diff --git a/pkg/controller/nodeipam/ipam/controller.go b/pkg/controller/nodeipam/ipam/controller.go
index 4710b74ea93..728c59746e0 100644
--- a/pkg/controller/nodeipam/ipam/controller.go
+++ b/pkg/controller/nodeipam/ipam/controller.go
@@ -92,7 +92,17 @@ func NewController(
 		return nil, err
 	}
 
-	return c, nil
+	//check whether there is a remaining cidr after occupyServiceCIDR
+	cidr, err := c.set.AllocateNext()
+	switch err {
+	case cidrset.ErrCIDRRangeNoCIDRsRemaining:
+		return nil, fmt.Errorf("failed after occupy serviceCIDR: %v", err)
+	case nil:
+		err := c.set.Release(cidr)
+		return c, err
+	default:
+		return nil, fmt.Errorf("unexpected error when check remaining CIDR range: %v", err)
+	}
 }
 
 // Start initializes the Controller with the existing list of nodes and
diff --git a/pkg/controller/nodeipam/node_ipam_controller_test.go b/pkg/controller/nodeipam/node_ipam_controller_test.go
index 3a5d1b23f08..49f18a11293 100644
--- a/pkg/controller/nodeipam/node_ipam_controller_test.go
+++ b/pkg/controller/nodeipam/node_ipam_controller_test.go
@@ -77,6 +77,7 @@ func TestNewNodeIpamControllerWithCIDRMasks(t *testing.T) {
 		{"invalid_cluster_CIDR", "invalid", "10.1.0.0/21", 24, ipam.IPAMFromClusterAllocatorType, true},
 		{"valid_CIDR_smaller_than_mask_cloud_allocator", "10.0.0.0/26", "10.1.0.0/21", 24, ipam.CloudAllocatorType, false},
 		{"invalid_CIDR_smaller_than_mask_other_allocators", "10.0.0.0/26", "10.1.0.0/21", 24, ipam.IPAMFromCloudAllocatorType, true},
+		{"invalid_serviceCIDR_contains_clusterCIDR", "10.0.0.0/23", "10.0.0.0/21", 24, ipam.IPAMFromClusterAllocatorType, true},
 	} {
 		t.Run(tc.desc, func(t *testing.T) {
 			clusterCidrs, _ := netutils.ParseCIDRs(strings.Split(tc.clusterCIDR, ","))