqsave+0xd5/0x120 [ 58.169237][ T5335] ? trie_delete_elem+0x96/0x6a0 [ 58.171027][ T5335] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 58.173172][ T5335] ? __pfx_lock_acquire+0x10/0x10 [ 58.175032][ T5335] ? sched_clock_cpu+0x76/0x490 [ 58.176908][ T5335] ? __pfx_lock_release+0x10/0x10 [ 58.178865][ T5335] trie_delete_elem+0x96/0x6a0 [ 58.180663][ T5335] ? __pfx___cant_migrate+0x10/0x10 [ 58.182685][ T5335] ? bpf_trace_run4+0x244/0x590 [ 58.184528][ T5335] bpf_prog_1c0c44170264bb34+0x46/0x4a [ 58.186560][ T5335] bpf_trace_run4+0x334/0x590 [ 58.188237][ T5335] ? __pfx_bpf_trace_run4+0x10/0x10 [ 58.190124][ T5335] ? psi_task_switch+0x41d/0x7a0 [ 58.191846][ T5335] ? psi_task_switch+0x41d/0x7a0 [ 58.193695][ T5335] __schedule+0x22bc/0x4c30 [ 58.195494][ T5335] ? __pfx___schedule+0x10/0x10 [ 58.197331][ T5335] ? __pfx_lock_release+0x10/0x10 [ 58.199202][ T5335] ? futex_wait_queue+0x27/0x1d0 [ 58.201044][ T5335] ? schedule+0x90/0x320 [ 58.202585][ T5335] schedule+0x14b/0x320 [ 58.204097][ T5335] ? futex_wait_queue+0x27/0x1d0 [ 58.205967][ T5335] futex_wait_queue+0x14e/0x1d0 [ 58.207826][ T5335] __futex_wait+0x17f/0x320 [ 58.209401][ T5335] ? __pfx___futex_wait+0x10/0x10 [ 58.211365][ T5335] ? __pfx_futex_wake_mark+0x10/0x10 [ 58.213376][ T5335] ? futex_hash+0x1e/0x1f0 [ 58.215105][ T5335] futex_wait+0x101/0x360 [ 58.216811][ T5335] ? __pfx_futex_wait+0x10/0x10 [ 58.218546][ T5335] ? __pfx___might_resched+0x10/0x10 [ 58.220460][ T5335] ? __might_fault+0xaa/0x120 [ 58.222208][ T5335] ? __pfx_lock_release+0x10/0x10 [ 58.224015][ T5335] do_futex+0x33b/0x560 [ 58.225569][ T5335] ? bpf_raw_tracepoint_open+0x18b/0x1f0 [ 58.227717][ T5335] ? __pfx_do_futex+0x10/0x10 [ 58.229493][ T5335] ? rcu_is_watching+0x15/0xb0 [ 58.231271][ T5335] ? __rseq_handle_notify_resume+0x34d/0x14d0 [ 58.233432][ T5335] __se_sys_futex+0x3f9/0x480 [ 58.235245][ T5335] ? __pfx___se_sys_futex+0x10/0x10 [ 58.237229][ T5335] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 58.239589][ T5335] ? do_syscall_64+0x100/0x230 [ 58.241391][ T5335] ? __x64_sys_futex+0x21/0xf0 [ 58.243238][ T5335] do_syscall_64+0xf3/0x230 [ 58.244864][ T5335] ? clear_bhb_loop+0x35/0x90 [ 58.246537][ T5335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.248779][ T5335] RIP: 0033:0x7fb45897e819 [ 58.250492][ T5335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 58.257527][ T5335] RSP: 002b:00007fb45980c0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 58.260562][ T5335] RAX: ffffffffffffffda RBX: 00007fb458b35fa8 RCX: 00007fb45897e819 [ 58.263552][ T5335] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb458b35fa8 [ 58.266405][ T5335] RBP: 00007fb458b35fa0 R08: 0000000000000000 R09: 0000000000000000 [ 58.269247][ T5335] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb458b35fac [ 58.272209][ T5335] R13: 0000000000000000 R14: 00007fff8748e9f0 R15: 00007fff8748ead8 [ 58.275123][ T5335] [ 58.391110][ T5322] Bluetooth: hci0: command tx timeout