Kernel oops / WiFi connection failure with wpa_supplicant 2.7

Eric Blau eblau at
Thu Jan 3 07:38:32 PST 2019

Hi folks,

Since upgrading to wpa_supplicant 2.7, myself and many others have hit
issues with wpa_supplicant failing to connect due to invalid arguments
being passed to the underlying kernel driver. Reverting to version 2.6
makes these issues go away.

There is an Arch Linux bug report here that has a lot of the details:

The problem appears related to 4-way handshake offload support:

ChangeLog for wpa_supplicant:

2018-12-02 - v2.7
* added support for nl80211 to offload 4-way handshake into the driver

Running Linux 4.20, I see the following kernel oops when
wpa_supplicant is trying to associate:

kernel: WARNING: CPU: 0 PID: 16169 at
brcmf_cfg80211_set_pmk+0x50/0x70 [brcmfmac]
kernel: Modules linked in: brcmfmac ipt_MASQUERADE
nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo fuse iptable_nat
nf_nat_ipv4 xt_addrtype iptable_filter xt_conntrack nf_nat
nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c crc32c_generic
br_netfilter bridge stp llc cmac bnep nls_iso8859_1 nls_cp437 vfat fat
snd_hda_codec_hdmi sg crypto_user btusb btrtl btbcm btintel bluetooth
asix usbnet joydev mii mousedev bcm5974 input_leds libphy ecdh_generic
crc16 msr ofpart cmdlinepart intel_spi_platform intel_spi brcmutil
intel_rapl spi_nor x86_pkg_temp_thermal intel_powerclamp coretemp
kvm_intel mtd cfg80211 iTCO_wdt iTCO_vendor_support i915 kvmgt
vfio_mdev mdev vfio_iommu_type1 vfio kvm i2c_algo_bit drm_kms_helper
drm snd_hda_codec_cirrus snd_hda_codec_generic snd_hda_intel
snd_hda_codec applesmc irqbypass input_polldev intel_cstate
snd_hda_core mmc_core intel_uncore snd_hwdep intel_rapl_perf snd_pcm
thunderbolt mei_me pcspkr lpc_ich intel_gtt i2c_i801 intel_pch_thermal
kernel: agpgart mei rfkill snd syscopyarea spi_pxa2xx_pci sysfillrect
sysimgblt acpi_als fb_sys_fops soundcore kfifo_buf sbs evdev
industrialio sbshc mac_hid spi_pxa2xx_platform ac apple_bl pcc_cpufreq
facetimehd(OE) videobuf2_dma_sg videobuf2_memops videobuf2_v4l2
videobuf2_common videodev media ip_tables x_tables zfs(POE)
zunicode(POE) zavl(POE) icp(POE) zcommon(POE) znvpair(POE) spl(OE)
algif_skcipher af_alg hid_apple hid_generic usbhid hid dm_crypt dm_mod
sd_mod crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel
ahci libahci libata scsi_mod aesni_intel xhci_pci aes_x86_64
crypto_simd xhci_hcd cryptd glue_helper [last unloaded: brcmfmac]
kernel: CPU: 0 PID: 16169 Comm: wpa_supplicant Tainted: P W OE
4.20.0-arch1-1-ARCH #1
kernel: Hardware name: Apple Inc. MacBookPro12,1/Mac-E43C1C25D4880AD6,
BIOS MBP121.88Z.0177.B00.1806051659 06/05/2018
kernel: RIP: 0010:brcmf_cfg80211_set_pmk+0x50/0x70 [brcmfmac]
kernel: Code: 8b 83 c8 08 00 00 83 b8 80 07 00 00 02 75 1b 0f b6 55 08
80 fa 20 77 1c 48 8b 75 10 48 8d bb c0 08 00 00 5b 5d e9 80 fe ff ff
<0f> 0b b8 ea ff ff ff 5b 5d c3 b8 de ff ff ff eb f6 66 66 2e 0f 1f
kernel: RSP: 0018:ffffaad283d0ba98 EFLAGS: 00010293
kernel: RAX: ffff9aa6ee816000 RBX: ffff9aa6ee811000 RCX: ffff9aa80a77c000
kernel: RDX: ffffffffc10b8b7d RSI: ffffffffc10ade80 RDI: 0000000000000002
kernel: RBP: ffffaad283d0bab0 R08: 00000000000000fe R09: ffff9aa80a77c000
kernel: R10: 0000000000000000 R11: ffffffff848f5e58 R12: ffff9aa6ee816050
kernel: R13: ffff9aa6ee811000 R14: ffff9aa76cc10000 R15: ffff9aa76cc10300
kernel: FS: 00007fcfeb90a480(0000) GS:ffff9aa826a00000(0000)
kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
kernel: CR2: 000055d5ae8e5fe0 CR3: 0000000227530005 CR4: 00000000003606f0
kernel: Call Trace:
kernel: nl80211_set_pmk+0x178/0x270 [cfg80211]
kernel: genl_family_rcv_msg+0x1c4/0x3c0
kernel: ? sock_def_readable+0xe/0x80
kernel: ? __netlink_sendskb+0x3d/0x50
kernel: genl_rcv_msg+0x47/0x90
kernel: ? __kmalloc_node_track_caller+0x1ed/0x290
kernel: ? genl_family_rcv_msg+0x3c0/0x3c0
kernel: netlink_rcv_skb+0x4c/0x120
kernel: genl_rcv+0x24/0x40
kernel: netlink_unicast+0x196/0x240
kernel: netlink_sendmsg+0x1fd/0x3c0
kernel: sock_sendmsg+0x33/0x40
kernel: ___sys_sendmsg+0x295/0x2f0
kernel: ? dev_get_by_name_rcu+0x73/0x90
kernel: ? dev_ioctl+0x171/0x3d0
kernel: ? __check_object_size+0xa0/0x189
kernel: ? preempt_count_add+0x79/0xb0
kernel: ? __inode_wait_for_writeback+0x7f/0xf0
kernel: ? preempt_count_add+0x79/0xb0
kernel: ? _raw_spin_lock+0x13/0x30
kernel: ? _raw_spin_unlock+0x16/0x30
kernel: ? __dentry_kill+0x116/0x160
kernel: __sys_sendmsg+0x57/0xa0
kernel: do_syscall_64+0x5b/0x170
kernel: entry_SYSCALL_64_after_hwframe+0x44/0xa9
kernel: RIP: 0033:0x7fcfebe41fd8
kernel: Code: 89 02 48 c7 c0 ff ff ff ff eb b5 0f 1f 80 00 00 00 00 f3
0f 1e fa 48 8d 05 65 65 0c 00 8b 00 85 c0 75 17 b8 2e 00 00 00 0f 05
<48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 41 54 41 89 d4 55
kernel: RSP: 002b:00007ffdff680c48 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
kernel: RAX: ffffffffffffffda RBX: 000055cd5d162040 RCX: 00007fcfebe41fd8
kernel: RDX: 0000000000000000 RSI: 00007ffdff680c80 RDI: 0000000000000005
kernel: RBP: 000055cd5d189110 R08: 0000000000000004 R09: 00007fcfebf04150
kernel: R10: 00007ffdff680d54 R11: 0000000000000246 R12: 000055cd5d161f50
kernel: R13: 00007ffdff680c80 R14: ffffffffffffffff R15: 0000000000000000
kernel: ---[ end trace 462c92ab814d0cda ]---

Notice that the oops references wpa_supplicant as the offending
process, although maybe the firmware or driver is at fault for
advertising 4-way handshake offload support.

Any ideas what the issue could be here? If there's anything else I can
do to help track down the problem, please let me know.


More information about the Hostap mailing list