program: perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x4d, 0x1, 0x0, 0x0, 0x0, 0x210e, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b7b, 0x2, @perf_bp={0x0, 0x4}, 0x110104, 0x32, 0x0, 0x3, 0x2, 0x0, 0x4, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) socket$kcm(0x2, 0x200000000000001, 0x106) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000000)={r0, 0x0, 0x0}, 0x20) r1 = perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYRES8=r1, @ANYRES8=r2], 0x12) openat$cgroup_procs(0xffffffffffffffff, &(0x7f00000000c0)='cgroup.procs\x00', 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x4, 0x4, 0x9, 0x0, r3, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={r4, &(0x7f0000000300), 0x20000000}, 0x20) close(r0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r4}, &(0x7f0000000180), &(0x7f00000001c0)=r3}, 0x20) [ 59.864382][ T5334] [ 59.865430][ T5334] ============================= [ 59.867289][ T5334] [ BUG: Invalid wait context ] [ 59.869135][ T5334] 6.12.0-syzkaller-01892-g8f7c8b88bda4 #0 Not tainted [ 59.871664][ T5334] ----------------------------- [ 59.873525][ T5334] syz.0.0/5334 is trying to lock: [ 59.875473][ T5334] ffffffff8e9b9c18 (map_idr_lock){+...}-{3:3}, at: bpf_map_put+0x9a/0x380 [ 59.878795][ T5334] other info that might help us debug this: [ 59.880994][ T5334] context-{5:5} [ 59.882400][ T5334] 2 locks held by syz.0.0/5334: [ 59.884370][ T5334] #0: ffffffff8e93c820 (rcu_read_lock){....}-{1:3}, at: bpf_fd_htab_map_update_elem+0x134/0x390 [ 59.888097][ T5334] #1: ffff8880531053c8 (&htab->lockdep_key){....}-{2:2}, at: htab_lock_bucket+0x1a4/0x370 [ 59.891493][ T5334] stack backtrace: [ 59.892836][ T5334] CPU: 0 UID: 0 PID: 5334 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-01892-g8f7c8b88bda4 #0 [ 59.896348][ T5334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 59.900373][ T5334] Call Trace: [ 59.901636][ T5334] [ 59.902736][ T5334] dump_stack_lvl+0x241/0x360 [ 59.904580][ T5334] ? __pfx_dump_stack_lvl+0x10/0x10 [ 59.906587][ T5334] ? __pfx__printk+0x10/0x10 [ 59.908419][ T5334] __lock_acquire+0x15a8/0x2100 [ 59.910216][ T5334] lock_acquire+0x1ed/0x550 [ 59.911977][ T5334] ? bpf_map_put+0x9a/0x380 [ 59.913711][ T5334] ? __pfx_lock_acquire+0x10/0x10 [ 59.915623][ T5334] ? __pfx_lock_acquire+0x10/0x10 [ 59.917481][ T5334] ? perf_trace_lock+0x388/0x490 [ 59.919378][ T5334] ? do_raw_spin_lock+0x14f/0x370 [ 59.921284][ T5334] _raw_spin_lock_irqsave+0xd5/0x120 [ 59.923288][ T5334] ? bpf_map_put+0x9a/0x380 [ 59.925080][ T5334] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 59.927308][ T5334] bpf_map_put+0x9a/0x380 [ 59.928920][ T5334] ? __pfx_bpf_map_fd_put_ptr+0x10/0x10 [ 59.930997][ T5334] alloc_htab_elem+0x1f5/0xa80 [ 59.932959][ T5334] htab_map_update_elem+0x448/0xe00 [ 59.934809][ T5334] ? __pfx_htab_map_update_elem+0x10/0x10 [ 59.936910][ T5334] ? bpf_map_meta_equal+0x137/0x2a0 [ 59.938851][ T5334] ? fput+0x21b/0x290 [ 59.940414][ T5334] bpf_fd_htab_map_update_elem+0x1fb/0x390 [ 59.942579][ T5334] ? bpf_fd_htab_map_update_elem+0x134/0x390 [ 59.944888][ T5334] ? __pfx_bpf_fd_htab_map_update_elem+0x10/0x10 [ 59.947237][ T5334] bpf_map_update_value+0x2e8/0x540 [ 59.949212][ T5334] map_update_elem+0x51a/0x6f0 [ 59.950997][ T5334] __sys_bpf+0x76f/0x810 [ 59.952650][ T5334] ? __pfx___sys_bpf+0x10/0x10 [ 59.954446][ T5334] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 59.956689][ T5334] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 59.959058][ T5334] ? do_syscall_64+0x100/0x230 [ 59.960881][ T5334] __x64_sys_bpf+0x7c/0x90 [ 59.962515][ T5334] do_syscall_64+0xf3/0x230 [ 59.964301][ T5334] ? clear_bhb_loop+0x35/0x90 [ 59.966159][ T5334] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.968364][ T5334] RIP: 0033:0x7f79a017e819 [ 59.970066][ T5334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 59.977108][ T5334] RSP: 002b:00007f79a0fd3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 59.980148][ T5334] RAX: ffffffffffffffda RBX: 00007f79a0335fa0 RCX: 00007f79a017e819 [ 59.983138][ T5334] RDX: 0000000000000020 RSI: 0000000020000200 RDI: 0000000000000002 [ 59.986198][ T5334] RBP: 00007f79a01f175e R08: 0000000000000000 R09: 0000000000000000 [ 59.989190][ T5334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 59.992061][ T5334] R13: 0000000000000000 R14: 00007f79a0335fa0 R15: 00007ffe0bcaf7e8 [ 59.995070][ T5334] [ 60.039139][ T5319] Bluetooth: hci0: command tx timeout