program:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0b0000000800000008000000ffffffff01000000", @ANYRES32=0x1], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffeb2, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='hrtimer_start\x00', r1}, 0x3d)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0)

[   68.428738][ T4672] Bluetooth: hci0: command tx timeout
[   68.494090][ T5326] 
[   68.495107][ T5326] ======================================================
[   68.497679][ T5326] WARNING: possible circular locking dependency detected
[   68.500277][ T5326] 6.12.0-rc5-syzkaller-00322-gb9021de3ec2f #0 Not tainted
[   68.502907][ T5326] ------------------------------------------------------
[   68.505521][ T5326] syz.0.0/5326 is trying to acquire lock:
[   68.507675][ T5326] ffff88801fc29430 (krc.lock){..-.}-{2:2}, at: kvfree_call_rcu+0x18a/0x790
[   68.511012][ T5326] 
[   68.511012][ T5326] but task is already holding lock:
[   68.513731][ T5326] ffff88801fc2c898 (hrtimer_bases.lock){-.-.}-{2:2}, at: hrtimer_start_range_ns+0x109/0xca0
[   68.517485][ T5326] 
[   68.517485][ T5326] which lock already depends on the new lock.
[   68.517485][ T5326] 
[   68.521371][ T5326] 
[   68.521371][ T5326] the existing dependency chain (in reverse order) is:
[   68.524933][ T5326] 
[   68.524933][ T5326] -> #1 (hrtimer_bases.lock){-.-.}-{2:2}:
[   68.527816][ T5326]        lock_acquire+0x1ed/0x550
[   68.529765][ T5326]        _raw_spin_lock_irqsave+0xd5/0x120
[   68.531976][ T5326]        hrtimer_start_range_ns+0x109/0xca0
[   68.534211][ T5326]        kvfree_call_rcu+0x5e6/0x790
[   68.536305][ T5326]        pwq_release_workfn+0x664/0x800
[   68.538369][ T5326]        kthread_worker_fn+0x500/0xb70
[   68.540458][ T5326]        kthread+0x2f0/0x390
[   68.542243][ T5326]        ret_from_fork+0x4b/0x80
[   68.544101][ T5326]        ret_from_fork_asm+0x1a/0x30
[   68.546192][ T5326] 
[   68.546192][ T5326] -> #0 (krc.lock){..-.}-{2:2}:
[   68.548791][ T5326]        validate_chain+0x18ef/0x5920
[   68.550850][ T5326]        __lock_acquire+0x1384/0x2050
[   68.552846][ T5326]        lock_acquire+0x1ed/0x550
[   68.554771][ T5326]        _raw_spin_lock+0x2e/0x40
[   68.556722][ T5326]        kvfree_call_rcu+0x18a/0x790
[   68.558665][ T5326]        trie_delete_elem+0x546/0x6a0
[   68.560714][ T5326]        bpf_prog_2c29ac5cdc6b1842+0x43/0x47
[   68.562940][ T5326]        bpf_trace_run2+0x2ec/0x540
[   68.564926][ T5326]        enqueue_hrtimer+0x35a/0x3c0
[   68.567006][ T5326]        hrtimer_start_range_ns+0xac8/0xca0
[   68.569256][ T5326]        futex_wait_queue+0xb0/0x1d0
[   68.571262][ T5326]        __futex_wait+0x17f/0x320
[   68.573093][ T5326]        futex_wait+0x101/0x360
[   68.574916][ T5326]        do_futex+0x33b/0x560
[   68.576735][ T5326]        __se_sys_futex+0x3f9/0x480
[   68.578668][ T5326]        do_syscall_64+0xf3/0x230
[   68.580616][ T5326]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.583083][ T5326] 
[   68.583083][ T5326] other info that might help us debug this:
[   68.583083][ T5326] 
[   68.586887][ T5326]  Possible unsafe locking scenario:
[   68.586887][ T5326] 
[   68.589626][ T5326]        CPU0                    CPU1
[   68.591657][ T5326]        ----                    ----
[   68.593660][ T5326]   lock(hrtimer_bases.lock);
[   68.595461][ T5326]                                lock(krc.lock);
[   68.597878][ T5326]                                lock(hrtimer_bases.lock);
[   68.600586][ T5326]   lock(krc.lock);
[   68.602048][ T5326] 
[   68.602048][ T5326]  *** DEADLOCK ***
[   68.602048][ T5326] 
[   68.605012][ T5326] 2 locks held by syz.0.0/5326:
[   68.606912][ T5326]  #0: ffff88801fc2c898 (hrtimer_bases.lock){-.-.}-{2:2}, at: hrtimer_start_range_ns+0x109/0xca0
[   68.610888][ T5326]  #1: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x1fc/0x540
[   68.614503][ T5326] 
[   68.614503][ T5326] stack backtrace:
[   68.616689][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted 6.12.0-rc5-syzkaller-00322-gb9021de3ec2f #0
[   68.620509][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.624484][ T5326] Call Trace:
[   68.625652][ T5326]  <TASK>
[   68.626679][ T5326]  dump_stack_lvl+0x241/0x360
[   68.628300][ T5326]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.630084][ T5326]  ? __pfx__printk+0x10/0x10
[   68.631676][ T5326]  print_circular_bug+0x13a/0x1b0
[   68.633407][ T5326]  check_noncircular+0x36a/0x4a0
[   68.635466][ T5326]  ? __pfx_check_noncircular+0x10/0x10
[   68.637378][ T5326]  ? lockdep_lock+0x123/0x2b0
[   68.639014][ T5326]  ? mark_lock+0x9a/0x360
[   68.640663][ T5326]  validate_chain+0x18ef/0x5920
[   68.642561][ T5326]  ? __pfx_validate_chain+0x10/0x10
[   68.644571][ T5326]  ? stack_depot_save_flags+0x6e4/0x830
[   68.646654][ T5326]  ? do_raw_spin_lock+0x14f/0x370
[   68.648629][ T5326]  ? __pfx_lock_release+0x10/0x10
[   68.650531][ T5326]  ? do_raw_spin_unlock+0x58/0x8b0
[   68.652478][ T5326]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   68.654756][ T5326]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   68.657049][ T5326]  ? stack_trace_save+0x118/0x1d0
[   68.658860][ T5326]  ? mark_lock+0x9a/0x360
[   68.660480][ T5326]  __lock_acquire+0x1384/0x2050
[   68.662358][ T5326]  lock_acquire+0x1ed/0x550
[   68.664123][ T5326]  ? kvfree_call_rcu+0x18a/0x790
[   68.665981][ T5326]  ? __pfx_lock_acquire+0x10/0x10
[   68.667899][ T5326]  ? __phys_addr+0xba/0x170
[   68.669608][ T5326]  _raw_spin_lock+0x2e/0x40
[   68.671213][ T5326]  ? kvfree_call_rcu+0x18a/0x790
[   68.673039][ T5326]  kvfree_call_rcu+0x18a/0x790
[   68.674720][ T5326]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   68.676805][ T5326]  ? __pfx_kvfree_call_rcu+0x10/0x10
[   68.678675][ T5326]  ? longest_prefix_match+0x330/0x650
[   68.680690][ T5326]  trie_delete_elem+0x546/0x6a0
[   68.682568][ T5326]  ? bpf_trace_run2+0x1fc/0x540
[   68.684342][ T5326]  bpf_prog_2c29ac5cdc6b1842+0x43/0x47
[   68.686494][ T5326]  bpf_trace_run2+0x2ec/0x540
[   68.688261][ T5326]  ? __pfx_bpf_trace_run2+0x10/0x10
[   68.690359][ T5326]  ? _raw_spin_lock_irqsave+0xe1/0x120
[   68.692373][ T5326]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[   68.694515][ T5326]  enqueue_hrtimer+0x35a/0x3c0
[   68.696498][ T5326]  hrtimer_start_range_ns+0xac8/0xca0
[   68.698504][ T5326]  ? futex_wait_queue+0x27/0x1d0
[   68.700324][ T5326]  futex_wait_queue+0xb0/0x1d0
[   68.702191][ T5326]  __futex_wait+0x17f/0x320
[   68.703901][ T5326]  ? __pfx___futex_wait+0x10/0x10
[   68.705784][ T5326]  ? __pfx_futex_wake_mark+0x10/0x10
[   68.707771][ T5326]  ? ktime_add_safe+0x38/0x70
[   68.709635][ T5326]  futex_wait+0x101/0x360
[   68.711258][ T5326]  ? __pfx_futex_wait+0x10/0x10
[   68.713078][ T5326]  ? __pfx_hrtimer_wakeup+0x10/0x10
[   68.715043][ T5326]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   68.717431][ T5326]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[   68.719842][ T5326]  ? ktime_get+0x3c/0xb0
[   68.721509][ T5326]  do_futex+0x33b/0x560
[   68.723134][ T5326]  ? __pfx_do_futex+0x10/0x10
[   68.724923][ T5326]  __se_sys_futex+0x3f9/0x480
[   68.726670][ T5326]  ? __pfx___se_sys_futex+0x10/0x10
[   68.728624][ T5326]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   68.730989][ T5326]  ? do_syscall_64+0x100/0x230
[   68.732819][ T5326]  ? __x64_sys_futex+0x21/0xf0
[   68.734642][ T5326]  do_syscall_64+0xf3/0x230
[   68.736363][ T5326]  ? clear_bhb_loop+0x35/0x90
[   68.738134][ T5326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.740307][ T5326] RIP: 0033:0x7f8c8917e719
[   68.741936][ T5326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.749174][ T5326] RSP: 002b:00007ffcde954db8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   68.752328][ T5326] RAX: ffffffffffffffda RBX: 00007ffcde954ee0 RCX: 00007f8c8917e719
[   68.755274][ T5326] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f8c89335f8c
[   68.758327][ T5326] RBP: 00007f8c89335f8c R08: 7fffffffffffffff R09: 00007ffcde9550af
[   68.761421][ T5326] R10: 00007ffcde954ec0 R11: 0000000000000246 R12: 0000000000010b35
[   68.764400][ T5326] R13: 00007ffcde954ec0 R14: 0000000000000032 R15: 0000000000010b03
[   68.767424][ T5326]  </TASK>