> > my kernel is 3.10, I did not find the root cause, I guest all kind of
> > possibility
> >
>
> Have you backported 22a0e18eac7a9e986fec76c60fa4a2926d1291e2 ?
>
>
When I see this bug, I find this commit, and backport it,
But this seems to not related to my bug.
> > > I would rather move that in tcp_disconnect() that only fuzzers use,
> > > instead of doing this on every clone and slowing down normal users.
> > >
> >
> >
> > Do you mean we should fix it like below:
> >
> > diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index
> > f08eebe60446..44f8320610ab 100644
> > --- a/net/ipv4/tcp.c
> > +++ b/net/ipv4/tcp.c
> > @@ -2431,6 +2431,12 @@ int tcp_disconnect(struct sock *sk, int flags)
> >
> > WARN_ON(inet->inet_num && !icsk->icsk_bind_hash);
> >
> > +
> > + if (sk->sk_frag.page) {
> > + put_page(sk->sk_frag.page);
> > + sk->sk_frag.page = NULL;
> > + }
> > +
> > sk->sk_error_report(sk);
> > return err;
> > }
>
> Yes, something like that.
Ok, thanks
-R
