Created attachment 269469 [details] Screen shot of crash Running in vmware. Use a vmxnet3 device. FreeBSD will create an vmx0 interface. A page fault can be reproduced by disabling and enabling the device. i.e. # devctl disable vmx0 # devctl enable vmx0 The problem is that the admin status handler is being invoked by netlink. When the interface first comes up, there are no listeners so rtnl_handle_ifevent does not do very much. I believe a listener will be added by invoking ifconfig, or maybe it gets invoked when devctl disable is called. When the devctl enable runs, the code in rtnl_handle_ifevent will make it past the test for listeners and calls dump_iface. This eventually gets to vmxnet3_update_admin_status and will crash as sc->vmx_ds is NULL: static void vmxnet3_update_admin_status(if_ctx_t ctx) { struct vmxnet3_softc *sc; sc = iflib_get_softc(ctx); if (sc->vmx_ds->event != 0)<<<<<here vmxnet3_evintr(sc); vmxnet3_refresh_host_stats(sc); } This may impact other iflib drivers depending on their update_admin_status iflib callbacks.
A simple fix would be to add a NULL check where the crash is occurring. But perhaps iflib should check the device state in the ioctl handler to ignore requests when the device is in the DS_ATTACHING state. (i.e. device_is_attached(ctx->ifc_dev) == false) Otherwise any iflib driver has to be prepared to handle any ioctl before it runs its ifdi_post_attach callback.