Bug 154347 - spin_lock already locked by xfrm4_output
spin_lock already locked by xfrm4_output
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel (Show other bugs)
4.0
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: David Miller
Brian Brock
:
Depends On:
Blocks: 156322
  Show dependency treegraph
 
Reported: 2005-04-10 13:58 EDT by Gary W. Smith
Modified: 2007-11-30 17:07 EST (History)
3 users (show)

See Also:
Fixed In Version: RHSA-2005-514
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-10-05 08:57:43 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Fix for deadlock (1.49 KB, patch)
2005-04-11 18:25 EDT, David Miller
no flags Details | Diff

  None (edit)
Description Gary W. Smith 2005-04-10 13:58:39 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

Description of problem:
If you create an active outgoing ipsec connection to a remote server using openwan 2.3.1 everything appears to work fine.  After adding some iptables rules to fix the routing of packets between the two networks a kernel panic occurs at the console and the machine hangs.  

/upv4/xfrm4_output.c:108 spin_lock /net/sfrm/xfrm_state.c:dfebba14 already locked by net/ipv4/sfrm4_output.c/108

Specifically it happens when the firewall rule -A RH-Firewall-1-INPUT -s 10.0.13.0/24 -j ACCEPT (10.0.13.0/24 being the remote internal network) is added to the stock firewall rules creatd by RHEL4.  



Version-Release number of selected component (if applicable):
kernel-2.6.9-5.EL

How reproducible:
Always

Steps to Reproduce:
1. Create a valid IPSEC connection to a remote network
2. Add a iptables rule that allows traffic to be routed to the remote network
3. wait 15 seconds
  

Actual Results:  Kernel panic.

/upv4/xfrm4_output.c:108 spin_lock /net/sfrm/xfrm_state.c:dfebba14 already locked by net/ipv4/sfrm4_output.c/108

Expected Results:  Proper routing

Additional info:

There seems to be an issue regarding this at http://lkml.org/lkml/2005/4/5/216 describing the same deadlock condition.
Comment 1 Harald Hoyer 2005-04-11 06:04:39 EDT
not a openswan issue, and also we have no openswan in RHEL4... reassigning to kernel
Comment 2 David Miller 2005-04-11 18:25:20 EDT
Created attachment 112998 [details]
Fix for deadlock

This backport of a 2.6.12-rcX patch will fix the problem.
Comment 5 Red Hat Bugzilla 2005-10-05 08:57:43 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-514.html

Note You need to log in before you can comment on or make changes to this bug.