Index: head/UPDATING
===================================================================
--- head/UPDATING
+++ head/UPDATING
@@ -31,6 +31,11 @@
 	disable the most expensive debugging functionality run
 	"ln -s 'abort:false,junk:false' /etc/malloc.conf".)
 
+20190608:
+	A fix was applied to i386 kernel modules to avoid panics with
+	dpcpu or vnet.  Users need to recompile i386 kernel modules
+	having pcpu or vnet sections or they will refuse to load.
+
 20190513:
 	User-wired pages now have their own counter,
 	vm.stats.vm.v_user_wire_count.  The vm.max_wired sysctl was renamed
Index: head/sys/conf/kmod.mk
===================================================================
--- head/sys/conf/kmod.mk
+++ head/sys/conf/kmod.mk
@@ -242,7 +242,13 @@
 .else
 ${FULLPROG}: ${OBJS}
 .endif
+.if !defined(FIRMWS) && (${MACHINE_CPUARCH} == "i386")
+	${LD} -m ${LD_EMULATION} ${_LDFLAGS} -r \
+	    -T ${SYSDIR}/conf/ldscript.set_padding \
+	    -d -o ${.TARGET} ${OBJS}
+.else
 	${LD} -m ${LD_EMULATION} ${_LDFLAGS} -r -d -o ${.TARGET} ${OBJS}
+.endif
 .if ${MK_CTF} != "no"
 	${CTFMERGE} ${CTFFLAGS} -o ${.TARGET} ${OBJS}
 .endif
Index: head/sys/conf/ldscript.set_padding
===================================================================
--- head/sys/conf/ldscript.set_padding
+++ head/sys/conf/ldscript.set_padding
@@ -0,0 +1,46 @@
+/*-
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2018 Bjoern A. Zeeb
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+SECTIONS
+{
+	set_pcpu	:
+	{
+		*(set_pcpu)
+		LONG(0x90909090) ;
+	}
+}
+
+SECTIONS
+{
+	set_vnet	:
+	{
+		*(set_vnet)
+		LONG(0x90909090) ;
+	}
+}
+/* end */
Index: head/sys/kern/link_elf.c
===================================================================
--- head/sys/kern/link_elf.c
+++ head/sys/kern/link_elf.c
@@ -615,10 +615,14 @@
 	return (0);
 }
 
+#define	LS_PADDING	0x90909090
 static int
 parse_dpcpu(elf_file_t ef)
 {
 	int error, size;
+#if defined(__i386__)
+	uint32_t pad;
+#endif
 
 	ef->pcpu_start = 0;
 	ef->pcpu_stop = 0;
@@ -631,6 +635,26 @@
 	/* Empty set? */
 	if (size < 1)
 		return (0);
+#if defined(__i386__)
+	/* In case we do find __start/stop_set_ symbols double-check. */
+	if (size < 4) {
+		uprintf("Kernel module '%s' must be recompiled with "
+		    "linker script\n", ef->lf.pathname);
+		return (ENOEXEC);
+	}
+
+	/* Padding from linker-script correct? */
+	pad = *(uint32_t *)((uintptr_t)ef->pcpu_stop - sizeof(pad));
+	if (pad != LS_PADDING) {
+		uprintf("Kernel module '%s' must be recompiled with "
+		    "linker script, invalid padding %#04x (%#04x)\n",
+		    ef->lf.pathname, pad, LS_PADDING);
+		return (ENOEXEC);
+	}
+	/* If we only have valid padding, nothing to do. */
+	if (size == 4)
+		return (0);
+#endif
 	/*
 	 * Allocate space in the primary pcpu area.  Copy in our
 	 * initialization from the data section and then initialize
@@ -656,6 +680,9 @@
 parse_vnet(elf_file_t ef)
 {
 	int error, size;
+#if defined(__i386__)
+	uint32_t pad;
+#endif
 
 	ef->vnet_start = 0;
 	ef->vnet_stop = 0;
@@ -668,6 +695,26 @@
 	/* Empty set? */
 	if (size < 1)
 		return (0);
+#if defined(__i386__)
+	/* In case we do find __start/stop_set_ symbols double-check. */
+	if (size < 4) {
+		uprintf("Kernel module '%s' must be recompiled with "
+		    "linker script\n", ef->lf.pathname);
+		return (ENOEXEC);
+	}
+
+	/* Padding from linker-script correct? */
+	pad = *(uint32_t *)((uintptr_t)ef->vnet_stop - sizeof(pad));
+	if (pad != LS_PADDING) {
+		uprintf("Kernel module '%s' must be recompiled with "
+		    "linker script, invalid padding %#04x (%#04x)\n",
+		    ef->lf.pathname, pad, LS_PADDING);
+		return (ENOEXEC);
+	}
+	/* If we only have valid padding, nothing to do. */
+	if (size == 4)
+		return (0);
+#endif
 	/*
 	 * Allocate space in the primary vnet area.  Copy in our
 	 * initialization from the data section and then initialize
@@ -688,6 +735,7 @@
 	return (0);
 }
 #endif
+#undef LS_PADDING
 
 static int
 link_elf_link_preload(linker_class_t cls,
Index: head/sys/netinet/ip_carp.c
===================================================================
--- head/sys/netinet/ip_carp.c
+++ head/sys/netinet/ip_carp.c
@@ -2180,21 +2180,6 @@
 };
 #endif
 
-#ifdef VIMAGE
-#if defined(__i386__)
-/*
- * XXX This is a hack to work around an absolute relocation outside
- * set_vnet by one (on the stop symbol) for carpstats.  Add a dummy variable
- * to the end of the file in the hope that the linker will just keep the
- * order (as it seems to do at the moment).  It is understood to be fragile.
- * See PR 230857 for a longer discussion of the problem and the referenced
- * review for possible alternate solutions.  Each is a hack; we just need
- * the least intrusive one for the next release.
- */
-VNET_DEFINE(char, carp_zzz) = 0xde;
-#endif
-#endif
-
 static void
 carp_mod_cleanup(void)
 {
Index: head/sys/sys/param.h
===================================================================
--- head/sys/sys/param.h
+++ head/sys/sys/param.h
@@ -60,7 +60,7 @@
  *		in the range 5 to 9.
  */
 #undef __FreeBSD_version
-#define __FreeBSD_version 1300030	/* Master, propagated to newvers */
+#define __FreeBSD_version 1300031	/* Master, propagated to newvers */
 
 /*
  * __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD,