program:
r0 = socket$pppoe(0x18, 0x1, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x88, 0x40, 0x0, 0x300)
connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0xe)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0}, 0x90)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$EVIOCGPROP(r3, 0x40047438, &(0x7f0000000180)=""/246)
r4 = dup(r3)
ioctl$PPPIOCCONNECT(r4, 0x40047435, &(0x7f00000002c0)=0x2)
ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000001f00))
sendmmsg(r0, &(0x7f0000001cc0), 0x400000000000026, 0x0)

[   90.118671][   T48] Bluetooth: hci0: command tx timeout
[   91.118192][    C0] 
[   91.119235][    C0] ================================
[   91.121185][    C0] WARNING: inconsistent lock state
[   91.123194][    C0] 6.11.0-rc4-syzkaller-00019-gb311c1b497e5 #0 Not tainted
[   91.125871][    C0] --------------------------------
[   91.127830][    C0] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
[   91.130412][    C0] ksoftirqd/0/16 [HC0[0]:SC1[1]:HE1:SE0] takes:
[   91.132826][    C0] ffff888045a389e0 (&pch->downl){+.?.}-{2:2}, at: ppp_input+0x18b/0xa10
[   91.136096][    C0] {SOFTIRQ-ON-W} state was registered at:
[   91.138217][    C0]   lock_acquire+0x1ed/0x550
[   91.139959][    C0]   _raw_spin_lock+0x2e/0x40
[   91.141766][    C0]   ppp_input+0x18b/0xa10
[   91.143441][    C0]   pppoe_rcv_core+0x117/0x310
[   91.145287][    C0]   __release_sock+0x243/0x350
[   91.147131][    C0]   release_sock+0x61/0x1f0
[   91.148891][    C0]   pppoe_sendmsg+0xd5/0x750
[   91.150654][    C0]   __sock_sendmsg+0x221/0x270
[   91.152502][    C0]   ____sys_sendmsg+0x525/0x7d0
[   91.154372][    C0]   __sys_sendmmsg+0x3b2/0x740
[   91.156205][    C0]   __x64_sys_sendmmsg+0xa0/0xb0
[   91.158075][    C0]   do_syscall_64+0xf3/0x230
[   91.159862][    C0]   entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.162180][    C0] irq event stamp: 1295128
[   91.163872][    C0] hardirqs last  enabled at (1295128): [<ffffffff8bc0d5ff>] _raw_spin_unlock_irqrestore+0x8f/0x140
[   91.167823][    C0] hardirqs last disabled at (1295127): [<ffffffff8bc0d300>] _raw_spin_lock_irqsave+0xb0/0x120
[   91.171709][    C0] softirqs last  enabled at (1295100): [<ffffffff81578ffa>] run_ksoftirqd+0xca/0x130
[   91.175366][    C0] softirqs last disabled at (1295123): [<ffffffff81578ffa>] run_ksoftirqd+0xca/0x130
[   91.178852][    C0] 
[   91.178852][    C0] other info that might help us debug this:
[   91.181908][    C0]  Possible unsafe locking scenario:
[   91.181908][    C0] 
[   91.184712][    C0]        CPU0
[   91.185944][    C0]        ----
[   91.187245][    C0]   lock(&pch->downl);
[   91.188817][    C0]   <Interrupt>
[   91.190176][    C0]     lock(&pch->downl);
[   91.191785][    C0] 
[   91.191785][    C0]  *** DEADLOCK ***
[   91.191785][    C0] 
[   91.194898][    C0] 1 lock held by ksoftirqd/0/16:
[   91.196850][    C0]  #0: ffffffff8e938320 (rcu_read_lock){....}-{1:2}, at: ppp_input+0x55/0xa10
[   91.200246][    C0] 
[   91.200246][    C0] stack backtrace:
[   91.202457][    C0] CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00019-gb311c1b497e5 #0
[   91.206400][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   91.210520][    C0] Call Trace:
[   91.211823][    C0]  <TASK>
[   91.212988][    C0]  dump_stack_lvl+0x241/0x360
[   91.214769][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[   91.216732][    C0]  ? print_usage_bug+0x61a/0x8a0
[   91.218675][    C0]  ? ret_from_fork_asm+0x19/0x30
[   91.220631][    C0]  valid_state+0x13a/0x1c0
[   91.222359][    C0]  mark_lock_irq+0xbb/0xc20
[   91.224097][    C0]  ? arch_stack_walk+0x17b/0x1b0
[   91.225947][    C0]  ? __pfx_mark_lock_irq+0x10/0x10
[   91.227898][    C0]  ? stack_trace_save+0x118/0x1d0
[   91.229779][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[   91.231820][    C0]  ? lockdep_unlock+0x16a/0x300
[   91.233712][    C0]  ? lockdep_lock+0x123/0x2b0
[   91.235540][    C0]  ? save_trace+0x5a/0xb40
[   91.237220][    C0]  mark_lock+0x223/0x350
[   91.238850][    C0]  __lock_acquire+0xbf9/0x2040
[   91.240720][    C0]  lock_acquire+0x1ed/0x550
[   91.242388][    C0]  ? ppp_input+0x18b/0xa10
[   91.244117][    C0]  ? __pfx_lock_acquire+0x10/0x10
[   91.246011][    C0]  ? __pfx_lock_acquire+0x10/0x10
[   91.247948][    C0]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   91.250226][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[   91.252220][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   91.254413][    C0]  _raw_spin_lock+0x2e/0x40
[   91.256199][    C0]  ? ppp_input+0x18b/0xa10
[   91.257933][    C0]  ppp_input+0x18b/0xa10
[   91.259579][    C0]  ? ppp_input+0x55/0xa10
[   91.261312][    C0]  ppp_sync_process+0x71/0x160
[   91.263225][    C0]  tasklet_action_common+0x321/0x4d0
[   91.265278][    C0]  ? __pfx_tasklet_action_common+0x10/0x10
[   91.267507][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   91.269997][    C0]  ? __schedule+0x1808/0x4a60
[   91.271852][    C0]  ? workqueue_softirq_action+0xce/0x140
[   91.273967][    C0]  handle_softirqs+0x2c4/0x970
[   91.275746][    C0]  ? run_ksoftirqd+0xca/0x130
[   91.277535][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[   91.279662][    C0]  run_ksoftirqd+0xca/0x130
[   91.281442][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[   91.283502][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[   91.285550][    C0]  smpboot_thread_fn+0x544/0xa30
[   91.287559][    C0]  ? smpboot_thread_fn+0x4e/0xa30
[   91.289540][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[   91.291717][    C0]  kthread+0x2f0/0x390
[   91.293339][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[   91.295444][    C0]  ? __pfx_kthread+0x10/0x10
[   91.297238][    C0]  ret_from_fork+0x4b/0x80
[   91.298962][    C0]  ? __pfx_kthread+0x10/0x10
[   91.300767][    C0]  ret_from_fork_asm+0x1a/0x30
[   91.302646][    C0]  </TASK>