kern/103432: panic: nfssvc_nfsd(): debug.mpsafenet=1 && Giant

[Robert Watson]

On Wed, 20 Sep 2006, Daniel Rudy wrote:

>> Number:         103432
>> Category:       kern
>> Synopsis:       panic: nfssvc_nfsd(): debug.mpsafenet=1 && Giant
>> Confidential:   no
>> Severity:       critical
>> Priority:       high
>> Responsible:    freebsd-bugs
>> State:          open
>> Quarter:
>> Keywords:
>> Date-Required:
>> Class:          sw-bug
>> Submitter-Id:   current-users
>> Arrival-Date:   Wed Sep 20 15:40:17 GMT 2006
>> Closed-Date:
>> Last-Modified:
>> Originator:     Daniel Rudy
>> Release:        6.1-RELEASE-p7
>> Organization:
>> Environment:
>> Description:
> This computer is configured as a NFS server and it also has IPSEC enabled.  When a NFS client accesses this server, the server imediately panics with the following error "panic: nfssvc_nfsd(): debug.mpsafenet=1 && Giant" and reboots hanging the client.  On a release 6.0 machine, debug.mpsafe is forced to 0 because IPSEC requires Giant.
>> How-To-Repeat:
> On a 6.1 system, enable IPSEC and NFS then try to access the server remotely.
>> Fix:
> Can't.  The OID for debug.mpsafenet is readonly.

It would be very helpful to have a stack trace on this one.

There's a reasonable chance that this bug is gone in 7.x as we now have an 
entirely MPSAFE IPSEC implementation, and the debug.mpssafenet compat code has 
been entirely removed.  However, it would be very helpful to know.  You should 
be able to compile and use a 7.x kernel with a 6.x userspace, which would give 
you a lower-risk way to determine this.  Make sure to do a 7.x buildworld 
before 7.x buildkernel, but only to a 7.x installkernel, not 7.x 
installworld/mergemaster.

Robert N M Watson
Computer Laboratory
University of Cambridge