===SRU Justification===
[Impact]
ipset-nuclear script [1] casues a kernel panic.
[Fix]
"Fix wraparound bug which could lead to memory exhaustion when adding an
x.x.x.x-255.255.255.255 range to any hash:*net* types."
[Test]
User feedbacked this patch solves the issue.
[Regression Potential]
Low. It's also in upstream stable v4.14.
[1] https://github.com/DevelopersPL/pkgbuild/blob/master/ipset-nuclear/ipset-nuclear
===Original Bug Report===
When running the following script: https://github.com/DevelopersPL/pkgbuild/blob/master/ipset-nuclear/ipset-nuclear on the 4.15.0-43-generic kernel it leads to a kernel panic.
Tested the same with 17.10 (4.13 kernel) and 18.10 (4.18 kernel) and no problems with those.
The issue was first mentioned in our forum (https://forum.proxmox.com/threads/kernel-panic-ip_set_hash_net.50138/#post-234532) on our own kernel that's based on the Ubuntu 4.15. After further investigations neither Debian 9 (4.9 kernel) nor Arch Linux (4.20 kernel) exhibited that same issue.
The attached log has the errors of one run of the ipset-nuclear script.
The kernel panic on the host side can also be triggered from an unprivileged container (Arch Linux, LXC)
---
ProblemType: Bug
AlsaDevices:
total 0
crw-rw----+ 1 root audio 116, 1 Jan 31 12:29 seq
crw-rw----+ 1 root audio 116, 33 Jan 31 12:29 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay': 'aplay'
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord': 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
DistroRelease: Ubuntu 18.04
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig': 'iwconfig'
Lsusb:
Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd
Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
MachineType: QEMU Standard PC (i440FX + PIIX, 1996)
Package: linux (not installed)
PciMultimedia:
ProcFB:
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.15.0-43-generic root=UUID=3f9884ba-1593-11e9-a795-9abe83d987a0 ro maybe-ubiquity
ProcVersionSignature: Ubuntu 4.15.0-43.46-generic 4.15.18
RelatedPackageVersions:
linux-restricted-modules-4.15.0-43-generic N/A
linux-backports-modules-4.15.0-43-generic N/A
linux-firmware 1.173.2
RfKill: Error: [Errno 2] No such file or directory: 'rfkill': 'rfkill'
Tags: bionic
Uname: Linux 4.15.0-43-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lxd plugdev sudo
_MarkForUpload: True
dmi.bios.date: 04/01/2014
dmi.bios.vendor: SeaBIOS
dmi.bios.version: rel-1.11.1-0-g0551a4be2c-prebuilt.qemu-project.org
dmi.chassis.type: 1
dmi.chassis.vendor: QEMU
dmi.chassis.version: pc-i440fx-2.12
dmi.modalias: dmi:bvnSeaBIOS:bvrrel-1.11.1-0-g0551a4be2c-prebuilt.qemu-project.org:bd04/01/2014:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-2.12:cvnQEMU:ct1:cvrpc-i440fx-2.12:
dmi.product.name: Standard PC (i440FX + PIIX, 1996)
dmi.product.version: pc-i440fx-2.12
dmi.sys.vendor: QEMU
This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:
apport-collect 1811394
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.