program:
r0 = socket$kcm(0x23, 0x5, 0x0)
listen(r0, 0x800)
accept(r0, 0x0, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000200)="5c00000014006b05c84e21000ab16d6e230675f811000000440002005817d30461bc24eeb556a7ef595105ea1698fa51f60a64c9f408000000e786a6d0bdbdc3d44bd70011b6c0504bb9189d9193e9bd00"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x240040c4)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
connect$phonet_pipe(r2, &(0x7f0000000040)={0x23, 0x0, 0x58}, 0x10) (fail_nth: 8)

[  101.992637][ T5332] netlink: 'syz.0.0': attribute type 2 has an invalid length.
[  102.006292][ T5291] Bluetooth: hci0: command tx timeout
[  102.033532][    C0] 
[  102.034672][    C0] ================================
[  102.036966][    C0] WARNING: inconsistent lock state
[  102.039212][    C0] syzkaller #0 Not tainted
[  102.041071][    C0] --------------------------------
[  102.043289][    C0] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
[  102.045890][    C0] syz.0.0/5330 [HC0[0]:SC1[1]:HE1:SE0] takes:
[  102.048183][    C0] ffff8880414fbc68 (slock-AF_PHONET/1){+.?.}-{3:3}, at: __sk_receive_skb+0x1bf/0x9e0
[  102.052215][    C0] {SOFTIRQ-ON-W} state was registered at:
[  102.054718][    C0]   lock_acquire+0x106/0x350
[  102.056740][    C0]   _raw_spin_lock_nested+0x32/0x50
[  102.059058][    C0]   __sk_receive_skb+0x1bf/0x9e0
[  102.061277][    C0]   pep_do_rcv+0x685/0xaa0
[  102.063288][    C0]   __release_sock+0x297/0x3a0
[  102.065208][    C0]   release_sock+0x190/0x260
[  102.066894][    C0]   pep_sock_accept+0xdf5/0x12b0
[  102.068845][    C0]   pn_socket_accept+0xc9/0x2e0
[  102.071003][    C0]   do_accept+0x521/0x760
[  102.072874][    C0]   __sys_accept4+0x139/0x230
[  102.074671][    C0]   __x64_sys_accept+0x7d/0x90
[  102.076685][    C0]   do_syscall_64+0x15f/0xf80
[  102.078623][    C0]   entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.081254][    C0] irq event stamp: 2140
[  102.083061][    C0] hardirqs last  enabled at (2140): [<ffffffff8badd083>] _raw_spin_unlock_irq+0x23/0x50
[  102.087296][    C0] hardirqs last disabled at (2139): [<ffffffff8badcec7>] _raw_spin_lock_irq+0x17/0x50
[  102.091391][    C0] softirqs last  enabled at (2134): [<ffffffff897f13a9>] netif_rx+0x79/0x90
[  102.095067][    C0] softirqs last disabled at (2135): [<ffffffff8187df26>] do_softirq+0x76/0xd0
[  102.098848][    C0] 
[  102.098848][    C0] other info that might help us debug this:
[  102.102343][    C0]  Possible unsafe locking scenario:
[  102.102343][    C0] 
[  102.105254][    C0]        CPU0
[  102.106678][    C0]        ----
[  102.108129][    C0]   lock(slock-AF_PHONET/1);
[  102.110220][    C0]   <Interrupt>
[  102.111897][    C0]     lock(slock-AF_PHONET/1);
[  102.113652][    C0] 
[  102.113652][    C0]  *** DEADLOCK ***
[  102.113652][    C0] 
[  102.116737][    C0] 5 locks held by syz.0.0/5330:
[  102.118493][    C0]  #0: ffff888046e0e040 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[  102.122238][    C0]  #1: ffff8880414fc360 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: pep_sock_close+0x86/0x5b0
[  102.126130][    C0]  #2: ffffffff8e95cca0 (rcu_read_lock){....}-{1:3}, at: process_backlog+0x3eb/0x1950
[  102.130036][    C0]  #3: ffff8880414fc968 (slock-AF_PHONET){+.-.}-{3:3}, at: __sk_receive_skb+0x1f1/0x9e0
[  102.134182][    C0]  #4: ffff8880414fc9e0 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: phonet_rcv+0x781/0xc40
[  102.138118][    C0] 
[  102.138118][    C0] stack backtrace:
[  102.140508][    C0] CPU: 0 UID: 0 PID: 5330 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  102.140518][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  102.140522][    C0] Call Trace:
[  102.140528][    C0]  <IRQ>
[  102.140533][    C0]  dump_stack_lvl+0xe8/0x150
[  102.140548][    C0]  print_usage_bug+0x28b/0x2e0
[  102.140561][    C0]  mark_lock_irq+0x410/0x420
[  102.140569][    C0]  ? kernel_text_address+0xa5/0xe0
[  102.140580][    C0]  mark_lock+0x115/0x190
[  102.140587][    C0]  __lock_acquire+0x689/0x2cf0
[  102.140595][    C0]  ? sk_filter_trim_cap+0x1a7/0xe70
[  102.140606][    C0]  ? sk_filter_trim_cap+0x91e/0xe70
[  102.140619][    C0]  ? __sk_receive_skb+0x1bf/0x9e0
[  102.140626][    C0]  lock_acquire+0x106/0x350
[  102.140632][    C0]  ? __sk_receive_skb+0x1bf/0x9e0
[  102.140640][    C0]  _raw_spin_lock_nested+0x32/0x50
[  102.140649][    C0]  ? __sk_receive_skb+0x1bf/0x9e0
[  102.140656][    C0]  __sk_receive_skb+0x1bf/0x9e0
[  102.140663][    C0]  pep_do_rcv+0x685/0xaa0
[  102.140672][    C0]  ? __pfx_pep_do_rcv+0x10/0x10
[  102.140681][    C0]  ? __pfx_pep_do_rcv+0x10/0x10
[  102.140689][    C0]  ? phonet_rcv+0x781/0xc40
[  102.140696][    C0]  __sk_receive_skb+0x962/0x9e0
[  102.140703][    C0]  phonet_rcv+0x781/0xc40
[  102.140711][    C0]  ? blk_queue_exit+0x26/0x240
[  102.140757][    C0]  ? __pfx_phonet_rcv+0x10/0x10
[  102.140765][    C0]  ? process_backlog+0x3eb/0x1950
[  102.140772][    C0]  ? process_backlog+0x3eb/0x1950
[  102.140783][    C0]  ? __pfx_phonet_rcv+0x10/0x10
[  102.140790][    C0]  ? process_backlog+0x3eb/0x1950
[  102.140796][    C0]  process_backlog+0xc66/0x1950
[  102.140806][    C0]  __napi_poll+0xae/0x340
[  102.140811][    C0]  ? skb_defer_free_flush+0x233/0x260
[  102.140818][    C0]  net_rx_action+0x627/0xf70
[  102.140824][    C0]  ? lock_acquire+0x106/0x350
[  102.140832][    C0]  ? __pfx_net_rx_action+0x10/0x10
[  102.140842][    C0]  handle_softirqs+0x22a/0x840
[  102.140850][    C0]  ? do_softirq+0x76/0xd0
[  102.140856][    C0]  ? netif_rx+0x79/0x90
[  102.140866][    C0]  do_softirq+0x76/0xd0
[  102.140872][    C0]  </IRQ>
[  102.140874][    C0]  <TASK>
[  102.140881][    C0]  __local_bh_enable_ip+0xf8/0x130
[  102.140888][    C0]  netif_rx+0x83/0x90
[  102.140899][    C0]  pn_send+0x62a/0x8e0
[  102.140908][    C0]  pn_skb_send+0x218/0x510
[  102.140916][    C0]  pep_sock_close+0x2c1/0x5b0
[  102.140924][    C0]  pn_socket_release+0x9b/0xc0
[  102.140932][    C0]  sock_close+0xc3/0x240
[  102.140941][    C0]  ? __pfx_sock_close+0x10/0x10
[  102.140954][    C0]  __fput+0x44f/0xa60
[  102.140965][    C0]  task_work_run+0x1d9/0x270
[  102.140978][    C0]  ? __pfx_task_work_run+0x10/0x10
[  102.140996][    C0]  exit_to_user_mode_loop+0xf3/0x4d0
[  102.141003][    C0]  ? rcu_is_watching+0x15/0xb0
[  102.141014][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.141021][    C0]  do_syscall_64+0x33e/0xf80
[  102.141031][    C0]  ? trace_irq_disable+0x3b/0x140
[  102.141040][    C0]  ? clear_bhb_loop+0x40/0x90
[  102.141047][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.141054][    C0] RIP: 0033:0x7f547e39ce59
[  102.141062][    C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  102.141068][    C0] RSP: 002b:00007ffdc68248f8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  102.141076][    C0] RAX: 0000000000000000 RBX: 00007ffdc68249e0 RCX: 00007f547e39ce59
[  102.141080][    C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  102.141084][    C0] RBP: 0000000000018d8e R08: 0000000000000001 R09: 0000000000000000
[  102.141088][    C0] R10: 00007f547e1ff02c R11: 0000000000000246 R12: 00007ffdc6824a20
[  102.141092][    C0] R13: 00007f547e61609c R14: 0000000000018e08 R15: 00007f547e616090
[  102.141098][    C0]  </TASK>