program: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xb, 0x8, 0xc, 0xffffbffb, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000810018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f00000002c0)={0x0, 0x5, &(0x7f0000001200)={&(0x7f0000001080)={0x38, 0x1403, 0x1, 0x700, 0x0, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'syzkaller0\x00'}}]}, 0x38}}, 0x0) [ 59.208871][ T5324] [ 59.210061][ T5324] ============================= [ 59.212543][ T5324] [ BUG: Invalid wait context ] [ 59.215994][ T5324] 6.12.0-syzkaller-01892-g8f7c8b88bda4 #0 Not tainted [ 59.220916][ T5324] ----------------------------- [ 59.223300][ T5324] syz.0.0/5324 is trying to lock: [ 59.225243][ T5324] ffff88803465da00 (&trie->lock){....}-{3:3}, at: trie_delete_elem+0x96/0x6a0 [ 59.228828][ T5324] other info that might help us debug this: [ 59.230947][ T5324] context-{5:5} [ 59.232188][ T5324] 2 locks held by syz.0.0/5324: [ 59.233864][ T5324] #0: ffff88801fc3ea98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 59.237223][ T5324] #1: ffffffff8e93c820 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run4+0x244/0x590 [ 59.240455][ T5324] stack backtrace: [ 59.241805][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-01892-g8f7c8b88bda4 #0 [ 59.245331][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 59.249404][ T5324] Call Trace: [ 59.250736][ T5324] [ 59.251897][ T5324] dump_stack_lvl+0x241/0x360 [ 59.253860][ T5324] ? __pfx_dump_stack_lvl+0x10/0x10 [ 59.255881][ T5324] ? __pfx__printk+0x10/0x10 [ 59.257652][ T5324] __lock_acquire+0x15a8/0x2100 [ 59.259535][ T5324] lock_acquire+0x1ed/0x550 [ 59.261318][ T5324] ? trie_delete_elem+0x96/0x6a0 [ 59.263271][ T5324] ? __pfx_lock_acquire+0x10/0x10 [ 59.265202][ T5324] ? __lock_acquire+0x1397/0x2100 [ 59.267180][ T5324] _raw_spin_lock_irqsave+0xd5/0x120 [ 59.269263][ T5324] ? trie_delete_elem+0x96/0x6a0 [ 59.271232][ T5324] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 59.273515][ T5324] ? __pfx_lock_acquire+0x10/0x10 [ 59.275424][ T5324] ? sched_clock_cpu+0x76/0x490 [ 59.277234][ T5324] ? __pfx_lock_release+0x10/0x10 [ 59.279171][ T5324] trie_delete_elem+0x96/0x6a0 [ 59.281045][ T5324] ? __pfx___cant_migrate+0x10/0x10 [ 59.283092][ T5324] ? bpf_trace_run4+0x244/0x590 [ 59.285029][ T5324] bpf_prog_5186c38a4019a4cb+0x4b/0x4f [ 59.286987][ T5324] bpf_trace_run4+0x334/0x590 [ 59.288916][ T5324] ? __pfx_bpf_trace_run4+0x10/0x10 [ 59.290948][ T5324] ? psi_task_switch+0x41d/0x7a0 [ 59.292824][ T5324] ? psi_task_switch+0x41d/0x7a0 [ 59.295069][ T5324] __schedule+0x22bc/0x4c30 [ 59.297311][ T5324] ? __pfx___schedule+0x10/0x10 [ 59.299513][ T5324] ? __pfx_lock_release+0x10/0x10 [ 59.301387][ T5324] ? futex_wait_queue+0x27/0x1d0 [ 59.303327][ T5324] ? schedule+0x90/0x320 [ 59.304944][ T5324] schedule+0x14b/0x320 [ 59.306516][ T5324] ? futex_wait_queue+0x27/0x1d0 [ 59.308432][ T5324] futex_wait_queue+0x14e/0x1d0 [ 59.310319][ T5324] __futex_wait+0x17f/0x320 [ 59.312174][ T5324] ? __pfx___futex_wait+0x10/0x10 [ 59.314104][ T5324] ? __pfx_futex_wake_mark+0x10/0x10 [ 59.316123][ T5324] ? futex_hash+0x1e/0x1f0 [ 59.317798][ T5324] futex_wait+0x101/0x360 [ 59.319399][ T5324] ? __pfx_futex_wait+0x10/0x10 [ 59.321244][ T5324] ? __pfx___might_resched+0x10/0x10 [ 59.323299][ T5324] ? __might_fault+0xaa/0x120 [ 59.325135][ T5324] ? __pfx_lock_release+0x10/0x10 [ 59.327077][ T5324] do_futex+0x33b/0x560 [ 59.328708][ T5324] ? bpf_raw_tracepoint_open+0x18b/0x1f0 [ 59.330870][ T5324] ? __pfx_do_futex+0x10/0x10 [ 59.332734][ T5324] ? rcu_is_watching+0x15/0xb0 [ 59.334631][ T5324] ? __rseq_handle_notify_resume+0x34d/0x14d0 [ 59.337591][ T5324] __se_sys_futex+0x3f9/0x480 [ 59.339541][ T5324] ? __pfx___se_sys_futex+0x10/0x10 [ 59.341511][ T5324] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 59.343972][ T5324] ? do_syscall_64+0x100/0x230 [ 59.345858][ T5324] ? __x64_sys_futex+0x21/0xf0 [ 59.347754][ T5324] do_syscall_64+0xf3/0x230 [ 59.349563][ T5324] ? clear_bhb_loop+0x35/0x90 [ 59.351413][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.353693][ T5324] RIP: 0033:0x7fbc17f7e819 [ 59.355435][ T5324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 59.362826][ T5324] RSP: 002b:00007fbc18e170e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 59.366241][ T5324] RAX: ffffffffffffffda RBX: 00007fbc18135fa8 RCX: 00007fbc17f7e819 [ 59.369316][ T5324] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fbc18135fa8 [ 59.372420][ T5324] RBP: 00007fbc18135fa0 R08: 0000000000000000 R09: 0000000000000000 [ 59.375455][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbc18135fac [ 59.378505][ T5324] R13: 0000000000000000 R14: 00007ffc86702f40 R15: 00007ffc86703028 [ 59.381543][ T5324] [ 59.386846][ T4673] Bluetooth: hci0: command tx timeout [ 59.398565][ T5324] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 59.403730][ T5324] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98