Bug 154347 - spin_lock already locked by xfrm4_output
spin_lock already locked by xfrm4_output
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel (Show other bugs)
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: David Miller
Brian Brock
Depends On:
Blocks: 156322
  Show dependency treegraph
Reported: 2005-04-10 13:58 EDT by Gary W. Smith
Modified: 2007-11-30 17:07 EST (History)
3 users (show)

See Also:
Fixed In Version: RHSA-2005-514
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-10-05 08:57:43 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Fix for deadlock (1.49 KB, patch)
2005-04-11 18:25 EDT, David Miller
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2005:514 qe-ready SHIPPED_LIVE Important: Updated kernel packages available for Red Hat Enterprise Linux 4 Update 2 2005-10-05 00:00:00 EDT

  None (edit)
Description Gary W. Smith 2005-04-10 13:58:39 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

Description of problem:
If you create an active outgoing ipsec connection to a remote server using openwan 2.3.1 everything appears to work fine.  After adding some iptables rules to fix the routing of packets between the two networks a kernel panic occurs at the console and the machine hangs.  

/upv4/xfrm4_output.c:108 spin_lock /net/sfrm/xfrm_state.c:dfebba14 already locked by net/ipv4/sfrm4_output.c/108

Specifically it happens when the firewall rule -A RH-Firewall-1-INPUT -s -j ACCEPT ( being the remote internal network) is added to the stock firewall rules creatd by RHEL4.  

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Create a valid IPSEC connection to a remote network
2. Add a iptables rule that allows traffic to be routed to the remote network
3. wait 15 seconds

Actual Results:  Kernel panic.

/upv4/xfrm4_output.c:108 spin_lock /net/sfrm/xfrm_state.c:dfebba14 already locked by net/ipv4/sfrm4_output.c/108

Expected Results:  Proper routing

Additional info:

There seems to be an issue regarding this at http://lkml.org/lkml/2005/4/5/216 describing the same deadlock condition.
Comment 1 Harald Hoyer 2005-04-11 06:04:39 EDT
not a openswan issue, and also we have no openswan in RHEL4... reassigning to kernel
Comment 2 David Miller 2005-04-11 18:25:20 EDT
Created attachment 112998 [details]
Fix for deadlock

This backport of a 2.6.12-rcX patch will fix the problem.
Comment 5 Red Hat Bugzilla 2005-10-05 08:57:43 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.