program:
r0 = socket$kcm(0x23, 0x5, 0x0)
listen(r0, 0x800)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000200)="5c00000014006b05c84e21000ab16d6e230675f811000000440002005817d30461bc24eeb556a7ef595105ea1698fa51f60a64c9f408000000e786a6d0bdbdc3d44bd70011b6c0504bb9189d9193e9bd00"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x240040c4)
accept4(r0, 0x0, 0x0, 0x80000)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
connect$phonet_pipe(r2, &(0x7f0000000040)={0x23, 0x0, 0x58}, 0x10)

[   85.315724][ T5285] Bluetooth: hci0: command tx timeout
[   85.392902][ T5322] netlink: 'syz.0.0': attribute type 2 has an invalid length.
[   85.464635][    C0] 
[   85.465869][    C0] ================================
[   85.468081][    C0] WARNING: inconsistent lock state
[   85.470232][    C0] syzkaller #0 Not tainted
[   85.472109][    C0] --------------------------------
[   85.474265][    C0] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
[   85.477329][    C0] syz.0.0/5321 [HC0[0]:SC1[1]:HE1:SE0] takes:
[   85.479890][    C0] ffff888011e93c68 (slock-AF_PHONET/1){+.?.}-{3:3}, at: __sk_receive_skb+0x1bf/0x9e0
[   85.483863][    C0] {SOFTIRQ-ON-W} state was registered at:
[   85.486286][    C0]   lock_acquire+0x106/0x350
[   85.488328][    C0]   _raw_spin_lock_nested+0x32/0x50
[   85.490557][    C0]   __sk_receive_skb+0x1bf/0x9e0
[   85.492674][    C0]   pep_do_rcv+0x685/0xaa0
[   85.494559][    C0]   __release_sock+0x297/0x3a0
[   85.496672][    C0]   release_sock+0x190/0x260
[   85.498681][    C0]   pep_sock_accept+0xdf5/0x12b0
[   85.500897][    C0]   pn_socket_accept+0xc9/0x2e0
[   85.503079][    C0]   do_accept+0x521/0x760
[   85.505039][    C0]   __sys_accept4+0x139/0x230
[   85.507148][    C0]   __x64_sys_accept4+0x9a/0xb0
[   85.509163][    C0]   do_syscall_64+0x15f/0xf80
[   85.511149][    C0]   entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.513627][    C0] irq event stamp: 2028
[   85.515372][    C0] hardirqs last  enabled at (2028): [<ffffffff8badb083>] _raw_spin_unlock_irq+0x23/0x50
[   85.519516][    C0] hardirqs last disabled at (2027): [<ffffffff8badaec7>] _raw_spin_lock_irq+0x17/0x50
[   85.523588][    C0] softirqs last  enabled at (2022): [<ffffffff897ef569>] netif_rx+0x79/0x90
[   85.527385][    C0] softirqs last disabled at (2023): [<ffffffff8187df26>] do_softirq+0x76/0xd0
[   85.531106][    C0] 
[   85.531106][    C0] other info that might help us debug this:
[   85.534385][    C0]  Possible unsafe locking scenario:
[   85.534385][    C0] 
[   85.537708][    C0]        CPU0
[   85.539171][    C0]        ----
[   85.540710][    C0]   lock(slock-AF_PHONET/1);
[   85.542732][    C0]   <Interrupt>
[   85.544245][    C0]     lock(slock-AF_PHONET/1);
[   85.546365][    C0] 
[   85.546365][    C0]  *** DEADLOCK ***
[   85.546365][    C0] 
[   85.549743][    C0] 5 locks held by syz.0.0/5321:
[   85.551768][    C0]  #0: ffff88804787ac40 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[   85.556051][    C0]  #1: ffff888011e94360 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: pep_sock_close+0x86/0x5b0
[   85.560094][    C0]  #2: ffffffff8e95cca0 (rcu_read_lock){....}-{1:3}, at: process_backlog+0x3eb/0x1950
[   85.564158][    C0]  #3: ffff888011e94968 (slock-AF_PHONET){+.-.}-{3:3}, at: __sk_receive_skb+0x1f1/0x9e0
[   85.568187][    C0]  #4: ffff888011e949e0 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: phonet_rcv+0x781/0xc40
[   85.572112][    C0] 
[   85.572112][    C0] stack backtrace:
[   85.574640][    C0] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.574654][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.574660][    C0] Call Trace:
[   85.574667][    C0]  <IRQ>
[   85.574672][    C0]  dump_stack_lvl+0xe8/0x150
[   85.574687][    C0]  print_usage_bug+0x28b/0x2e0
[   85.574701][    C0]  mark_lock_irq+0x410/0x420
[   85.574712][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[   85.574730][    C0]  mark_lock+0x115/0x190
[   85.574742][    C0]  __lock_acquire+0x689/0x2cf0
[   85.574755][    C0]  ? sk_filter_trim_cap+0x1a7/0xe70
[   85.574772][    C0]  ? sk_filter_trim_cap+0x91e/0xe70
[   85.574786][    C0]  ? ret_from_fork_asm+0x1a/0x30
[   85.574800][    C0]  ? __sk_receive_skb+0x1bf/0x9e0
[   85.574811][    C0]  lock_acquire+0x106/0x350
[   85.574822][    C0]  ? __sk_receive_skb+0x1bf/0x9e0
[   85.574836][    C0]  _raw_spin_lock_nested+0x32/0x50
[   85.574853][    C0]  ? __sk_receive_skb+0x1bf/0x9e0
[   85.574864][    C0]  __sk_receive_skb+0x1bf/0x9e0
[   85.574877][    C0]  pep_do_rcv+0x685/0xaa0
[   85.574892][    C0]  ? __pfx_pep_do_rcv+0x10/0x10
[   85.574908][    C0]  ? __pfx_pep_do_rcv+0x10/0x10
[   85.574922][    C0]  ? phonet_rcv+0x781/0xc40
[   85.574933][    C0]  __sk_receive_skb+0x962/0x9e0
[   85.574945][    C0]  phonet_rcv+0x781/0xc40
[   85.574957][    C0]  ? sock_wfree+0x28e/0x750
[   85.574973][    C0]  ? __pfx_phonet_rcv+0x10/0x10
[   85.574988][    C0]  ? process_backlog+0x3eb/0x1950
[   85.575000][    C0]  ? process_backlog+0x3eb/0x1950
[   85.575011][    C0]  ? __pfx_phonet_rcv+0x10/0x10
[   85.575024][    C0]  ? process_backlog+0x3eb/0x1950
[   85.575035][    C0]  process_backlog+0xc66/0x1950
[   85.575051][    C0]  __napi_poll+0xae/0x340
[   85.575060][    C0]  ? skb_defer_free_flush+0x233/0x260
[   85.575072][    C0]  net_rx_action+0x627/0xf70
[   85.575083][    C0]  ? lock_acquire+0x106/0x350
[   85.575097][    C0]  ? __pfx_net_rx_action+0x10/0x10
[   85.575116][    C0]  handle_softirqs+0x22a/0x840
[   85.575130][    C0]  ? do_softirq+0x76/0xd0
[   85.575148][    C0]  ? netif_rx+0x79/0x90
[   85.575162][    C0]  do_softirq+0x76/0xd0
[   85.575173][    C0]  </IRQ>
[   85.575177][    C0]  <TASK>
[   85.575181][    C0]  __local_bh_enable_ip+0xf8/0x130
[   85.575193][    C0]  netif_rx+0x83/0x90
[   85.575207][    C0]  pn_send+0x62a/0x8e0
[   85.575222][    C0]  pn_skb_send+0x218/0x510
[   85.575236][    C0]  pep_sock_close+0x2c1/0x5b0
[   85.575251][    C0]  pn_socket_release+0x9b/0xc0
[   85.575263][    C0]  sock_close+0xc3/0x240
[   85.575278][    C0]  ? __pfx_sock_close+0x10/0x10
[   85.575293][    C0]  __fput+0x44f/0xa60
[   85.575307][    C0]  task_work_run+0x1d9/0x270
[   85.575324][    C0]  ? __pfx_task_work_run+0x10/0x10
[   85.575341][    C0]  exit_to_user_mode_loop+0xf3/0x4d0
[   85.575353][    C0]  ? rcu_is_watching+0x15/0xb0
[   85.575368][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.575380][    C0]  do_syscall_64+0x33e/0xf80
[   85.575395][    C0]  ? trace_irq_disable+0x3b/0x140
[   85.575412][    C0]  ? clear_bhb_loop+0x40/0x90
[   85.575423][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.575434][    C0] RIP: 0033:0x7feb85b9ce59
[   85.575446][    C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.575457][    C0] RSP: 002b:00007ffd071e0088 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   85.575470][    C0] RAX: 0000000000000000 RBX: 00007feb85e17da0 RCX: 00007feb85b9ce59
[   85.575478][    C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[   85.575484][    C0] RBP: 00007feb85e17da0 R08: 00007feb85e16038 R09: 0000000000000000
[   85.575491][    C0] R10: 0000000000dfa8d0 R11: 0000000000000246 R12: 000000000001503d
[   85.575498][    C0] R13: 00007feb85e1609c R14: 0000000000014d7f R15: 00007feb85e16090
[   85.575510][    C0]  </TASK>