================================
WARNING: inconsistent lock state
6.11.0-syzkaller-07462-g1868f9d0260e #0 Not tainted
--------------------------------
inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.
syz.3.3533/22727 [HC0[0]:SC0[0]:HE1:SE1] takes:
ffff888063fa31e0 (&pch->downl){+.?.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff888063fa31e0 (&pch->downl){+.?.}-{2:2}, at: ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2272 [inline]
ffff888063fa31e0 (&pch->downl){+.?.}-{2:2}, at: ppp_input+0x18b/0xa10 drivers/net/ppp/ppp_generic.c:2304
{IN-SOFTIRQ-W} state was registered at:
  lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5822
  __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
  _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
  spin_lock include/linux/spinlock.h:351 [inline]
  __ppp_channel_push+0x31/0x1e0 drivers/net/ppp/ppp_generic.c:2161
  ppp_channel_push+0x196/0x220 drivers/net/ppp/ppp_generic.c:2192
  tasklet_action_common+0x321/0x4d0 kernel/softirq.c:784
  handle_softirqs+0x2c5/0x980 kernel/softirq.c:554
  __do_softirq kernel/softirq.c:588 [inline]
  invoke_softirq kernel/softirq.c:428 [inline]
  __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637
  irq_exit_rcu+0x9/0x30 kernel/softirq.c:649
  common_interrupt+0xb9/0xd0 arch/x86/kernel/irq.c:278
  asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693
  tomoyo_check_acl+0xbe/0x3f0 security/tomoyo/domain.c:173
  tomoyo_path_permission+0x1af/0x360 security/tomoyo/file.c:586
  tomoyo_check_open_permission+0x2fb/0x500 security/tomoyo/file.c:777
  security_file_open+0x777/0x990 security/security.c:3107
  do_dentry_open+0x369/0x1460 fs/open.c:945
  vfs_open+0x3e/0x330 fs/open.c:1088
  do_open fs/namei.c:3774 [inline]
  path_openat+0x2c84/0x3590 fs/namei.c:3933
  do_filp_open+0x235/0x490 fs/namei.c:3960
  do_sys_openat2+0x13e/0x1d0 fs/open.c:1415
  do_sys_open fs/open.c:1430 [inline]
  __do_sys_openat fs/open.c:1446 [inline]
  __se_sys_openat fs/open.c:1441 [inline]
  __x64_sys_openat+0x247/0x2a0 fs/open.c:1441
  do_syscall_x64 arch/x86/entry/common.c:52 [inline]
  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
  entry_SYSCALL_64_after_hwframe+0x77/0x7f
irq event stamp: 2959
hardirqs last  enabled at (2959): [<ffffffff81576948>] __local_bh_enable_ip+0x168/0x200 kernel/softirq.c:387
hardirqs last disabled at (2957): [<ffffffff815768e6>] __local_bh_enable_ip+0x106/0x200 kernel/softirq.c:364
softirqs last  enabled at (2958): [<ffffffff89836eba>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last  enabled at (2958): [<ffffffff89836eba>] __release_sock+0x9a/0x350 net/core/sock.c:3065
softirqs last disabled at (2956): [<ffffffff89823050>] spin_lock_bh include/linux/spinlock.h:356 [inline]
softirqs last disabled at (2956): [<ffffffff89823050>] release_sock+0x30/0x1f0 net/core/sock.c:3624

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&pch->downl);
  <Interrupt>
    lock(&pch->downl);

 *** DEADLOCK ***

2 locks held by syz.3.3533/22727:
 #0: ffff88802831c258 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1609 [inline]
 #0: ffff88802831c258 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: pppoe_sendmsg+0x51/0x750 drivers/net/ppp/pppoe.c:849
 #1: ffffffff8e9389e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #1: ffffffff8e9389e0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #1: ffffffff8e9389e0 (rcu_read_lock){....}-{1:2}, at: ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2267 [inline]
 #1: ffffffff8e9389e0 (rcu_read_lock){....}-{1:2}, at: ppp_input+0x55/0xa10 drivers/net/ppp/ppp_generic.c:2304

stack backtrace:
CPU: 0 UID: 0 PID: 22727 Comm: syz.3.3533 Not tainted 6.11.0-syzkaller-07462-g1868f9d0260e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119
 print_usage_bug+0x62e/0x8b0 kernel/locking/lockdep.c:4035
 valid_state+0x13a/0x1c0 kernel/locking/lockdep.c:4049
 mark_lock_irq+0xbb/0xc20 kernel/locking/lockdep.c:4260
 mark_lock+0x223/0x360 kernel/locking/lockdep.c:4722
 __lock_acquire+0x11b0/0x2050 kernel/locking/lockdep.c:5153
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5822
 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
 _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
 spin_lock include/linux/spinlock.h:351 [inline]
 ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2272 [inline]
 ppp_input+0x18b/0xa10 drivers/net/ppp/ppp_generic.c:2304
 pppoe_rcv_core+0x117/0x310 drivers/net/ppp/pppoe.c:379
 sk_backlog_rcv include/net/sock.h:1113 [inline]
 __release_sock+0x243/0x350 net/core/sock.c:3072
 release_sock+0x61/0x1f0 net/core/sock.c:3626
 pppoe_sendmsg+0xd5/0x750 drivers/net/ppp/pppoe.c:903
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg+0x221/0x270 net/socket.c:745
 ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2603
 ___sys_sendmsg net/socket.c:2657 [inline]
 __sys_sendmmsg+0x3ac/0x730 net/socket.c:2743
 __do_sys_sendmmsg net/socket.c:2772 [inline]
 __se_sys_sendmmsg net/socket.c:2769 [inline]
 __x64_sys_sendmmsg+0xa0/0xb0 net/socket.c:2769
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa9e417def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa9e3bff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00007fa9e4335f80 RCX: 00007fa9e417def9
RDX: 0000000000000001 RSI: 0000000020009140 RDI: 0000000000000003
RBP: 00007fa9e41f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fa9e4335f80 R15: 00007fa9e445fa28
 </TASK>