bisecting fixing commit since 3f2ecb86cb909da0b9157fd2952ad79924cbe5ae
building syzkaller on c2c1d1dd603b7d66d283253ffbd61b8692712bd2
testing commit 3f2ecb86cb909da0b9157fd2952ad79924cbe5ae with gcc (GCC) 8.4.1 20210217
kernel signature: 0f3bb863c55379406b18cd53dca06422b96ee65323879980ebc7e86cf4633b9b
run #0: crashed: inconsistent lock state in free_huge_page
run #1: crashed: inconsistent lock state in free_huge_page
run #2: crashed: inconsistent lock state in free_huge_page
run #3: crashed: inconsistent lock state in free_huge_page
run #4: crashed: inconsistent lock state in free_huge_page
run #5: crashed: inconsistent lock state in free_huge_page
run #6: crashed: inconsistent lock state in free_huge_page
run #7: crashed: inconsistent lock state in free_huge_page
run #8: crashed: inconsistent lock state in free_huge_page
run #9: crashed: possible deadlock in sk_clone_lock
run #10: crashed: inconsistent lock state in free_huge_page
run #11: crashed: inconsistent lock state in free_huge_page
run #12: crashed: inconsistent lock state in free_huge_page
run #13: crashed: inconsistent lock state in free_huge_page
run #14: crashed: inconsistent lock state in free_huge_page
run #15: crashed: possible deadlock in sk_clone_lock
run #16: crashed: inconsistent lock state in free_huge_page
run #17: crashed: possible deadlock in sk_clone_lock
run #18: crashed: possible deadlock in sk_clone_lock
run #19: crashed: possible deadlock in sk_clone_lock
testing current HEAD 3242aa3a635c0958671ee1e4b0958dcc7c4e5c79
testing commit 3242aa3a635c0958671ee1e4b0958dcc7c4e5c79 with gcc (GCC) 8.4.1 20210217
kernel signature: 2042904a2b08f688db94c9378d157cd19a28135ea1e37b54300b1286eec21e3a
run #0: crashed: inconsistent lock state in free_huge_page
run #1: crashed: inconsistent lock state in free_huge_page
run #2: crashed: inconsistent lock state in free_huge_page
run #3: crashed: possible deadlock in sk_clone_lock
run #4: crashed: inconsistent lock state in free_huge_page
run #5: crashed: possible deadlock in sk_clone_lock
run #6: crashed: possible deadlock in sk_clone_lock
run #7: crashed: inconsistent lock state in free_huge_page
run #8: crashed: possible deadlock in sk_clone_lock
run #9: crashed: inconsistent lock state in free_huge_page
revisions tested: 2, total time: 32m2.200545044s (build: 14m28.925379878s, test: 16m39.39519205s)
the crash still happens on HEAD
commit msg: Linux 4.14.222
crash: inconsistent lock state in free_huge_page
================================
WARNING: inconsistent lock state
4.14.222-syzkaller #0 Not tainted
--------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
ksoftirqd/1/17 [HC0[0]:SC1[1]:HE1:SE0] takes:
 (hugetlb_lock){+.?.}, at: [<ffffffff817afaa8>] spin_lock include/linux/spinlock.h:317 [inline]
 (hugetlb_lock){+.?.}, at: [<ffffffff817afaa8>] free_huge_page mm/hugetlb.c:1290 [inline]
 (hugetlb_lock){+.?.}, at: [<ffffffff817afaa8>] free_huge_page+0x5a8/0x800 mm/hugetlb.c:1252
{SOFTIRQ-ON-W} state was registered at:
  mark_irqflags kernel/locking/lockdep.c:3090 [inline]
  __lock_acquire+0x6d9/0x42d0 kernel/locking/lockdep.c:3448
  lock_acquire+0x17e/0x3e0 kernel/locking/lockdep.c:3998
  __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
  _raw_spin_lock+0x2d/0x40 kernel/locking/spinlock.c:152
  spin_lock include/linux/spinlock.h:317 [inline]
  hugetlb_overcommit_handler+0x25d/0x4f0 mm/hugetlb.c:2991
  proc_sys_call_handler.isra.20+0x162/0x1f0 fs/proc/proc_sysctl.c:598
  proc_sys_write+0x37/0x60 fs/proc/proc_sysctl.c:616
  __vfs_write+0xdb/0x840 fs/read_write.c:480
  vfs_write+0x150/0x4f0 fs/read_write.c:544
  SYSC_write fs/read_write.c:590 [inline]
  SyS_write+0x100/0x250 fs/read_write.c:582
  do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292
  entry_SYSCALL_64_after_hwframe+0x46/0xbb
irq event stamp: 5699776
hardirqs last  enabled at (5699776): [<ffffffff816939f2>] seqcount_lockdep_reader_access include/linux/seqlock.h:83 [inline]
hardirqs last  enabled at (5699776): [<ffffffff816939f2>] read_seqcount_begin include/linux/seqlock.h:164 [inline]
hardirqs last  enabled at (5699776): [<ffffffff816939f2>] read_seqbegin include/linux/seqlock.h:441 [inline]
hardirqs last  enabled at (5699776): [<ffffffff816939f2>] zone_span_seqbegin include/linux/memory_hotplug.h:80 [inline]
hardirqs last  enabled at (5699776): [<ffffffff816939f2>] page_outside_zone_boundaries mm/page_alloc.c:496 [inline]
hardirqs last  enabled at (5699776): [<ffffffff816939f2>] bad_range+0x262/0x390 mm/page_alloc.c:525
hardirqs last disabled at (5699775): [<ffffffff81693830>] seqcount_lockdep_reader_access include/linux/seqlock.h:80 [inline]
hardirqs last disabled at (5699775): [<ffffffff81693830>] read_seqcount_begin include/linux/seqlock.h:164 [inline]
hardirqs last disabled at (5699775): [<ffffffff81693830>] read_seqbegin include/linux/seqlock.h:441 [inline]
hardirqs last disabled at (5699775): [<ffffffff81693830>] zone_span_seqbegin include/linux/memory_hotplug.h:80 [inline]
hardirqs last disabled at (5699775): [<ffffffff81693830>] page_outside_zone_boundaries mm/page_alloc.c:496 [inline]
hardirqs last disabled at (5699775): [<ffffffff81693830>] bad_range+0xa0/0x390 mm/page_alloc.c:525
softirqs last  enabled at (5699678): [<ffffffff87600644>] __do_softirq+0x644/0x9a2 kernel/softirq.c:314
softirqs last disabled at (5699701): [<ffffffff81322897>] run_ksoftirqd+0x57/0x1a0 kernel/softirq.c:670

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(hugetlb_lock);
  <Interrupt>
    lock(hugetlb_lock);

 *** DEADLOCK ***

1 lock held by ksoftirqd/1/17:
 #0:  (rcu_read_lock){....}, at: [<ffffffff85cbda89>] __write_once_size include/linux/compiler.h:210 [inline]
 #0:  (rcu_read_lock){....}, at: [<ffffffff85cbda89>] __skb_unlink include/linux/skbuff.h:1917 [inline]
 #0:  (rcu_read_lock){....}, at: [<ffffffff85cbda89>] __skb_dequeue include/linux/skbuff.h:1933 [inline]
 #0:  (rcu_read_lock){....}, at: [<ffffffff85cbda89>] process_backlog+0x1d9/0x710 net/core/dev.c:5192

stack backtrace:
CPU: 1 PID: 17 Comm: ksoftirqd/1 Not tainted 4.14.222-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x14b/0x1e7 lib/dump_stack.c:58
 print_usage_bug.cold.46+0x433/0x563 kernel/locking/lockdep.c:2589
 valid_state kernel/locking/lockdep.c:2602 [inline]
 mark_lock_irq kernel/locking/lockdep.c:2796 [inline]
 mark_lock+0xc00/0x11a0 kernel/locking/lockdep.c:3194
 mark_irqflags kernel/locking/lockdep.c:3072 [inline]
 __lock_acquire+0x1241/0x42d0 kernel/locking/lockdep.c:3448
 lock_acquire+0x17e/0x3e0 kernel/locking/lockdep.c:3998
 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
 _raw_spin_lock+0x2d/0x40 kernel/locking/spinlock.c:152
 spin_lock include/linux/spinlock.h:317 [inline]
 free_huge_page mm/hugetlb.c:1290 [inline]
 free_huge_page+0x5a8/0x800 mm/hugetlb.c:1252
 __put_compound_page+0x67/0xa0 mm/swap.c:95
 __put_page+0x5d/0x280 mm/swap.c:111
 put_page include/linux/mm.h:875 [inline]
 __skb_frag_unref include/linux/skbuff.h:2829 [inline]
 skb_frag_unref include/linux/skbuff.h:2841 [inline]
 skb_copy_ubufs+0xd35/0x1460 net/core/skbuff.c:1243
 skb_orphan_frags_rx include/linux/skbuff.h:2634 [inline]
 __netif_receive_skb_core+0x1d87/0x2fe0 net/core/dev.c:4471
 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:4512
 process_backlog+0x220/0x710 net/core/dev.c:5194
 napi_poll net/core/dev.c:5596 [inline]
 net_rx_action+0x42d/0xe20 net/core/dev.c:5662
 __do_softirq+0x247/0x9a2 kernel/softirq.c:288
 run_ksoftirqd+0x57/0x1a0 kernel/softirq.c:670
 smpboot_thread_fn+0x553/0x850 kernel/smpboot.c:164
 kthread+0x338/0x400 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404