This is caused by net_cls and net_prio cgroups disabling cgroup BPF and causing it to stop refcounting when allocating new sockets. Releasing those sockets will cause the refcount to go negative, leading to the potential use-after-free.
Though this revert won't prevent the issue from happening as it could still theoretically be caused by setting net_cls.classid or net_prio.ifpriomap, this will prevent it from happening on default system configurations. A combination of systemd use of cgroup BPF and extensive cgroup use including net_prio will cause this. Reports usually involve using lxd, libvirt, docker or kubernetes and some systemd service with IPAddressDeny or IPAddressAllow. And though this patch has been introduced to avoid some potential memory leaks, the cure is worse than the disease. We will need to revisit both issues later on and reapply this patch when we have a real fix for the crash. Cascardo. ** Patch added: "0001-UBUNTU-SAUCE-Revert-netprio_cgroup-Fix-unlimited-mem.patch" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1886668/+attachment/5390827/+files/0001-UBUNTU-SAUCE-Revert-netprio_cgroup-Fix-unlimited-mem.patch ** Also affects: linux (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: linux (Ubuntu) Status: Incomplete => Invalid ** Changed in: linux (Ubuntu Bionic) Status: New => In Progress ** Changed in: linux (Ubuntu Bionic) Assignee: (unassigned) => Thadeu Lima de Souza Cascardo (cascardo) ** Changed in: linux (Ubuntu Bionic) Importance: Undecided => Critical -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1886668 Title: linux 4.15.0-109-generic network DoS regression vs -108 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1886668/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
