================================
WARNING: inconsistent lock state
syzkaller #0 Not tainted
--------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
syz.0.177/5364 [HC0[0]:SC1[1]:HE1:SE0] takes:
ffff0000dc8c2f68 (slock-AF_PHONET/1){+.?.}-{3:3}, at: __sk_receive_skb+0x1ac/0x8d4 net/core/sock.c:563
{SOFTIRQ-ON-W} state was registered at:
  lock_acquire+0x140/0x368 kernel/locking/lockdep.c:5868
  _raw_spin_lock_nested+0x50/0x6c kernel/locking/spinlock.c:382
  __sk_receive_skb+0x1ac/0x8d4 net/core/sock.c:563
  sk_receive_skb include/net/sock.h:2022 [inline]
  pep_do_rcv+0x208/0x684 net/phonet/pep.c:675
  sk_backlog_rcv include/net/sock.h:1190 [inline]
  __release_sock+0x178/0x2c0 net/core/sock.c:3216
  release_sock+0x174/0x228 net/core/sock.c:3815
  pep_sock_accept+0x804/0xc08 net/phonet/pep.c:879
  pn_socket_accept+0xc8/0x26c net/phonet/socket.c:309
  do_accept+0x304/0x42c net/socket.c:2047
  __sys_accept4_file net/socket.c:2081 [inline]
  __sys_accept4+0x11c/0x1f8 net/socket.c:2103
  __do_sys_accept net/socket.c:2116 [inline]
  __se_sys_accept net/socket.c:2113 [inline]
  __arm64_sys_accept+0x80/0x98 net/socket.c:2113
  __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
  invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49
  el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121
  do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140
  el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:740
  el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:759
  el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
irq event stamp: 1722
hardirqs last  enabled at (1722): [<ffff80008675f464>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:187 [inline]
hardirqs last  enabled at (1722): [<ffff80008675f464>] _raw_spin_unlock_irq+0x30/0x80 kernel/locking/spinlock.c:206
hardirqs last disabled at (1721): [<ffff80008675f27c>] __raw_spin_lock_irq include/linux/spinlock_api_smp.h:140 [inline]
hardirqs last disabled at (1721): [<ffff80008675f27c>] _raw_spin_lock_irq+0x28/0x70 kernel/locking/spinlock.c:174
softirqs last  enabled at (1716): [<ffff800084b2d714>] local_bh_enable include/linux/bottom_half.h:33 [inline]
softirqs last  enabled at (1716): [<ffff800084b2d714>] netif_rx+0xac/0xd4 net/core/dev.c:5775
softirqs last disabled at (1717): [<ffff8000800204b0>] __do_softirq+0x14/0x20 kernel/softirq.c:656

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(slock-AF_PHONET/1);
  <Interrupt>
    lock(slock-AF_PHONET/1);

 *** DEADLOCK ***

5 locks held by syz.0.177/5364:
 #0: ffff0000dd0fb240 (&sb->s_type->i_mutex_key#12){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:1029 [inline]
 #0: ffff0000dd0fb240 (&sb->s_type->i_mutex_key#12){+.+.}-{4:4}, at: __sock_release+0x7c/0x1d4 net/socket.c:721
 #1: ffff0000dc8c3660 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1713 [inline]
 #1: ffff0000dc8c3660 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: pep_sock_close+0x90/0x4a8 net/phonet/pep.c:742
 #2: ffff800088ad72a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #2: ffff800088ad72a0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #2: ffff800088ad72a0 (rcu_read_lock){....}-{1:3}, at: process_backlog+0x574/0x16f8 net/core/dev.c:6665
 #3: ffff0000dc8c3c68 (slock-AF_PHONET){+.-.}-{3:3}, at: spin_lock include/linux/spinlock.h:342 [inline]
 #3: ffff0000dc8c3c68 (slock-AF_PHONET){+.-.}-{3:3}, at: __sk_receive_skb+0x1e0/0x8d4 net/core/sock.c:565
 #4: ffff0000dc8c3ce0 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: sk_receive_skb include/net/sock.h:2022 [inline]
 #4: ffff0000dc8c3ce0 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: phonet_rcv+0x64c/0xa94 net/phonet/af_phonet.c:-1

stack backtrace:
CPU: 1 UID: 0 PID: 5364 Comm: syz.0.177 Not tainted syzkaller #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
Call trace:
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C)
 __dump_stack+0x30/0x40 lib/dump_stack.c:94
 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120
 dump_stack+0x1c/0x28 lib/dump_stack.c:129
 print_usage_bug+0x310/0x384 kernel/locking/lockdep.c:4042
 valid_state kernel/locking/lockdep.c:4056 [inline]
 mark_lock_irq+0x4a0/0x4a8 kernel/locking/lockdep.c:-1
 mark_lock+0x144/0x1a4 kernel/locking/lockdep.c:4753
 mark_usage kernel/locking/lockdep.c:-1 [inline]
 __lock_acquire+0x6bc/0x2f44 kernel/locking/lockdep.c:5191
 lock_acquire+0x140/0x368 kernel/locking/lockdep.c:5868
 _raw_spin_lock_nested+0x50/0x6c kernel/locking/spinlock.c:382
 __sk_receive_skb+0x1ac/0x8d4 net/core/sock.c:563
 sk_receive_skb include/net/sock.h:2022 [inline]
 pep_do_rcv+0x208/0x684 net/phonet/pep.c:675
 sk_backlog_rcv include/net/sock.h:1190 [inline]
 __sk_receive_skb+0x458/0x8d4 net/core/sock.c:572
 sk_receive_skb include/net/sock.h:2022 [inline]
 phonet_rcv+0x64c/0xa94 net/phonet/af_phonet.c:-1
 __netif_receive_skb_one_core+0xc4/0x10c net/core/dev.c:6202
 __netif_receive_skb+0x34/0x128 net/core/dev.c:6315
 process_backlog+0x610/0x16f8 net/core/dev.c:6666
 __napi_poll+0xb0/0x324 net/core/dev.c:7733
 napi_poll net/core/dev.c:7796 [inline]
 net_rx_action+0x568/0xbcc net/core/dev.c:7953
 handle_softirqs+0x2e4/0xd34 kernel/softirq.c:622
 __do_softirq+0x14/0x20 kernel/softirq.c:656
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:78
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:889
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:83
 do_softirq+0x90/0xf8 kernel/softirq.c:523
 __local_bh_enable_ip+0x240/0x35c kernel/softirq.c:450
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 netif_rx+0xb4/0xd4 net/core/dev.c:5775
 pn_send+0x4e8/0x780 net/phonet/af_phonet.c:188
 pn_skb_send+0x1dc/0x508 net/phonet/af_phonet.c:275
 pipe_handler_request+0x128/0x234 net/phonet/pep.c:144
 pep_sock_close+0x124/0x4a8 net/phonet/pep.c:748
 pn_socket_release+0x9c/0xbc net/phonet/socket.c:34
 __sock_release+0xa0/0x1d4 net/socket.c:722
 sock_close+0x24/0x38 net/socket.c:1514
 __fput+0x340/0x744 fs/file_table.c:510
 ____fput+0x20/0x30 fs/file_table.c:538
 task_work_run+0x1c4/0x254 kernel/task_work.c:233
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 __exit_to_user_mode_loop kernel/entry/common.c:67 [inline]
 exit_to_user_mode_loop+0x10c/0x17c kernel/entry/common.c:98
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:230 [inline]
 arm64_syscall_exit_to_user_mode arch/arm64/kernel/entry-common.c:88 [inline]
 el0_svc+0x18c/0x260 arch/arm64/kernel/entry-common.c:741
 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:759
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594