On Sun, May 14, 2017 at 03:56:12PM +0800, Liping Zhang wrote:
> From: Liping Zhang <zlpnobody@xxxxxxxxx>
>
> When the dumping operation is interrupted, we will restart the
> cache_init(), but unfortunatly, we forget to delete the old cache.
> So in extreme case, we will leak a huge amount of memory.
>
> Running the following commands can simulate the extreme case:
> # nft add table t
> # nft add set t s {type inet_service \;}
> # for i in $(seq 65000); do
> nft add element t s {$i}
> done &
> # while : ; do
> time nft list ruleset -nn
> done
>
> After a while, oom killer will be triggered:
> [ 2808.243537] Out of memory: Kill process 16975 (nft) score 649 or
> sacrifice child
> [ 2808.255372] Killed process 16975 (nft) total-vm:1955348kB,
> anon-rss:1952120kB, file-rss:0kB, shmem-rss:0kB
> [ 2858.353729] nft invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_
> MOVABLE|__GFP_COLD), nodemask=(null), order=0,
> oom_score_adj=0
> [ 2858.374521] nft cpuset=/ mems_allowed=0
> ...
Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
