Bug 200639 - netfilter xt_alloc_table_info regression
Summary: netfilter xt_alloc_table_info regression
Status: CLOSED INVALID
Alias: None
Product: Networking
Classification: Unclassified
Component: Netfilter/Iptables (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: networking_netfilter-iptables@kernel-bugs.osdl.org
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-07-24 07:29 UTC by Georgi Georgiev
Modified: 2018-07-25 11:31 UTC (History)
0 users

See Also:
Kernel Version: 4.14
Tree: Mainline
Regression: Yes


Attachments
iptables save (3.64 MB, text/plain)
2018-07-24 07:29 UTC, Georgi Georgiev
Details

Description Georgi Georgiev 2018-07-24 07:29:56 UTC
Created attachment 277477 [details]
iptables save

Folowing commit leads to "vmalloc: allocation failure" when cgroups memory controller is enabled:

https://github.com/torvalds/linux/commit/eacd86ca3b036e55e172b7279f101cef4a6ff3a4

After creating large number of cgroups and under memory pressure, iptables command fails with following error:

"iptables-restor: vmalloc: allocation failure, allocated 3047424 of 3465216 bytes, mode:0x14010c0(GFP_KERNEL|__GFP_NORETRY), nodemask=(null)"

System which is used to reproduce the bug is with 2 vcpus and 2GB of ram, but it happens on more powerfull systems.

Steps to reproduce:

mkdir /cgroup
mount cgroup -t cgroup -omemory,pids,blkio,cpuacct /cgroup
for a in `seq 1 1000`; do for b in `seq 1 4` ; do mkdir -p "/cgroup/user/$a/$b"; done; done

Then in separate consoles

cat /dev/vda > /dev/null
./test
./test
i=0;while sleep 0 ; do iptables-restore < iptables.save ; i=$(($i+1)); echo $i; done

Here is the source of "test" program and attached iptables.save. It happens also with smaller iptables.save file.

#include <stdio.h>
#include <stdlib.h>

int main(void) {

    srand(time(NULL));
    int i = 0, j = 0, randnum=0;
    int arr[6] = { 3072, 7168, 15360 , 31744, 64512, 130048}; 
    while(1) {

        for (i = 0; i < 6 ; i++) {

            int *ptr = (int*) malloc(arr[i] * 93);  

            for(j = 0 ; j < arr[i] * 93 / sizeof(int); j++) {
                *(ptr+j) = j+1;
            }

            free(ptr);
        }
    }       
}

Note You need to log in before you can comment on or make changes to this bug.