program: socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f7}) syz_init_net_socket$llc(0x1a, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x0, 0xffff}}}, 0x24}}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00') open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x1) socket$inet(0x2, 0x80001, 0x84) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) sendmsg(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='-', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x20050800) r1 = socket$kcm(0x23, 0x5, 0x0) listen(r1, 0x800) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000200)="5c00000014006b05c84e21000ab16d6e230675f811000000440002005817d30461bc24eeb556a7ef595105ea1698fa51f60a64c9f408000000e786a6d0bdbdc3d44bd70011b6c0504bb9189d9193e9bd00"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x240040c4) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r3, &(0x7f0000000040)={0x23, 0x0, 0x58}, 0x10) accept4(r1, 0x0, 0x0, 0x80000) close(0x3) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) [ 132.082400][ T5302] Bluetooth: hci0: command tx timeout [ 132.156392][ T5344] netlink: 'syz.0.0': attribute type 2 has an invalid length. [ 132.219555][ C0] [ 132.220627][ C0] ================================ [ 132.222882][ C0] WARNING: inconsistent lock state [ 132.225020][ C0] syzkaller #0 Not tainted [ 132.226965][ C0] -------------------------------- [ 132.229138][ C0] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. [ 132.231913][ C0] syz.0.0/5342 [HC0[0]:SC1[1]:HE1:SE0] takes: [ 132.234575][ C0] ffff888044b03c68 (slock-AF_PHONET/1){+.?.}-{3:3}, at: __sk_receive_skb+0x1bf/0x9e0 [ 132.238669][ C0] {SOFTIRQ-ON-W} state was registered at: [ 132.241104][ C0] lock_acquire+0x106/0x350 [ 132.243070][ C0] _raw_spin_lock_nested+0x32/0x50 [ 132.245286][ C0] __sk_receive_skb+0x1bf/0x9e0 [ 132.247117][ C0] pep_do_rcv+0x685/0xaa0 [ 132.248855][ C0] __release_sock+0x297/0x3a0 [ 132.250884][ C0] release_sock+0x190/0x260 [ 132.252978][ C0] pep_sock_accept+0xdf5/0x12b0 [ 132.255178][ C0] pn_socket_accept+0xc9/0x2e0 [ 132.257400][ C0] do_accept+0x521/0x760 [ 132.259312][ C0] __sys_accept4+0x139/0x230 [ 132.261411][ C0] __x64_sys_accept4+0x9a/0xb0 [ 132.263612][ C0] do_syscall_64+0x15f/0xf80 [ 132.265941][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.268942][ C0] irq event stamp: 2134 [ 132.270817][ C0] hardirqs last enabled at (2134): [] _raw_spin_unlock_irq+0x23/0x50 [ 132.275087][ C0] hardirqs last disabled at (2133): [] _raw_spin_lock_irq+0x17/0x50 [ 132.279287][ C0] softirqs last enabled at (2128): [] netif_rx+0x79/0x90 [ 132.283113][ C0] softirqs last disabled at (2129): [] do_softirq+0x76/0xd0 [ 132.287019][ C0] [ 132.287019][ C0] other info that might help us debug this: [ 132.290447][ C0] Possible unsafe locking scenario: [ 132.290447][ C0] [ 132.293768][ C0] CPU0 [ 132.295292][ C0] ---- [ 132.296838][ C0] lock(slock-AF_PHONET/1); [ 132.298890][ C0] [ 132.300415][ C0] lock(slock-AF_PHONET/1); [ 132.302449][ C0] [ 132.302449][ C0] *** DEADLOCK *** [ 132.302449][ C0] [ 132.305521][ C0] 5 locks held by syz.0.0/5342: [ 132.307281][ C0] #0: ffff888011ed3240 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 132.311300][ C0] #1: ffff888044b04360 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: pep_sock_close+0x86/0x5b0 [ 132.315509][ C0] #2: ffffffff8e95cca0 (rcu_read_lock){....}-{1:3}, at: process_backlog+0x3eb/0x1950 [ 132.319449][ C0] #3: ffff888044b04968 (slock-AF_PHONET){+.-.}-{3:3}, at: __sk_receive_skb+0x1f1/0x9e0 [ 132.323524][ C0] #4: ffff888044b049e0 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: phonet_rcv+0x781/0xc40 [ 132.327473][ C0] [ 132.327473][ C0] stack backtrace: [ 132.329994][ C0] CPU: 0 UID: 0 PID: 5342 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 132.330023][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 132.330029][ C0] Call Trace: [ 132.330037][ C0] [ 132.330043][ C0] dump_stack_lvl+0xe8/0x150 [ 132.330058][ C0] print_usage_bug+0x28b/0x2e0 [ 132.330071][ C0] mark_lock_irq+0x410/0x420 [ 132.330085][ C0] mark_lock+0x115/0x190 [ 132.330096][ C0] __lock_acquire+0x689/0x2cf0 [ 132.330109][ C0] ? sk_filter_trim_cap+0x1a7/0xe70 [ 132.330125][ C0] ? sk_filter_trim_cap+0x91e/0xe70 [ 132.330140][ C0] ? __sk_receive_skb+0x1bf/0x9e0 [ 132.330151][ C0] lock_acquire+0x106/0x350 [ 132.330162][ C0] ? __sk_receive_skb+0x1bf/0x9e0 [ 132.330174][ C0] _raw_spin_lock_nested+0x32/0x50 [ 132.330189][ C0] ? __sk_receive_skb+0x1bf/0x9e0 [ 132.330199][ C0] __sk_receive_skb+0x1bf/0x9e0 [ 132.330211][ C0] pep_do_rcv+0x685/0xaa0 [ 132.330225][ C0] ? __pfx_pep_do_rcv+0x10/0x10 [ 132.330240][ C0] ? __pfx_pep_do_rcv+0x10/0x10 [ 132.330252][ C0] ? phonet_rcv+0x781/0xc40 [ 132.330263][ C0] __sk_receive_skb+0x962/0x9e0 [ 132.330275][ C0] phonet_rcv+0x781/0xc40 [ 132.330289][ C0] ? __pfx_phonet_rcv+0x10/0x10 [ 132.330302][ C0] ? process_backlog+0x3eb/0x1950 [ 132.330318][ C0] ? process_backlog+0x3eb/0x1950 [ 132.330328][ C0] ? __pfx_phonet_rcv+0x10/0x10 [ 132.330339][ C0] ? process_backlog+0x3eb/0x1950 [ 132.330349][ C0] process_backlog+0xc66/0x1950 [ 132.330363][ C0] __napi_poll+0xae/0x340 [ 132.330372][ C0] ? skb_defer_free_flush+0x233/0x260 [ 132.330383][ C0] net_rx_action+0x627/0xf70 [ 132.330394][ C0] ? lock_acquire+0x106/0x350 [ 132.330407][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 132.330422][ C0] handle_softirqs+0x22a/0x840 [ 132.330434][ C0] ? do_softirq+0x76/0xd0 [ 132.330444][ C0] ? netif_rx+0x79/0x90 [ 132.330457][ C0] do_softirq+0x76/0xd0 [ 132.330467][ C0] [ 132.330470][ C0] [ 132.330473][ C0] __local_bh_enable_ip+0xf8/0x130 [ 132.330484][ C0] netif_rx+0x83/0x90 [ 132.330497][ C0] pn_send+0x62a/0x8e0 [ 132.330509][ C0] pn_skb_send+0x218/0x510 [ 132.330522][ C0] pep_sock_close+0x2c1/0x5b0 [ 132.330536][ C0] pn_socket_release+0x9b/0xc0 [ 132.330547][ C0] sock_close+0xc3/0x240 [ 132.330561][ C0] ? __pfx_sock_close+0x10/0x10 [ 132.330576][ C0] __fput+0x44f/0xa60 [ 132.330589][ C0] task_work_run+0x1d9/0x270 [ 132.330603][ C0] ? __pfx_task_work_run+0x10/0x10 [ 132.330619][ C0] exit_to_user_mode_loop+0xf3/0x4d0 [ 132.330629][ C0] ? rcu_is_watching+0x15/0xb0 [ 132.330642][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.330653][ C0] do_syscall_64+0x33e/0xf80 [ 132.330668][ C0] ? clear_bhb_loop+0x40/0x90 [ 132.330679][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.330690][ C0] RIP: 0033:0x7f59ced9ce59 [ 132.330701][ C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 132.330709][ C0] RSP: 002b:00007fffabf6c238 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 132.330720][ C0] RAX: 0000000000000000 RBX: 00007fffabf6c320 RCX: 00007f59ced9ce59 [ 132.330727][ C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 132.330734][ C0] RBP: 000000000002033e R08: 0000000000000001 R09: 0000000000000000 [ 132.330740][ C0] R10: 00007f59cebff030 R11: 0000000000000246 R12: 00007fffabf6c360 [ 132.330747][ C0] R13: 00007f59cf015fac R14: 0000000000020405 R15: 00007f59cf015fa0 [ 132.330756][ C0]