Date: Sat, 10 Jan 2026 17:15:17 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 292337] ieee80211: panic after bpf attach Message-ID: <bug-292337-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=292337 Bug ID: 292337 Summary: ieee80211: panic after bpf attach Product: Base System Version: 16.0-CURRENT Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: p.mousavizadeh@protonmail.com The kernel panic occurred after I opened Wireshark. uname -a FreeBSD 16.0-CURRENT #2 main-n282858-1c8dafe61887: Mon Jan 5 18:17:00 +0330 2026 vmcore: % mdo kgdb -c /var/crash/vmcore.last /boot/kernel/kernel Fatal trap 12: page fault while in kernel mode cpuid = 20; apic id = 48 fault virtual address = 0x38 fault code = supervisor write data, page not present instruction pointer = 0x20:0xffffffff80cfc623 stack pointer = 0x28:0xfffffe026e804b00 frame pointer = 0x28:0xfffffe026e804b20 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 44371 (dumpcap) rdi: fffffe025dc74010 rsi: 0000000000008000 rdx: 0000000000000001 rcx: 0000000000000000 r8: 00000000000040f3 r9: ffffffff80be8d01 rax: 0000000000000000 rbx: 0000000000000000 rbp: fffffe026e804b20 r10: 0000000100000006 r11: fffff808a9af9550 r12: fffff80066779f00 r13: 0000000000000000 r14: fffff808a9af9000 r15: 0000000000000000 trap number = 12 panic: page fault cpuid = 20 time = 1768032713 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe026e804850 vpanic() at vpanic+0x136/frame 0xfffffe026e804980 panic() at panic+0x43/frame 0xfffffe026e8049e0 trap_pfault() at trap_pfault+0x3cf/frame 0xfffffe026e804a30 calltrap() at calltrap+0x8/frame 0xfffffe026e804a30 --- trap 0xc, rip = 0xffffffff80cfc623, rsp = 0xfffffe026e804b00, rbp = 0xfffffe026e804b20 --- ieee80211_syncflag_ext() at ieee80211_syncflag_ext+0x23/frame 0xfffffe026e804b20 bpf_ieee80211_attach() at bpf_ieee80211_attach+0x1b/frame 0xfffffe026e804b40 bpf_attachd() at bpf_attachd+0x20b/frame 0xfffffe026e804b70 bpfioctl() at bpfioctl+0x152e/frame 0xfffffe026e804bf0 devfs_ioctl() at devfs_ioctl+0xcb/frame 0xfffffe026e804c40 vn_ioctl() at vn_ioctl+0xc4/frame 0xfffffe026e804cb0 devfs_ioctl_f() at devfs_ioctl_f+0x1e/frame 0xfffffe026e804cd0 kern_ioctl() at kern_ioctl+0x286/frame 0xfffffe026e804d40 sys_ioctl() at sys_ioctl+0x101/frame 0xfffffe026e804e00 amd64_syscall() at amd64_syscall+0x126/frame 0xfffffe026e804f30 fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe026e804f30 --- syscall (54, FreeBSD ELF64, ioctl), rip = 0x677b9cd003a, rsp = 0x677b1c77ab8, rbp = 0x677b1c77b20 --- KDB: enter: panic (kgdb) bt #0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57 #1 doadump (textdump=textdump@entry=0) at /usr/src/sys/kern/kern_shutdown.c:399 #2 0xffffffff804a5c0a in db_dump (dummy=<optimized out>, dummy2=<optimized out>, dummy3=<optimized out>, dummy4=<optimized out>) at /usr/src/sys/ddb/db_command.c:596 #3 0xffffffff804a59fd in db_command (last_cmdp=<optimized out>, cmd_table=<optimized out>, dopager=true) at /usr/src/sys/ddb/db_command.c:508 #4 0xffffffff804a56bd in db_command_loop () at /usr/src/sys/ddb/db_command.c:555 #5 0xffffffff804a8fe6 in db_trap (type=<optimized out>, code=<optimized out>) at /usr/src/sys/ddb/db_main.c:267 #6 0xffffffff80bd56c5 in kdb_trap (type=type@entry=3, code=code@entry=0, tf=tf@entry=0xfffffe026e804790) at /usr/src/sys/kern/subr_kdb.c:790 #7 0xffffffff810a1ffc in trap (frame=<optimized out>) at /usr/src/sys/amd64/amd64/trap.c:614 #8 <signal handler called> #9 kdb_enter (why=<optimized out>, msg=<optimized out>) at /usr/src/sys/kern/subr_kdb.c:556 #10 0xffffffff80b874db in vpanic (fmt=0xffffffff811fbdf7 "%s", ap=ap@entry=0xfffffe026e8049c0) at /usr/src/sys/kern/kern_shutdown.c:962 #11 0xffffffff80b87343 in panic (fmt=0x4200 <error: Cannot access memory at address 0x4200>) at /usr/src/sys/kern/kern_shutdown.c:887 #12 0xffffffff810a2a1f in trap_fatal (frame=<optimized out>, eva=<optimized out>) at /usr/src/sys/amd64/amd64/trap.c:969 #13 0xffffffff810a2a1f in trap_pfault (frame=0xfffffe026e804a40, usermode=false, signo=<optimized out>, ucode=<optimized out>) #14 <signal handler called> #15 0xffffffff80cfc623 in atomic_fcmpset_long (src=18446735314823122944, dst=<optimized out>, expect=<optimized out>) at /usr/src/sys/amd64/include/atomic.h:184 #16 ieee80211_syncflag_ext (vap=0xfffffe025dc74010, flag=flag@entry=32768) at /usr/src/sys/net80211/ieee80211.c:1020 #17 0xffffffff80d3282b in bpf_ieee80211_attach (sc=<optimized out>) at /usr/src/sys/net80211/ieee80211_radiotap.c:386 #18 0xffffffff80cb47eb in bif_attachd (bp=0xfffff80066779f00) at /usr/src/sys/net/bpf.c:109 #19 bpf_attachd (d=<optimized out>, bp=bp@entry=0xfffff80066779f00) at /usr/src/sys/net/bpf.c:1990 #20 0xffffffff80cb32fe in bpfioctl (dev=<optimized out>, cmd=<optimized out>, addr=0xfffffe026e804d50 "wlan0", flags=<optimized out>, td=<optimized out>) at /usr/src/sys/net/bpf.c:1412 #21 0xffffffff809fe29b in devfs_ioctl (ap=0xfffffe026e804c58) at /usr/src/sys/fs/devfs/devfs_vnops.c:961 #22 0xffffffff80c94e34 in VOP_IOCTL (vp=0xfffff8002920e000, command=<optimized out>, data=<optimized out>, fflag=<optimized out>, cred=<optimized out>, td=<optimized out>) at ./vnode_if.h:744 #23 vn_ioctl (fp=<optimized out>, com=<optimized out>, data=<optimized out>, active_cred=<optimized out>, td=<optimized out>) at /usr/src/sys/kern/vfs_vnops.c:1889 #24 0xffffffff809fe90e in devfs_ioctl_f (fp=0xfffffe025dc74010, com=32768, data=0x1, cred=0x0, td=0x40f3) at /usr/src/sys/fs/devfs/devfs_vnops.c:892 #25 0xffffffff80bf9e26 in fo_ioctl (fp=0xfffff8001d27d7d0, com=32768, data=0xfffffe026e804d50, active_cred=0x0, td=0xfffff808a9af9000) at /usr/src/sys/sys/file.h:388 #26 kern_ioctl (td=td@entry=0xfffff808a9af9000, fd=<optimized out>, com=32768, com@entry=2149597804, data=data@entry=0xfffffe026e804d50 "wlan0") at /usr/src/sys/kern/sys_generic.c:811 #27 0xffffffff80bf9b41 in sys_ioctl (td=<optimized out>, uap=0xfffff808a9af9428) at /usr/src/sys/kern/sys_generic.c:716 #28 0xffffffff810a3356 in syscallenter (td=0xfffff808a9af9000) at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:193 #29 amd64_syscall (td=0xfffff808a9af9000, traced=0) at /usr/src/sys/amd64/amd64/trap.c:1208 #30 <signal handler called> (kgdb) frame 16 #16 ieee80211_syncflag_ext (vap=0xfffffe025dc74010, flag=flag@entry=32768) at /usr/src/sys/net80211/ieee80211.c:1020 1020 IEEE80211_LOCK(ic); (kgdb) info locals _tid = 18446735314823122944 _v = 0 ic = 0x0 (kgdb) info args vap = 0xfffffe025dc74010 flag = 32768 (kgdb) p *vap $1 = {iv_... } /* all members are equal to 0 */ (kgdb) p ic $2 = (struct ieee80211com *) 0x0 (kgdb) frame 17 #17 0xffffffff80d3282b in bpf_ieee80211_attach (sc=<optimized out>) at /usr/src/sys/net80211/ieee80211_radiotap.c:386 386 ieee80211_syncflag_ext(vap, IEEE80211_FEXT_BPF); (kgdb) info args sc = <optimized out> (kgdb) info locals vap = 0xfffffe025dc74010 (kgdb) p *vap $1 = {iv_... } /* all members equal to 0 */ -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-292337-227>