[Bug 292337] ieee80211: panic after bpf attach
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 292337] ieee80211: panic after bpf attach"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 292337] ieee80211: panic after bpf attach"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 292337] ieee80211: panic after bpf attach"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 292337] ieee80211: panic after bpf attach"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 292337] ieee80211: panic after bpf attach"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 292337] ieee80211: panic after bpf attach"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 292337] ieee80211: panic after bpf attach"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 10 Jan 2026 17:15:17 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=292337
Bug ID: 292337
Summary: ieee80211: panic after bpf attach
Product: Base System
Version: 16.0-CURRENT
Hardware: amd64
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: bugs@FreeBSD.org
Reporter: p.mousavizadeh@protonmail.com
The kernel panic occurred after I opened Wireshark.
uname -a
FreeBSD 16.0-CURRENT #2 main-n282858-1c8dafe61887: Mon Jan 5 18:17:00 +0330
2026
vmcore:
% mdo kgdb -c /var/crash/vmcore.last /boot/kernel/kernel
Fatal trap 12: page fault while in kernel mode
cpuid = 20; apic id = 48
fault virtual address = 0x38
fault code = supervisor write data, page not present
instruction pointer = 0x20:0xffffffff80cfc623
stack pointer = 0x28:0xfffffe026e804b00
frame pointer = 0x28:0xfffffe026e804b20
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 44371 (dumpcap)
rdi: fffffe025dc74010 rsi: 0000000000008000 rdx: 0000000000000001
rcx: 0000000000000000 r8: 00000000000040f3 r9: ffffffff80be8d01
rax: 0000000000000000 rbx: 0000000000000000 rbp: fffffe026e804b20
r10: 0000000100000006 r11: fffff808a9af9550 r12: fffff80066779f00
r13: 0000000000000000 r14: fffff808a9af9000 r15: 0000000000000000
trap number = 12
panic: page fault
cpuid = 20
time = 1768032713
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe026e804850
vpanic() at vpanic+0x136/frame 0xfffffe026e804980
panic() at panic+0x43/frame 0xfffffe026e8049e0
trap_pfault() at trap_pfault+0x3cf/frame 0xfffffe026e804a30
calltrap() at calltrap+0x8/frame 0xfffffe026e804a30
--- trap 0xc, rip = 0xffffffff80cfc623, rsp = 0xfffffe026e804b00, rbp =
0xfffffe026e804b20 ---
ieee80211_syncflag_ext() at ieee80211_syncflag_ext+0x23/frame
0xfffffe026e804b20
bpf_ieee80211_attach() at bpf_ieee80211_attach+0x1b/frame 0xfffffe026e804b40
bpf_attachd() at bpf_attachd+0x20b/frame 0xfffffe026e804b70
bpfioctl() at bpfioctl+0x152e/frame 0xfffffe026e804bf0
devfs_ioctl() at devfs_ioctl+0xcb/frame 0xfffffe026e804c40
vn_ioctl() at vn_ioctl+0xc4/frame 0xfffffe026e804cb0
devfs_ioctl_f() at devfs_ioctl_f+0x1e/frame 0xfffffe026e804cd0
kern_ioctl() at kern_ioctl+0x286/frame 0xfffffe026e804d40
sys_ioctl() at sys_ioctl+0x101/frame 0xfffffe026e804e00
amd64_syscall() at amd64_syscall+0x126/frame 0xfffffe026e804f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe026e804f30
--- syscall (54, FreeBSD ELF64, ioctl), rip = 0x677b9cd003a, rsp =
0x677b1c77ab8, rbp = 0x677b1c77b20 ---
KDB: enter: panic
(kgdb) bt
#0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57
#1 doadump (textdump=textdump@entry=0) at
/usr/src/sys/kern/kern_shutdown.c:399
#2 0xffffffff804a5c0a in db_dump (dummy=<optimized out>, dummy2=<optimized
out>, dummy3=<optimized out>, dummy4=<optimized out>) at
/usr/src/sys/ddb/db_command.c:596
#3 0xffffffff804a59fd in db_command (last_cmdp=<optimized out>,
cmd_table=<optimized out>, dopager=true) at /usr/src/sys/ddb/db_command.c:508
#4 0xffffffff804a56bd in db_command_loop () at
/usr/src/sys/ddb/db_command.c:555
#5 0xffffffff804a8fe6 in db_trap (type=<optimized out>, code=<optimized out>)
at /usr/src/sys/ddb/db_main.c:267
#6 0xffffffff80bd56c5 in kdb_trap (type=type@entry=3, code=code@entry=0,
tf=tf@entry=0xfffffe026e804790) at /usr/src/sys/kern/subr_kdb.c:790
#7 0xffffffff810a1ffc in trap (frame=<optimized out>) at
/usr/src/sys/amd64/amd64/trap.c:614
#8 <signal handler called>
#9 kdb_enter (why=<optimized out>, msg=<optimized out>) at
/usr/src/sys/kern/subr_kdb.c:556
#10 0xffffffff80b874db in vpanic (fmt=0xffffffff811fbdf7 "%s",
ap=ap@entry=0xfffffe026e8049c0) at /usr/src/sys/kern/kern_shutdown.c:962
#11 0xffffffff80b87343 in panic (fmt=0x4200 <error: Cannot access memory at
address 0x4200>) at /usr/src/sys/kern/kern_shutdown.c:887
#12 0xffffffff810a2a1f in trap_fatal (frame=<optimized out>, eva=<optimized
out>) at /usr/src/sys/amd64/amd64/trap.c:969
#13 0xffffffff810a2a1f in trap_pfault (frame=0xfffffe026e804a40,
usermode=false, signo=<optimized out>, ucode=<optimized out>)
#14 <signal handler called>
#15 0xffffffff80cfc623 in atomic_fcmpset_long (src=18446735314823122944,
dst=<optimized out>, expect=<optimized out>) at
/usr/src/sys/amd64/include/atomic.h:184
#16 ieee80211_syncflag_ext (vap=0xfffffe025dc74010, flag=flag@entry=32768) at
/usr/src/sys/net80211/ieee80211.c:1020
#17 0xffffffff80d3282b in bpf_ieee80211_attach (sc=<optimized out>) at
/usr/src/sys/net80211/ieee80211_radiotap.c:386
#18 0xffffffff80cb47eb in bif_attachd (bp=0xfffff80066779f00) at
/usr/src/sys/net/bpf.c:109
#19 bpf_attachd (d=<optimized out>, bp=bp@entry=0xfffff80066779f00) at
/usr/src/sys/net/bpf.c:1990
#20 0xffffffff80cb32fe in bpfioctl (dev=<optimized out>, cmd=<optimized out>,
addr=0xfffffe026e804d50 "wlan0", flags=<optimized out>, td=<optimized out>) at
/usr/src/sys/net/bpf.c:1412
#21 0xffffffff809fe29b in devfs_ioctl (ap=0xfffffe026e804c58) at
/usr/src/sys/fs/devfs/devfs_vnops.c:961
#22 0xffffffff80c94e34 in VOP_IOCTL (vp=0xfffff8002920e000, command=<optimized
out>, data=<optimized out>, fflag=<optimized out>, cred=<optimized out>,
td=<optimized out>) at ./vnode_if.h:744
#23 vn_ioctl (fp=<optimized out>, com=<optimized out>, data=<optimized out>,
active_cred=<optimized out>, td=<optimized out>) at
/usr/src/sys/kern/vfs_vnops.c:1889
#24 0xffffffff809fe90e in devfs_ioctl_f (fp=0xfffffe025dc74010, com=32768,
data=0x1, cred=0x0, td=0x40f3) at /usr/src/sys/fs/devfs/devfs_vnops.c:892
#25 0xffffffff80bf9e26 in fo_ioctl (fp=0xfffff8001d27d7d0, com=32768,
data=0xfffffe026e804d50, active_cred=0x0, td=0xfffff808a9af9000) at
/usr/src/sys/sys/file.h:388
#26 kern_ioctl (td=td@entry=0xfffff808a9af9000, fd=<optimized out>, com=32768,
com@entry=2149597804, data=data@entry=0xfffffe026e804d50 "wlan0") at
/usr/src/sys/kern/sys_generic.c:811
#27 0xffffffff80bf9b41 in sys_ioctl (td=<optimized out>,
uap=0xfffff808a9af9428) at /usr/src/sys/kern/sys_generic.c:716
#28 0xffffffff810a3356 in syscallenter (td=0xfffff808a9af9000) at
/usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:193
#29 amd64_syscall (td=0xfffff808a9af9000, traced=0) at
/usr/src/sys/amd64/amd64/trap.c:1208
#30 <signal handler called>
(kgdb) frame 16
#16 ieee80211_syncflag_ext (vap=0xfffffe025dc74010, flag=flag@entry=32768) at
/usr/src/sys/net80211/ieee80211.c:1020
1020 IEEE80211_LOCK(ic);
(kgdb) info locals
_tid = 18446735314823122944
_v = 0
ic = 0x0
(kgdb) info args
vap = 0xfffffe025dc74010
flag = 32768
(kgdb) p *vap
$1 = {iv_... } /* all members are equal to 0 */
(kgdb) p ic
$2 = (struct ieee80211com *) 0x0
(kgdb) frame 17
#17 0xffffffff80d3282b in bpf_ieee80211_attach (sc=<optimized out>) at
/usr/src/sys/net80211/ieee80211_radiotap.c:386
386 ieee80211_syncflag_ext(vap, IEEE80211_FEXT_BPF);
(kgdb) info args
sc = <optimized out>
(kgdb) info locals
vap = 0xfffffe025dc74010
(kgdb) p *vap
$1 = {iv_... } /* all members equal to 0 */
--
You are receiving this mail because:
You are the assignee for the bug.