program:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x48, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x48}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000001d40)={0x0, 0x0, &(0x7f0000001d00)={&(0x7f0000000080)={0x48, 0x2, 0x6, 0x3, 0x0, 0x0, {0x9, 0x0, 0x4}, [@IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0x94}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$smc(&(0x7f0000000340), 0xffffffffffffffff)
r4 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r4, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000080)=0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0}, 0x90)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$EVIOCGPROP(r6, 0x40047438, &(0x7f0000000180)=""/246)
r7 = dup(r6)
ioctl$PPPIOCCONNECT(r7, 0x40047435, &(0x7f00000002c0)=0x2)
ioctl$PPPIOCGCHAN(r4, 0x80047437, &(0x7f0000001f00))
sendmmsg(r4, &(0x7f0000001cc0), 0x400000000000026, 0x0)
sendmsg$SMC_PNETID_ADD(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x34, r3, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'ip6gretap0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0)
ioctl$UI_SET_ABSBIT(r7, 0x40045567, 0x6)

[   72.148551][ T5091] Bluetooth: hci0: command tx timeout
[   72.251525][    C0] 
[   72.252325][    C0] ================================
[   72.254053][    C0] WARNING: inconsistent lock state
[   72.255785][    C0] 6.11.0-rc6-syzkaller-00019-g67784a74e258 #0 Not tainted
[   72.258155][    C0] --------------------------------
[   72.259896][    C0] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
[   72.262340][    C0] ksoftirqd/0/16 [HC0[0]:SC1[1]:HE1:SE0] takes:
[   72.264712][    C0] ffff88801a9999e0 (&pch->downl){+.?.}-{2:2}, at: ppp_input+0x18b/0xa10
[   72.267883][    C0] {SOFTIRQ-ON-W} state was registered at:
[   72.269875][    C0]   lock_acquire+0x1ed/0x550
[   72.271404][    C0]   _raw_spin_lock+0x2e/0x40
[   72.272968][    C0]   ppp_input+0x18b/0xa10
[   72.274412][    C0]   pppoe_rcv_core+0x117/0x310
[   72.276128][    C0]   __release_sock+0x243/0x350
[   72.277824][    C0]   release_sock+0x61/0x1f0
[   72.279417][    C0]   pppoe_sendmsg+0xd5/0x750
[   72.281134][    C0]   __sock_sendmsg+0x221/0x270
[   72.282877][    C0]   ____sys_sendmsg+0x525/0x7d0
[   72.284649][    C0]   __sys_sendmmsg+0x3b2/0x740
[   72.286263][    C0]   __x64_sys_sendmmsg+0xa0/0xb0
[   72.288029][    C0]   do_syscall_64+0xf3/0x230
[   72.289749][    C0]   entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.291962][    C0] irq event stamp: 909132
[   72.293557][    C0] hardirqs last  enabled at (909132): [<ffffffff81575c48>] __local_bh_enable_ip+0x168/0x200
[   72.297187][    C0] hardirqs last disabled at (909131): [<ffffffff81575be6>] __local_bh_enable_ip+0x106/0x200
[   72.300783][    C0] softirqs last  enabled at (909120): [<ffffffff81578e9a>] run_ksoftirqd+0xca/0x130
[   72.303946][    C0] softirqs last disabled at (909125): [<ffffffff81578e9a>] run_ksoftirqd+0xca/0x130
[   72.307289][    C0] 
[   72.307289][    C0] other info that might help us debug this:
[   72.310231][    C0]  Possible unsafe locking scenario:
[   72.310231][    C0] 
[   72.312966][    C0]        CPU0
[   72.314140][    C0]        ----
[   72.315326][    C0]   lock(&pch->downl);
[   72.316798][    C0]   <Interrupt>
[   72.318047][    C0]     lock(&pch->downl);
[   72.319628][    C0] 
[   72.319628][    C0]  *** DEADLOCK ***
[   72.319628][    C0] 
[   72.322571][    C0] 1 lock held by ksoftirqd/0/16:
[   72.324332][    C0]  #0: ffffffff8e938320 (rcu_read_lock){....}-{1:2}, at: ppp_input+0x55/0xa10
[   72.327527][    C0] 
[   72.327527][    C0] stack backtrace:
[   72.329759][    C0] CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc6-syzkaller-00019-g67784a74e258 #0
[   72.333601][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   72.337358][    C0] Call Trace:
[   72.338585][    C0]  <TASK>
[   72.339685][    C0]  dump_stack_lvl+0x241/0x360
[   72.341405][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[   72.343358][    C0]  ? print_usage_bug+0x61a/0x8a0
[   72.345172][    C0]  ? ret_from_fork_asm+0x19/0x30
[   72.346858][    C0]  valid_state+0x13a/0x1c0
[   72.348530][    C0]  mark_lock_irq+0xbb/0xc20
[   72.350397][    C0]  ? arch_stack_walk+0x17b/0x1b0
[   72.352412][    C0]  ? __pfx_mark_lock_irq+0x10/0x10
[   72.354355][    C0]  ? stack_trace_save+0x118/0x1d0
[   72.356235][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[   72.358104][    C0]  ? lockdep_unlock+0x16a/0x300
[   72.360077][    C0]  ? lockdep_lock+0x123/0x2b0
[   72.362098][    C0]  ? save_trace+0x5a/0xb40
[   72.363925][    C0]  ? lockdep_unlock+0x16a/0x300
[   72.365734][    C0]  mark_lock+0x223/0x350
[   72.367143][    C0]  __lock_acquire+0xbf9/0x2040
[   72.368916][    C0]  lock_acquire+0x1ed/0x550
[   72.370511][    C0]  ? ppp_input+0x18b/0xa10
[   72.372078][    C0]  ? __pfx_lock_acquire+0x10/0x10
[   72.374018][    C0]  ? __pfx_lock_acquire+0x10/0x10
[   72.375907][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   72.378215][    C0]  ? __local_bh_enable_ip+0x168/0x200
[   72.380250][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[   72.382138][    C0]  _raw_spin_lock+0x2e/0x40
[   72.383820][    C0]  ? ppp_input+0x18b/0xa10
[   72.385439][    C0]  ppp_input+0x18b/0xa10
[   72.387035][    C0]  ? ppp_input+0x55/0xa10
[   72.388691][    C0]  ppp_async_process+0x7f/0x150
[   72.390466][    C0]  tasklet_action_common+0x321/0x4d0
[   72.392394][    C0]  ? __pfx_tasklet_action_common+0x10/0x10
[   72.394555][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   72.396800][    C0]  ? __schedule+0x1808/0x4a60
[   72.398401][    C0]  ? workqueue_softirq_action+0xce/0x140
[   72.400460][    C0]  handle_softirqs+0x2c4/0x970
[   72.402299][    C0]  ? run_ksoftirqd+0xca/0x130
[   72.404046][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[   72.405977][    C0]  run_ksoftirqd+0xca/0x130
[   72.407684][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[   72.409585][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[   72.411472][    C0]  smpboot_thread_fn+0x544/0xa30
[   72.413246][    C0]  ? smpboot_thread_fn+0x4e/0xa30
[   72.415084][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[   72.417786][    C0]  kthread+0x2f0/0x390
[   72.419338][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[   72.421357][    C0]  ? __pfx_kthread+0x10/0x10
[   72.423030][    C0]  ret_from_fork+0x4b/0x80
[   72.424844][    C0]  ? __pfx_kthread+0x10/0x10
[   72.426508][    C0]  ret_from_fork_asm+0x1a/0x30
[   72.428336][    C0]  </TASK>
[   72.439949][ T5106] smc: net device ip6gretap0 applied user defined pnetid SYZ1