program:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x48, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x48}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000001d40)={0x0, 0x0, &(0x7f0000001d00)={&(0x7f0000000080)={0x48, 0x2, 0x6, 0x3, 0x0, 0x0, {0x9, 0x0, 0x4}, [@IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0x94}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$smc(&(0x7f0000000340), 0xffffffffffffffff)
r4 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r4, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000080)=0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0}, 0x90)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$EVIOCGPROP(r6, 0x40047438, &(0x7f0000000180)=""/246)
r7 = dup(r6)
ioctl$PPPIOCCONNECT(r7, 0x40047435, &(0x7f00000002c0)=0x2)
ioctl$PPPIOCGCHAN(r4, 0x80047437, &(0x7f0000001f00))
sendmmsg(r4, &(0x7f0000001cc0), 0x400000000000026, 0x0)
sendmsg$SMC_PNETID_ADD(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x34, r3, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'ip6gretap0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0)
ioctl$UI_SET_ABSBIT(r7, 0x40045567, 0x6)

[   89.991474][ T5099] Bluetooth: hci0: command tx timeout
[   91.043605][    C0] 
[   91.044614][    C0] ================================
[   91.046565][    C0] WARNING: inconsistent lock state
[   91.048365][    C0] 6.11.0-rc6-syzkaller-00019-g67784a74e258 #0 Not tainted
[   91.050983][    C0] --------------------------------
[   91.052954][    C0] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
[   91.055253][    C0] ksoftirqd/0/16 [HC0[0]:SC1[1]:HE1:SE0] takes:
[   91.057426][    C0] ffff88800014f9e0 (&pch->downl){+.?.}-{2:2}, at: ppp_input+0x18b/0xa10
[   91.060301][    C0] {SOFTIRQ-ON-W} state was registered at:
[   91.062474][    C0]   lock_acquire+0x1ed/0x550
[   91.064147][    C0]   _raw_spin_lock+0x2e/0x40
[   91.065820][    C0]   ppp_input+0x18b/0xa10
[   91.067137][    C0]   pppoe_rcv_core+0x117/0x310
[   91.068612][    C0]   __release_sock+0x243/0x350
[   91.070128][    C0]   release_sock+0x61/0x1f0
[   91.071541][    C0]   pppoe_sendmsg+0xd5/0x750
[   91.073028][    C0]   __sock_sendmsg+0x221/0x270
[   91.074606][    C0]   ____sys_sendmsg+0x525/0x7d0
[   91.076349][    C0]   __sys_sendmmsg+0x3b2/0x740
[   91.078196][    C0]   __x64_sys_sendmmsg+0xa0/0xb0
[   91.080021][    C0]   do_syscall_64+0xf3/0x230
[   91.081692][    C0]   entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.083704][    C0] irq event stamp: 882570
[   91.085294][    C0] hardirqs last  enabled at (882570): [<ffffffff81575c48>] __local_bh_enable_ip+0x168/0x200
[   91.089001][    C0] hardirqs last disabled at (882569): [<ffffffff81575be6>] __local_bh_enable_ip+0x106/0x200
[   91.092815][    C0] softirqs last  enabled at (882558): [<ffffffff81578e9a>] run_ksoftirqd+0xca/0x130
[   91.096401][    C0] softirqs last disabled at (882563): [<ffffffff81578e9a>] run_ksoftirqd+0xca/0x130
[   91.099688][    C0] 
[   91.099688][    C0] other info that might help us debug this:
[   91.102697][    C0]  Possible unsafe locking scenario:
[   91.102697][    C0] 
[   91.105390][    C0]        CPU0
[   91.106611][    C0]        ----
[   91.107883][    C0]   lock(&pch->downl);
[   91.109417][    C0]   <Interrupt>
[   91.110727][    C0]     lock(&pch->downl);
[   91.112325][    C0] 
[   91.112325][    C0]  *** DEADLOCK ***
[   91.112325][    C0] 
[   91.115188][    C0] 1 lock held by ksoftirqd/0/16:
[   91.116914][    C0]  #0: ffffffff8e938320 (rcu_read_lock){....}-{1:2}, at: ppp_input+0x55/0xa10
[   91.120098][    C0] 
[   91.120098][    C0] stack backtrace:
[   91.122232][    C0] CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc6-syzkaller-00019-g67784a74e258 #0
[   91.125991][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   91.129965][    C0] Call Trace:
[   91.131247][    C0]  <TASK>
[   91.132317][    C0]  dump_stack_lvl+0x241/0x360
[   91.134083][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[   91.136035][    C0]  ? print_usage_bug+0x61a/0x8a0
[   91.137810][    C0]  ? ret_from_fork_asm+0x19/0x30
[   91.139642][    C0]  valid_state+0x13a/0x1c0
[   91.141277][    C0]  mark_lock_irq+0xbb/0xc20
[   91.142859][    C0]  ? arch_stack_walk+0x17b/0x1b0
[   91.144757][    C0]  ? __pfx_mark_lock_irq+0x10/0x10
[   91.146741][    C0]  ? stack_trace_save+0x118/0x1d0
[   91.148642][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[   91.150620][    C0]  ? lockdep_unlock+0x16a/0x300
[   91.152461][    C0]  ? lockdep_lock+0x123/0x2b0
[   91.154281][    C0]  ? save_trace+0x5a/0xb40
[   91.155894][    C0]  ? lockdep_unlock+0x16a/0x300
[   91.157872][    C0]  mark_lock+0x223/0x350
[   91.159532][    C0]  __lock_acquire+0xbf9/0x2040
[   91.161379][    C0]  lock_acquire+0x1ed/0x550
[   91.163140][    C0]  ? ppp_input+0x18b/0xa10
[   91.165058][    C0]  ? __pfx_lock_acquire+0x10/0x10
[   91.166969][    C0]  ? __pfx_lock_acquire+0x10/0x10
[   91.168767][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   91.171077][    C0]  ? __local_bh_enable_ip+0x168/0x200
[   91.172998][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[   91.174917][    C0]  _raw_spin_lock+0x2e/0x40
[   91.176710][    C0]  ? ppp_input+0x18b/0xa10
[   91.178465][    C0]  ppp_input+0x18b/0xa10
[   91.180117][    C0]  ? ppp_input+0x55/0xa10
[   91.181881][    C0]  ppp_async_process+0x7f/0x150
[   91.183809][    C0]  tasklet_action_common+0x321/0x4d0
[   91.185857][    C0]  ? __pfx_tasklet_action_common+0x10/0x10
[   91.188010][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   91.190364][    C0]  ? __schedule+0x1808/0x4a60
[   91.192219][    C0]  ? workqueue_softirq_action+0xce/0x140
[   91.194376][    C0]  handle_softirqs+0x2c4/0x970
[   91.196235][    C0]  ? run_ksoftirqd+0xca/0x130
[   91.197978][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[   91.199891][    C0]  run_ksoftirqd+0xca/0x130
[   91.201421][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[   91.203264][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[   91.205248][    C0]  smpboot_thread_fn+0x544/0xa30
[   91.207112][    C0]  ? smpboot_thread_fn+0x4e/0xa30
[   91.208831][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[   91.211058][    C0]  kthread+0x2f0/0x390
[   91.212786][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[   91.215065][    C0]  ? __pfx_kthread+0x10/0x10
[   91.217042][    C0]  ret_from_fork+0x4b/0x80
[   91.218843][    C0]  ? __pfx_kthread+0x10/0x10
[   91.220207][    C0]  ret_from_fork_asm+0x1a/0x30
[   91.221910][    C0]  </TASK>
[   91.281899][ T5115] smc: net device ip6gretap0 applied user defined pnetid SYZ1