program: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000000)={r0, 0x0, 0x0}, 0x20) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x4, 0x4, 0x8, 0x0, r1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={r2, &(0x7f0000000300), 0x20000000}, 0x20) close(r0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20) [ 72.401320][ T4678] Bluetooth: hci0: command tx timeout [ 72.516540][ T5332] [ 72.517461][ T5332] ============================= [ 72.519256][ T5332] [ BUG: Invalid wait context ] [ 72.521102][ T5332] 6.12.0-syzkaller-01782-gbf9aa14fc523 #0 Not tainted [ 72.523574][ T5332] ----------------------------- [ 72.525493][ T5332] syz.0.0/5332 is trying to lock: [ 72.527365][ T5332] ffffffff8e9b9bd8 (map_idr_lock){+...}-{3:3}, at: bpf_map_put+0x9a/0x380 [ 72.530555][ T5332] other info that might help us debug this: [ 72.532772][ T5332] context-{5:5} [ 72.534096][ T5332] 2 locks held by syz.0.0/5332: [ 72.535898][ T5332] #0: ffffffff8e93c7e0 (rcu_read_lock){....}-{1:3}, at: bpf_fd_htab_map_update_elem+0x134/0x390 [ 72.540045][ T5332] #1: ffff8880500cb8b0 (&htab->lockdep_key){....}-{2:2}, at: htab_lock_bucket+0x1a4/0x370 [ 72.544070][ T5332] stack backtrace: [ 72.545525][ T5332] CPU: 0 UID: 0 PID: 5332 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-01782-gbf9aa14fc523 #0 [ 72.549299][ T5332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 72.553525][ T5332] Call Trace: [ 72.554746][ T5332] [ 72.555847][ T5332] dump_stack_lvl+0x241/0x360 [ 72.557716][ T5332] ? __pfx_dump_stack_lvl+0x10/0x10 [ 72.559752][ T5332] ? __pfx__printk+0x10/0x10 [ 72.561523][ T5332] __lock_acquire+0x15a8/0x2100 [ 72.563471][ T5332] lock_acquire+0x1ed/0x550 [ 72.565294][ T5332] ? bpf_map_put+0x9a/0x380 [ 72.567135][ T5332] ? __pfx_lock_acquire+0x10/0x10 [ 72.569096][ T5332] ? __pfx_lock_acquire+0x10/0x10 [ 72.571048][ T5332] ? __lock_acquire+0x1397/0x2100 [ 72.572979][ T5332] ? do_raw_spin_lock+0x14f/0x370 [ 72.574905][ T5332] _raw_spin_lock_irqsave+0xd5/0x120 [ 72.576960][ T5332] ? bpf_map_put+0x9a/0x380 [ 72.578590][ T5332] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 72.580834][ T5332] bpf_map_put+0x9a/0x380 [ 72.582492][ T5332] ? __pfx_bpf_map_fd_put_ptr+0x10/0x10 [ 72.584860][ T5332] alloc_htab_elem+0x1f5/0xa80 [ 72.587132][ T5332] htab_map_update_elem+0x448/0xe00 [ 72.589288][ T5332] ? __pfx_htab_map_update_elem+0x10/0x10 [ 72.591407][ T5332] ? bpf_map_meta_equal+0x137/0x2a0 [ 72.593486][ T5332] ? fput+0x21b/0x290 [ 72.595057][ T5332] bpf_fd_htab_map_update_elem+0x1fb/0x390 [ 72.597122][ T5332] ? bpf_fd_htab_map_update_elem+0x134/0x390 [ 72.599380][ T5332] ? __pfx_bpf_fd_htab_map_update_elem+0x10/0x10 [ 72.601733][ T5332] bpf_map_update_value+0x2e8/0x540 [ 72.603864][ T5332] map_update_elem+0x51a/0x6f0 [ 72.605785][ T5332] __sys_bpf+0x76f/0x810 [ 72.607447][ T5332] ? __pfx___sys_bpf+0x10/0x10 [ 72.609315][ T5332] ? __rseq_handle_notify_resume+0x34d/0x14d0 [ 72.611678][ T5332] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 72.613937][ T5332] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 72.616457][ T5332] ? do_syscall_64+0x100/0x230 [ 72.618330][ T5332] __x64_sys_bpf+0x7c/0x90 [ 72.620267][ T5332] do_syscall_64+0xf3/0x230 [ 72.622441][ T5332] ? clear_bhb_loop+0x35/0x90 [ 72.624599][ T5332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.627344][ T5332] RIP: 0033:0x7f8806b7e759 [ 72.629418][ T5332] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 72.637446][ T5332] RSP: 002b:00007f8807a4b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 72.640516][ T5332] RAX: ffffffffffffffda RBX: 00007f8806d35f80 RCX: 00007f8806b7e759 [ 72.643565][ T5332] RDX: 0000000000000020 RSI: 0000000020000200 RDI: 0000000000000002 [ 72.646659][ T5332] RBP: 00007f8806bf175e R08: 0000000000000000 R09: 0000000000000000 [ 72.649689][ T5332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 72.652729][ T5332] R13: 0000000000000000 R14: 00007f8806d35f80 R15: 00007ffc57d35338 [ 72.655743][ T5332]