bisecting fixing commit since 3f2ecb86cb909da0b9157fd2952ad79924cbe5ae
building syzkaller on c2c1d1dd603b7d66d283253ffbd61b8692712bd2
testing commit 3f2ecb86cb909da0b9157fd2952ad79924cbe5ae with gcc (GCC) 8.4.1 20210217
kernel signature: a5fd12b3c032694be6a807714bd1fe6073716a4be2073562e436eedfd7a7d518
run #0: crashed: inconsistent lock state in free_huge_page
run #1: crashed: inconsistent lock state in free_huge_page
run #2: crashed: inconsistent lock state in free_huge_page
run #3: crashed: inconsistent lock state in free_huge_page
run #4: crashed: inconsistent lock state in free_huge_page
run #5: crashed: inconsistent lock state in free_huge_page
run #6: crashed: inconsistent lock state in free_huge_page
run #7: crashed: inconsistent lock state in free_huge_page
run #8: crashed: possible deadlock in sk_clone_lock
run #9: crashed: inconsistent lock state in free_huge_page
run #10: crashed: inconsistent lock state in free_huge_page
run #11: crashed: inconsistent lock state in free_huge_page
run #12: crashed: inconsistent lock state in free_huge_page
run #13: crashed: inconsistent lock state in free_huge_page
run #14: crashed: inconsistent lock state in free_huge_page
run #15: crashed: possible deadlock in sk_clone_lock
run #16: crashed: possible deadlock in sk_clone_lock
run #17: crashed: possible deadlock in sk_clone_lock
run #18: crashed: possible deadlock in sk_clone_lock
run #19: crashed: possible deadlock in sk_clone_lock
testing current HEAD cf256fbcbe347b7d0ff58fe2dfa382a156bd3694
testing commit cf256fbcbe347b7d0ff58fe2dfa382a156bd3694 with gcc (GCC) 8.4.1 20210217
kernel signature: 61f635a715dec231e321ecedfb1eb5d5b4cdaf07bf3a5aade6b311a2b4611e7c
run #0: crashed: inconsistent lock state in free_huge_page
run #1: crashed: inconsistent lock state in free_huge_page
run #2: crashed: inconsistent lock state in free_huge_page
run #3: crashed: inconsistent lock state in free_huge_page
run #4: crashed: inconsistent lock state in free_huge_page
run #5: crashed: inconsistent lock state in free_huge_page
run #6: crashed: inconsistent lock state in free_huge_page
run #7: crashed: possible deadlock in sk_clone_lock
run #8: crashed: inconsistent lock state in free_huge_page
run #9: crashed: inconsistent lock state in free_huge_page
revisions tested: 2, total time: 39m35.570621236s (build: 21m6.565165859s, test: 18m0.910407879s)
the crash still happens on HEAD
commit msg: Linux 4.14.231
crash: inconsistent lock state in free_huge_page
================================
WARNING: inconsistent lock state
4.14.231-syzkaller #0 Not tainted
--------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
ksoftirqd/1/17 [HC0[0]:SC1[1]:HE1:SE0] takes:
 (hugetlb_lock){+.?.}, at: [<ffffffff817b20a8>] spin_lock include/linux/spinlock.h:317 [inline]
 (hugetlb_lock){+.?.}, at: [<ffffffff817b20a8>] free_huge_page mm/hugetlb.c:1309 [inline]
 (hugetlb_lock){+.?.}, at: [<ffffffff817b20a8>] free_huge_page+0x5a8/0x800 mm/hugetlb.c:1271
{SOFTIRQ-ON-W} state was registered at:
  mark_irqflags kernel/locking/lockdep.c:3090 [inline]
  __lock_acquire+0x6d9/0x42d0 kernel/locking/lockdep.c:3448
  lock_acquire+0x17e/0x3e0 kernel/locking/lockdep.c:3998
  __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
  _raw_spin_lock+0x2d/0x40 kernel/locking/spinlock.c:152
  spin_lock include/linux/spinlock.h:317 [inline]
  hugetlb_overcommit_handler+0x25d/0x4f0 mm/hugetlb.c:3034
  proc_sys_call_handler.isra.20+0x162/0x1f0 fs/proc/proc_sysctl.c:598
  proc_sys_write+0x37/0x60 fs/proc/proc_sysctl.c:616
  __vfs_write+0xdb/0x840 fs/read_write.c:480
  vfs_write+0x150/0x4f0 fs/read_write.c:544
  SYSC_write fs/read_write.c:590 [inline]
  SyS_write+0x100/0x250 fs/read_write.c:582
  do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292
  entry_SYSCALL_64_after_hwframe+0x46/0xbb
irq event stamp: 6844756
hardirqs last  enabled at (6844756): [<ffffffff81694482>] seqcount_lockdep_reader_access include/linux/seqlock.h:83 [inline]
hardirqs last  enabled at (6844756): [<ffffffff81694482>] read_seqcount_begin include/linux/seqlock.h:164 [inline]
hardirqs last  enabled at (6844756): [<ffffffff81694482>] read_seqbegin include/linux/seqlock.h:441 [inline]
hardirqs last  enabled at (6844756): [<ffffffff81694482>] zone_span_seqbegin include/linux/memory_hotplug.h:80 [inline]
hardirqs last  enabled at (6844756): [<ffffffff81694482>] page_outside_zone_boundaries mm/page_alloc.c:496 [inline]
hardirqs last  enabled at (6844756): [<ffffffff81694482>] bad_range+0x262/0x390 mm/page_alloc.c:525
hardirqs last disabled at (6844755): [<ffffffff816942c0>] seqcount_lockdep_reader_access include/linux/seqlock.h:80 [inline]
hardirqs last disabled at (6844755): [<ffffffff816942c0>] read_seqcount_begin include/linux/seqlock.h:164 [inline]
hardirqs last disabled at (6844755): [<ffffffff816942c0>] read_seqbegin include/linux/seqlock.h:441 [inline]
hardirqs last disabled at (6844755): [<ffffffff816942c0>] zone_span_seqbegin include/linux/memory_hotplug.h:80 [inline]
hardirqs last disabled at (6844755): [<ffffffff816942c0>] page_outside_zone_boundaries mm/page_alloc.c:496 [inline]
hardirqs last disabled at (6844755): [<ffffffff816942c0>] bad_range+0xa0/0x390 mm/page_alloc.c:525
softirqs last  enabled at (6844660): [<ffffffff87600644>] __do_softirq+0x644/0x9a2 kernel/softirq.c:314
softirqs last disabled at (6844683): [<ffffffff813229c7>] run_ksoftirqd+0x57/0x1a0 kernel/softirq.c:670

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(hugetlb_lock);
  <Interrupt>
    lock(hugetlb_lock);

 *** DEADLOCK ***

1 lock held by ksoftirqd/1/17:
 #0:  (rcu_read_lock){....}, at: [<ffffffff85cd3b39>] __write_once_size include/linux/compiler.h:210 [inline]
 #0:  (rcu_read_lock){....}, at: [<ffffffff85cd3b39>] __skb_unlink include/linux/skbuff.h:1917 [inline]
 #0:  (rcu_read_lock){....}, at: [<ffffffff85cd3b39>] __skb_dequeue include/linux/skbuff.h:1933 [inline]
 #0:  (rcu_read_lock){....}, at: [<ffffffff85cd3b39>] process_backlog+0x1d9/0x710 net/core/dev.c:5192

stack backtrace:
CPU: 1 PID: 17 Comm: ksoftirqd/1 Not tainted 4.14.231-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x14b/0x1e7 lib/dump_stack.c:58
 print_usage_bug.cold.46+0x433/0x563 kernel/locking/lockdep.c:2589
 valid_state kernel/locking/lockdep.c:2602 [inline]
 mark_lock_irq kernel/locking/lockdep.c:2796 [inline]
 mark_lock+0xc00/0x11a0 kernel/locking/lockdep.c:3194
 mark_irqflags kernel/locking/lockdep.c:3072 [inline]
 __lock_acquire+0x1241/0x42d0 kernel/locking/lockdep.c:3448
 lock_acquire+0x17e/0x3e0 kernel/locking/lockdep.c:3998
 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
 _raw_spin_lock+0x2d/0x40 kernel/locking/spinlock.c:152
 spin_lock include/linux/spinlock.h:317 [inline]
 free_huge_page mm/hugetlb.c:1309 [inline]
 free_huge_page+0x5a8/0x800 mm/hugetlb.c:1271
 __put_compound_page+0x67/0xa0 mm/swap.c:95
 __put_page+0x5d/0x280 mm/swap.c:111
 put_page include/linux/mm.h:875 [inline]
 __skb_frag_unref include/linux/skbuff.h:2829 [inline]
 skb_frag_unref include/linux/skbuff.h:2841 [inline]
 skb_copy_ubufs+0xd35/0x1460 net/core/skbuff.c:1243
 skb_orphan_frags_rx include/linux/skbuff.h:2634 [inline]
 __netif_receive_skb_core+0x1d87/0x2fe0 net/core/dev.c:4471
 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:4512
 process_backlog+0x220/0x710 net/core/dev.c:5194
 napi_poll net/core/dev.c:5596 [inline]
 net_rx_action+0x42d/0xe20 net/core/dev.c:5662
 __do_softirq+0x247/0x9a2 kernel/softirq.c:288
 run_ksoftirqd+0x57/0x1a0 kernel/softirq.c:670
 smpboot_thread_fn+0x553/0x850 kernel/smpboot.c:164
 kthread+0x338/0x400 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404