================================
WARNING: inconsistent lock state
6.11.0-syzkaller-02574-ga430d95c5efa #0 Not tainted
--------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
udevd/5461 [HC0[0]:SC1[1]:HE1:SE0] takes:
ffff88803225f9e0 (&pch->downl){+.?.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff88803225f9e0 (&pch->downl){+.?.}-{2:2}, at: ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2272 [inline]
ffff88803225f9e0 (&pch->downl){+.?.}-{2:2}, at: ppp_input+0x104/0xbb0 drivers/net/ppp/ppp_generic.c:2304
{SOFTIRQ-ON-W} state was registered at:
  lock_acquire kernel/locking/lockdep.c:5759 [inline]
  lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5724
  __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
  _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
  spin_lock include/linux/spinlock.h:351 [inline]
  ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2272 [inline]
  ppp_input+0x104/0xbb0 drivers/net/ppp/ppp_generic.c:2304
  pppoe_rcv_core+0x22c/0x320 drivers/net/ppp/pppoe.c:379
  sk_backlog_rcv include/net/sock.h:1113 [inline]
  __release_sock+0x35f/0x400 net/core/sock.c:3072
  release_sock+0x5a/0x220 net/core/sock.c:3626
  pppoe_sendmsg+0x5e6/0x770 drivers/net/ppp/pppoe.c:903
  sock_sendmsg_nosec net/socket.c:730 [inline]
  __sock_sendmsg net/socket.c:745 [inline]
  ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2603
  ___sys_sendmsg+0x135/0x1e0 net/socket.c:2657
  __sys_sendmmsg+0x1a1/0x450 net/socket.c:2743
  __do_sys_sendmmsg net/socket.c:2772 [inline]
  __se_sys_sendmmsg net/socket.c:2769 [inline]
  __x64_sys_sendmmsg+0x9c/0x100 net/socket.c:2769
  do_syscall_x64 arch/x86/entry/common.c:52 [inline]
  do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
  entry_SYSCALL_64_after_hwframe+0x77/0x7f
irq event stamp: 247960
hardirqs last  enabled at (247960): [<ffffffff81503424>] __local_bh_enable_ip+0xa4/0x120 kernel/softirq.c:387
hardirqs last disabled at (247959): [<ffffffff8150344d>] __local_bh_enable_ip+0xcd/0x120 kernel/softirq.c:364
softirqs last  enabled at (247928): [<ffffffff8150294e>] softirq_handle_end kernel/softirq.c:400 [inline]
softirqs last  enabled at (247928): [<ffffffff8150294e>] handle_softirqs+0x5be/0x8f0 kernel/softirq.c:582
softirqs last disabled at (247933): [<ffffffff8150367b>] __do_softirq kernel/softirq.c:588 [inline]
softirqs last disabled at (247933): [<ffffffff8150367b>] invoke_softirq kernel/softirq.c:428 [inline]
softirqs last disabled at (247933): [<ffffffff8150367b>] __irq_exit_rcu kernel/softirq.c:637 [inline]
softirqs last disabled at (247933): [<ffffffff8150367b>] irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&pch->downl);
  <Interrupt>
    lock(&pch->downl);

 *** DEADLOCK ***

4 locks held by udevd/5461:
 #0: ffffffff8ddba6a0 (rcu_read_lock){....}-{1:2}, at: local_lock_release include/linux/local_lock_internal.h:38 [inline]
 #0: ffffffff8ddba6a0 (rcu_read_lock){....}-{1:2}, at: process_backlog+0x3f1/0x15f0 net/core/dev.c:6105
 #1: ffff88802a5de1d8 (slock-AF_PPPOX){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
 #1: ffff88802a5de1d8 (slock-AF_PPPOX){+.-.}-{2:2}, at: __sk_receive_skb+0x1dd/0x890 net/core/sock.c:563
 #2: ffff88802a5de258 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: sk_receive_skb include/net/sock.h:1898 [inline]
 #2: ffff88802a5de258 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: pppoe_rcv+0x7b2/0xa70 drivers/net/ppp/pppoe.c:451
 #3: ffffffff8ddba6a0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:326 [inline]
 #3: ffffffff8ddba6a0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #3: ffffffff8ddba6a0 (rcu_read_lock){....}-{1:2}, at: ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2267 [inline]
 #3: ffffffff8ddba6a0 (rcu_read_lock){....}-{1:2}, at: ppp_input+0x70/0xbb0 drivers/net/ppp/ppp_generic.c:2304

stack backtrace:
CPU: 1 UID: 0 PID: 5461 Comm: udevd Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119
 print_usage_bug kernel/locking/lockdep.c:3970 [inline]
 valid_state kernel/locking/lockdep.c:4012 [inline]
 mark_lock_irq kernel/locking/lockdep.c:4215 [inline]
 mark_lock+0x923/0xc60 kernel/locking/lockdep.c:4677
 mark_usage kernel/locking/lockdep.c:4566 [inline]
 __lock_acquire+0x11d7/0x3cb0 kernel/locking/lockdep.c:5096
 lock_acquire kernel/locking/lockdep.c:5759 [inline]
 lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5724
 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
 _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
 spin_lock include/linux/spinlock.h:351 [inline]
 ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2272 [inline]
 ppp_input+0x104/0xbb0 drivers/net/ppp/ppp_generic.c:2304
 pppoe_rcv_core+0x22c/0x320 drivers/net/ppp/pppoe.c:379
 sk_backlog_rcv include/net/sock.h:1113 [inline]
 __sk_receive_skb+0x7aa/0x890 net/core/sock.c:570
 sk_receive_skb include/net/sock.h:1898 [inline]
 pppoe_rcv+0x7b2/0xa70 drivers/net/ppp/pppoe.c:451
 __netif_receive_skb_one_core+0x1b1/0x1e0 net/core/dev.c:5662
 __netif_receive_skb+0x1d/0x160 net/core/dev.c:5775
 process_backlog+0x443/0x15f0 net/core/dev.c:6107
 __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:6771
 napi_poll net/core/dev.c:6840 [inline]
 net_rx_action+0xa92/0x1010 net/core/dev.c:6962
 handle_softirqs+0x216/0x8f0 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu kernel/softirq.c:637 [inline]
 irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:finish_task_switch.isra.0+0x220/0xcc0 kernel/sched/core.c:5062
Code: a9 0a 00 00 44 8b 0d 87 5a c1 0e 45 85 c9 0f 85 c0 01 00 00 48 89 df e8 ae f8 ff ff e8 39 b1 36 00 fb 65 48 8b 1d 90 66 a7 7e <48> 8d bb f8 15 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1
RSP: 0018:ffffc9000492f3f8 EFLAGS: 00000206
RAX: 000000000003c87b RBX: ffff888026995a00 RCX: 1ffffffff203aaa9
RDX: 0000000000000000 RSI: ffffffff8b4cdac0 RDI: ffffffff8bb118a0
RBP: ffffc9000492f440 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff901d999f R11: 0000000000000000 R12: ffff8880b893f918
R13: ffff888026ddbc00 R14: 0000000000000000 R15: ffff8880b893eb80
 context_switch kernel/sched/core.c:5191 [inline]
 __schedule+0xe3f/0x5490 kernel/sched/core.c:6529
 preempt_schedule_common+0x44/0xc0 kernel/sched/core.c:6708
 preempt_schedule_thunk+0x1a/0x30 arch/x86/entry/thunk.S:12
 unwind_next_frame+0x1c90/0x23a0 arch/x86/kernel/unwind_orc.c:672
 arch_stack_walk+0x100/0x170 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x95/0xd0 kernel/stacktrace.c:122
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579
 poison_slab_object+0xf7/0x160 mm/kasan/common.c:240
 __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256
 kasan_slab_free include/linux/kasan.h:184 [inline]
 slab_free_hook mm/slub.c:2250 [inline]
 slab_free mm/slub.c:4474 [inline]
 kmem_cache_free+0x12f/0x3a0 mm/slub.c:4549
 locks_free_lock fs/locks.c:353 [inline]
 locks_dispose_list+0x19d/0x250 fs/locks.c:375
 flock_lock_inode+0x691/0x1040 fs/locks.c:1141
 locks_remove_flock+0x26d/0x2c0 fs/locks.c:2660
 locks_remove_file+0xd7/0x5a0 fs/locks.c:2702
 __fput+0x348/0xb60 fs/file_table.c:423
 __fput_sync+0x45/0x50 fs/file_table.c:516
 __do_sys_close fs/open.c:1565 [inline]
 __se_sys_close fs/open.c:1550 [inline]
 __x64_sys_close+0x86/0x100 fs/open.c:1550
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8500d170a8
Code: 48 8b 05 83 9d 0d 00 64 c7 00 16 00 00 00 83 c8 ff 48 83 c4 20 5b c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 5b 48 8b 15 51 9d 0d 00 f7 d8 64 89 02 48 83
RSP: 002b:00007fffe6733718 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
RAX: ffffffffffffffda RBX: 00007f8501106ae0 RCX: 00007f8500d170a8
RDX: 0000559bb0967261 RSI: 00007fffe6732f18 RDI: 0000000000000008
RBP: 0000559ee978d9f0 R08: 0000000000000006 R09: df78c6441dc729df
R10: 000000000000010f R11: 0000000000000246 R12: 0000000000000002
R13: 0000559ee97c40d0 R14: 0000000000000008 R15: 0000559ee97812c0
 </TASK>
----------------
Code disassembly (best guess):
   0:	a9 0a 00 00 44       	test   $0x4400000a,%eax
   5:	8b 0d 87 5a c1 0e    	mov    0xec15a87(%rip),%ecx        # 0xec15a92
   b:	45 85 c9             	test   %r9d,%r9d
   e:	0f 85 c0 01 00 00    	jne    0x1d4
  14:	48 89 df             	mov    %rbx,%rdi
  17:	e8 ae f8 ff ff       	call   0xfffff8ca
  1c:	e8 39 b1 36 00       	call   0x36b15a
  21:	fb                   	sti
  22:	65 48 8b 1d 90 66 a7 	mov    %gs:0x7ea76690(%rip),%rbx        # 0x7ea766ba
  29:	7e
* 2a:	48 8d bb f8 15 00 00 	lea    0x15f8(%rbx),%rdi <-- trapping instruction
  31:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  38:	fc ff df
  3b:	48 89 fa             	mov    %rdi,%rdx
  3e:	48                   	rex.W
  3f:	c1                   	.byte 0xc1