View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0017942 | CentOS-8 | -OTHER | public | 2020-12-14 21:33 | 2020-12-15 21:31 |
Reporter | rubus | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | always |
Status | new | Resolution | open | ||
Product Version | 8.3.2011 | ||||
Summary | 0017942: nftable segmentation fault with big ip set | ||||
Description | Try to make rule to drop packets form big set of ip ranges 1103505 # nft -f main.nft Segmentation fault | ||||
Steps To Reproduce | On fresh install of centos 8.3 run: dnf -y update systemctl disable --now firewalld reboot tar -x nft_conf.xz nft -f main.nft -> Segmentation fault (core dumped) | ||||
Additional Information | For little smaller set reload sometimes succeed. Way of create smaller set: #cp bad_actors_set bad_actors_set.back #head -n 1047500 bad_actors_set.back > bad_actors_set ; echo "}" >> bad_actors_set If nft -f main.nft succeed memory usage is huge. # echo "bad_actors_set size: $( wc -l bad_actors_set)" ; /usr/bin/time -v nft -f main.nft bad_actors_set size: 1047501 bad_actors_set Command being timed: "nft -f main.nft" User time (seconds): 4.74 System time (seconds): 1.93 Percent of CPU this job got: 99% Elapsed (wall clock) time (h:mm:ss or m:ss): 0:06.71 Average shared text size (kbytes): 0 Average unshared data size (kbytes): 0 Average stack size (kbytes): 0 Average total size (kbytes): 0 ---->Maximum resident set size (kbytes): 1773088 Average resident set size (kbytes): 0 Major (requiring I/O) page faults: 0 Minor (reclaiming a frame) page faults: 443932 Voluntary context switches: 8 Involuntary context switches: 21 Swaps: 0 File system inputs: 0 File system outputs: 0 Socket messages sent: 0 Socket messages received: 0 Signals delivered: 0 Page size (bytes): 4096 Exit status: 0 Smaller set don't guarantee success: echo "bad_actors_set size: $( wc -l bad_actors_set)" ; for i in {0..10}; do echo $i; nft -f main.nft; done bad_actors_set size: 1047501 bad_actors_set 0 Segmentation fault (core dumped) 1 Segmentation fault (core dumped) 2 Segmentation fault (core dumped) 3 Segmentation fault (core dumped) 4 5 Segmentation fault (core dumped) 6 Segmentation fault (core dumped) 7 8 Segmentation fault (core dumped) 9 10 | ||||
Tags | No tags attached. | ||||