(cc: Greg KH)
On 2025-04-22 18:51, Alan J. Wylie wrote:
On Mon, 21 Apr 2025 21:09:27 +0100 "Alan J. Wylie" alan@wylie.me.uk wrote:
On Mon, 21 Apr 2025 21:47:44 +0200 Holger Hoffstätte holger@applied-asynchrony.com wrote:
I'm afraid that didn't help. Same panic.
Bummer :-(
Might be something else missing then - so for now the only other thing I'd suggest is to revert the removal of the qlen check in fq_codel.
Like this?
$ git diff sch_fq_codel.c diff --git a/net/sched/sch_fq_codel.c b/net/sched/sch_fq_codel.c index 6c9029f71e88..4fdf317b82ec 100644 --- a/net/sched/sch_fq_codel.c +++ b/net/sched/sch_fq_codel.c @@ -316,7 +316,7 @@ static struct sk_buff *fq_codel_dequeue(struct Qdisc *sch) qdisc_bstats_update(sch, skb); flow->deficit -= qdisc_pkt_len(skb);
if (q->cstats.drop_count) {
if (q->cstats.drop_count && sch->q.qlen) { qdisc_tree_reduce_backlog(sch, q->cstats.drop_count, q->cstats.drop_len); q->cstats.drop_count = 0;$
It's been about 21 hours and no crash yet. I had an excellent day down a cave, so there's not been as much Internet traffic as usual, but there's a good chance the above patch as at least worked around, if not fixed the issue.
Thought so .. \o/
I guess now the question is what to do about it. IIUC the fix series [1] addressed some kind of UAF problem, but obviously was not applied correctly or is missing follow-ups. It's also a bit mysterious why adding the HTB patch didn't work.
Maybe Cong Wang can advise what to do here?
So unless someone else has any ideas: Greg, please revert:
6.14.y/a57fe60ef4cf96bfbb6b58397ec28bdb5a5c6b31 ("codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()")
and probably from 6.12 as well.
cheers Holger
[1] https://lore.kernel.org/all/20250403211033.166059-1-xiyou.wangcong@gmail.com...