Bug 233280

Summary: 12.0-RC1 i386 kldload/kldunload of firewalls take dumps
Product: Base System Reporter: Joe Barbish <qjail1>
Component: kernAssignee: freebsd-bugs (Nobody) <bugs>
Status: New ---    
Severity: Affects Many People CC: kp, sigsys
Priority: ---    
Version: 12.0-STABLE   
Hardware: Any   
OS: Any   
See Also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233341

Description Joe Barbish 2018-11-17 23:12:35 UTC
12.0-RC1 i386 takes dump when issuing kldunload pf.ko pflog.ko or 
kldunload ipfw.ko ipfw.ipdivert.ko ipfw_nat.ko .

Tested with ipf loaded at boot time by rc.conf parameters and then issued 
kldload pf.ko pflog.ko followed by kldunload pf.ko pflog.ko and system dumps and reboots.

Then tested with no firewall loaded at boot time and then issued 
kldload pf.ko pflog.ko followed by kldunload pf.ko pflog.ko and system dumps and reboots. 

On another hardware box running 12.0-RC1 amd64 did not have this problem.
Comment 1 Kristof Provost freebsd_committer 2018-11-21 21:21:21 UTC
Does your backtrace look like this? 

db_trace_self_wrapper(182e6e9,94f2800,0,94f2800,1d78d85c,...) at db_trace_self_wrapper+0x2a/frame 0x1d78d828
kdb_backtrace(17f654f,5bf5c858,0,1d78d8e4,fd,...) at kdb_backtrace+0x2d/frame 0x1d78d890
vpanic(173d67b,1d78d8e4,1d78d8e4,1d78d920,16d4bb5,...) at vpanic+0x147/frame 0x1d78d8c4
panic(173d67b,17c9c24,1ec5d8c4,1,1,...) at panic+0x1b/frame 0x1d78d8d8
trap_fatal(2be5000,26da4000,1,0,0,...) at trap_fatal+0x395/frame 0x1d78d920
trap_pfault(26da4c88,0,1d78dac4,200000,32623838,...) at trap_pfault+0x5c/frame 0x1d78d968
trap(1d78da78,8,28,28,1ec5d700,...) at trap+0x3dc/frame 0x1d78da6c
calltrap() at PTDpde+0x4165/frame 0x1d78da6c
--- trap 0xc, eip = 0x1fc01339, esp = 0x1d78dab8, ebp = 0x1d78dacc ---
pflog_clone_destroy(94ba000,91cf000,177ba5f,13f,1d78db0c,...) at pflog_clone_destroy+0x99/frame 0x1d78dacc
if_clone_destroyif(91cf000,94ba000,177ba5f,1bb,1ec5d700,...) at if_clone_destroyif+0x219/frame 0x1d78db0c
if_clone_detach(91cf000,1d78db68,1213e3a,0,0,...) at if_clone_detach+0xbc/frame 0x1d78db30
vnet_pflog_uninit(0,0,18005cb,229,21256e8,...) at vnet_pflog_uninit+0x21/frame 0x1d78db3c
vnet_deregister_sysuninit(1fc020a8,0,171370c,118,0,...) at vnet_deregister_sysuninit+0x7a/frame 0x1d78db68
linker_file_unload(1fa95600,0,171370c,243,0,...) at linker_file_unload+0x561/frame 0x1d78dba4
kern_kldunload(1ec5d700,4,0,1d78dcdc,16d535e,...) at kern_kldunload+0x157/frame 0x1d78dbd4
sys_kldunloadf(1ec5d700,1ec5d984,17ec475,4,1d78dc18,...) at sys_kldunloadf+0x26/frame 0x1d78dbe8
syscall(1d78dce8,3b,3b,3b,ffbfecf8,...) at syscall+0x33e/frame 0x1d78dcdc
Xint0x80_syscall() at PTDpde+0x43af/frame 0x1d78dcdc
Comment 2 Joe Barbish 2018-11-21 22:55:11 UTC

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0x1e2278c8
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0x18c542c0
stack pointer           = 0x28:0x1876faf4
frame pointer           = 0x28:0x1876fafc
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 1052 (kldunload)
trap number             = 12
panic: page fault
cpuid = 0
time = 1542840641
KDB: stack backtrace:
#0 0x11080cf at kdb_backtrace+0x4f
#1 0x10bb097 at vpanic+0x147
#2 0x10baf4b at panic+0x1b
#3 0x16910a5 at trap_fatal+0x395
#4 0x16910e3 at trap_pfault+0x33
#5 0x169072f at trap+0x3cf
#6 0xffc0315d at PTDpde+0x4165
#7 0x11b9a06 at if_clone_destroyif+0x1a6
#8 0x11ba17c at if_clone_detach+0xbc
#9 0x18c54441 at vnet_pflog_uninit+0x21
#10 0x11e03c1 at vnet_deregister_sysuninit+0x71
#11 0x108d34a at linker_file_unload+0x4fa
#12 0x108e30f at kern_kldunload+0xff
#13 0x108e3e6 at sys_kldunloadf+0x26
#14 0x16918b7 at syscall+0x3e7
#15 0xffc033a7 at PTDpde+0x43af