Redis oom killed on one host scan

kayapo · September 15, 2023, 12:12pm

Hi Everyone,
I have a relatively small greenbone installation on Docker. This is built from community containers 22.4.
the problem is when i start a scan around 90% crashes them because of the Linux kernel oom_kill.
I get message in the kernel log:

Sep 15 13:08:07 ITSM02 kernel: oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=docker-2abd3bddf7c21d80f981bab06d8223494cb8845d0027e6a152a5e11dcd1d8592.scope,mems_allowed=0,global_oom,task_memcg=/system.slice/docker-1def25045ac5ffb3f939d482581ed9ce4050d5ad08c31c4f0b86d57008537e0b.scope,task=redis-server,pid=15366,uid=100
Sep 15 13:08:07 ITSM02 kernel: Out of memory: Killed process 15366 (redis-server) total-vm:19497288kB, anon-rss:12311880kB, file-rss:0kB, shmem-rss:0kB, UID:100 pgtables:35296kB oom_score_adj:0
Sep 15 13:08:08 ITSM02 kernel: oom_reaper: reaped process 15366 (redis-server), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB
Sep 15 13:08:09 ITSM02 kernel: br-172bb726d3ce: port 8(vethbafdca7) entered disabled state
Sep 15 13:08:09 ITSM02 kernel: vethced8894: renamed from eth0
Sep 15 13:08:09 ITSM02 kernel: br-172bb726d3ce: port 8(vethbafdca7) entered disabled state
Sep 15 13:08:09 ITSM02 kernel: device vethbafdca7 left promiscuous mode
Sep 15 13:08:09 ITSM02 kernel: br-172bb726d3ce: port 8(vethbafdca7) entered disabled state
Sep 15 13:08:09 ITSM02 kernel: show_signal_msg: 5 callbacks suppressed
Sep 15 13:08:09 ITSM02 kernel: openvas[20862]: segfault at 0 ip 0000559d59116fe6 sp 00007ffcd2508a10 error 4 in openvas[559d59116000+9000]
Sep 15 13:08:09 ITSM02 kernel: Code: ff ff 48 8d 3d 4b 80 00 00 48 89 c3 e8 a3 f8 ff ff 89 de 48 89 c7 48 8b 05 c7 d1 00 00 ff 50 18 48 8d 35 5d 80 00 00 48 89 c3 <48> 8b 00 48 89 df ff 50 28 48 89 c5 48 8b 03 48 8b 80 d0 00 00 00

The memory in VM 16GB
Any suggestion would be usefull

cfi · September 15, 2023, 1:15pm

Hello,

and welcome to this community forum. There has been some recent discussions around general memory usage during scans (including Redis related topics), i’m adding them below as a reference:

kayapo · September 18, 2023, 11:08am

The solution was:

# Size of SWAP
vm.overcommit_ratio = 25
vm.overcommit_memory = 1

The Redis uses SWAP but if you disable the overcommit_memory oom_killer will be kill redis when the memory usage going crazy.

kayapo · September 19, 2023, 6:13am

This was too early…
The situationis:

Start a test on the host what is serv the docker environment
before them ends you start another test
at a cerain pont the Redis oom killed because of the memory consumption
Othervise two simultaneous scan can run. The Redis uses ~9GB of RAM when scan run on two hosts.

kayapo · September 19, 2023, 11:56am

All right I think this is solved.
This Redis oom killed on one host scan - #3 by kayapo definetly helped but the final solution is the redis configuration changes:

maxclients 100
maxmemory 2147483648
maxmemory-policy volatile-ttl
tcp-keepalive 15

At this time all of my scan is running without problem.