bisecting fixing commit since 97a8651cadce7c2b7c4d8f108b392eff31fe2c08 building syzkaller on 77e2b66864e69c17416614228723a1ebd3581ddc testing commit 97a8651cadce7c2b7c4d8f108b392eff31fe2c08 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 0dc34aad8abad9b561b6f2decc0f05707e549510d50d4c4e878255d60e7bc434 all runs: crashed: inconsistent lock state in free_huge_page testing current HEAD c2276d585654e8d573366c29c565043ec36adf63 testing commit c2276d585654e8d573366c29c565043ec36adf63 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 21615f980dc9990ed35fdb1f340b02df7f5a22ec230ba7530343dd4d7fa3e8d5 all runs: crashed: inconsistent lock state in free_huge_page revisions tested: 2, total time: 29m57.835960505s (build: 17m9.638136953s, test: 12m16.987551281s) the crash still happens on HEAD commit msg: Linux 4.19.208 crash: inconsistent lock state in free_huge_page ieee802154 phy0 wpan0: encryption failed: -22 ieee802154 phy1 wpan1: encryption failed: -22 ================================ WARNING: inconsistent lock state 4.19.208-syzkaller #0 Not tainted -------------------------------- inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. ksoftirqd/0/9 [HC0[0]:SC1[1]:HE1:SE0] takes: 000000007047cb6a (hugetlb_lock){+.?.}, at: spin_lock include/linux/spinlock.h:329 [inline] 000000007047cb6a (hugetlb_lock){+.?.}, at: free_huge_page mm/hugetlb.c:1301 [inline] 000000007047cb6a (hugetlb_lock){+.?.}, at: free_huge_page+0x6b6/0xb10 mm/hugetlb.c:1263 {SOFTIRQ-ON-W} state was registered at: lock_acquire+0x180/0x3a0 kernel/locking/lockdep.c:3908 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2d/0x40 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:329 [inline] hugetlb_overcommit_handler+0x27f/0x510 mm/hugetlb.c:3045 proc_sys_call_handler.isra.20+0x16a/0x200 fs/proc/proc_sysctl.c:597 proc_sys_write+0x37/0x60 fs/proc/proc_sysctl.c:615 __vfs_write+0xe3/0x890 fs/read_write.c:485 vfs_write+0x150/0x4d0 fs/read_write.c:549 ksys_write+0x103/0x260 fs/read_write.c:599 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe irq event stamp: 1571216 hardirqs last enabled at (1571216): [] __local_bh_enable_ip+0x160/0x250 kernel/softirq.c:194 hardirqs last disabled at (1571215): [] __local_bh_enable_ip+0x120/0x250 kernel/softirq.c:171 softirqs last enabled at (1571186): [] __do_softirq+0x62d/0x919 kernel/softirq.c:318 softirqs last disabled at (1571191): [] run_ksoftirqd+0x5e/0x100 kernel/softirq.c:653 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(hugetlb_lock); lock(hugetlb_lock); *** DEADLOCK *** 3 locks held by ksoftirqd/0/9: #0: 00000000f397f9c2 (rcu_read_lock){....}, at: __write_once_size include/linux/compiler.h:288 [inline] #0: 00000000f397f9c2 (rcu_read_lock){....}, at: __skb_unlink include/linux/skbuff.h:1920 [inline] #0: 00000000f397f9c2 (rcu_read_lock){....}, at: __skb_dequeue include/linux/skbuff.h:1936 [inline] #0: 00000000f397f9c2 (rcu_read_lock){....}, at: process_backlog+0x1d9/0x710 net/core/dev.c:5847 #1: 00000000f397f9c2 (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2153 [inline] #1: 00000000f397f9c2 (rcu_read_lock){....}, at: ip_local_deliver_finish+0x125/0x9a0 net/ipv4/ip_input.c:193 #2: 00000000f0624147 (slock-AF_INET/1){+.-.}, at: tcp_v4_rcv+0x2866/0x3bb0 net/ipv4/tcp_ipv4.c:1828 stack backtrace: CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 4.19.208-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x17c/0x226 lib/dump_stack.c:118 print_usage_bug.cold.38+0x433/0x563 kernel/locking/lockdep.c:2545 valid_state kernel/locking/lockdep.c:2558 [inline] mark_lock_irq kernel/locking/lockdep.c:2752 [inline] mark_lock+0xd44/0x12f0 kernel/locking/lockdep.c:3132 mark_irqflags kernel/locking/lockdep.c:3010 [inline] __lock_acquire+0x131d/0x47c0 kernel/locking/lockdep.c:3373 lock_acquire+0x180/0x3a0 kernel/locking/lockdep.c:3908 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2d/0x40 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:329 [inline] free_huge_page mm/hugetlb.c:1301 [inline] free_huge_page+0x6b6/0xb10 mm/hugetlb.c:1263 __put_compound_page+0x65/0xa0 mm/swap.c:96 __put_page+0x5d/0x290 mm/swap.c:112 put_page include/linux/mm.h:963 [inline] __skb_frag_unref include/linux/skbuff.h:2842 [inline] skb_release_data+0x249/0x760 net/core/skbuff.c:577 skb_release_all+0x3d/0x50 net/core/skbuff.c:640 __kfree_skb+0xd/0x20 net/core/skbuff.c:654 sk_wmem_free_skb include/net/sock.h:1466 [inline] tcp_rtx_queue_purge net/ipv4/tcp.c:2532 [inline] tcp_write_queue_purge+0x410/0x7b0 net/ipv4/tcp.c:2545 tcp_reset+0xba/0x340 net/ipv4/tcp_input.c:4081 tcp_rcv_state_process+0xd0f/0x43a0 net/ipv4/tcp_input.c:6256 tcp_v4_do_rcv+0x2bc/0x790 net/ipv4/tcp_ipv4.c:1569 tcp_v4_rcv+0x2ab8/0x3bb0 net/ipv4/tcp_ipv4.c:1832 ip_local_deliver_finish+0x3be/0x9a0 net/ipv4/ip_input.c:215 NF_HOOK include/linux/netfilter.h:289 [inline] ip_local_deliver+0x164/0x4b0 net/ipv4/ip_input.c:256 dst_input include/net/dst.h:461 [inline] ip_rcv_finish+0x159/0x240 net/ipv4/ip_input.c:414 NF_HOOK include/linux/netfilter.h:289 [inline] ip_rcv+0xc1/0x2f0 net/ipv4/ip_input.c:524 __netif_receive_skb_one_core+0x112/0x1a0 net/core/dev.c:4954 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:5066 process_backlog+0x220/0x710 net/core/dev.c:5849 napi_poll net/core/dev.c:6280 [inline] net_rx_action+0x454/0xe30 net/core/dev.c:6346 __do_softirq+0x25f/0x919 kernel/softirq.c:292 run_ksoftirqd+0x5e/0x100 kernel/softirq.c:653 smpboot_thread_fn+0x55f/0x8a0 kernel/smpboot.c:164 kthread+0x347/0x410 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415