program:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x16, 0x0, 0x80, 0xff, 0x0, 0x1, 0x80, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
recvmsg$unix(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000000)={r0, 0x0, 0x0}, 0x20)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[], 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0xd, 0x4, 0x4, 0xbd, 0x1, r1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={r2, &(0x7f0000000580), 0x20000000}, 0x20)
close(r0)
bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000300)={r2, &(0x7f0000000240), 0x0}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)

[   59.334003][ T5325] 
[   59.334924][ T5325] =============================
[   59.337601][ T5325] [ BUG: Invalid wait context ]
[   59.341485][ T5325] 6.12.0-syzkaller-01892-g8f7c8b88bda4 #0 Not tainted
[   59.345813][ T5325] -----------------------------
[   59.347866][ T5325] syz.0.0/5325 is trying to lock:
[   59.349801][ T5325] ffffffff8e9b9c18 (map_idr_lock){+...}-{3:3}, at: bpf_map_put+0x9a/0x380
[   59.355543][ T5325] other info that might help us debug this:
[   59.357832][ T5325] context-{5:5}
[   59.359224][ T5325] 2 locks held by syz.0.0/5325:
[   59.361177][ T5325]  #0: ffffffff8e93c820 (rcu_read_lock){....}-{1:3}, at: map_delete_elem+0x338/0x5c0
[   59.364917][ T5325]  #1: ffff888052acb308 (&htab->lockdep_key){....}-{2:2}, at: htab_lock_bucket+0x1a4/0x370
[   59.368811][ T5325] stack backtrace:
[   59.370296][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-01892-g8f7c8b88bda4 #0
[   59.374032][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   59.378299][ T5325] Call Trace:
[   59.379685][ T5325]  <TASK>
[   59.380826][ T5325]  dump_stack_lvl+0x241/0x360
[   59.382748][ T5325]  ? __pfx_dump_stack_lvl+0x10/0x10
[   59.384874][ T5325]  ? __pfx__printk+0x10/0x10
[   59.386592][ T5325]  __lock_acquire+0x15a8/0x2100
[   59.388465][ T5325]  lock_acquire+0x1ed/0x550
[   59.390209][ T5325]  ? bpf_map_put+0x9a/0x380
[   59.391929][ T5325]  ? __pfx_lock_acquire+0x10/0x10
[   59.393827][ T5325]  ? __pfx_lock_acquire+0x10/0x10
[   59.395707][ T5325]  ? do_raw_spin_lock+0x14f/0x370
[   59.397645][ T5325]  ? __lock_acquire+0x1397/0x2100
[   59.399577][ T5325]  _raw_spin_lock_irqsave+0xd5/0x120
[   59.401777][ T5325]  ? bpf_map_put+0x9a/0x380
[   59.403868][ T5325]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[   59.406304][ T5325]  ? htab_lock_bucket+0x1a4/0x370
[   59.408208][ T5325]  bpf_map_put+0x9a/0x380
[   59.409793][ T5325]  ? __pfx_bpf_map_fd_put_ptr+0x10/0x10
[   59.411912][ T5325]  free_htab_elem+0xbb/0x460
[   59.413614][ T5325]  htab_map_delete_elem+0x576/0x6b0
[   59.415330][ T5325]  ? __pfx_lock_acquire+0x10/0x10
[   59.417115][ T5325]  ? __pfx_htab_map_delete_elem+0x10/0x10
[   59.419011][ T5325]  ? __might_fault+0xaa/0x120
[   59.420515][ T5325]  map_delete_elem+0x431/0x5c0
[   59.422156][ T5325]  __sys_bpf+0x598/0x810
[   59.423621][ T5325]  ? __pfx___sys_bpf+0x10/0x10
[   59.425316][ T5325]  ? __rseq_handle_notify_resume+0x34d/0x14d0
[   59.427385][ T5325]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   59.429570][ T5325]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   59.431903][ T5325]  ? do_syscall_64+0x100/0x230
[   59.433551][ T5325]  __x64_sys_bpf+0x7c/0x90
[   59.435107][ T5325]  do_syscall_64+0xf3/0x230
[   59.436674][ T5325]  ? clear_bhb_loop+0x35/0x90
[   59.438298][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   59.440335][ T5325] RIP: 0033:0x7f4d5597e819
[   59.441945][ T5325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   59.449065][ T5325] RSP: 002b:00007f4d56842038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   59.452041][ T5325] RAX: ffffffffffffffda RBX: 00007f4d55b35fa0 RCX: 00007f4d5597e819
[   59.454892][ T5325] RDX: 0000000000000020 RSI: 0000000020000300 RDI: 0000000000000003
[   59.458163][ T5325] RBP: 00007f4d559f175e R08: 0000000000000000 R09: 0000000000000000
[   59.461389][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   59.464453][ T5325] R13: 0000000000000000 R14: 00007f4d55b35fa0 R15: 00007ffca72fa258
[   59.467594][ T5325]  </TASK>
[   59.470934][ T4674] Bluetooth: hci0: command tx timeout