bisecting cause commit starting from ece0d7bd74615773268475b6b64d6f1ebbd4b4c6
building syzkaller on 35f53e457420e79fa28e3260cdbbf9f37b9f97e4
testing commit ece0d7bd74615773268475b6b64d6f1ebbd4b4c6 with gcc (GCC) 8.1.0
kernel signature: 583249d40ce65eb05fa33485291417d13f28dd3be627b3633e919718d45528a9
all runs: crashed: possible deadlock in inet_csk_accept
testing release v5.5
testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0
kernel signature: bc0ae93bd2bcbdc19d146665f573d54b6a3ecb4fa725b3819f2bf25257df7450
all runs: OK
# git bisect start ece0d7bd74615773268475b6b64d6f1ebbd4b4c6 d5226fa6dbae0569ee43ecfc08bdcd6770fc4755
Bisecting: 6985 revisions left to test after this (roughly 13 steps)
[4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb] Merge tag 'for-v5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply
testing commit 4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb with gcc (GCC) 8.1.0
kernel signature: 06b1191a5ec90f9362b6d134138174b8b9c5e92799abdde82ea4aa7310c0d96e
all runs: OK
# git bisect good 4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb
Bisecting: 3483 revisions left to test after this (roughly 12 steps)
[eadc4e40e68832fc61ae5e3ef2ef5cfcd9308b2c] Merge tag 'rtc-5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux
testing commit eadc4e40e68832fc61ae5e3ef2ef5cfcd9308b2c with gcc (GCC) 8.1.0
kernel signature: c0041acfde4617b28ebedf31e64e34d2cfef70060a2fed0e5defca930b709e8b
all runs: OK
# git bisect good eadc4e40e68832fc61ae5e3ef2ef5cfcd9308b2c
Bisecting: 1526 revisions left to test after this (roughly 11 steps)
[1afa9c3b7c9bdcb562e2afe9f58cc99d0b071cdc] Merge tag 'armsoc-dt' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
testing commit 1afa9c3b7c9bdcb562e2afe9f58cc99d0b071cdc with gcc (GCC) 8.1.0
kernel signature: b2cc530bd87913d6410e0064344941b0082563364f9a15e1c4029ebd0c77aff1
run #0: boot failed: can't ssh into the instance
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect good 1afa9c3b7c9bdcb562e2afe9f58cc99d0b071cdc
Bisecting: 758 revisions left to test after this (roughly 10 steps)
[db70e26e33eef1b148ca1c9f50de92203ec7e82e] Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
testing commit db70e26e33eef1b148ca1c9f50de92203ec7e82e with gcc (GCC) 8.1.0
kernel signature: 06488d232f68f4d785605fc4a05bafa58e877b54a43044ee5ff82bf5cadaa419
all runs: OK
# git bisect good db70e26e33eef1b148ca1c9f50de92203ec7e82e
Bisecting: 379 revisions left to test after this (roughly 9 steps)
[e5553ac71e584c3aa443e211ca2afded6071b5b6] Merge tag 'staging-5.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
testing commit e5553ac71e584c3aa443e211ca2afded6071b5b6 with gcc (GCC) 8.1.0
kernel signature: ae0fac2e5e7d2377a05566338711bfe6becd5448df2de7d7116403fde49c580b
all runs: OK
# git bisect good e5553ac71e584c3aa443e211ca2afded6071b5b6
Bisecting: 182 revisions left to test after this (roughly 8 steps)
[91ad64a84e9e63e2906ae714dfa3933dd3f64c64] Merge tag 'trace-v5.6-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
testing commit 91ad64a84e9e63e2906ae714dfa3933dd3f64c64 with gcc (GCC) 8.1.0
kernel signature: e7d461dab3743923084035e759c2ffa08225f09c3d2550f1c9f1bb30bb91821e
all runs: OK
# git bisect good 91ad64a84e9e63e2906ae714dfa3933dd3f64c64
Bisecting: 86 revisions left to test after this (roughly 7 steps)
[7058b837899fc978c9f8a033fa29ab07360a85c8] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
testing commit 7058b837899fc978c9f8a033fa29ab07360a85c8 with gcc (GCC) 8.1.0
kernel signature: 36f4be048e6ba0d78e4974d52f94694ab8eeac406daf4a42d8c1146d4adf74e2
all runs: OK
# git bisect good 7058b837899fc978c9f8a033fa29ab07360a85c8
Bisecting: 42 revisions left to test after this (roughly 6 steps)
[2f63f2d5981499e5867aa061c9c8eb448494bb1e] Merge tag 'wireless-drivers-2020-03-05' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers
testing commit 2f63f2d5981499e5867aa061c9c8eb448494bb1e with gcc (GCC) 8.1.0
kernel signature: f3cc70ee2df2b77b98a9b6f661dd6bc802ab10e8d0f5c3418b16426e76a5ba8a
all runs: OK
# git bisect good 2f63f2d5981499e5867aa061c9c8eb448494bb1e
Bisecting: 21 revisions left to test after this (roughly 5 steps)
[b7469e83d2add567e4e0b063963db185f3167cea] bonding/alb: make sure arp header is pulled before accessing it
testing commit b7469e83d2add567e4e0b063963db185f3167cea with gcc (GCC) 8.1.0
kernel signature: 7df91dfab7b2f1336d83b0f7eaa97af650c6432442462268943eb61b868ef648
all runs: OK
# git bisect good b7469e83d2add567e4e0b063963db185f3167cea
Bisecting: 10 revisions left to test after this (roughly 4 steps)
[e18b353f102e371580f3f01dd47567a25acc3c1d] ipvlan: add cond_resched_rcu() while processing muticast backlog
testing commit e18b353f102e371580f3f01dd47567a25acc3c1d with gcc (GCC) 8.1.0
kernel signature: eee027c86c3126b239af004273e1ac60660b1832723b25642266402f63332df2
all runs: OK
# git bisect good e18b353f102e371580f3f01dd47567a25acc3c1d
Bisecting: 4 revisions left to test after this (roughly 3 steps)
[2362059427494b9e318161f0447a10dc5513b2c3] Merge tag 'batadv-net-for-davem-20200306' of git://git.open-mesh.org/linux-merge
testing commit 2362059427494b9e318161f0447a10dc5513b2c3 with gcc (GCC) 8.1.0
kernel signature: d931ae5c4c1c546a06aa0d816c9cfaa78577430baebf680e98894da56859d8c1
all runs: OK
# git bisect good 2362059427494b9e318161f0447a10dc5513b2c3
Bisecting: 2 revisions left to test after this (roughly 1 step)
[e876ecc67db80dfdb8e237f71e5b43bb88ae549c] cgroup: memcg: net: do not associate sock with unrelated cgroup
testing commit e876ecc67db80dfdb8e237f71e5b43bb88ae549c with gcc (GCC) 8.1.0
kernel signature: aa716b5dfa72000fd3e02398e49470eebbbeeea7cd72e26ddf8eaa01e6894983
all runs: OK
# git bisect good e876ecc67db80dfdb8e237f71e5b43bb88ae549c
Bisecting: 0 revisions left to test after this (roughly 1 step)
[60380488e4e0b95e9e82aa68aa9705baa86de84c] ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface
testing commit 60380488e4e0b95e9e82aa68aa9705baa86de84c with gcc (GCC) 8.1.0
kernel signature: bc1f5dd2f374595d09fb82d8ac966d62a4b051cd00bd95a03b7abad9a99aa9f1
all runs: crashed: possible deadlock in inet_csk_accept
# git bisect bad 60380488e4e0b95e9e82aa68aa9705baa86de84c
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[d752a4986532cb6305dfd5290a614cde8072769d] net: memcg: late association of sock to memcg
testing commit d752a4986532cb6305dfd5290a614cde8072769d with gcc (GCC) 8.1.0
kernel signature: 7c288b55bdc0fff60160db20f0a841d9e71e9e4743776d456bf6b00705fe548d
all runs: crashed: possible deadlock in inet_csk_accept
# git bisect bad d752a4986532cb6305dfd5290a614cde8072769d
d752a4986532cb6305dfd5290a614cde8072769d is the first bad commit
commit d752a4986532cb6305dfd5290a614cde8072769d
Author: Shakeel Butt <shakeelb@google.com>
Date:   Mon Mar 9 22:16:06 2020 -0700

    net: memcg: late association of sock to memcg
    
    If a TCP socket is allocated in IRQ context or cloned from unassociated
    (i.e. not associated to a memcg) in IRQ context then it will remain
    unassociated for its whole life. Almost half of the TCPs created on the
    system are created in IRQ context, so, memory used by such sockets will
    not be accounted by the memcg.
    
    This issue is more widespread in cgroup v1 where network memory
    accounting is opt-in but it can happen in cgroup v2 if the source socket
    for the cloning was created in root memcg.
    
    To fix the issue, just do the association of the sockets at the accept()
    time in the process context and then force charge the memory buffer
    already used and reserved by the socket.
    
    Signed-off-by: Shakeel Butt <shakeelb@google.com>
    Reviewed-by: Eric Dumazet <edumazet@google.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

 mm/memcontrol.c                 | 14 --------------
 net/core/sock.c                 |  5 ++++-
 net/ipv4/inet_connection_sock.c | 20 ++++++++++++++++++++
 3 files changed, 24 insertions(+), 15 deletions(-)
culprit signature: 7c288b55bdc0fff60160db20f0a841d9e71e9e4743776d456bf6b00705fe548d
parent  signature: aa716b5dfa72000fd3e02398e49470eebbbeeea7cd72e26ddf8eaa01e6894983
revisions tested: 16, total time: 4h25m46.305027112s (build: 1h46m27.535355117s, test: 2h38m17.085887243s)
first bad commit: d752a4986532cb6305dfd5290a614cde8072769d net: memcg: late association of sock to memcg
cc: ["davem@davemloft.net" "edumazet@google.com" "shakeelb@google.com"]
crash: possible deadlock in inet_csk_accept
============================================
WARNING: possible recursive locking detected
5.6.0-rc3-syzkaller #0 Not tainted
--------------------------------------------
syz-executor.2/8425 is trying to acquire lock:
ffff888091340c10 (sk_lock-AF_INET6){+.+.}, at: lock_sock include/net/sock.h:1541 [inline]
ffff888091340c10 (sk_lock-AF_INET6){+.+.}, at: inet_csk_accept+0x562/0xb00 net/ipv4/inet_connection_sock.c:492

but task is already holding lock:
ffff888091341610 (sk_lock-AF_INET6){+.+.}, at: lock_sock include/net/sock.h:1541 [inline]
ffff888091341610 (sk_lock-AF_INET6){+.+.}, at: inet_csk_accept+0x78/0xb00 net/ipv4/inet_connection_sock.c:445

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(sk_lock-AF_INET6);
  lock(sk_lock-AF_INET6);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

1 lock held by syz-executor.2/8425:
 #0: ffff888091341610 (sk_lock-AF_INET6){+.+.}, at: lock_sock include/net/sock.h:1541 [inline]
 #0: ffff888091341610 (sk_lock-AF_INET6){+.+.}, at: inet_csk_accept+0x78/0xb00 net/ipv4/inet_connection_sock.c:445

stack backtrace:
CPU: 1 PID: 8425 Comm: syz-executor.2 Not tainted 5.6.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x128/0x182 lib/dump_stack.c:118
 print_deadlock_bug kernel/locking/lockdep.c:2370 [inline]
 check_deadlock kernel/locking/lockdep.c:2411 [inline]
 validate_chain kernel/locking/lockdep.c:2954 [inline]
 __lock_acquire.cold.65+0x126/0x2e4 kernel/locking/lockdep.c:3954
 lock_acquire+0x19b/0x420 kernel/locking/lockdep.c:4484
 lock_sock_nested+0xaf/0xf0 net/core/sock.c:2947
 lock_sock include/net/sock.h:1541 [inline]
 inet_csk_accept+0x562/0xb00 net/ipv4/inet_connection_sock.c:492
 inet_accept+0xdd/0x6d0 net/ipv4/af_inet.c:734
 __sys_accept4_file+0x33e/0x510 net/socket.c:1758
 __sys_accept4+0x3b/0x70 net/socket.c:1809
 __do_sys_accept4 net/socket.c:1821 [inline]
 __se_sys_accept4 net/socket.c:1818 [inline]
 __x64_sys_accept4+0x8e/0xf0 net/socket.c:1818
 do_syscall_64+0xc6/0x5e0 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c4a9
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fc75f3e0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000120
RAX: ffffffffffffffda RBX: 00007fc75f3e16d4 RCX: 000000000045c4a9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 000000000000000b R14: 00000000004c2734 R15: 000000000076bf2c