program:
r0 = socket$pppoe(0x18, 0x1, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x88, 0x40, 0x0, 0x300)
connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0xe)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0}, 0x90)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$EVIOCGPROP(r3, 0x40047438, &(0x7f0000000180)=""/246)
r4 = dup(r3)
ioctl$PPPIOCCONNECT(r4, 0x40047435, &(0x7f00000002c0)=0x2)
ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000001f00))
sendmmsg(r0, &(0x7f0000001cc0), 0x400000000000026, 0x0)

[   80.356456][ T5089] Bluetooth: hci0: command tx timeout
[   81.277740][    C0] 
[   81.278699][    C0] ================================
[   81.280777][    C0] WARNING: inconsistent lock state
[   81.283023][    C0] 6.11.0-rc4-syzkaller-00019-gb311c1b497e5 #0 Not tainted
[   81.285915][    C0] --------------------------------
[   81.287851][    C0] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
[   81.290474][    C0] ksoftirqd/0/16 [HC0[0]:SC1[1]:HE1:SE0] takes:
[   81.292767][    C0] ffff88801c4b71e0 (&pch->downl){+.?.}-{2:2}, at: ppp_input+0x18b/0xa10
[   81.295929][    C0] {SOFTIRQ-ON-W} state was registered at:
[   81.298010][    C0]   lock_acquire+0x1ed/0x550
[   81.299518][    C0]   _raw_spin_lock+0x2e/0x40
[   81.300870][    C0]   ppp_input+0x18b/0xa10
[   81.302225][    C0]   pppoe_rcv_core+0x117/0x310
[   81.303684][    C0]   __release_sock+0x243/0x350
[   81.305164][    C0]   release_sock+0x61/0x1f0
[   81.306848][    C0]   pppoe_sendmsg+0xd5/0x750
[   81.308440][    C0]   __sock_sendmsg+0x221/0x270
[   81.310229][    C0]   ____sys_sendmsg+0x525/0x7d0
[   81.311726][    C0]   __sys_sendmmsg+0x3b2/0x740
[   81.313167][    C0]   __x64_sys_sendmmsg+0xa0/0xb0
[   81.315029][    C0]   do_syscall_64+0xf3/0x230
[   81.316775][    C0]   entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.318987][    C0] irq event stamp: 1332200
[   81.320691][    C0] hardirqs last  enabled at (1332200): [<ffffffff8bc0d5ff>] _raw_spin_unlock_irqrestore+0x8f/0x140
[   81.324658][    C0] hardirqs last disabled at (1332199): [<ffffffff8bc0d300>] _raw_spin_lock_irqsave+0xb0/0x120
[   81.328584][    C0] softirqs last  enabled at (1332190): [<ffffffff81578ffa>] run_ksoftirqd+0xca/0x130
[   81.332207][    C0] softirqs last disabled at (1332195): [<ffffffff81578ffa>] run_ksoftirqd+0xca/0x130
[   81.335751][    C0] 
[   81.335751][    C0] other info that might help us debug this:
[   81.338753][    C0]  Possible unsafe locking scenario:
[   81.338753][    C0] 
[   81.341542][    C0]        CPU0
[   81.342853][    C0]        ----
[   81.344178][    C0]   lock(&pch->downl);
[   81.345708][    C0]   <Interrupt>
[   81.347115][    C0]     lock(&pch->downl);
[   81.348709][    C0] 
[   81.348709][    C0]  *** DEADLOCK ***
[   81.348709][    C0] 
[   81.351746][    C0] 1 lock held by ksoftirqd/0/16:
[   81.353649][    C0]  #0: ffffffff8e938320 (rcu_read_lock){....}-{1:2}, at: ppp_input+0x55/0xa10
[   81.356968][    C0] 
[   81.356968][    C0] stack backtrace:
[   81.359271][    C0] CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00019-gb311c1b497e5 #0
[   81.363150][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   81.367121][    C0] Call Trace:
[   81.368357][    C0]  <TASK>
[   81.369447][    C0]  dump_stack_lvl+0x241/0x360
[   81.371209][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[   81.373182][    C0]  ? print_usage_bug+0x61a/0x8a0
[   81.375056][    C0]  ? ret_from_fork_asm+0x19/0x30
[   81.376903][    C0]  valid_state+0x13a/0x1c0
[   81.378582][    C0]  mark_lock_irq+0xbb/0xc20
[   81.380285][    C0]  ? arch_stack_walk+0x17b/0x1b0
[   81.382178][    C0]  ? __pfx_mark_lock_irq+0x10/0x10
[   81.384120][    C0]  ? stack_trace_save+0x118/0x1d0
[   81.386065][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[   81.388094][    C0]  ? lockdep_unlock+0x16a/0x300
[   81.389941][    C0]  ? lockdep_lock+0x123/0x2b0
[   81.391721][    C0]  ? save_trace+0x5a/0xb40
[   81.393393][    C0]  mark_lock+0x223/0x350
[   81.395008][    C0]  __lock_acquire+0xbf9/0x2040
[   81.396773][    C0]  lock_acquire+0x1ed/0x550
[   81.398484][    C0]  ? ppp_input+0x18b/0xa10
[   81.400211][    C0]  ? __pfx_lock_acquire+0x10/0x10
[   81.402158][    C0]  ? __pfx_lock_acquire+0x10/0x10
[   81.404077][    C0]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   81.406328][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[   81.408290][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   81.410533][    C0]  _raw_spin_lock+0x2e/0x40
[   81.412256][    C0]  ? ppp_input+0x18b/0xa10
[   81.413959][    C0]  ppp_input+0x18b/0xa10
[   81.415643][    C0]  ? ppp_input+0x55/0xa10
[   81.416886][    C0]  ppp_sync_process+0x71/0x160
[   81.418274][    C0]  tasklet_action_common+0x321/0x4d0
[   81.419759][    C0]  ? __pfx_tasklet_action_common+0x10/0x10
[   81.421436][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   81.423182][    C0]  ? __schedule+0x1808/0x4a60
[   81.424500][    C0]  ? workqueue_softirq_action+0xce/0x140
[   81.426112][    C0]  handle_softirqs+0x2c4/0x970
[   81.427446][    C0]  ? run_ksoftirqd+0xca/0x130
[   81.428758][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[   81.430265][    C0]  run_ksoftirqd+0xca/0x130
[   81.431556][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[   81.432997][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[   81.434443][    C0]  smpboot_thread_fn+0x544/0xa30
[   81.435828][    C0]  ? smpboot_thread_fn+0x4e/0xa30
[   81.437184][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[   81.438720][    C0]  kthread+0x2f0/0x390
[   81.439858][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[   81.441383][    C0]  ? __pfx_kthread+0x10/0x10
[   81.442696][    C0]  ret_from_fork+0x4b/0x80
[   81.443999][    C0]  ? __pfx_kthread+0x10/0x10
[   81.445311][    C0]  ret_from_fork_asm+0x1a/0x30
[   81.446670][    C0]  </TASK>