================================
WARNING: inconsistent lock state
syzkaller #0 Not tainted
--------------------------------
inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.
syz.3.89/4667 [HC0[0]:SC0[0]:HE1:SE1] takes:
ffff0000de7686f0 (slock-AF_PHONET/1){+.?.}-{2:2}, at: __sk_receive_skb+0x154/0x850 net/core/sock.c:560
{IN-SOFTIRQ-W} state was registered at:
  lock_acquire+0x20c/0x63c kernel/locking/lockdep.c:5662
  _raw_spin_lock_nested+0x5c/0x78 kernel/locking/spinlock.c:378
  __sk_receive_skb+0x154/0x850 net/core/sock.c:560
  sk_receive_skb include/net/sock.h:2097 [inline]
  pep_do_rcv+0x4b4/0x758 net/phonet/pep.c:675
  sk_backlog_rcv include/net/sock.h:1138 [inline]
  __sk_receive_skb+0x3d0/0x850 net/core/sock.c:569
  sk_receive_skb include/net/sock.h:2097 [inline]
  phonet_rcv+0x600/0xa4c net/phonet/af_phonet.c:-1
  __netif_receive_skb_one_core net/core/dev.c:5619 [inline]
  __netif_receive_skb+0xcc/0x2a8 net/core/dev.c:5733
  process_backlog+0x408/0x710 net/core/dev.c:6061
  __napi_poll+0xb4/0x3f0 net/core/dev.c:6628
  napi_poll net/core/dev.c:6695 [inline]
  net_rx_action+0x514/0xb18 net/core/dev.c:6809
  handle_softirqs+0x318/0xc60 kernel/softirq.c:596
  __do_softirq+0x14/0x20 kernel/softirq.c:630
  ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:80
  call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:897
  do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:85
  do_softirq+0xf8/0x1a8 kernel/softirq.c:497
  __local_bh_enable_ip+0x250/0x37c kernel/softirq.c:421
  local_bh_enable+0x28/0x34 include/linux/bottom_half.h:33
  netif_rx+0xa4/0xc4 net/core/dev.c:5140
  pn_send+0x454/0x6d8 net/phonet/af_phonet.c:185
  pn_skb_send+0x1dc/0x50c net/phonet/af_phonet.c:272
  pep_indicate net/phonet/pep.c:123 [inline]
  pipe_handler_send_created_ind net/phonet/pep.c:155 [inline]
  pep_connresp_rcv net/phonet/pep.c:521 [inline]
  pipe_handler_do_rcv+0xef8/0x16a4 net/phonet/pep.c:587
  pep_do_rcv+0x40c/0x758 net/phonet/pep.c:708
  sk_backlog_rcv include/net/sock.h:1138 [inline]
  __release_sock+0x1b4/0x3b4 net/core/sock.c:2945
  release_sock+0x60/0x1bc net/core/sock.c:3511
  pn_socket_connect+0x57c/0x904 net/phonet/socket.c:276
  __sys_connect_file net/socket.c:2010 [inline]
  __sys_connect+0x28c/0x2b4 net/socket.c:2027
  __do_sys_connect net/socket.c:2037 [inline]
  __se_sys_connect net/socket.c:2034 [inline]
  __arm64_sys_connect+0x7c/0x94 net/socket.c:2034
  __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
  invoke_syscall+0x98/0x2b4 arch/arm64/kernel/syscall.c:52
  el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
  do_el0_svc+0x58/0x130 arch/arm64/kernel/syscall.c:204
  el0_svc+0x58/0x128 arch/arm64/kernel/entry-common.c:637
  el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
  el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 313
hardirqs last  enabled at (313): [<ffff8000081ab5f8>] __local_bh_enable_ip+0x1f8/0x37c kernel/softirq.c:426
hardirqs last disabled at (311): [<ffff8000081ab578>] __local_bh_enable_ip+0x178/0x37c kernel/softirq.c:403
softirqs last  enabled at (312): [<ffff80000fd6526c>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last  enabled at (312): [<ffff80000fd6526c>] __release_sock+0x90/0x3b4 net/core/sock.c:2938
softirqs last disabled at (310): [<ffff80000fd55d00>] spin_lock_bh include/linux/spinlock.h:356 [inline]
softirqs last disabled at (310): [<ffff80000fd55d00>] release_sock+0x34/0x1bc net/core/sock.c:3509

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(slock-AF_PHONET/1);
  <Interrupt>
    lock(slock-AF_PHONET/1);

 *** DEADLOCK ***

1 lock held by syz.3.89/4667:
 #0: ffff0000d9b7d8b0 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1805 [inline]
 #0: ffff0000d9b7d8b0 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: pep_sock_accept+0xbc/0x1360 net/phonet/pep.c:780

stack backtrace:
CPU: 0 PID: 4667 Comm: syz.3.89 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
Call trace:
 dump_backtrace+0x1c0/0x1ec arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack+0x30/0x40 lib/dump_stack.c:88
 dump_stack_lvl+0xf4/0x15c lib/dump_stack.c:106
 dump_stack+0x1c/0x5c lib/dump_stack.c:113
 print_usage_bug+0x4c0/0x6d8 kernel/locking/lockdep.c:3957
 valid_state kernel/locking/lockdep.c:3969 [inline]
 mark_lock_irq+0x850/0xab0 kernel/locking/lockdep.c:-1
 mark_lock+0x224/0x320 kernel/locking/lockdep.c:4628
 mark_usage kernel/locking/lockdep.c:-1 [inline]
 __lock_acquire+0xb14/0x6800 kernel/locking/lockdep.c:5003
 lock_acquire+0x20c/0x63c kernel/locking/lockdep.c:5662
 _raw_spin_lock_nested+0x5c/0x78 kernel/locking/spinlock.c:378
 __sk_receive_skb+0x154/0x850 net/core/sock.c:560
 sk_receive_skb include/net/sock.h:2097 [inline]
 pep_do_rcv+0x4b4/0x758 net/phonet/pep.c:675
 sk_backlog_rcv include/net/sock.h:1138 [inline]
 __release_sock+0x1b4/0x3b4 net/core/sock.c:2945
 release_sock+0x60/0x1bc net/core/sock.c:3511
 pep_sock_accept+0xc7c/0x1360 net/phonet/pep.c:879
 pn_socket_accept+0x120/0x2dc net/phonet/socket.c:304
 do_accept+0x448/0x5fc net/socket.c:1890
 __sys_accept4_file net/socket.c:1931 [inline]
 __sys_accept4+0xb4/0x12c net/socket.c:1961
 __do_sys_accept net/socket.c:1978 [inline]
 __se_sys_accept net/socket.c:1975 [inline]
 __arm64_sys_accept+0x80/0x98 net/socket.c:1975
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b4 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x130 arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x128 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585