View Issue Details

IDProjectCategoryView StatusLast Update
0017942CentOS-8-OTHERpublic2020-12-15 21:31
Reporterrubus Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
Product Version8.3.2011 
Summary0017942: nftable segmentation fault with big ip set
DescriptionTry to make rule to drop packets form big set of ip ranges 1103505
# nft -f main.nft
Segmentation fault
Steps To ReproduceOn fresh install of centos 8.3 run:

dnf -y update
systemctl disable --now firewalld
reboot
tar -x nft_conf.xz
nft -f main.nft
-> Segmentation fault (core dumped)
Additional InformationFor little smaller set reload sometimes succeed.
Way of create smaller set:
#cp bad_actors_set bad_actors_set.back
#head -n 1047500 bad_actors_set.back > bad_actors_set ; echo "}" >> bad_actors_set

If nft -f main.nft succeed memory usage is huge.
# echo "bad_actors_set size: $( wc -l bad_actors_set)" ; /usr/bin/time -v nft -f main.nft
bad_actors_set size: 1047501 bad_actors_set
        Command being timed: "nft -f main.nft"
        User time (seconds): 4.74
        System time (seconds): 1.93
        Percent of CPU this job got: 99%
        Elapsed (wall clock) time (h:mm:ss or m:ss): 0:06.71
        Average shared text size (kbytes): 0
        Average unshared data size (kbytes): 0
        Average stack size (kbytes): 0
        Average total size (kbytes): 0
---->Maximum resident set size (kbytes): 1773088
        Average resident set size (kbytes): 0
        Major (requiring I/O) page faults: 0
        Minor (reclaiming a frame) page faults: 443932
        Voluntary context switches: 8
        Involuntary context switches: 21
        Swaps: 0
        File system inputs: 0
        File system outputs: 0
        Socket messages sent: 0
        Socket messages received: 0
        Signals delivered: 0
        Page size (bytes): 4096
        Exit status: 0

Smaller set don't guarantee success:
 echo "bad_actors_set size: $( wc -l bad_actors_set)" ; for i in {0..10}; do echo $i; nft -f main.nft; done
bad_actors_set size: 1047501 bad_actors_set
0
Segmentation fault (core dumped)
1
Segmentation fault (core dumped)
2
Segmentation fault (core dumped)
3
Segmentation fault (core dumped)
4
5
Segmentation fault (core dumped)
6
Segmentation fault (core dumped)
7
8
Segmentation fault (core dumped)
9
10
TagsNo tags attached.

Activities

rubus

rubus

2020-12-14 21:33

reporter  

nft_conf.tar.xz (2,077,428 bytes)
rubus

rubus

2020-12-15 21:31

reporter   ~0038084

https://bugzilla.redhat.com/show_bug.cgi?id=1908127

Issue History

Date Modified Username Field Change
2020-12-14 21:33 rubus New Issue
2020-12-14 21:33 rubus File Added: nft_conf.tar.xz
2020-12-15 21:31 rubus Note Added: 0038084