Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 4 product line. The current stable release is 4.9. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 154347

Summary: spin_lock already locked by xfrm4_output
Product: Red Hat Enterprise Linux 4 Reporter: Gary W. Smith <gary.w.smith>
Component: kernelAssignee: David Miller <davem>
Status: CLOSED ERRATA QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0CC: davej, jbaron, riel
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: RHSA-2005-514 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-10-05 12:57:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 156322    
Attachments:
Description Flags
Fix for deadlock none

Description Gary W. Smith 2005-04-10 17:58:39 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

Description of problem:
If you create an active outgoing ipsec connection to a remote server using openwan 2.3.1 everything appears to work fine.  After adding some iptables rules to fix the routing of packets between the two networks a kernel panic occurs at the console and the machine hangs.  

/upv4/xfrm4_output.c:108 spin_lock /net/sfrm/xfrm_state.c:dfebba14 already locked by net/ipv4/sfrm4_output.c/108

Specifically it happens when the firewall rule -A RH-Firewall-1-INPUT -s 10.0.13.0/24 -j ACCEPT (10.0.13.0/24 being the remote internal network) is added to the stock firewall rules creatd by RHEL4.  



Version-Release number of selected component (if applicable):
kernel-2.6.9-5.EL

How reproducible:
Always

Steps to Reproduce:
1. Create a valid IPSEC connection to a remote network
2. Add a iptables rule that allows traffic to be routed to the remote network
3. wait 15 seconds
  

Actual Results:  Kernel panic.

/upv4/xfrm4_output.c:108 spin_lock /net/sfrm/xfrm_state.c:dfebba14 already locked by net/ipv4/sfrm4_output.c/108

Expected Results:  Proper routing

Additional info:

There seems to be an issue regarding this at http://lkml.org/lkml/2005/4/5/216 describing the same deadlock condition.
Comment 1 Harald Hoyer 2005-04-11 10:04:39 UTC 
not a openswan issue, and also we have no openswan in RHEL4... reassigning to kernel
Comment 2 David Miller 2005-04-11 22:25:20 UTC 
Created attachment 112998 [details]
Fix for deadlock

This backport of a 2.6.12-rcX patch will fix the problem.
Comment 5 Red Hat Bugzilla 2005-10-05 12:57:43 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-514.html