program:
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e01, 0x5, @loopback, 0xa}}, 0x0, 0x0, 0x3d, 0x0, "bb02a3c364ca41d6357e544524474004000b42a21d7214bf92494925208a0e2f964e0000c534a6324d6193fcf19b2df3ee818afaa4ff1f56c54dc46d8b6d2ccd008aa0cc1dc2767bbe00"}, 0xd8) (async)
r0 = socket$kcm(0x23, 0x5, 0x0) (async)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'wg0\x00', 0xc201}) (async)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000240)=0x9, 0x4) (async)
listen(r0, 0x800) (async)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000200)="5c00000014006b05c84e21000ab16d6e230675f811000000440002005817d30461bc24eeb556a7ef595105ea1698fa51f60a64c9f408000000e786a6d0bdbdc3d44bd70011b6c0504bb9189d9193e9bd00"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x240040c4) (async, rerun: 64)
r3 = socket$phonet_pipe(0x23, 0x5, 0x2) (rerun: 64)
connect$phonet_pipe(r3, &(0x7f0000000040)={0x23, 0x0, 0x58}, 0x10)
r4 = accept4(r0, 0x0, 0x0, 0x80000)
r5 = socket$kcm(0x2, 0xa, 0x2) (async, rerun: 32)
setsockopt$inet_opts(r4, 0x0, 0x4, &(0x7f0000000280)="b8229d54f0da89030713d05fe6112d74c9beb04fc80ec9e973327cf4924f884600741bd4cb8e06ed54bdb5b8a25063b63c4def2b247005310e100287b602db569f7cde1c11801e62b32f6d87715e2cdc65a552a7efee045878a556d0afeb6022b38ad6b5197db7b71de0", 0x21) (rerun: 32)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="1c0000f500000000000000862dfdff000000"], 0x78)

[  155.672660][ T5313] Bluetooth: hci0: command tx timeout
[  155.736422][ T5350] netlink: 'syz.0.0': attribute type 2 has an invalid length.
[  155.750436][ T5350] netlink: 'syz.0.0': attribute type 2 has an invalid length.
[  155.767368][ T5350] netlink: 'syz.0.0': attribute type 2 has an invalid length.
[  155.774420][ T5350] netlink: 'syz.0.0': attribute type 2 has an invalid length.
[  155.778003][ T5350] netlink: 'syz.0.0': attribute type 2 has an invalid length.
[  155.782537][ T5350] netlink: 'syz.0.0': attribute type 2 has an invalid length.
[  155.786071][ T5350] netlink: 'syz.0.0': attribute type 2 has an invalid length.
[  155.790583][ T5350] netlink: 'syz.0.0': attribute type 2 has an invalid length.
[  155.794225][ T5350] netlink: 'syz.0.0': attribute type 2 has an invalid length.
[  155.797486][ T5350] netlink: 'syz.0.0': attribute type 2 has an invalid length.
[  155.826831][ T5350] syz.0.0 uses obsolete (PF_INET,SOCK_PACKET)
[  155.841022][    C0] 
[  155.842084][    C0] ================================
[  155.844221][    C0] WARNING: inconsistent lock state
[  155.846441][    C0] syzkaller #0 Not tainted
[  155.848458][    C0] --------------------------------
[  155.850696][    C0] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
[  155.853563][    C0] syz.0.0/5349 [HC0[0]:SC1[1]:HE1:SE0] takes:
[  155.856311][    C0] ffff888035f2a268 (slock-AF_PHONET/1){+.?.}-{3:3}, at: __sk_receive_skb+0x1bf/0x9e0
[  155.860206][    C0] {SOFTIRQ-ON-W} state was registered at:
[  155.862408][    C0]   lock_acquire+0x106/0x350
[  155.864484][    C0]   _raw_spin_lock_nested+0x32/0x50
[  155.866583][    C0]   __sk_receive_skb+0x1bf/0x9e0
[  155.868694][    C0]   pep_do_rcv+0x685/0xaa0
[  155.870643][    C0]   __release_sock+0x297/0x3a0
[  155.872859][    C0]   release_sock+0x190/0x260
[  155.874835][    C0]   pep_sock_accept+0xdf5/0x12b0
[  155.877106][    C0]   pn_socket_accept+0xc9/0x2e0
[  155.879179][    C0]   do_accept+0x521/0x760
[  155.881001][    C0]   __sys_accept4+0x139/0x230
[  155.882971][    C0]   __x64_sys_accept4+0x9a/0xb0
[  155.885043][    C0]   do_syscall_64+0x15f/0xf80
[  155.887077][    C0]   entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.889586][    C0] irq event stamp: 3966
[  155.891336][    C0] hardirqs last  enabled at (3966): [<ffffffff8badb083>] _raw_spin_unlock_irq+0x23/0x50
[  155.895281][    C0] hardirqs last disabled at (3965): [<ffffffff8badaec7>] _raw_spin_lock_irq+0x17/0x50
[  155.899221][    C0] softirqs last  enabled at (3960): [<ffffffff897ef449>] netif_rx+0x79/0x90
[  155.902636][    C0] softirqs last disabled at (3961): [<ffffffff8187df26>] do_softirq+0x76/0xd0
[  155.906103][    C0] 
[  155.906103][    C0] other info that might help us debug this:
[  155.909525][    C0]  Possible unsafe locking scenario:
[  155.909525][    C0] 
[  155.912754][    C0]        CPU0
[  155.914218][    C0]        ----
[  155.915693][    C0]   lock(slock-AF_PHONET/1);
[  155.917798][    C0]   <Interrupt>
[  155.919276][    C0]     lock(slock-AF_PHONET/1);
[  155.921321][    C0] 
[  155.921321][    C0]  *** DEADLOCK ***
[  155.921321][    C0] 
[  155.924799][    C0] 5 locks held by syz.0.0/5349:
[  155.927031][    C0]  #0: ffff888011f21440 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[  155.931366][    C0]  #1: ffff88804193c360 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: pep_sock_close+0x86/0x5b0
[  155.935312][    C0]  #2: ffffffff8e95cde0 (rcu_read_lock){....}-{1:3}, at: process_backlog+0x3eb/0x1950
[  155.939336][    C0]  #3: ffff88804193c968 (slock-AF_PHONET){+.-.}-{3:3}, at: __sk_receive_skb+0x1f1/0x9e0
[  155.943049][    C0]  #4: ffff88804193c9e0 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: phonet_rcv+0x781/0xc40
[  155.946938][    C0] 
[  155.946938][    C0] stack backtrace:
[  155.949312][    C0] CPU: 0 UID: 0 PID: 5349 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  155.949325][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  155.949331][    C0] Call Trace:
[  155.949338][    C0]  <IRQ>
[  155.949344][    C0]  dump_stack_lvl+0xe8/0x150
[  155.949359][    C0]  print_usage_bug+0x28b/0x2e0
[  155.949372][    C0]  mark_lock_irq+0x410/0x420
[  155.949386][    C0]  mark_lock+0x115/0x190
[  155.949396][    C0]  __lock_acquire+0x689/0x2cf0
[  155.949404][    C0]  ? sk_filter_trim_cap+0x1a7/0xe70
[  155.949419][    C0]  ? sk_filter_trim_cap+0x91e/0xe70
[  155.949426][    C0]  ? is_bpf_text_address+0x26/0x2b0
[  155.949434][    C0]  ? __sk_receive_skb+0x1bf/0x9e0
[  155.949443][    C0]  lock_acquire+0x106/0x350
[  155.949453][    C0]  ? __sk_receive_skb+0x1bf/0x9e0
[  155.949464][    C0]  _raw_spin_lock_nested+0x32/0x50
[  155.949478][    C0]  ? __sk_receive_skb+0x1bf/0x9e0
[  155.949488][    C0]  __sk_receive_skb+0x1bf/0x9e0
[  155.949500][    C0]  pep_do_rcv+0x685/0xaa0
[  155.949519][    C0]  ? __pfx_pep_do_rcv+0x10/0x10
[  155.949532][    C0]  ? __pfx_pep_do_rcv+0x10/0x10
[  155.949540][    C0]  ? phonet_rcv+0x781/0xc40
[  155.949546][    C0]  __sk_receive_skb+0x962/0x9e0
[  155.949555][    C0]  phonet_rcv+0x781/0xc40
[  155.949563][    C0]  ? __pfx_phonet_rcv+0x10/0x10
[  155.949574][    C0]  ? process_backlog+0x3eb/0x1950
[  155.949583][    C0]  ? process_backlog+0x3eb/0x1950
[  155.949592][    C0]  ? __pfx_phonet_rcv+0x10/0x10
[  155.949601][    C0]  ? process_backlog+0x3eb/0x1950
[  155.949611][    C0]  process_backlog+0xc66/0x1950
[  155.949624][    C0]  __napi_poll+0xae/0x340
[  155.949633][    C0]  ? skb_defer_free_flush+0x233/0x260
[  155.949643][    C0]  net_rx_action+0x627/0xf70
[  155.949652][    C0]  ? lock_acquire+0x106/0x350
[  155.949663][    C0]  ? __pfx_net_rx_action+0x10/0x10
[  155.949678][    C0]  handle_softirqs+0x22a/0x840
[  155.949690][    C0]  ? do_softirq+0x76/0xd0
[  155.949700][    C0]  ? netif_rx+0x79/0x90
[  155.949712][    C0]  do_softirq+0x76/0xd0
[  155.949721][    C0]  </IRQ>
[  155.949724][    C0]  <TASK>
[  155.949728][    C0]  __local_bh_enable_ip+0xf8/0x130
[  155.949737][    C0]  netif_rx+0x83/0x90
[  155.949749][    C0]  pn_send+0x62a/0x8e0
[  155.949762][    C0]  pn_skb_send+0x218/0x510
[  155.949773][    C0]  pep_sock_close+0x2c1/0x5b0
[  155.949785][    C0]  pn_socket_release+0x9b/0xc0
[  155.949796][    C0]  sock_close+0xc3/0x240
[  155.949811][    C0]  ? __pfx_sock_close+0x10/0x10
[  155.949824][    C0]  __fput+0x44f/0xa60
[  155.949836][    C0]  task_work_run+0x1d9/0x270
[  155.949851][    C0]  ? __pfx_task_work_run+0x10/0x10
[  155.949864][    C0]  exit_to_user_mode_loop+0xf3/0x4d0
[  155.949874][    C0]  ? rcu_is_watching+0x15/0xb0
[  155.949887][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.949897][    C0]  do_syscall_64+0x33e/0xf80
[  155.949911][    C0]  ? trace_irq_disable+0x3b/0x140
[  155.949925][    C0]  ? clear_bhb_loop+0x40/0x90
[  155.949935][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.949942][    C0] RIP: 0033:0x7fecdc59ce59
[  155.949950][    C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  155.949956][    C0] RSP: 002b:00007ffd62373858 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  155.949964][    C0] RAX: 0000000000000000 RBX: 00007fecdc817da0 RCX: 00007fecdc59ce59
[  155.949968][    C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  155.949972][    C0] RBP: 00007fecdc817da0 R08: 00007fecdc816038 R09: 0000000000000000
[  155.949976][    C0] R10: 0000000000dffd3c R11: 0000000000000246 R12: 00000000000262f5
[  155.949980][    C0] R13: 00007fecdc81609c R14: 000000000002605c R15: 00007fecdc816090
[  155.949986][    C0]  </TASK>