program:
r0 = socket$kcm(0x23, 0x5, 0x0)
listen(r0, 0x800)
r1 = socket$kcm(0x10, 0x2, 0x0)
semctl$IPC_STAT(0x0, 0x0, 0x2, 0x0)
sendmsg$inet(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000200)="5c00000014006b05c84e21000ab16d6e230675f811000000440002005817d30461bc24eeb556a7ef595105ea1698fa51f60a64c9f408000000e786a6d0bdbdc3d44bd70011b6c0504bb9189d9193e9bd00"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x240040c4)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
connect$phonet_pipe(r2, &(0x7f0000000040)={0x23, 0x0, 0x58}, 0x10)
accept4(r0, 0x0, 0x0, 0x80000)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xe, 0x7fff0000}]})
setsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f0000000080)=0x1, 0x4)
close_range(r0, r2, 0x0)

[   84.896365][ T5289] Bluetooth: hci0: command tx timeout
[   84.980477][ T5331] netlink: 'syz.0.0': attribute type 2 has an invalid length.
[   85.071770][    C0] 
[   85.072940][    C0] ================================
[   85.075207][    C0] WARNING: inconsistent lock state
[   85.077447][    C0] syzkaller #0 Not tainted
[   85.079305][    C0] --------------------------------
[   85.081544][    C0] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
[   85.084559][    C0] syz.0.0/5331 [HC0[0]:SC1[1]:HE1:SE0] takes:
[   85.087258][    C0] ffff888042fabc68 (slock-AF_PHONET/1){+.?.}-{3:3}, at: __sk_receive_skb+0x1bf/0x9e0
[   85.091496][    C0] {SOFTIRQ-ON-W} state was registered at:
[   85.094055][    C0]   lock_acquire+0x106/0x350
[   85.096171][    C0]   _raw_spin_lock_nested+0x32/0x50
[   85.098515][    C0]   __sk_receive_skb+0x1bf/0x9e0
[   85.100664][    C0]   pep_do_rcv+0x685/0xaa0
[   85.102658][    C0]   __release_sock+0x297/0x3a0
[   85.104798][    C0]   release_sock+0x190/0x260
[   85.106772][    C0]   pep_sock_accept+0xdf5/0x12b0
[   85.108954][    C0]   pn_socket_accept+0xc9/0x2e0
[   85.111156][    C0]   do_accept+0x521/0x760
[   85.113127][    C0]   __sys_accept4+0x139/0x230
[   85.115253][    C0]   __x64_sys_accept4+0x9a/0xb0
[   85.117454][    C0]   do_syscall_64+0x15f/0xf80
[   85.119521][    C0]   entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.122570][    C0] irq event stamp: 1502
[   85.124441][    C0] hardirqs last  enabled at (1502): [<ffffffff8bad9083>] _raw_spin_unlock_irq+0x23/0x50
[   85.128738][    C0] hardirqs last disabled at (1501): [<ffffffff8bad8ec7>] _raw_spin_lock_irq+0x17/0x50
[   85.132799][    C0] softirqs last  enabled at (1496): [<ffffffff897ecef9>] netif_rx+0x79/0x90
[   85.136667][    C0] softirqs last disabled at (1497): [<ffffffff8187df26>] do_softirq+0x76/0xd0
[   85.140565][    C0] 
[   85.140565][    C0] other info that might help us debug this:
[   85.144119][    C0]  Possible unsafe locking scenario:
[   85.144119][    C0] 
[   85.147429][    C0]        CPU0
[   85.148913][    C0]        ----
[   85.150374][    C0]   lock(slock-AF_PHONET/1);
[   85.152440][    C0]   <Interrupt>
[   85.154025][    C0]     lock(slock-AF_PHONET/1);
[   85.156181][    C0] 
[   85.156181][    C0]  *** DEADLOCK ***
[   85.156181][    C0] 
[   85.159645][    C0] 5 locks held by syz.0.0/5331:
[   85.161744][    C0]  #0: ffff888046df0840 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[   85.166215][    C0]  #1: ffff888042fac360 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: pep_sock_close+0x86/0x5b0
[   85.170377][    C0]  #2: ffffffff8e95cde0 (rcu_read_lock){....}-{1:3}, at: process_backlog+0x3eb/0x1950
[   85.174643][    C0]  #3: ffff888042fac968 (slock-AF_PHONET){+.-.}-{3:3}, at: __sk_receive_skb+0x1f1/0x9e0
[   85.178961][    C0]  #4: ffff888042fac9e0 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: phonet_rcv+0x781/0xc40
[   85.183097][    C0] 
[   85.183097][    C0] stack backtrace:
[   85.185698][    C0] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.185714][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.185720][    C0] Call Trace:
[   85.185728][    C0]  <IRQ>
[   85.185733][    C0]  dump_stack_lvl+0xe8/0x150
[   85.185751][    C0]  print_usage_bug+0x28b/0x2e0
[   85.185766][    C0]  mark_lock_irq+0x410/0x420
[   85.185779][    C0]  ? __pfx_css_rstat_updated+0x10/0x10
[   85.185792][    C0]  mark_lock+0x115/0x190
[   85.185805][    C0]  __lock_acquire+0x689/0x2cf0
[   85.185819][    C0]  ? sk_filter_trim_cap+0x1a7/0xe70
[   85.185835][    C0]  ? sk_filter_trim_cap+0x91e/0xe70
[   85.185850][    C0]  ? __sk_receive_skb+0x1bf/0x9e0
[   85.185860][    C0]  lock_acquire+0x106/0x350
[   85.185871][    C0]  ? __sk_receive_skb+0x1bf/0x9e0
[   85.185891][    C0]  _raw_spin_lock_nested+0x32/0x50
[   85.185906][    C0]  ? __sk_receive_skb+0x1bf/0x9e0
[   85.185916][    C0]  __sk_receive_skb+0x1bf/0x9e0
[   85.185928][    C0]  pep_do_rcv+0x685/0xaa0
[   85.185943][    C0]  ? __pfx_pep_do_rcv+0x10/0x10
[   85.185958][    C0]  ? __pfx_pep_do_rcv+0x10/0x10
[   85.185970][    C0]  ? phonet_rcv+0x781/0xc40
[   85.185981][    C0]  __sk_receive_skb+0x962/0x9e0
[   85.185992][    C0]  phonet_rcv+0x781/0xc40
[   85.186006][    C0]  ? __pfx_phonet_rcv+0x10/0x10
[   85.186019][    C0]  ? process_backlog+0x3eb/0x1950
[   85.186030][    C0]  ? process_backlog+0x3eb/0x1950
[   85.186040][    C0]  ? __pfx_phonet_rcv+0x10/0x10
[   85.186052][    C0]  ? process_backlog+0x3eb/0x1950
[   85.186063][    C0]  process_backlog+0xc66/0x1950
[   85.186079][    C0]  __napi_poll+0xae/0x340
[   85.186088][    C0]  ? skb_defer_free_flush+0x233/0x260
[   85.186105][    C0]  net_rx_action+0x627/0xf70
[   85.186115][    C0]  ? lock_acquire+0x106/0x350
[   85.186130][    C0]  ? __pfx_net_rx_action+0x10/0x10
[   85.186148][    C0]  handle_softirqs+0x22a/0x840
[   85.186161][    C0]  ? do_softirq+0x76/0xd0
[   85.186173][    C0]  ? netif_rx+0x79/0x90
[   85.186187][    C0]  do_softirq+0x76/0xd0
[   85.186197][    C0]  </IRQ>
[   85.186201][    C0]  <TASK>
[   85.186205][    C0]  __local_bh_enable_ip+0xf8/0x130
[   85.186217][    C0]  netif_rx+0x83/0x90
[   85.186229][    C0]  pn_send+0x62a/0x8e0
[   85.186244][    C0]  pn_skb_send+0x218/0x510
[   85.186257][    C0]  pep_sock_close+0x2c1/0x5b0
[   85.186272][    C0]  pn_socket_release+0x9b/0xc0
[   85.186283][    C0]  sock_close+0xc3/0x240
[   85.186299][    C0]  ? __pfx_sock_close+0x10/0x10
[   85.186313][    C0]  __fput+0x44f/0xa60
[   85.186327][    C0]  task_work_run+0x1d9/0x270
[   85.186344][    C0]  ? __pfx_task_work_run+0x10/0x10
[   85.186360][    C0]  exit_to_user_mode_loop+0xf3/0x4d0
[   85.186371][    C0]  ? rcu_is_watching+0x15/0xb0
[   85.186385][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.186396][    C0]  do_syscall_64+0x33e/0xf80
[   85.186411][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.186422][    C0]  ? clear_bhb_loop+0x40/0x90
[   85.186435][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.186445][    C0] RIP: 0033:0x7fd525b9ce59
[   85.186507][    C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.186516][    C0] RSP: 002b:00007fd526a8dfe8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   85.186528][    C0] RAX: 0000000000000000 RBX: 00007fd525e15fa0 RCX: 00007fd525b9ce59
[   85.186534][    C0] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000003
[   85.186539][    C0] RBP: 00007fd525c32d6f R08: 0000000000000000 R09: 0000000000000000
[   85.186545][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.186550][    C0] R13: 00007fd525e16038 R14: 00007fd525e15fa0 R15: 00007ffc4fb4c938
[   85.186561][    C0]  </TASK>
[   85.489525][ T5331] gprs0: detached