Received: by 10.223.176.5 with SMTP id f5csp3983784wra; Mon, 29 Jan 2018 23:54:05 -0800 (PST) X-Google-Smtp-Source: AH8x226z/72FBNNBBo1tDvuTE02qchgc5YNnIzmDBsu+4IbtZVkUOyow4O0e0G5tkGl+EGFAGce/ X-Received: by 10.101.78.139 with SMTP id b11mr5442243pgs.229.1517298845196; Mon, 29 Jan 2018 23:54:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517298845; cv=none; d=google.com; s=arc-20160816; b=XAjjR/tdDG3z+haveMCDd8bY6/mf9yA5Mg74N4CZFE4h8hRP4nGGm5LYqY8QWOu9ID gB0zShVIYohvDf95lQ5qhATLNfu2zN3XKfBVCGJCjx8toRqkKccD+sYhTUZb7zL3K4LW ovZfSemQRoBATTcCi7hL4k/1Daja1NkHYzKVqVHsRgUYpH7h2ma1nTh3HwscnOL0WoIz B2keixuBQTShLLOcH7yzR6O5rVe0zWr6XdVaKLcHqsC4ucvhMa04KgWx6HFBAH7rkEo9 HCD5gjekC6v7qSTAqDpTr7erXswxJt2K9Z+N74cYNeipgVJKM37pVFcqyOzQ0wkt69zu ufoQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=eEkBqi+gE7/Lfhr0V7W+btdzbFOyto8PGQjcUL37cEw=; b=OdcflYNW732Fc/i6JLpyAUEwHKUDe5kULEXJRASdiKEjPFiLcDAedf2m3sgXVzSe1c 7zYAPKyrGjOeD62ud3rGtFar4qGqGx/OvcMu+qJUM2ZEAfMbQPdKpAxh+dV3HwYEan6Y p0CXIDmsI+JKlX4DpbhU10t6M7XDoBHbXX9osuj00gSuZg/UTJ4vUFgatvJcdZBUxZEN u+vXduAAGw9O9iQxptHDmK5T3tGpIPK8Q/E6M5syHfqSxFVd1OhaX+aNDAkokKmtvt6k Na9AsC2loyb1/TmHJcNn47p9xx/rQqF4ptH9fOvUTCw752vD7WyNLAgZsHYbjGBuTEs6 FYGA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g21si13623486pfh.9.2018.01.29.23.53.50; Mon, 29 Jan 2018 23:54:05 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751900AbeA3Hwc (ORCPT + 99 others); Tue, 30 Jan 2018 02:52:32 -0500 Received: from mx2.suse.de ([195.135.220.15]:54491 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751822AbeA3Hwa (ORCPT ); Tue, 30 Jan 2018 02:52:30 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id F093EACAE; Tue, 30 Jan 2018 07:52:28 +0000 (UTC) Date: Tue, 30 Jan 2018 08:52:26 +0100 From: Michal Hocko To: Florian Westphal Cc: "Kirill A. Shutemov" , Tetsuo Handa , davem@davemloft.net, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, aarcange@redhat.com, yang.s@alibaba-inc.com, syzkaller-bugs@googlegroups.com, linux-kernel@vger.kernel.org, mingo@kernel.org, linux-mm@kvack.org, rientjes@google.com, akpm@linux-foundation.org, guro@fb.com, kirill.shutemov@linux.intel.com Subject: Re: [netfilter-core] kernel panic: Out of memory and no killable processes... (2) Message-ID: <20180130075226.GL21609@dhcp22.suse.cz> References: <001a1144b0caee2e8c0563d9de0a@google.com> <201801290020.w0T0KK8V015938@www262.sakura.ne.jp> <20180129072357.GD5906@breakpoint.cc> <20180129082649.sysf57wlp7i7ltb2@node.shutemov.name> <20180129165722.GF5906@breakpoint.cc> <20180129182811.fze4vrb5zd5cojmr@node.shutemov.name> <20180129223522.GG5906@breakpoint.cc> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180129223522.GG5906@breakpoint.cc> User-Agent: Mutt/1.9.2 (2017-12-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon 29-01-18 23:35:22, Florian Westphal wrote: > Kirill A. Shutemov wrote: [...] > > I hate what I'm saying, but I guess we need some tunable here. > > Not sure what exactly. > > Would memcg help? That really depends. I would have to check whether vmalloc path obeys __GFP_ACCOUNT (I suspect it does except for page tables allocations but that shouldn't be a big deal). But then the other potential problem is the life time of the xt_table_info (or other potentially large) data structures. Are they bound to any process life time. Because if they are not then the OOM killer will not help. The OOM panic earlier in this thread suggests it doesn't because the test case managed to eat all the available memory and killed all the eligible tasks which didn't help. So in some sense the memcg would help to stop the excessive allocation, but it wouldn't resolve it other than kill all tasks in the affected memcg/container. Whether this is sufficient or not, I dunno. It sounds quite suboptimal to me. But it is true this would be less tricky then adding a global knob... -- Michal Hocko SUSE Labs