program:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000090000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='tlb_flush\x00', r1}, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r2}, 0x10)
prctl$PR_SET_IO_FLUSHER(0x43, 0xfffffffffffffffd)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)
close_range(r2, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

[   68.874622][   T48] Bluetooth: hci0: command tx timeout
[   68.959830][ T5305] 
[   68.960774][ T5305] =============================
[   68.962576][ T5305] [ BUG: Invalid wait context ]
[   68.964323][ T5305] 6.13.0-rc7-syzkaller-00160-gad26fc09dabf #0 Not tainted
[   68.966982][ T5305] -----------------------------
[   68.968817][ T5305] syz-executor/5305 is trying to lock:
[   68.970941][ T5305] ffffffff8eabdc38 (kernfs_rename_lock){....}-{3:3}, at: kernfs_path_from_node+0x92/0xb00
[   68.975262][ T5305] other info that might help us debug this:
[   68.977767][ T5305] context-{5:5}
[   68.979113][ T5305] 3 locks held by syz-executor/5305:
[   68.981176][ T5305]  #0: ffff88801fc3e8d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[   68.985383][ T5305]  #1: ffffffff8e937ae0 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run2+0x1fc/0x540
[   68.989498][ T5305]  #2: ffff88803fef0ba0 (&mm->mmap_lock){++++}-{4:4}, at: stack_map_get_build_id_offset+0x431/0x870
[   68.993251][ T5305] stack backtrace:
[   68.994520][ T5305] CPU: 0 UID: 0 PID: 5305 Comm: syz-executor Not tainted 6.13.0-rc7-syzkaller-00160-gad26fc09dabf #0
[   68.998240][ T5305] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.002115][ T5305] Call Trace:
[   69.003344][ T5305]  <TASK>
[   69.004455][ T5305]  dump_stack_lvl+0x241/0x360
[   69.006551][ T5305]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.008452][ T5305]  ? __pfx__printk+0x10/0x10
[   69.010135][ T5305]  __lock_acquire+0x15a8/0x2100
[   69.011862][ T5305]  lock_acquire+0x1ed/0x550
[   69.013554][ T5305]  ? kernfs_path_from_node+0x92/0xb00
[   69.015487][ T5305]  ? mark_lock+0x9a/0x360
[   69.017078][ T5305]  ? __pfx_lock_acquire+0x10/0x10
[   69.018905][ T5305]  _raw_read_lock_irqsave+0xdd/0x130
[   69.020873][ T5305]  ? kernfs_path_from_node+0x92/0xb00
[   69.022894][ T5305]  ? __pfx__raw_read_lock_irqsave+0x10/0x10
[   69.025137][ T5305]  ? percpu_ref_tryget+0x14/0x180
[   69.027042][ T5305]  kernfs_path_from_node+0x92/0xb00
[   69.029000][ T5305]  ? __pfx_kernfs_path_from_node+0x10/0x10
[   69.031065][ T5305]  ? get_mem_cgroup_from_mm+0x38/0x2a0
[   69.033139][ T5305]  ? get_mem_cgroup_from_mm+0x1b2/0x2a0
[   69.035021][ T5305]  get_mm_memcg_path+0x95/0x350
[   69.036761][ T5305]  __mmap_lock_do_trace_acquire_returned+0xfc/0x300
[   69.039036][ T5305]  ? __pfx_lock_acquire+0x10/0x10
[   69.040847][ T5305]  ? __pfx___mmap_lock_do_trace_acquire_returned+0x10/0x10
[   69.043519][ T5305]  ? stack_map_get_build_id_offset+0x43d/0x870
[   69.045810][ T5305]  ? stack_map_get_build_id_offset+0x823/0x870
[   69.047972][ T5305]  stack_map_get_build_id_offset+0x84d/0x870
[   69.050160][ T5305]  ? __pfx_get_perf_callchain+0x10/0x10
[   69.052210][ T5305]  ? __pfx_stack_map_get_build_id_offset+0x10/0x10
[   69.054704][ T5305]  __bpf_get_stack+0x8da/0xad0
[   69.056446][ T5305]  ? __pfx___bpf_get_stack+0x10/0x10
[   69.058237][ T5305]  ? __pfx_lock_acquire+0x10/0x10
[   69.060122][ T5305]  bpf_get_stack+0x33/0x50
[   69.061795][ T5305]  bpf_get_stack_raw_tp+0x1a3/0x240
[   69.063701][ T5305]  ? bpf_trace_run2+0x1fc/0x540
[   69.065497][ T5305]  bpf_prog_ec3b2eefa702d8d3+0x43/0x47
[   69.067489][ T5305]  bpf_trace_run2+0x2ec/0x540
[   69.069236][ T5305]  ? __pfx_bpf_trace_run2+0x10/0x10
[   69.071186][ T5305]  trace_tlb_flush+0x11c/0x140
[   69.073068][ T5305]  switch_mm_irqs_off+0x77a/0xa70
[   69.075197][ T5305]  ? psi_task_switch+0x41d/0x7a0
[   69.076976][ T5305]  ? __pfx_switch_mm_irqs_off+0x10/0x10
[   69.079034][ T5305]  __schedule+0x10c8/0x4c30
[   69.080764][ T5305]  ? __pfx___schedule+0x10/0x10
[   69.082569][ T5305]  ? __pfx_lock_release+0x10/0x10
[   69.084412][ T5305]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   69.087376][ T5305]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   69.089450][ T5305]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   69.091778][ T5305]  ? schedule+0x90/0x320
[   69.093427][ T5305]  schedule+0x14b/0x320
[   69.094958][ T5305]  do_nanosleep+0x197/0x600
[   69.096620][ T5305]  ? do_nanosleep+0x80/0x600
[   69.098301][ T5305]  ? __pfx_do_nanosleep+0x10/0x10
[   69.100191][ T5305]  ? __asan_memset+0x23/0x50
[   69.101851][ T5305]  ? __hrtimer_init+0x170/0x250
[   69.103603][ T5305]  hrtimer_nanosleep+0x1ec/0x410
[   69.105409][ T5305]  ? __pfx_hrtimer_nanosleep+0x10/0x10
[   69.107482][ T5305]  ? __pfx_hrtimer_wakeup+0x10/0x10
[   69.109317][ T5305]  ? __pfx_get_timespec64+0x10/0x10
[   69.111277][ T5305]  __se_sys_clock_nanosleep+0x32b/0x3c0
[   69.113307][ T5305]  ? __pfx___se_sys_clock_nanosleep+0x10/0x10
[   69.115513][ T5305]  ? do_syscall_64+0x100/0x230
[   69.117414][ T5305]  ? do_syscall_64+0xb6/0x230
[   69.119100][ T5305]  do_syscall_64+0xf3/0x230
[   69.120759][ T5305]  ? clear_bhb_loop+0x35/0x90
[   69.122447][ T5305]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.124490][ T5305] RIP: 0033:0x7f21ecbb85e5
[   69.126089][ T5305] Code: Unable to access opcode bytes at 0x7f21ecbb85bb.
[   69.128556][ T5305] RSP: 002b:00007fff8e0bfcc0 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
[   69.131664][ T5305] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f21ecbb85e5
[   69.134660][ T5305] RDX: 00007fff8e0bfd00 RSI: 0000000000000000 RDI: 0000000000000000
[   69.137534][ T5305] RBP: 00007fff8e0bfd5c R08: 0000000000000000 R09: 7fffffffffffffff
[   69.140463][ T5305] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032
[   69.143357][ T5305] R13: 0000000000010cc9 R14: 00007fff8e0bfdb0 R15: 0000000000000bb8
[   69.146113][ T5305]  </TASK>