Received: by 10.223.176.5 with SMTP id f5csp4048740wra;
        Tue, 30 Jan 2018 01:05:14 -0800 (PST)
X-Google-Smtp-Source: AH8x227yrRBy6ENm2Za6+QzR1qi1FWwNB+6TuFYFjaApKCYNSSjCdBo38eQkp/ecTXBYeVesa3gZ
X-Received: by 10.99.182.75 with SMTP id v11mr18518453pgt.158.1517303113891;
        Tue, 30 Jan 2018 01:05:13 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517303113; cv=none;
        d=google.com; s=arc-20160816;
        b=Ppp97+DhBqsNzqbFn5jWnMdt/sD8MWrjzDtDjYdoPanb+TyjsnLdn7lVwYPhma9TQ5
         Xij5wF0iZJ3WWQiXFZsN95KzqwBLHEMfa83vYCedd2uvzoP2KGo9HCsr2CWcrh+H/Xwh
         wEYiM0eU8jtk12QFMJ9G8Y/b8j+qOGedYbeCs+K6qX8ZqW+UA+UKNv+zTQv9T9DQjr4e
         c5SZ6jz6uNhokCvGEyhXkyEOrPL4BpLAxRncO88quJqliZaBjmgjDsJshS7ytADGtY+c
         JneKghVtvsSMv4ZEBabmM1GXoJqQ4/UC9xF3t7ZHXAl/6u5GUYrDX39WgRGnwa0iiVc9
         /XrA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=SVtvV28ZdbTVQPC/VqkNFLLVfsS75QQ+xRqbNsjn03M=;
        b=vnHV038fRGM56JDVP/KC6gun9XZN5iX4I3oCp0HSALsqhuol5ppHfJpWx667ykGI2B
         XM3RFo146OF/l9OnFawNlxYKK6tHxM49jBmUTFerpSjSLtqE+inBZja0OgpBXVFUAa1i
         Qj4PBnuyz2L+JAYz0pX+ru2Q012NnpAwEF4Lo/HrkQ7ASlLcxuDmrIpsDgKr/l8MakrW
         EYZuMkHyQzhicf1mW/DelpzH9Nc4Z4oAhfbDENSOCvvZh2l8iH32u3p7qVKJ+IQSondt
         +QvMaXuQgwXg4Q36CNAq7gqzCpYuUS7Yr+WmX48FRHxg+h3HdW3mS4ZgxAt+jtA2EjQq
         zxwA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=INNDariG;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id m8si2484224pgn.343.2018.01.30.01.04.59;
        Tue, 30 Jan 2018 01:05:13 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=INNDariG;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751836AbeA3JDA (ORCPT <rfc822;vladislav.valtchev@gmail.com>
        + 99 others); Tue, 30 Jan 2018 04:03:00 -0500
Received: from mail-pg0-f65.google.com ([74.125.83.65]:46356 "EHLO
        mail-pg0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751787AbeA3JCz (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 30 Jan 2018 04:02:55 -0500
Received: by mail-pg0-f65.google.com with SMTP id s9so6726011pgq.13
        for <linux-kernel@vger.kernel.org>; Tue, 30 Jan 2018 01:02:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=SVtvV28ZdbTVQPC/VqkNFLLVfsS75QQ+xRqbNsjn03M=;
        b=INNDariGeUQ29ta3WiZs3S30bGTOUTPtdxdXRfagR53i4V8h8Rl45zpgRCi8BU4CpD
         Ve9Wid8oYmQlY9ztrLsncQ01qXyBVIX35ga+tB1EoAK6NblXawAPC+/+gFx7csmbYS76
         vBHYxfbGahct3aJMPr7N9rkx/GvIRcXCjg1tF7v80zvgdja0vkxxxFZmhqSOPwaxsK3K
         Ktus5rgLP4FapSnHLgwwVbsxJOyfxljvhXVCbQSgTsYCPocClh5ccJFIRnrjPVFWKz8Z
         pbkPmGon60gALK3/XpMseFc7A0bYQhCXS7LHsZUCXrKl3MR5f06SpRq8IAtt4bR39sch
         trJw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=SVtvV28ZdbTVQPC/VqkNFLLVfsS75QQ+xRqbNsjn03M=;
        b=GRkrM5lFoutHjuwHXzyOI3w263H1VDW8Ejc3NWP5Ny89OCEYg+r5sMd1B8w86a22n2
         AtlLC09sAny5ATh6+53pIA0v15eOE6vYy04JO6QSIuV3iUzbOhbOe4YY1j9UpMK1nw0X
         WpKt/wAXqBzU+abPPD5oS+zb+JKAFbMTOVuALSNMO2/sL9wZ20OnCi5v0F11CHSpkLyB
         KANZCBZ/Vp2jKmy6iMAuAeIMOSC7t3+1Mn0w+1a2HtGQYwLvdK8932882CeJTdFDTv92
         zuccEL/OIXSfjb9ycYKkaoOk17cGF71CFegKNq3SQCppHMsoGMGCasVumTDsEr+7x9uJ
         6IDA==
X-Gm-Message-State: AKwxytcnnJ2vN+Im2PFOCKHxTMi5pDDfaJqu6R+qGzGzn2rkaWFn7CD6
        DaWhTfj65bVdWZnMQr6Px8j3ds0HhB+Km2cWEnoUcg==
X-Received: by 10.98.222.198 with SMTP id h189mr30086561pfg.150.1517302974888;
 Tue, 30 Jan 2018 01:02:54 -0800 (PST)
MIME-Version: 1.0
Received: by 10.236.140.151 with HTTP; Tue, 30 Jan 2018 01:02:34 -0800 (PST)
In-Reply-To: <20180130082817.cbax5qj4mxancx4b@node.shutemov.name>
References: <001a1144b0caee2e8c0563d9de0a@google.com> <201801290020.w0T0KK8V015938@www262.sakura.ne.jp>
 <20180129072357.GD5906@breakpoint.cc> <20180129082649.sysf57wlp7i7ltb2@node.shutemov.name>
 <20180129165722.GF5906@breakpoint.cc> <20180129182811.fze4vrb5zd5cojmr@node.shutemov.name>
 <20180129223522.GG5906@breakpoint.cc> <20180130075226.GL21609@dhcp22.suse.cz>
 <20180130081127.GH5906@breakpoint.cc> <20180130082817.cbax5qj4mxancx4b@node.shutemov.name>
From:   Dmitry Vyukov <dvyukov@google.com>
Date:   Tue, 30 Jan 2018 10:02:34 +0100
Message-ID: <CACT4Y+bFKwoxopr1dwnc7OHUoHy28ksVguqtMY6tD=aRh-7LyQ@mail.gmail.com>
Subject: Re: [netfilter-core] kernel panic: Out of memory and no killable
 processes... (2)
To:     "Kirill A. Shutemov" <kirill@shutemov.name>
Cc:     Florian Westphal <fw@strlen.de>, Michal Hocko <mhocko@kernel.org>,
        Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
        David Miller <davem@davemloft.net>,
        netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
        netdev <netdev@vger.kernel.org>,
        Andrea Arcangeli <aarcange@redhat.com>,
        Yang Shi <yang.s@alibaba-inc.com>,
        syzkaller-bugs@googlegroups.com,
        LKML <linux-kernel@vger.kernel.org>,
        Ingo Molnar <mingo@kernel.org>, Linux-MM <linux-mm@kvack.org>,
        David Rientjes <rientjes@google.com>,
        Andrew Morton <akpm@linux-foundation.org>, guro@fb.com,
        "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Jan 30, 2018 at 9:28 AM, Kirill A. Shutemov
<kirill@shutemov.name> wrote:
> On Tue, Jan 30, 2018 at 09:11:27AM +0100, Florian Westphal wrote:
>> Michal Hocko <mhocko@kernel.org> wrote:
>> > On Mon 29-01-18 23:35:22, Florian Westphal wrote:
>> > > Kirill A. Shutemov <kirill@shutemov.name> wrote:
>> > [...]
>> > > > I hate what I'm saying, but I guess we need some tunable here.
>> > > > Not sure what exactly.
>> > >
>> > > Would memcg help?
>> >
>> > That really depends. I would have to check whether vmalloc path obeys
>> > __GFP_ACCOUNT (I suspect it does except for page tables allocations but
>> > that shouldn't be a big deal). But then the other potential problem is
>> > the life time of the xt_table_info (or other potentially large) data
>> > structures. Are they bound to any process life time.
>>
>> No.
>
> Well, IIUC they bound to net namespace life time, so killing all
> proccesses in the namespace would help to get memory back. :)

... unless the namespace is mounted into file system.

Let's start with NOWARN as that's what kernel generally uses for
allocations with user-controllable size. ENOMEM is roughly as
informative as the WARNING message in this case.

I think we also need to consider setting up memory cgroup for
syzkaller test processes (we do RLIMIT_AS, but that's weak).