program:
r0 = socket$kcm(0x23, 0x5, 0x0)
listen(r0, 0x800)
accept(r0, 0x0, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000200)="5c00000014006b05c84e21000ab16d6e230675f811000000440002005817d30461bc24eeb556a7ef595105ea1698fa51f60a64c9f408000000e786a6d0bdbdc3d44bd70011b6c0504bb9189d9193e9bd00"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x240040c4)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
connect$phonet_pipe(r2, &(0x7f0000000040)={0x23, 0x0, 0x58}, 0x10)

[   91.889542][ T5286] Bluetooth: hci0: command tx timeout
[   92.105571][ T5324] netlink: 'syz.0.0': attribute type 2 has an invalid length.
[   92.173710][    C0] 
[   92.174898][    C0] ================================
[   92.177124][    C0] WARNING: inconsistent lock state
[   92.179199][    C0] syzkaller #0 Not tainted
[   92.181150][    C0] --------------------------------
[   92.183419][    C0] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
[   92.186357][    C0] syz.0.0/5322 [HC0[0]:SC1[1]:HE1:SE0] takes:
[   92.188960][    C0] ffff88803f623c68 (slock-AF_PHONET/1){+.?.}-{3:3}, at: __sk_receive_skb+0x1bf/0x9e0
[   92.193096][    C0] {SOFTIRQ-ON-W} state was registered at:
[   92.195686][    C0]   lock_acquire+0x106/0x350
[   92.197675][    C0]   _raw_spin_lock_nested+0x32/0x50
[   92.200061][    C0]   __sk_receive_skb+0x1bf/0x9e0
[   92.202265][    C0]   pep_do_rcv+0x685/0xaa0
[   92.204232][    C0]   __release_sock+0x297/0x3a0
[   92.206092][    C0]   release_sock+0x190/0x260
[   92.208032][    C0]   pep_sock_accept+0xdf5/0x12b0
[   92.210138][    C0]   pn_socket_accept+0xc9/0x2e0
[   92.212221][    C0]   do_accept+0x521/0x760
[   92.214061][    C0]   __sys_accept4+0x139/0x230
[   92.216100][    C0]   __x64_sys_accept+0x7d/0x90
[   92.218161][    C0]   do_syscall_64+0x15f/0xf80
[   92.220141][    C0]   entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.222651][    C0] irq event stamp: 3342
[   92.224522][    C0] hardirqs last  enabled at (3342): [<ffffffff8badd083>] _raw_spin_unlock_irq+0x23/0x50
[   92.228584][    C0] hardirqs last disabled at (3341): [<ffffffff8badcec7>] _raw_spin_lock_irq+0x17/0x50
[   92.232708][    C0] softirqs last  enabled at (3336): [<ffffffff897f14e9>] netif_rx+0x79/0x90
[   92.236336][    C0] softirqs last disabled at (3337): [<ffffffff8187df26>] do_softirq+0x76/0xd0
[   92.239859][    C0] 
[   92.239859][    C0] other info that might help us debug this:
[   92.243185][    C0]  Possible unsafe locking scenario:
[   92.243185][    C0] 
[   92.246407][    C0]        CPU0
[   92.247909][    C0]        ----
[   92.249384][    C0]   lock(slock-AF_PHONET/1);
[   92.251435][    C0]   <Interrupt>
[   92.252954][    C0]     lock(slock-AF_PHONET/1);
[   92.255250][    C0] 
[   92.255250][    C0]  *** DEADLOCK ***
[   92.255250][    C0] 
[   92.258739][    C0] 5 locks held by syz.0.0/5322:
[   92.260894][    C0]  #0: ffff888046e3e640 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[   92.265489][    C0]  #1: ffff88803f624360 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: pep_sock_close+0x86/0x5b0
[   92.269595][    C0]  #2: ffffffff8e95cca0 (rcu_read_lock){....}-{1:3}, at: process_backlog+0x3eb/0x1950
[   92.274411][    C0]  #3: ffff88803f624968 (slock-AF_PHONET){+.-.}-{3:3}, at: __sk_receive_skb+0x1f1/0x9e0
[   92.278558][    C0]  #4: ffff88803f6249e0 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: phonet_rcv+0x781/0xc40
[   92.282674][    C0] 
[   92.282674][    C0] stack backtrace:
[   92.285446][    C0] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   92.285464][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   92.285470][    C0] Call Trace:
[   92.285478][    C0]  <IRQ>
[   92.285484][    C0]  dump_stack_lvl+0xe8/0x150
[   92.285502][    C0]  print_usage_bug+0x28b/0x2e0
[   92.285517][    C0]  mark_lock_irq+0x410/0x420
[   92.285530][    C0]  ? __udp4_lib_lookup+0x769/0xdf0
[   92.285541][    C0]  mark_lock+0x115/0x190
[   92.285552][    C0]  __lock_acquire+0x689/0x2cf0
[   92.285564][    C0]  ? sk_filter_trim_cap+0x1a7/0xe70
[   92.285580][    C0]  ? sk_filter_trim_cap+0x91e/0xe70
[   92.285593][    C0]  ? __sk_receive_skb+0x1bf/0x9e0
[   92.285603][    C0]  lock_acquire+0x106/0x350
[   92.285613][    C0]  ? __sk_receive_skb+0x1bf/0x9e0
[   92.285625][    C0]  _raw_spin_lock_nested+0x32/0x50
[   92.285639][    C0]  ? __sk_receive_skb+0x1bf/0x9e0
[   92.285649][    C0]  __sk_receive_skb+0x1bf/0x9e0
[   92.285670][    C0]  pep_do_rcv+0x685/0xaa0
[   92.285685][    C0]  ? __pfx_pep_do_rcv+0x10/0x10
[   92.285700][    C0]  ? __pfx_pep_do_rcv+0x10/0x10
[   92.285713][    C0]  ? phonet_rcv+0x781/0xc40
[   92.285724][    C0]  __sk_receive_skb+0x962/0x9e0
[   92.285735][    C0]  phonet_rcv+0x781/0xc40
[   92.285746][    C0]  ? sock_wfree+0x28e/0x750
[   92.285760][    C0]  ? __pfx_phonet_rcv+0x10/0x10
[   92.285773][    C0]  ? process_backlog+0x3eb/0x1950
[   92.285783][    C0]  ? process_backlog+0x3eb/0x1950
[   92.285792][    C0]  ? __pfx_phonet_rcv+0x10/0x10
[   92.285803][    C0]  ? process_backlog+0x3eb/0x1950
[   92.285813][    C0]  process_backlog+0xc66/0x1950
[   92.285859][    C0]  __napi_poll+0xae/0x340
[   92.285871][    C0]  ? skb_defer_free_flush+0x233/0x260
[   92.285882][    C0]  net_rx_action+0x627/0xf70
[   92.285892][    C0]  ? lock_acquire+0x106/0x350
[   92.285905][    C0]  ? __pfx_net_rx_action+0x10/0x10
[   92.285920][    C0]  handle_softirqs+0x22a/0x840
[   92.285932][    C0]  ? do_softirq+0x76/0xd0
[   92.285943][    C0]  ? netif_rx+0x79/0x90
[   92.285956][    C0]  do_softirq+0x76/0xd0
[   92.285966][    C0]  </IRQ>
[   92.285970][    C0]  <TASK>
[   92.285974][    C0]  __local_bh_enable_ip+0xf8/0x130
[   92.285984][    C0]  netif_rx+0x83/0x90
[   92.285996][    C0]  pn_send+0x62a/0x8e0
[   92.286009][    C0]  pn_skb_send+0x218/0x510
[   92.286021][    C0]  pep_sock_close+0x2c1/0x5b0
[   92.286034][    C0]  pn_socket_release+0x9b/0xc0
[   92.286046][    C0]  sock_close+0xc3/0x240
[   92.286061][    C0]  ? __pfx_sock_close+0x10/0x10
[   92.286075][    C0]  __fput+0x44f/0xa60
[   92.286089][    C0]  task_work_run+0x1d9/0x270
[   92.286103][    C0]  ? __pfx_task_work_run+0x10/0x10
[   92.286116][    C0]  exit_to_user_mode_loop+0xf3/0x4d0
[   92.286127][    C0]  ? rcu_is_watching+0x15/0xb0
[   92.286139][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.286150][    C0]  do_syscall_64+0x33e/0xf80
[   92.286165][    C0]  ? trace_irq_disable+0x3b/0x140
[   92.286180][    C0]  ? clear_bhb_loop+0x40/0x90
[   92.286191][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.286203][    C0] RIP: 0033:0x7feb4b59ce59
[   92.286219][    C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   92.286228][    C0] RSP: 002b:00007ffe28931318 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   92.286241][    C0] RAX: 0000000000000000 RBX: 00007feb4b817da0 RCX: 00007feb4b59ce59
[   92.286249][    C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[   92.286255][    C0] RBP: 00007feb4b817da0 R08: 00007feb4b816038 R09: 0000000000000000
[   92.286262][    C0] R10: 0000000000df52c4 R11: 0000000000000246 R12: 0000000000016a1e
[   92.286268][    C0] R13: 00007feb4b81609c R14: 000000000001678c R15: 00007feb4b816090
[   92.286279][    C0]  </TASK>