Hello, I made tests with patch reverted and seems that old version is masking errors.
I will write to cgroup developers, because this only happens when cgroups are enabled and there are large number of cgroups created. Thank you for your time. Regards, -- Georgi Nikolov On 07/24/2018 11:39 AM, Michal Hocko wrote: > On Tue 24-07-18 10:36:38, Georgi Nikolov wrote: >> Hello, >> >> I posted a kernel bug https://bugzilla.kernel.org/show_bug.cgi?id=200639 and >> i hope this is the correct place to discuss this. > Let me quote your report for the full context > > : Folowing commit leads to "vmalloc: allocation failure" when cgroups memory > controller is enabled: > : > : > https://github.com/torvalds/linux/commit/eacd86ca3b036e55e172b7279f101cef4a6ff3a4 > : > : After creating large number of cgroups and under memory pressure, iptables > command fails with following error: > : > : "iptables-restor: vmalloc: allocation failure, allocated 3047424 of 3465216 > bytes, mode:0x14010c0(GFP_KERNEL|__GFP_NORETRY), nodemask=(null)" > : > : System which is used to reproduce the bug is with 2 vcpus and 2GB of ram, > but it happens on more powerfull systems. > : > : Steps to reproduce: > : > : mkdir /cgroup > : mount cgroup -t cgroup -omemory,pids,blkio,cpuacct /cgroup > : for a in `seq 1 1000`; do for b in `seq 1 4` ; do mkdir -p > "/cgroup/user/$a/$b"; done; done > : > : Then in separate consoles > : > : cat /dev/vda > /dev/null > : ./test > : ./test > : i=0;while sleep 0 ; do iptables-restore < iptables.save ; i=$(($i+1)); echo > $i; done > : > : Here is the source of "test" program and attached iptables.save. It happens > also with smaller iptables.save file. > : > : #include <stdio.h> > : #include <stdlib.h> > : > : int main(void) { > : > : srand(time(NULL)); > : int i = 0, j = 0, randnum=0; > : int arr[6] = { 3072, 7168, 15360 , 31744, 64512, 130048}; > : while(1) { > : > : for (i = 0; i < 6 ; i++) { > : > : int *ptr = (int*) malloc(arr[i] * 93); > : > : for(j = 0 ; j < arr[i] * 93 / sizeof(int); j++) { > : *(ptr+j) = j+1; > : } > : > : free(ptr); > : } > : } > : } > > Have you confirmed that revering eacd86ca3b03 > ("net/netfilter/x_tables.c: use kvmalloc() in xt_alloc_table_info()") > fixes the allocation failure you are seeing? > > There are only two differences the patch has introduced. It has > introduced vmalloc fallback for all but order-0 sizes and it dropped > __GFP_NOWARN from the vmalloc call. > > The later would allow to print the error message. Just to make it clear, > the regression you are seeing is not just the error message. It is > iptables-restore that fails and hasn't before, right?
