[Bug 292337] ieee80211: panic after bpf attach
- In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 292337] ieee80211: panic after bpf attach"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 10 Jan 2026 18:22:05 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=292337
--- Comment #2 from Seyed Pouria Mousavizadeh Tehrani <p.mousavizadeh@protonmail.com> ---
I had stopped it about an hour before launching Wireshark using the command
`service netif stop wlan0`.
I stop it every time I connect via wire.
(kgdb) frame 19
#19 bpf_attachd (d=<optimized out>, bp=bp@entry=0xfffff80066779f00) at
/usr/src/sys/net/bpf.c:1990
1990 bif_attachd(bp);
(kgdb) p *bp
$1 = {bif_dlist = {clh_first = 0xfffff8010f5a8200}, bif_next = {le_next =
0xfffff8006c9e5400, le_prev = 0xfffff8011107ba08}, bif_dlt = 127, bif_hdrlen =
40, bif_refcnt = 2, bif_wlist = {clh_first = 0x0}, bif_methods =
0xffffffff813dca80 <bpf_ieee80211_methods>, bif_softc = 0xfffff8001f8a7400,
bif_name = 0xfffff8001f8a7458 "wlan0", epoch_ctx = {data = {0x0, 0x0}}}
(kgdb) p *(struct ifnet *)bp->bif_softc
$2 = {if_link = {cstqe_next = 0xfffff800048a0c00}, if_clones = {le_next = 0x0,
le_prev = 0xfffff8000178fb28}, if_groups = {cstqh_first = 0x0, cstqh_last =
0xfffff8001f8a7418}, if_alloctype = 6 '\006', if_numa_domain = 255 '\377',
if_softc = 0xfffffe025dc74010, if_llsoftc = 0x0, if_l2com = 0x0, if_dname =
0xffffffff813d99f0 "wlan", if_dunit = 0, if_index = 3, if_idxgen = 0, if_xname
= "wlan0\000\000\000\000\000\000\000\000\000\000", if_description = 0x0,
if_flags = 2131970, if_drv_flags = 0, if_capabilities = 0, if_capabilities2 =
0, if_capenable = 0, if_capenable2 = 0, if_linkmib = 0x0, if_linkmiblen = 0,
if_refcount = 1, if_linux_ethno = 1, if_type = 6 '\006', if_addrlen = 6 '\006',
if_hdrlen = 14 '\016', if_link_state = 1 '\001', if_mtu = 1500, if_metric = 0,
if_baudrate = 600000000, if_hwassist = 0, if_epoch = 16, if_lastchange =
{tv_sec = 1768027980, tv_usec = 902411}, if_snd = {ifq_head = 0x0, ifq_tail =
0x0, ifq_len = 0, ifq_maxlen = 50, ifq_mtx = {lock_object = {lo_name =
0xfffff8001f8a7458 "wlan0", lo_flags = 16973824, lo_data = 0, lo_witness =
0x0}, mtx_lock = 0}, ifq_drv_head = 0x0, ifq_drv_tail = 0x0, ifq_drv_len =0,
ifq_drv_maxlen = 0, altq_type = 0, altq_flags = 0, altq_disc = 0x0, altq_ifp =
0xfffff8001f8a7400, altq_enqueue = 0x0, altq_dequeue = 0x0, altq_request = 0x0,
altq_tbr = 0x0, altq_cdnr = 0x0}, if_linktask = {ta_link = {stqe_next = 0x0},
ta_pending = 0, ta_priority = 0 '\000', ta_flags = 0 '\000', ta_func =
0xffffffff80cbe4d0 <do_link_state_change>, ta_context = 0xfffff8001f8a7400},
if_addmultitask = {ta_link = {stqe_next = 0x0}, ta_pending = 0, ta_priority = 0
'\000', ta_flags = 0 '\000', ta_func = 0xffffffff80cbe710 <if_siocaddmulti>,
ta_context = 0xfffff8001f8a7400}, if_addr_lock = {lock_object = {lo_name =
0xffffffff8122ca6d "if_addr_lock", lo_flags = 16973824, lo_data = 0, lo_witness
= 0x0}, mtx_lock = 0}, if_addrhead = {cstqh_first = 0x0, cstqh_last =
0xfffff8001f8a75c8}, if_multiaddrs = {cstqh_first = 0x0, cstqh_last =
0xfffff8001f8a75d8}, if_amcount = 0, if_addr = 0xfffff8006c8f9500, if_hw_addr =
0xfffff8006c5fc0d0, if_broadcastaddr = 0xffffffff813d6950 <etherbroadcastaddr>
"\377\377\377\377\377\377", if_inet = 0xfffff80066c7f720, if_inet6 =
0xfffff8006c0b6c80, if_fib = 0, if_vnet = 0xfffff8000136b340, if_home_vnet=
0xfffff8000136b340, if_vlantrunk = 0x0, if_bpf = 0xffffffff813d5e40
<bpfdetach.dead_bpf_if>, if_pcount = 0, if_bridge = 0x0, if_lagg = 0x0,
if_pf_kif = 0x0, if_carp = 0x0, if_label = 0x0, if_netmap = 0x0, if_output =
0xffffffff80cc1700 <ifdead_output>, if_input = 0xffffffff80cc1720
<ifdead_input>, if_bridge_input = 0x0, if_bridge_output = 0x0,
if_bridge_linkstate = 0x0, if_start = 0xffffffff80cc1730 <ifdead_start>,
if_ioctl = 0xffffffff80cc1740 <ifdead_ioctl>, if_init = 0xffffffff80d31510
<ieee80211_init>, if_resolvemulti = 0xffffffff80cc1750 <ifdead_resolvemulti>,
if_qflush = 0xffffffff80cc1770 <ifdead_qflush>, if_transmit =
0xffffffff80cc1780 <ifdead_transmit>, if_reassign = 0x0, if_get_counter =
0xffffffff80cc17a0 <ifdead_get_counter>, if_requestencap = 0xffffffff80cc2700
<ether_requestencap>, if_ipsec_accel_m = 0x0, if_counters =
{0xfffffe0247f823f8, 0xfffffe0247f823f0, 0xfffffe0247f823e8,
0xfffffe0247f823e0, 0xfffffe0247f823d8, 0xfffffe0247f823d0, 0xfffffe0247f823c8,
0xfffffe0247f823c0, 0xfffffe0247f823b8, 0xfffffe0247f823b0, 0xfffffe0247f823a8,
0xfffffe0247f823a0}, if_hw_tsomax = 65518, if_hw_tsomaxsegcount = 35,
if_hw_tsomaxsegsize = 2048, if_snd_tag_alloc = 0xffffffff80cc17b0
<ifdead_snd_tag_alloc>, if_ratelimit_query = 0xffffffff80cc17c0
<ifdead_ratelimit_query>, if_ratelimit_setup = 0x0, if_pcp = 255 '\377',
if_debugnet_methods = 0x0, if_epoch_ctx = {data = {0x0, 0x0}}, if_ispare = {0,
0, 0, 0}}
(kgdb) p *(struct ieee80211vap *)(((struct ifnet *)bp->bif_softc)->if_softc)
$3 = {iv_media = {ifm_mask = 0, ifm_media = 0, ifm_cur = 0x0, ifm_list =
{lh_first = 0x0}, ifm_change = 0x0, ifm_status = 0x0}, iv_ifp = 0x0, iv_rawbpf
= 0x0, iv_sysctl = 0x0, iv_oid = 0x0, iv_next = {tqe_next = 0x0, tqe_prev =
0x0}, iv_ic = 0x0, iv_myaddr = "\000\000\000\000\000", iv_debug = 0, iv_stats =
{is_rx_badversion = 0, is_rx_tooshort = 0, is_rx_wrongbss = 0, is_rx_dup = 0,
is_rx_wrongdir = 0, is_rx_mcastecho = 0, is_rx_notassoc = 0, is_rx_noprivacy =
0, is_rx_unencrypted = 0, is_rx_wepfail = 0, is_rx_decap = 0, is_rx_mgtdiscard
= 0, is_rx_ctl = 0, is_rx_beacon = 0, is_rx_rstoobig = 0, is_rx_elem_missing =
0, is_rx_elem_toobig = 0, is_rx_elem_toosmall = 0, is_rx_elem_unknown = 0,
is_rx_badchan = 0, is_rx_chanmismatch = 0, is_rx_nodealloc = 0,
is_rx_ssidmismatch = 0, is_rx_auth_unsupported = 0, is_rx_auth_fail = 0,
is_rx_auth_countermeasures = 0, is_rx_assoc_bss = 0, is_rx_assoc_notauth = 0,
is_rx_assoc_capmismatch = 0, is_rx_assoc_norate = 0, is_rx_assoc_badwpaie = 0,
is_rx_deauth = 0, is_rx_disassoc = 0, is_rx_badsubtype = 0, is_rx_nobuf = 0,
is_rx_decryptcrc = 0, is_rx_ahdemo_mgt = 0, is_rx_bad_auth = 0, is_rx_unauth =
0, is_rx_badkeyid = 0, is_rx_ccmpreplay = 0, is_rx_ccmpformat = 0,
is_rx_ccmpmic = 0, is_rx_tkipreplay = 0, is_rx_tkipformat = 0, is_rx_tkipmic =
0, is_rx_tkipicv = 0, is_rx_badcipher = 0, is_rx_nocipherctx = 0, is_rx_acl =
0, is_tx_nobuf = 0, is_tx_nonode = 0, is_tx_unknownmgt = 0, is_tx_badcipher =
0, is_tx_nodefkey = 0, is_tx_noheadroom = 0, is_tx_fragframes = 0, is_tx_frags
= 0, is_scan_active = 0, is_scan_passive = 0, is_node_timeout = 0,
is_crypto_nomem = 0, is_crypto_tkip = 0, is_crypto_tkipenmic = 0,
is_crypto_tkipdemic = 0, is_crypto_tkipcm = 0, is_crypto_ccmp = 0,
is_crypto_wep = 0, is_crypto_setkey_cipher = 0, is_crypto_setkey_nokey = 0,
is_crypto_delkey = 0, is_crypto_badcipher = 0, is_crypto_nocipher = 0,
is_crypto_attachfail = 0, is_crypto_swfallback = 0, is_crypto_keyfail = 0,
is_crypto_enmicfail = 0, is_ibss_capmismatch = 0, is_ibss_norate = 0,
is_ps_unassoc = 0, is_ps_badaid = 0, is_ps_qempty = 0, is_ff_badhdr = 0,
is_ff_tooshort = 0, is_ff_split = 0, is_ff_decap = 0, is_ff_encap = 0,
is_rx_badbintval = 0, is_rx_demicfail = 0, is_rx_defrag = 0, is_rx_mgmt = 0,
is_rx_action = 0, is_amsdu_tooshort = 0, is_amsdu_split = 0, is_amsdu_decap =
0, is_amsdu_encap = 0, is_ampdu_bar_bad = 0, is_ampdu_bar_oow = 0,
is_ampdu_bar_move = 0, is_ampdu_bar_rx = 0, is_ampdu_rx_flush = 0,
is_ampdu_rx_oor = 0, is_ampdu_rx_copy = 0, is_ampdu_rx_drop = 0, is_tx_badstate
= 0, is_tx_notassoc = 0, is_tx_classify = 0, is_dwds_mcast = 0, is_dwds_qdrop =
0, is_ht_assoc_nohtcap = 0, is_ht_assoc_downgrade = 0, is_ht_assoc_norate = 0,
is_ampdu_rx_age = 0, is_ampdu_rx_move = 0, is_addba_reject = 0,
is_addba_norequest = 0, is_addba_badtoken = 0, is_addba_badpolicy = 0,
is_ampdu_stop = 0, is_ampdu_stop_failed = 0, is_ampdu_rx_reorder = 0,
is_scan_bg = 0, is_rx_deauth_code = 0 '\000', is_rx_disassoc_code = 0 '\000',
is_rx_authfail_code = 0 '\000', is_beacon_miss = 0, is_rx_badstate = 0,
is_ff_flush = 0, is_tx_ctl = 0, is_ampdu_rexmt = 0, is_ampdu_rexmt_fail = 0,
is_mesh_wrongmesh = 0, is_mesh_nolink = 0, is_mesh_fwd_ttl = 0,
is_mesh_fwd_nobuf = 0, is_mesh_fwd_tooshort = 0, is_mesh_fwd_disabled = 0,
is_mesh_fwd_nopath = 0, is_hwmp_wrongseq = 0, is_hwmp_rootreqs = 0,
is_hwmp_rootrann = 0, is_mesh_badae = 0, is_mesh_rtaddfailed = 0,
is_mesh_notproxy = 0, is_rx_badalign = 0, is_hwmp_proxy = 0, is_beacon_bad = 0,
is_ampdu_bar_tx = 0, is_ampdu_bar_tx_retry = 0, is_ampdu_bar_tx_fail = 0,
is_ff_encapfail = 0, is_amsdu_encapfail = 0, is_crypto_gcmp = 0,
is_rx_gcmpreplay = 0, is_rx_gcmpformat = 0, is_rx_gcmpmic = 0,
is_crypto_gcmp_nomem = 0, is_crypto_gcmp_nospc = 0, is_crypto_swcipherfail = 0,
is_spare = {0, 0, 0, 0, 0}}, iv_flags = 0, iv_flags_ext = 0, iv_flags_ht = 0,
iv_flags_ven = 0, iv_ifflags = 0, iv_caps = 0, iv_htcaps = 0, iv_htextcaps = 0,
iv_com_state = 0, iv_opmode = IEEE80211_M_IBSS, iv_state = IEEE80211_S_INIT,
iv_nstate = IEEE80211_S_INIT, iv_nstate_b = 0, iv_nstate_n = 0, iv_nstates =
{IEEE80211_S_INIT, IEEE80211_S_INIT, IEEE80211_S_INIT, IEEE80211_S_INIT,
IEEE80211_S_INIT, IEEE80211_S_INIT, IEEE80211_S_INIT, IEEE80211_S_INIT},
iv_nstate_args = {0, 0, 0, 0, 0, 0, 0, 0}, iv_nstate_task = {{ta_link =
{stqe_next = 0x0}, ta_pending = 0, ta_priority = 0 '\000', ta_flags = 0 '\000',
ta_func = 0x0, ta_context = 0x0}, {ta_link = {stqe_next = 0x0}, ta_pending = 0,
ta_priority = 0 '\000', ta_flags = 0 '\000', ta_func = 0x0, ta_context = 0x0},
{ta_link = {stqe_next = 0x0}, ta_pending = 0, ta_priority = 0 '\000', ta_flags
= 0 '\000', ta_func = 0x0, ta_context = 0x0}, {ta_link = {stqe_next = 0x0},
ta_pending = 0, ta_priority = 0 '\000', ta_flags = 0 '\000', ta_func = 0x0,
ta_context = 0x0}, {ta_link = {stqe_next = 0x0}, ta_pending = 0, ta_priority =
0 '\000', ta_flags = 0 '\000', ta_func = 0x0, ta_context = 0x0}, {ta_link =
{stqe_next = 0x0}, ta_pending = 0, ta_priority = 0 '\000', ta_flags = 0 '\000',
ta_func = 0x0, ta_context = 0x0}, {ta_link = {stqe_next = 0x0}, ta_pending = 0,
ta_priority = 0 '\000', ta_flags = 0 '\000', ta_func = 0x0, ta_context = 0x0},
{ta_link = {stqe_next = 0x0}, ta_pending = 0, ta_priority = 0 '\000', ta_flags
= 0 '\000', ta_func = 0x0, ta_context = 0x0}}, iv_swbmiss_task = {ta_link =
{stqe_next = 0x0}, ta_pending = 0, ta_priority = 0 '\000', ta_flags = 0 '\000',
ta_func = 0x0, ta_context = 0x0}, iv_mgtsend = {c_links = {le = {le_next = 0x0,
le_prev = 0x0}, sle = {sle_next = 0x0}, tqe = {tqe_next = 0x0, tqe_prev =
0x0}}, c_time = 0, c_precision = 0, c_arg = 0x0, c_func = 0x0, c_lock = 0x0,
c_flags = 0, c_iflags = 0, c_cpu = 0}, iv_inact_init = 0, iv_inact_auth = 0,
iv_inact_run = 0, iv_inact_probe = 0, iv_vht_flags = 0, iv_vht_cap =
{vht_cap_info = 0, supp_mcs = {rx_mcs_map = 0, rx_highest = 0, tx_mcs_map = 0,
tx_highest = 0}}, iv_vhtextcaps = 0, iv_vht_spare = {0, 0, 0, 0}, iv_des_nssid
= 0, iv_des_ssid = {{len = 0, ssid = '\000' <repeats 31 times>}}, iv_des_bssid
= "\000\000\000\000\000", iv_des_chan = 0x0, iv_des_mode = 0, iv_nicknamelen =
0, iv_nickname= '\000' <repeats 31 times>, iv_bgscanidle = 0, iv_bgscanintvl =
0, iv_scanvalid = 0, iv_scanreq_duration = 0, iv_scanreq_mindwell = 0,
iv_scanreq_maxdwell = 0, iv_scanreq_flags = 0, iv_scanreq_nssid = 0 '\000',
iv_scanreq_ssid = {{len = 0, ssid = '\000' <repeats 31 times>}}, iv_roaming =
IEEE80211_ROAMING_DEVICE, iv_roamparms = {{rssi = 0 '\000', rate = 0 '\000',
pad = 0} <repeats 14 times>}, iv_bmissthreshold = 0 '\000', iv_bmiss_count = 0
'\000', iv_bmiss_max = 0, iv_swbmiss_count = 0, iv_swbmiss_period = 0,
iv_swbmiss = {c_links = {le = {le_next = 0x0, le_prev = 0x0}, sle = {sle_next =
0x0}, tqe = {tqe_next = 0x0, tqe_prev = 0x0}}, c_time = 0, c_precision = 0,
c_arg = 0x0, c_func = 0x0, c_lock = 0x0, c_flags = 0, c_iflags = 0, c_cpu = 0},
iv_ampdu_rxmax = 0, iv_ampdu_density = 0, iv_ampdu_limit = 0, iv_amsdu_limit =
0, iv_ampdu_mintraffic = {0, 0, 0, 0}, iv_bcn_off = {bo_flags = "\000\000\000",
bo_caps = 0x0, bo_cfp = 0x0, bo_tim = 0x0, bo_wme = 0x0, bo_tdma = 0x0,
bo_tim_trailer = 0x0, bo_tim_len = 0, bo_tim_trailer_len = 0, bo_erp = 0x0,
bo_htinfo = 0x0, bo_ath = 0x0, bo_appie = 0x0, bo_appie_len = 0,
bo_csa_trailer_len = 0, bo_csa = 0x0, bo_quiet = 0x0, bo_meshconf = 0x0,
bo_vhtinfo = 0x0, bo_spare = {0x0, 0x0}}, iv_aid_bitmap = 0x0, iv_max_aid = 0,
iv_sta_assoc = 0, iv_ps_sta = 0, iv_ps_pending = 0, iv_txseq = 0, iv_tim_len =
0, iv_tim_bitmap = 0x0, iv_dtim_period = 0 '\000', iv_dtim_count = 0 '\000',
iv_quiet = 0 '\000', iv_quiet_count = 0 '\000', iv_quiet_count_value = 0
'\000', iv_quiet_period = 0 '\000', iv_quiet_duration = 0, iv_quiet_offset = 0,
iv_csa_count = 0, iv_bss = 0x0, iv_txparms = {{ucastrate = 0 '\000', mgmtrate =
0 '\000', mcastrate = 0 '\000', maxretry = 0 '\000'} <repeats 14 times>},
iv_rtsthreshold = 0, iv_fragthreshold = 0, iv_inact_timer = 0, iv_appie_beacon
= 0x0, iv_appie_probereq = 0x0, iv_appie_proberesp = 0x0, iv_appie_assocreq =
0x0, iv_appie_assocresp = 0x0, iv_appie_wpa = 0x0, iv_wpa_ie = 0x0, iv_rsn_ie =
0x0, iv_max_keyix = 0, iv_def_txkey = 0, iv_nw_keys = {{wk_keylen = 0 '\000',
wk_pad = 0 '\000', wk_pad1 = "\000", wk_flags = 0, wk_keyix = 0, wk_rxkeyix =
0, wk_key = '\000' <repeats 31 times>, wk_keyrsc = {0 <repeats 17 times>},
wk_keytsc = 0, wk_cipher = 0x0, wk_private = 0x0, wk_macaddr =
"\000\000\000\000\000"}, {wk_keylen = 0 '\000', wk_pad = 0 '\000', wk_pad1 =
"\000", wk_flags = 0, wk_keyix = 0, wk_rxkeyix = 0, wk_key = '\000' <repeats 31
times>, wk_keyrsc = {0 <repeats 17 times>}, wk_keytsc = 0, wk_cipher = 0x0,
wk_private = 0x0, wk_macaddr = "\000\000\000\000\000"}, {wk_keylen = 0 '\000',
wk_pad = 0 '\000', wk_pad1 = "\000", wk_flags = 0, wk_keyix = 0, wk_rxkeyix =
0, wk_key = '\000' <repeats 31 times>, wk_keyrsc = {0 <repeats 17 times>},
wk_keytsc = 0, wk_cipher = 0x0, wk_private = 0x0, wk_macaddr =
"\000\000\000\000\000"}, {wk_keylen = 0 '\000', wk_pad = 0 '\000', wk_pad1 =
"\000", wk_flags = 0, wk_keyix = 0, wk_rxkeyix = 0, wk_key = '\000' <repeats 31
times>, wk_keyrsc = {0 <repeats 17 times>}, wk_keytsc = 0, wk_cipher = 0x0,
wk_private = 0x0, wk_macaddr = "\000\000\000\000\000"}}, iv_key_alloc = 0x0,
iv_key_delete = 0x0, iv_key_set = 0x0, iv_key_update_begin = 0x0,
iv_key_update_end = 0x0, iv_update_deftxkey = 0x0, iv_auth = 0x0, iv_ec = 0x0,
iv_acl = 0x0, iv_as = 0x0, iv_rate = 0x0, iv_rs = 0x0, iv_tdma = 0x0, iv_mesh =
0x0, iv_hwmp = 0x0, iv_opdetach = 0x0, iv_input = 0x0, iv_recv_mgmt = 0x0,
iv_recv_ctl = 0x0, iv_deliver_data = 0x0, iv_bmiss = 0x0, iv_reset = 0x0,
iv_update_beacon = 0x0, iv_update_ps = 0x0, iv_set_tim = 0x0, iv_node_ps = 0x0,
iv_sta_ps = 0x0, iv_recv_pspoll = 0x0, iv_newstate = 0x0, iv_update_bss = 0x0,
iv_output = 0x0, iv_wme_update = 0x0, iv_wme_task = {ta_link = {stqe_next =
0x0}, ta_pending = 0, ta_priority = 0 '\000', ta_flags = 0 '\000', ta_func =
0x0, ta_context = 0x0}, iv_protmode = IEEE80211_PROT_NONE, iv_htprotmode =
IEEE80211_PROT_NONE, iv_curhtprotmode = 0 '\000', iv_nonerpsta = 0,
iv_longslotsta = 0, iv_ht_sta_assoc = 0, iv_ht40_sta_assoc = 0, iv_lastnonerp =
0, iv_lastnonht = 0, iv_updateslot = 0x0, iv_slot_task = {ta_link = {stqe_next
= 0x0}, ta_pending = 0, ta_priority = 0 '\000', ta_flags = 0 '\000', ta_func =
0x0, ta_context = 0x0}, iv_erp_protmode_task = {ta_link = {stqe_next = 0x0},
ta_pending = 0, ta_priority = 0 '\000', ta_flags = 0 '\000', ta_func = 0x0,
ta_context = 0x0}, iv_erp_protmode_update = 0x0, iv_preamble_task = {ta_link =
{stqe_next = 0x0}, ta_pending = 0, ta_priority = 0 '\000', ta_flags = 0 '\000',
ta_func = 0x0, ta_context = 0x0}, iv_preamble_update = 0x0, iv_ht_protmode_task
= {ta_link = {stqe_next = 0x0}, ta_pending = 0, ta_priority = 0 '\000',
ta_flags = 0 '\000', ta_func = 0x0, ta_context = 0x0}, iv_ht_protmode_update =
0x0, iv_uapsdinfo = 0 '\000', rx_histogram = 0x0, tx_histogram = 0x0, iv_spare
= {0 <repeats 36 times>}}
(kgdb)
--
You are receiving this mail because:
You are the assignee for the bug.