================================
WARNING: inconsistent lock state
4.20.0+ #3 Not tainted
--------------------------------
inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.
syz-executor1/7040 [HC0[0]:SC0[0]:HE1:SE1] takes:
000000009f768d0c (slock-AF_NETROM){+.?.}, at: spin_lock include/linux/spinlock.h:329 [inline]
000000009f768d0c (slock-AF_NETROM){+.?.}, at: nr_find_socket+0x117/0x160 net/netrom/af_netrom.c:177
------------[ cut here ]------------
{IN-SOFTIRQ-W} state was registered at:
downgrading a read lock
WARNING: CPU: 1 PID: 7039 at kernel/locking/lockdep.c:3553 __lock_downgrade kernel/locking/lockdep.c:3553 [inline]
WARNING: CPU: 1 PID: 7039 at kernel/locking/lockdep.c:3553 lock_downgrade+0x4d2/0x910 kernel/locking/lockdep.c:3816
  lock_acquire+0x1db/0x570 kernel/locking/lockdep.c:3841
Kernel panic - not syncing: panic_on_warn set ...
  __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
  _raw_spin_lock+0x2f/0x40 kernel/locking/spinlock.c:144
CPU: 1 PID: 7039 Comm: modprobe Not tainted 4.20.0+ #3
  spin_lock include/linux/spinlock.h:329 [inline]
  nr_find_listener net/netrom/af_netrom.c:156 [inline]
  nr_rx_frame+0x60c/0x1d50 net/netrom/af_netrom.c:955
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
  nr_loopback_timer+0x7b/0x170 net/netrom/nr_loopback.c:62
Call Trace:
  call_timer_fn+0x254/0x900 kernel/time/timer.c:1325
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1db/0x2d0 lib/dump_stack.c:113
  expire_timers kernel/time/timer.c:1362 [inline]
  __run_timers+0x6fc/0xd50 kernel/time/timer.c:1681
  run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1694
  __do_softirq+0x30b/0xb11 kernel/softirq.c:292
 panic+0x2cb/0x589 kernel/panic.c:189
  invoke_softirq kernel/softirq.c:373 [inline]
  irq_exit+0x180/0x1d0 kernel/softirq.c:413
  exiting_irq arch/x86/include/asm/apic.h:536 [inline]
  smp_apic_timer_interrupt+0x1b7/0x760 arch/x86/kernel/apic/apic.c:1062
  apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:807
  preempt_count arch/x86/include/asm/preempt.h:26 [inline]
  preempt_count_sub+0x4b/0x160 kernel/sched/core.c:3217
  __kunmap_atomic include/linux/highmem.h:78 [inline]
  iov_iter_copy_from_user_atomic+0x4ba/0xff0 lib/iov_iter.c:961
  generic_perform_write+0x35f/0x6b0 mm/filemap.c:3148
  __generic_file_write_iter+0x25e/0x630 mm/filemap.c:3265
  ext4_file_write_iter+0x37a/0x1410 fs/ext4/file.c:266
 __warn.cold+0x20/0x4b kernel/panic.c:544
  call_write_iter include/linux/fs.h:1857 [inline]
  do_iter_readv_writev+0x856/0xae0 fs/read_write.c:680
  do_iter_write fs/read_write.c:959 [inline]
  do_iter_write+0x184/0x600 fs/read_write.c:940
 report_bug+0x263/0x2b0 lib/bug.c:186
  vfs_iter_write+0x77/0xb0 fs/read_write.c:972
 fixup_bug arch/x86/kernel/traps.c:178 [inline]
 fixup_bug arch/x86/kernel/traps.c:173 [inline]
 do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:271
  iter_file_splice_write+0x885/0xfc0 fs/splice.c:749
 do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:290
  do_splice_from fs/splice.c:851 [inline]
  direct_splice_actor+0x126/0x1a0 fs/splice.c:1023
  splice_direct_to_actor+0x3be/0x9d0 fs/splice.c:978
 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:973
  do_splice_direct+0x2c7/0x420 fs/splice.c:1066
RIP: 0010:__lock_downgrade kernel/locking/lockdep.c:3553 [inline]
RIP: 0010:lock_downgrade+0x4d2/0x910 kernel/locking/lockdep.c:3816
  do_sendfile+0x61a/0xe40 fs/read_write.c:1439
Code: 00 00 00 fc ff df 41 c6 04 06 f8 e9 1f ff ff ff 48 c7 c7 e0 a4 4b 88 4c 89 8d 58 ff ff ff 48 89 85 60 ff ff ff e8 0e 29 e7 ff <0f> 0b 48 8b 85 60 ff ff ff 4c 8d 5d d8 4c 89 f1 48 ba 00 00 00 00
  __do_sys_sendfile64 fs/read_write.c:1494 [inline]
  __se_sys_sendfile64 fs/read_write.c:1486 [inline]
  __x64_sys_sendfile64+0x15a/0x240 fs/read_write.c:1486
RSP: 0018:ffff88806768fbb8 EFLAGS: 00010082
  do_syscall_64+0x1a3/0x800 arch/x86/entry/common.c:290
RAX: 0000000000000000 RBX: 1ffff1100ced1f7d RCX: 0000000000000000
  entry_SYSCALL_64_after_hwframe+0x49/0xbe
RDX: 0000000000000000 RSI: ffffffff816833b6 RDI: 0000000000000006
irq event stamp: 206
RBP: ffff88806768fc70 R08: ffff88804c6e0340 R09: fffffbfff1332c29
hardirqs last  enabled at (203): [<ffffffff814d2e3a>] __local_bh_enable_ip+0x15a/0x270 kernel/softirq.c:194
R10: fffffbfff1332c28 R11: ffffffff89996143 R12: ffff88804c6e0340
hardirqs last disabled at (205): [<ffffffff814d2dfa>] __local_bh_enable_ip+0x11a/0x270 kernel/softirq.c:171
R13: ffffffff8b55e960 R14: ffff88806768fc08 R15: 0000000000000001
softirqs last  enabled at (206): [<ffffffff8701881d>] spin_unlock_bh include/linux/spinlock.h:374 [inline]
softirqs last  enabled at (206): [<ffffffff8701881d>] nr_find_socket+0x12d/0x160 net/netrom/af_netrom.c:183
softirqs last disabled at (204): [<ffffffff87018714>] spin_lock_bh include/linux/spinlock.h:334 [inline]
softirqs last disabled at (204): [<ffffffff87018714>] nr_find_socket+0x24/0x160 net/netrom/af_netrom.c:172

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(slock-AF_NETROM);
 downgrade_write+0x76/0x270 kernel/locking/rwsem.c:147
  <Interrupt>
    lock(slock-AF_NETROM);

 *** DEADLOCK ***

1 lock held by syz-executor1/7040:
 #0: 000000009f768d0c (slock-AF_NETROM){+.?.}, at: spin_lock include/linux/spinlock.h:329 [inline]
 #0: 000000009f768d0c (slock-AF_NETROM){+.?.}, at: nr_find_socket+0x117/0x160 net/netrom/af_netrom.c:177
 __do_munmap+0xc5a/0xef0 mm/mmap.c:2823

stack backtrace:
 __vm_munmap+0x139/0x1f0 mm/mmap.c:2848
 __do_sys_munmap mm/mmap.c:2873 [inline]
 __se_sys_munmap mm/mmap.c:2870 [inline]
 __x64_sys_munmap+0x67/0x80 mm/mmap.c:2870
 do_syscall_64+0x1a3/0x800 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f8063907d37
Code: f0 ff ff 73 01 c3 48 8b 0d fe c0 2a 00 31 d2 48 29 c2 64 89 11 48 83 c8 ff eb ea 90 90 90 90 90 90 90 90 b8 0b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d d1 c0 2a 00 31 d2 48 29 c2 64
RSP: 002b:00007ffda27d8f08 EFLAGS: 00000206 ORIG_RAX: 000000000000000b
RAX: ffffffffffffffda RBX: 000055837ea4c250 RCX: 00007f8063907d37
RDX: 0000000000000000 RSI: 0000000000001000 RDI: 00007f8063fec000
RBP: 0000000000000000 R08: 00007f8063fe7700 R09: 00007ffda27d9068
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 000055837ea4c110 R14: 000055837ea4c200 R15: 00007ffda27d9190
CPU: 0 PID: 7040 Comm: syz-executor1 Not tainted 4.20.0+ #3
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1db/0x2d0 lib/dump_stack.c:113
 print_usage_bug.cold+0x330/0x42a kernel/locking/lockdep.c:2475
 valid_state kernel/locking/lockdep.c:2488 [inline]
 mark_lock_irq kernel/locking/lockdep.c:2682 [inline]
 mark_lock+0x10c4/0x1cd0 kernel/locking/lockdep.c:3062
 mark_held_locks+0xb1/0x100 kernel/locking/lockdep.c:2740
 __trace_hardirqs_on_caller kernel/locking/lockdep.c:2769 [inline]
 lockdep_hardirqs_on+0x415/0x5d0 kernel/locking/lockdep.c:2814
 trace_hardirqs_on+0xbd/0x310 kernel/trace/trace_preemptirq.c:30
 __local_bh_enable_ip+0x15a/0x270 kernel/softirq.c:194
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:176 [inline]
 _raw_spin_unlock_bh+0x31/0x40 kernel/locking/spinlock.c:200
 spin_unlock_bh include/linux/spinlock.h:374 [inline]
 nr_find_socket+0x12d/0x160 net/netrom/af_netrom.c:183
 nr_find_next_circuit+0x71/0x90 net/netrom/af_netrom.c:225
 nr_connect+0x6e8/0x1380 net/netrom/af_netrom.c:704
 __sys_connect+0x357/0x490 net/socket.c:1664
 __do_sys_connect net/socket.c:1675 [inline]
 __se_sys_connect net/socket.c:1672 [inline]
 __x64_sys_connect+0x73/0xb0 net/socket.c:1672
 do_syscall_64+0x1a3/0x800 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457ec9
Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fadd7c56c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457ec9
RDX: 0000000000000048 RSI: 0000000020000000 RDI: 0000000000000004
RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fadd7c576d4
R13: 00000000004be35a R14: 00000000004ce768 R15: 00000000ffffffff
Kernel Offset: disabled
Rebooting in 86400 seconds..