Overview: While trying to see if setting ivars to NULL during detach was required (See https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=242727), discovered 're' module can panic on kldunload. Upon further analysis, it was determined that there is no protection for ioctls during the kldunload. The 'mii' devices appear to be detached and destroyed while ioctl (ifconfig) is holding the RL_LOCK. There does not appear to be a 'mii' device lock (perhaps assuming the RL_LOCK would protect it, which it doesn't). Steps to Reproduce: Compile a kernel without re module (needed to do a kldunload). After rebooting open 2 terminals (ssh for example) for 're' #### 1st terminal $ su root # /bin/sh # while true ; do kldload /usr/obj/usr/src/amd64.amd64/sys/modules/re/if_re.ko;ifconfig re0 up;sleep 1; kldunload if_re.ko ; done #### 2nd terminal $ su root # /bin/sh # while true ; do ifconfig re0 ; done OR for 'axe' $ su root # /bin/sh # while true ; do ifconfig ue0 up;sleep 1; kldunload if_axe.ko ; done #### 2nd terminal $ su root # /bin/sh # while true ; do ifconfig ue0 ; done Actual Results: Panic occurred within a few seconds. Expected Results: no panic Build Date & Hardware: # uname -a FreeBSD FreeBSD_head_ghuckriede 13.0-CURRENT FreeBSD 13.0-CURRENT #2 r356559: Thu Jan 9 15:45:41 EST 2020 ghuckriede@FreeBSD_head_ghuckriede:/usr/obj/usr/src/amd64.amd64/sys/GENERIC_NO_RE amd64
Created attachment 210711 [details] panic debug 're' on 12.1; 're' on head; 'axe' on head;
This does not panic during an attach/detach loop. #### 1st terminal $ su root $ /bin/sh # while true; do devctl attach pci0:3:0:0;ifconfig re0 up; sleep 1;devctl detach pci0:3:0:0; done #### 2nd terminal $ su root $ /bin/sh # while true ; do ifconfig re0 ; done