On Thu, 3 Aug 2023 14:47:35 +0300 Tariq Toukan wrote: > When applying this patch, repro disappears! :) > Apparently it is related to the warning. > Please go on and submit it. I have no idea how. I found a different bug, staring at this code for another hour. But I still don't get how we can avoid UaF on a page by having the TCP take a ref on it rather than copy it. If anything we should have 2 refs on any page in the sg, one because it's on the sg, and another held by the re-tx handling. So I'm afraid we're papering over something here :( We need to keep digging.
