netfilter buglog - May 2013 - [Bug 823] New: IPv6 NAT memory leaking

https://bugzilla.netfilter.org/show_bug.cgi?id=823

           Summary: IPv6 NAT memory leaking
           Product: netfilter/iptables
           Version: unspecified
          Platform: x86_64
        OS/Version: other
            Status: NEW
          Severity: critical
          Priority: P5
         Component: ip6_tables (kernel)
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: lex.weishun at gmail.com
   Estimated Hours: 0.0


I tried IPv6 NAT and the system always crashes due to out-of-memory.

Here are my steps to reproduce:

[VM-a] ------------------- [VM-b]
fd00:1234::a/64            fd00:1234::b/64

* VM-a and VM-b are both virtualbox VMs (Arch Linux, kernel 3.9.3-1-ARCH, 
  x866_64, with 64M memory)

1. Add an IPv6 NAT rule on VM-b (even it is never matched):
   (VM-b)# ip6tables -t nat -A POSTROUTING -s abcd::1 -j LOG

2. Ping with big packets from VM-a:
   (VM-a)# for i in {1..5000}; do ping6 -s 2000 -c 1 fd00:1234::b; done

3. Check slabinfo at VM-b, the size of kmalloc-256 increases fast and never be
   released even all conntections are closed.

4-1. Reboot VM-b and do the test again by 'ping -s 1024'.
     Every thing is fine.

4-2. Reboot VM-b and do the test again without any IPv6 NAT rules.
     Every thing is fine.

It looks like a memory leaking problem.

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

https://bugzilla.netfilter.org/show_bug.cgi?id=823

Phil Oester <netfilter at linuxace.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |netfilter at linuxace.com

--- Comment #1 from Phil Oester <netfilter at linuxace.com> 2013-05-31
17:34:57 CEST ---
I am unable to reproduce this issue on a 3.9.x kernel.  I sent over 1,000,000
packets, and slab use did not increase at all.  Kindly send output of lsmod, so
we know what netfilter modules you have loaded.

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

https://bugzilla.netfilter.org/show_bug.cgi?id=823

Phil Oester <netfilter at linuxace.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|P5                          |P3
           Severity|critical                    |normal

--- Comment #2 from Phil Oester <netfilter at linuxace.com> 2013-06-13
02:36:34 CEST ---
Lex - please respond to request for additional information.

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

https://bugzilla.netfilter.org/show_bug.cgi?id=823

--- Comment #3 from lex.weishun at gmail.com 2013-06-13 07:50:40 CEST ---
Created attachment 401
  --> https://bugzilla.netfilter.org/attachment.cgi?id=401
The lsmod of crashed system

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

https://bugzilla.netfilter.org/show_bug.cgi?id=823

--- Comment #4 from lex.weishun at gmail.com 2013-06-13 08:06:20 CEST ---
(In reply to comment #2)
> Lex - please respond to request for additional information.
Sorry. I didn't back in last 2 weeks.

I tried my Arch linux (kernel 3.9.5, x86_64, 64mb RAM) again this morning, and
it still crashed due to out-of-memory.

These are my test scripts:
(server)# ip link set dev eth2 up
(server)# ip addr add fd00:1234::b/64 dev eth2
(server)# ip6tables -t nat -A OUTPUT -s abcd::1 -j LOG

(client)# ip link set dev eth2 up
(client)# ip addr add fd00:1234::a/64 dev eth2
(client)# for i in {1..5000}; do ping6 -s 2000 -c 1 fd00:1234::b; done

Output of lsmod is uploaded.

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

https://bugzilla.netfilter.org/show_bug.cgi?id=823

Phil Oester <netfilter at linuxace.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED

--- Comment #5 from Phil Oester <netfilter at linuxace.com> 2013-06-14
17:03:28 CEST ---
Thank you - I am able to reproduce this behavior and will look into it.

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

https://bugzilla.netfilter.org/show_bug.cgi?id=823

Phil Oester <netfilter at linuxace.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|                            |FIXED

--- Comment #6 from Phil Oester <netfilter at linuxace.com> 2013-06-21
08:48:07 CEST ---
Lex - thank you very much for posting this bug report.  The issue has been
resolved via commit 142dcdd3.  Details here:

https://git.kernel.org/cgit/linux/kernel/git/pablo/nf.git/commit/?id=142dcdd3c25fc7a3866bb06980e8f93a2ed7e050

It should appear in kernel 3.10 and will likely be backported to various 3.x
stable kernels.

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.