Subject: kern/18924: panic: malloc: out of space in kmem_map, when using NFS over IPSec
To: None <gnats-bugs@gnats.netbsd.org>
From: None <bsieker@freenet.de>
List: netbsd-bugs
Date: 11/04/2002 14:22:15
>Number: 18924
>Category: kern
>Synopsis: panic: malloc: out of space in kmem_map, when using NFS over IPSec
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Nov 04 05:23:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: Bernd Sieker
>Release: NetBSD 1.6
>Organization:
>Environment:
System: NetBSD boa 1.6 NetBSD 1.6 (BOA) #32: Mon Nov 4 00:41:19 CET 2002 root@:/usr/src/sys/arch/i386/compile/BOA i386
Architecture: i386
Machine: i386
>Description:
An nfs server (boa, 192.168.2.47) serves /usr/src via nfs to a number of clients,
to most of them via an encrypted wireless link using IPSec tunneling.
The client (espresso, 192.168.2.120) also routes traffic to another (wired)
subnet (192.168.3.0/24), and tunnels its own clients' traffic via the
IPSec tunnel to/from the main server (boa).
If I mount and use the file system on the client (espresso),
the kernels on both boa and espresso allocate mbufs (mbpl in vmstat -m) and
never free them, eventually leading to "panic: malloc: out of space in
kmem_map".
A typical line from vmstat on espresso looks like this:
Memory resource pool statistics
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
[...]
mbpl 256 177073 0 267 11057 5 11052 11052 1 inf 1
[...]
This does not happen with other types of network usage, and it did not
happen before when I used nfs over an unencrypted Ethernet link.
This appears to be related to "kern/13807: the kernel allocates mbufs that
are never freed when running NFS over IPSEC".
But in contrast to 13807 I get the growing usage on both the
client and the server and I'm using 1.6, not 1.5[.x]
>How-To-Repeat:
Configure IPSec as follows.
ipsec.conf on boa looks like this:
spdadd 192.168.2.120 0.0.0.0/0 any -P in ipsec esp/tunnel/192.168.2.120-192.168.2.47/require ;
spdadd 0.0.0.0/0 192.168.2.120 any -P out ipsec esp/tunnel/192.168.2.47-192.168.2.120/require ;
spdadd 192.168.3.0/24 0.0.0.0/0 any -P in ipsec esp/tunnel/192.168.2.120-192.168.2.47/require ;
spdadd 0.0.0.0/0 192.168.3.0/24 any -P out ipsec esp/tunnel/192.168.2.47-192.168.2.120/require ;
And on espresso like this:
spdadd 192.168.2.120 192.168.3.0/24 any -P out none;
spdadd 192.168.3.0/24 192.168.2.120 any -P in none;
spdadd 192.168.3.120 192.168.3.0/24 any -P out none;
spdadd 192.168.3.0/24 192.168.3.120 any -P in none;
spdadd 192.168.3.0/24 0.0.0.0/0 any -P out ipsec esp/tunnel/192.168.2.120-192.168.2.47/require ;
spdadd 0.0.0.0/0 192.168.3.0/24 any -P in ipsec esp/tunnel/192.168.2.47-192.168.2.120/require ;
spdadd 192.168.2.120 0.0.0.0/0 any -P out ipsec esp/tunnel/192.168.2.120-192.168.2.47/require ;
spdadd 0.0.0.0/0 192.168.2.120 any -P in ipsec esp/tunnel/192.168.2.47-192.168.2.120/require ;
racoon.conf on both machines:
# racoon.conf
path pre_shared_key "/etc/racoon/psk.txt" ;
remote anonymous
{
exchange_mode aggressive,main,base;
lifetime time 24 hour ; # sec,min,hour
# phase 1 proposal (for ISAKMP SA)
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key ;
dh_group 2 ;
}
proposal_check obey;
}
# phase 2 proposal (for IPsec SA).
sainfo anonymous
{
pfs_group 2;
lifetime time 12 hour ;
encryption_algorithm blowfish 448, rijndael ;
authentication_algorithm hmac_sha1, hmac_md5 ;
compression_algorithm deflate ;
}
Mount and use an NFS filesystem via the IPSec connection.
Observe the growing number of pages allocated but never freed for mbpl
in vmstat -m.
Finally watch it die with "panic: malloc: out of space in kmem_map".
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted: