Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp3918796pxv; Mon, 28 Jun 2021 16:39:12 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxdyYFVQK83c07+Q6x6ibR10t5XZQeGOvuXQqth5uOa8muRpQR+6VN/UQ7H3GSyuWOeCK17 X-Received: by 2002:a5d:858d:: with SMTP id f13mr1550298ioj.121.1624923552008; Mon, 28 Jun 2021 16:39:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624923552; cv=none; d=google.com; s=arc-20160816; b=f0XnhhBT8idB4FDSGAP4xXTHQeSPYdzf2ZoeTjeGNnBGrMmhVSOPZRXXhgc2MlbCmc EW6Gp6Azm1F4CYsW4LW9OeHdTY5Z6FoZEOd0OqH02EfrT6GAF5cKulSM/mHO+SvvGbEf Ysb6W1TbRQAPUfhbpJtU/yP2DO/v3Mqh6q30xtmeSvLmtPtOGrzmMNV3SSXHNFIAwZyI 9uTXY+2AzeFmoAp1WHQU40vyW5N0/g7f2H0Gul8NC37tFI/+cid+Fc5jBVuv5EwPh/Tv KrX05qw3EY0649x613//n2Qts57a9C5vlgFfCloWR8nGVRZ789gGAnwF66NqD0tndiHB QRag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=WCfkgePdAXqOIxhYMCh7+nsE9UVEyCQyOezwXfK4jGU=; b=UocQhgKoMHq+YzMWwmj2mLi7wK5CLYM6sfkJ9Wu6r5mph+PHHU3c3nXpnUZfLFr63+ txFcc4lM5RPwHpHZq2tkRRnI5WuGZy7nYir7/4+8aZm9+nf7UCD8s6bXuusEOU4QZlj9 W3LjbgKS0PHXO79YQa8CPkN9wGrJAjoalSrefpimooogLXP2Slcyc9MWz8mRF8E1LaEH IX0aWpnCllOfpsvoJ+VYRoCii6Avv9VTeYw1/2r8G3jMI2S4DyViPkGQ0ts2MowAzRi1 skBOr6BKnGV5i33FDORl1RvGIr9oa1m1TJlOlEn61Lwec40DAXgbSgBZiJo39aB7tEJj pYeA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=cnlUh8EZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f13si19716899ila.126.2021.06.28.16.39.00; Mon, 28 Jun 2021 16:39:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=cnlUh8EZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234070AbhF1RXG (ORCPT + 99 others); Mon, 28 Jun 2021 13:23:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46696 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234009AbhF1RXF (ORCPT ); Mon, 28 Jun 2021 13:23:05 -0400 Received: from mail-vs1-xe30.google.com (mail-vs1-xe30.google.com [IPv6:2607:f8b0:4864:20::e30]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7CE83C061574 for ; Mon, 28 Jun 2021 10:20:38 -0700 (PDT) Received: by mail-vs1-xe30.google.com with SMTP id x1so10480695vsc.1 for ; Mon, 28 Jun 2021 10:20:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=WCfkgePdAXqOIxhYMCh7+nsE9UVEyCQyOezwXfK4jGU=; b=cnlUh8EZePV1fNVsbGOiqKW75J+KfI5/gEcMyctU0EmsvIcxkeYGl3T6oMfbhC+1zh sVJFonJ8gW+si52FHTLci4zSkwVuZnHN4Sp9B5z3h9nRXrHoa6Hd1S08ETGbo3hJwBB5 da0vEcvoePuMHcOjRMvRfqoUSrevbVZjKbW39sNZA7o9JdW2Y19sA9F1kTxE+kH1WGOW 2nuTex3S4aaKH0BljzW5nyVqfhWdJb+GiHYvx451BhzROMAlFaVKxzcZRQcH8vCfzyNo bVi+9DoiqCZqceYFGhQFY2D5PQT4456zvGJr33FA4JqNnkc+tljZ7EVQCsXZ5zmTrmHP nZcA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WCfkgePdAXqOIxhYMCh7+nsE9UVEyCQyOezwXfK4jGU=; b=I82TA3QPRI3/IE0POE5+++1DeB8V+cOJbW2wFVjrQre8WNZh6zk86IEPtTxR4vYqJm SjX5PF3inXBK9vC9Yzy1xW04ppBlqpclNCpffUAfCaJ41ln3bvK6ZR+umvjFm8Toveij 0aU359u/bzup2l4X7D10nDbfEHZoHG7BipE/+JH8ZfatCbLMTkjLD9DfVo81N2K5ihN/ nPxqvPmWhuCC0PaQCpzhRBymkpir5ciLS6g5KrRKrK2MTpDH0vgsx38+SJEOXqiuBtcF nmyYIz6RF4K2xws31bsmXQ5HXZA6lCOLdnv3n0qOUAHxZv8DEz8mo/t89LSzaez/EBjG 6Upg== X-Gm-Message-State: AOAM530DJaYoysXS+Ai40S0n8FiWwdRbGeTkuSzrg92xqYZUBq+o0Ptl hNOj1T8M/8150Tt8F9U7HhegvJv/KJmC5VCrM3Ib2g== X-Received: by 2002:a67:7707:: with SMTP id s7mr20202441vsc.16.1624900837435; Mon, 28 Jun 2021 10:20:37 -0700 (PDT) MIME-Version: 1.0 References: <20210628144908.881499-1-phind.uet@gmail.com> <79490158-e6d1-aabf-64aa-154b71205c74@gmail.com> In-Reply-To: From: Neal Cardwell Date: Mon, 28 Jun 2021 13:20:19 -0400 Message-ID: Subject: Re: [PATCH] tcp: Do not reset the icsk_ca_initialized in tcp_init_transfer. To: Phi Nguyen Cc: Eric Dumazet , David Miller , Hideaki YOSHIFUJI , David Ahern , Jakub Kicinski , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , John Fastabend , kpsingh@kernel.org, netdev , LKML , bpf , linux-kernel-mentees@lists.linuxfoundation.org, syzbot+f1e24a0594d4e3a895d3@syzkaller.appspotmail.com, Yuchung Cheng Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org ) On Mon, Jun 28, 2021 at 1:15 PM Phi Nguyen wrote: > > On 6/29/2021 12:24 AM, Neal Cardwell wrote: > > > Thanks. > > > > Can you also please provide a summary of the event sequence that > > triggers the bug? Based on your Reported-by tag, I guess this is based > > on the syzbot reproducer: > > > > https://groups.google.com/g/syzkaller-bugs/c/VbHoSsBz0hk/m/cOxOoTgPCAAJ > > > > but perhaps you can give a summary of the event sequence that causes > > the bug? Is it that the call: > > > > setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, > > &(0x7f0000000000)='cdg\x00', 0x4) > > > > initializes the CC and happens before the connection is established, > > and then when the connection is established, the line that sets: > > icsk->icsk_ca_initialized = 0; > > is incorrect, causing the CC to be initialized again without first > > calling the cleanup code that deallocates the CDG-allocated memory? > > > > thanks, > > neal > > > > Hi Neal, > > The gdb stack trace that lead to init_transfer_input() is as bellow, the > current sock state is TCP_SYN_RECV. Thanks. That makes sense as a snapshot of time for tcp_init_transfer(), but I think what would be more useful would be a description of the sequence of events, including when the CC was initialized previous to that point (as noted above, was it that the setsockopt(TCP_CONGESTION) completed before that point?). thanks, neal