program:
syz_clone(0x62000000, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000480)={'wlan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYRESOCT=r0, @ANYRES16=r2, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r1, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x11)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000200)=ANY=[@ANYBLOB="5000000008021100000108021100000050505050505000000000000000000000000001000006020202020202010130"], 0x5a)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000540), 0x1, 0x4a3, &(0x7f0000000580)="$eJzs3c1rXOUaAPBnZpo0SXNvP+7l0vbCbaEXej9oJh9IE3XjSl0UxIIbhRqTaayZZEJmUpvQRaq7LlyIoiAu3PsXuLEriyCudS8upKI1ggrCyDkzk+Zr4qBpBnJ+Pzid95z3dJ73zfC8nHnPOXMCyKyzyT+5iMGI+DwijjZWN+9wtvGydv/mVLLkol6//F0u3S9Zb+3a+n9HImI1Ivoi4tknI17KbY9bXV6ZnSyXS4vN9WJtbqFYXV65cG1ucqY0U5ofGb84MTE+PDY6sWd9vf3GK7cvffR074c/vX7v7puffJw0a7BZt7Efe6nR9Z44vmHboYh4/GEE64JCsz/93W4If0jy+f0tIs6l+X80CumnCWRBvV6v/1o/3K56tQ4cWPn0GDiXH4qIRjmfHxpqHMP/PQby5Uq19v+rlaX56cax8rHoyV+9Vi4NN78rHIueXLI+kpYfrI9uWR+LSI+B3yr0p+tDU5Xy9P4OdcAWR7bk/4+FRv4DGeErP2SX/Ifskv+QXfIfskv+Q3bJf8gu+Q/ZJf8hu+Q/ZJf8h+yS/5BJz1y6lCz11v3v09eXl2Yr1y9Ml6qzQ3NLU0NTlcWFoZlKZSa9Z2fu996vXKksjDwSSzeKtVK1Vqwur1yZqyzN166k9/VfKfXsS6+AThw/c+fLXESsPtqfLoneZp1chYOtXs9Ft+9BBrqj0O0BCOgaU3+QXb7jAzv8RO8mfe0qFva+LcD+yHe7AUDXnD/l/B9klfl/yC7z/5BdjvEB8/+QPeb/IbsG2zz/6y8bnt01HBF/jYgvCj2HW8/6Ag6C/De55vH/+aP/Htxa25v7OT1F0BsRr753+Z0bk7Xa4kiy/fv17bV3m9tHu9F+oFOtPG3lMQCQXWv3b061lv2M++0TjYsQtsc/1Jyb7EvPUQ6s5TZdq5Dbo2sXVm9FxMmd4ueazztvnPkYWCtsi3+i+ZprvEXa3kPpc9P3J/6pDfH/tSH+6T/9V4FsuJOMP8M75V8+zelYz7/N48/gHl070X78y6+Pf4U249+ZDmO8/P5rX7eNfyvi9I7xW/H60lhb4ydtO99h/HsvPPePdnX1Dxrvs1P8lqRUrM0tFKvLKxfS35GbKc2PjF+cmBgfHhudKKZz1MXWTPV2j5387O5u/R9oE3+3/ifb/tth/3/556fPn90l/n/O7fz5n9glfn9E/K/D+D+MfvViu7ok/nSb/ud3iZ9sG+swfvXtpw53uCsAsA+qyyuzk+VyaVFBQUFhvdDtkQl42B4kfbdbAgAAAAAAAAAAAHRqPy4n7nYfAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOgt8CAAD//1kn1ls=")
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
pwritev2(r3, &(0x7f00000001c0)=[{&(0x7f0000000400)="ba", 0xfdef}], 0x1, 0xe7b, 0x0, 0x1)
r4 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
sendfile(r4, r4, 0x0, 0x800000009)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)={0x28, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}}, 0x0)
r8 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
r9 = socket$kcm(0x23, 0x5, 0x0)
listen(r9, 0x800)
r10 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r10, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000200)="5c00000014006b05c84e21000ab16d6e230675f811000000440002005817d30461bc24eeb556a7ef595105ea1698fa51f60a64c9f408000000e786a6d0bdbdc3d44bd70011b6c0504bb9189d9193e9bd00"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x240040c4)
r11 = socket$phonet_pipe(0x23, 0x5, 0x2)
connect$phonet_pipe(r11, &(0x7f0000000040)={0x23, 0x0, 0x58}, 0x10)
close(r10)
r12 = accept4(r9, 0x0, 0x0, 0x80000)
syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r12)
fsconfig$FSCONFIG_SET_BINARY(r8, 0x6, 0x0, 0x0, 0x0)
r13 = fsmount(r8, 0x0, 0x0)
openat$cgroup_subtree(r13, &(0x7f0000000100), 0x2, 0x0)

[   86.021176][ T5324] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   86.100359][ T5324] loop0: detected capacity change from 0 to 512
[   86.126365][ T5287] Bluetooth: hci0: command tx timeout
[   86.250456][ T5324] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   86.286880][ T5324] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   86.389892][ T5323] Direct I/O collision with buffered writes! File: /file1 Comm: syz.0.0
[   86.439126][ T5323] wlan1: No basic rates, using min rate instead
[   86.447590][ T5323] wlan1: authenticate with 50:50:50:50:50:50 (local address=08:02:11:00:00:01)
[   86.452012][ T5323] wlan1: send auth to 50:50:50:50:50:50 (try 1/3)
[   86.457289][   T26] wlan1: send auth to 50:50:50:50:50:50 (try 2/3)
[   86.464941][ T5323] netlink: 'syz.0.0': attribute type 2 has an invalid length.
[   86.469360][   T26] wlan1: send auth to 50:50:50:50:50:50 (try 3/3)
[   86.472605][   T26] wlan1: authentication with 50:50:50:50:50:50 timed out
[   86.559190][    C0] 
[   86.560316][    C0] ================================
[   86.562504][    C0] WARNING: inconsistent lock state
[   86.564667][    C0] syzkaller #0 Not tainted
[   86.566678][    C0] --------------------------------
[   86.568895][    C0] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
[   86.571931][    C0] syz.0.0/5322 [HC0[0]:SC1[1]:HE1:SE0] takes:
[   86.574642][    C0] ffff88801f04bc68 (slock-AF_PHONET/1){+.?.}-{3:3}, at: __sk_receive_skb+0x1bf/0x9e0
[   86.581110][    C0] {SOFTIRQ-ON-W} state was registered at:
[   86.583450][    C0]   lock_acquire+0x106/0x350
[   86.585356][    C0]   _raw_spin_lock_nested+0x32/0x50
[   86.587564][    C0]   __sk_receive_skb+0x1bf/0x9e0
[   86.589619][    C0]   pep_do_rcv+0x685/0xaa0
[   86.591552][    C0]   __release_sock+0x297/0x3a0
[   86.593636][    C0]   release_sock+0x190/0x260
[   86.595562][    C0]   pep_sock_accept+0xdf5/0x12b0
[   86.597720][    C0]   pn_socket_accept+0xc9/0x2e0
[   86.599816][    C0]   do_accept+0x521/0x760
[   86.601590][    C0]   __sys_accept4+0x139/0x230
[   86.603639][    C0]   __x64_sys_accept4+0x9a/0xb0
[   86.605822][    C0]   do_syscall_64+0x15f/0xf80
[   86.607949][    C0]   entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.610685][    C0] irq event stamp: 2708
[   86.612574][    C0] hardirqs last  enabled at (2708): [<ffffffff8badd083>] _raw_spin_unlock_irq+0x23/0x50
[   86.616233][    C0] hardirqs last disabled at (2707): [<ffffffff8badcec7>] _raw_spin_lock_irq+0x17/0x50
[   86.619870][    C0] softirqs last  enabled at (2702): [<ffffffff897f1429>] netif_rx+0x79/0x90
[   86.623293][    C0] softirqs last disabled at (2703): [<ffffffff8187df26>] do_softirq+0x76/0xd0
[   86.626663][    C0] 
[   86.626663][    C0] other info that might help us debug this:
[   86.629819][    C0]  Possible unsafe locking scenario:
[   86.629819][    C0] 
[   86.632902][    C0]        CPU0
[   86.634318][    C0]        ----
[   86.635750][    C0]   lock(slock-AF_PHONET/1);
[   86.637886][    C0]   <Interrupt>
[   86.639441][    C0]     lock(slock-AF_PHONET/1);
[   86.641533][    C0] 
[   86.641533][    C0]  *** DEADLOCK ***
[   86.641533][    C0] 
[   86.644906][    C0] 5 locks held by syz.0.0/5322:
[   86.647078][    C0]  #0: ffff88800bb03840 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[   86.651579][    C0]  #1: ffff88801f04c360 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: pep_sock_close+0x86/0x5b0
[   86.655801][    C0]  #2: ffffffff8e95cca0 (rcu_read_lock){....}-{1:3}, at: process_backlog+0x3eb/0x1950
[   86.659984][    C0]  #3: ffff88801f04c968 (slock-AF_PHONET){+.-.}-{3:3}, at: __sk_receive_skb+0x1f1/0x9e0
[   86.664228][    C0]  #4: ffff88801f04c9e0 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: phonet_rcv+0x781/0xc40
[   86.668358][    C0] 
[   86.668358][    C0] stack backtrace:
[   86.671039][    C0] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   86.671055][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   86.671062][    C0] Call Trace:
[   86.671070][    C0]  <IRQ>
[   86.671075][    C0]  dump_stack_lvl+0xe8/0x150
[   86.671097][    C0]  print_usage_bug+0x28b/0x2e0
[   86.671117][    C0]  mark_lock_irq+0x410/0x420
[   86.671131][    C0]  ? __lock_acquire+0x6b5/0x2cf0
[   86.671149][    C0]  mark_lock+0x115/0x190
[   86.671163][    C0]  __lock_acquire+0x689/0x2cf0
[   86.671182][    C0]  ? sk_filter_trim_cap+0x1a7/0xe70
[   86.671200][    C0]  ? sk_filter_trim_cap+0x91e/0xe70
[   86.671215][    C0]  ? unwind_next_frame+0xa6/0x2550
[   86.671229][    C0]  ? __sk_receive_skb+0x1bf/0x9e0
[   86.671241][    C0]  lock_acquire+0x106/0x350
[   86.671252][    C0]  ? __sk_receive_skb+0x1bf/0x9e0
[   86.671266][    C0]  _raw_spin_lock_nested+0x32/0x50
[   86.671288][    C0]  ? __sk_receive_skb+0x1bf/0x9e0
[   86.671299][    C0]  __sk_receive_skb+0x1bf/0x9e0
[   86.671314][    C0]  pep_do_rcv+0x685/0xaa0
[   86.671330][    C0]  ? __pfx_pep_do_rcv+0x10/0x10
[   86.671346][    C0]  ? __pfx_pep_do_rcv+0x10/0x10
[   86.671361][    C0]  ? phonet_rcv+0x781/0xc40
[   86.671377][    C0]  __sk_receive_skb+0x962/0x9e0
[   86.671390][    C0]  phonet_rcv+0x781/0xc40
[   86.671407][    C0]  ? __lock_acquire+0x6b5/0x2cf0
[   86.671419][    C0]  ? __pfx_phonet_rcv+0x10/0x10
[   86.671448][    C0]  ? process_backlog+0x3eb/0x1950
[   86.671458][    C0]  ? process_backlog+0x3eb/0x1950
[   86.671467][    C0]  ? __pfx_phonet_rcv+0x10/0x10
[   86.671478][    C0]  ? process_backlog+0x3eb/0x1950
[   86.671487][    C0]  process_backlog+0xc66/0x1950
[   86.671501][    C0]  __napi_poll+0xae/0x340
[   86.671509][    C0]  ? skb_defer_free_flush+0x233/0x260
[   86.671519][    C0]  net_rx_action+0x627/0xf70
[   86.671529][    C0]  ? lock_acquire+0x106/0x350
[   86.671541][    C0]  ? __pfx_net_rx_action+0x10/0x10
[   86.671561][    C0]  handle_softirqs+0x22a/0x840
[   86.671573][    C0]  ? do_softirq+0x76/0xd0
[   86.671583][    C0]  ? netif_rx+0x79/0x90
[   86.671595][    C0]  do_softirq+0x76/0xd0
[   86.671604][    C0]  </IRQ>
[   86.671607][    C0]  <TASK>
[   86.671611][    C0]  __local_bh_enable_ip+0xf8/0x130
[   86.671620][    C0]  netif_rx+0x83/0x90
[   86.671634][    C0]  pn_send+0x62a/0x8e0
[   86.671646][    C0]  pn_skb_send+0x218/0x510
[   86.671657][    C0]  pep_sock_close+0x2c1/0x5b0
[   86.671670][    C0]  pn_socket_release+0x9b/0xc0
[   86.671686][    C0]  sock_close+0xc3/0x240
[   86.671703][    C0]  ? __pfx_sock_close+0x10/0x10
[   86.671715][    C0]  __fput+0x44f/0xa60
[   86.671726][    C0]  task_work_run+0x1d9/0x270
[   86.671739][    C0]  ? __pfx_task_work_run+0x10/0x10
[   86.671753][    C0]  exit_to_user_mode_loop+0xf3/0x4d0
[   86.671762][    C0]  ? rcu_is_watching+0x15/0xb0
[   86.671776][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.671787][    C0]  do_syscall_64+0x33e/0xf80
[   86.671800][    C0]  ? clear_bhb_loop+0x40/0x90
[   86.671814][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.671825][    C0] RIP: 0033:0x7ffa3c79ce59
[   86.671836][    C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   86.671844][    C0] RSP: 002b:00007ffe43d87f18 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   86.671857][    C0] RAX: 0000000000000000 RBX: 00007ffe43d88000 RCX: 00007ffa3c79ce59
[   86.671864][    C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[   86.671870][    C0] RBP: 0000000000014ed9 R08: 0000000000000001 R09: 0000000000000000
[   86.671877][    C0] R10: 00007ffa3c5ff030 R11: 0000000000000246 R12: 00007ffe43d88040
[   86.671884][    C0] R13: 00007ffa3ca15fac R14: 00000000000151c3 R15: 00007ffa3ca15fa0
[   86.671894][    C0]  </TASK>