Skip to content

hostapd segfault #6885

Open
Open
@aberenyi

Description

@aberenyi

Describe the bug

I'm trying to host an AP using the built-in WiFi chip (Broadcom BCM2712 if I'm not mistaken), however, hostapd segfaults from time to time.

I've built the latest hostapd version (2.11 at the time of filing this issue) from source, but that didn't resolve the issue.

Steps to reproduce the behaviour

  1. Install hostapd or build it from source
  2. Set it up in AP mode (sample config here)
  3. Connect to the AP using your phone or any other device.
  4. Wait or connect/disconnect a few times.
  5. hostapd.service: Main process exited, code=killed, status=11/SEGV

Device (s)

Raspberry Pi 5

System

Raspberry Pi reference 2024-03-15
Generated using pi-gen, https://github.com/RPi-Distro/pi-gen, f19ee211ddafcae300827f953d143de92a5c6624, stage2
2025/05/08 15:13:17
Copyright (c) 2012 Broadcom
version 69471177 (release) (embedded)
Linux 2f6621fd717d65e9 6.12.25+rpt-rpi-2712 #1 SMP PREEMPT Debian 1:6.12.25-1+rpt1 (2025-04-30) aarch64 GNU/Linux

Logs

Jun 06 13:29:59 2f6621fd717d65e9 kernel: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
Jun 06 13:29:59 2f6621fd717d65e9 kernel: Mem abort info:
Jun 06 13:30:00 2f6621fd717d65e9 kernel:   ESR = 0x0000000096000005
Jun 06 13:30:00 2f6621fd717d65e9 kernel:   EC = 0x25: DABT (current EL), IL = 32 bits
Jun 06 13:30:00 2f6621fd717d65e9 kernel:   SET = 0, FnV = 0
Jun 06 13:30:00 2f6621fd717d65e9 kernel:   EA = 0, S1PTW = 0
Jun 06 13:30:00 2f6621fd717d65e9 kernel:   FSC = 0x05: level 1 translation fault
Jun 06 13:30:00 2f6621fd717d65e9 kernel: Data abort info:
Jun 06 13:30:00 2f6621fd717d65e9 kernel:   ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
Jun 06 13:30:00 2f6621fd717d65e9 kernel:   CM = 0, WnR = 0, TnD = 0, TagAccess = 0
Jun 06 13:30:00 2f6621fd717d65e9 kernel:   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
Jun 06 13:30:00 2f6621fd717d65e9 kernel: user pgtable: 16k pages, 47-bit VAs, pgdp=00000001c0780000
Jun 06 13:30:00 2f6621fd717d65e9 kernel: [0000000000000000] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000
Jun 06 13:30:00 2f6621fd717d65e9 kernel: Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
Jun 06 13:30:00 2f6621fd717d65e9 kernel: Modules linked in: aes_ce_ccm mt76x2u mt76x2_common mt76x02_usb mt76_usb mt76x02_lib mt76 mac80211 libarc4 algif_hash algif_skcipher af_alg bnep binfmt_misc vc4 sr_mod cdrom brcmfmac_wcc sg snd_soc_hdmi_codec drm_display_helper hci_uart cec aes_ce_blk joydev aes_ce_cipher btbcm drm_dma_helper ghash_ce gf128mul bluetooth brcmfmac snd_soc_core cdc_acm rpi_hevc_dec sha2_ce pisp_be brcmutil sha256_arm64 snd_compress sha1_ce snd_pcm_dmaengine v4l2_mem2mem cfg80211 snd_pcm videobuf2_dma_contig ecdh_generic videobuf2_memops ecc snd_timer videobuf2_v4l2 sha1_generic rfkill videodev libaes snd raspberrypi_hwmon v3d videobuf2_common mc gpu_sched drm_shmem_helper rp1_pio drm_kms_helper pwm_fan rp1 raspberrypi_gpiomem rp1_mailbox rp1_adc nvmem_rmem uio_pdrv_genirq uio fuse drm drm_panel_orientation_quirks backlight dm_mod ip_tables x_tables ipv6 hid_logitech_hidpp hid_logitech_dj spidev i2c_brcmstb spi_bcm2835 gpio_keys
Jun 06 13:30:00 2f6621fd717d65e9 kernel: CPU: 0 UID: 0 PID: 2979 Comm: hostapd Not tainted 6.12.25+rpt-rpi-2712 #1  Debian 1:6.12.25-1+rpt1
Jun 06 13:30:00 2f6621fd717d65e9 kernel: Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)
Jun 06 13:30:00 2f6621fd717d65e9 kernel: pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
Jun 06 13:30:00 2f6621fd717d65e9 kernel: pc : brcmf_p2p_send_action_frame+0x23c/0xc58 [brcmfmac]
Jun 06 13:30:00 2f6621fd717d65e9 kernel: lr : brcmf_p2p_send_action_frame+0x200/0xc58 [brcmfmac]
Jun 06 13:30:00 2f6621fd717d65e9 kernel: sp : ffffc000871a35e0
Jun 06 13:30:00 2f6621fd717d65e9 kernel: x29: ffffc000871a35e0 x28: 0000000000000000 x27: ffff8001006b68f0
Jun 06 13:30:00 2f6621fd717d65e9 kernel: x26: ffff800140ec08c0 x25: ffffd06fbdcd5eb0 x24: ffff8001006b6800
Jun 06 13:30:00 2f6621fd717d65e9 kernel: x23: 0000000000000000 x22: ffff8001c087f800 x21: ffff8001c087f810
Jun 06 13:30:00 2f6621fd717d65e9 kernel: x20: ffff8001006b6810 x19: ffff8001006b6818 x18: 0000000000000000
Jun 06 13:30:00 2f6621fd717d65e9 kernel: x17: 0000000000000000 x16: ffffd06fce566d38 x15: 000055566c6899d0
Jun 06 13:30:00 2f6621fd717d65e9 kernel: x14: 0000a5c53067cf2c x13: 000001050004007f x12: 026c00000000ab0b
Jun 06 13:30:00 2f6621fd717d65e9 kernel: x11: 00000000000000d0 x10: 0000000000001a40 x9 : ffffd06fbdc5e000
Jun 06 13:30:00 2f6621fd717d65e9 kernel: x8 : ffff8000036b8c00 x7 : 0000000000000000 x6 : ffffc000871a3588
Jun 06 13:30:00 2f6621fd717d65e9 kernel: x5 : ffffc000871a35b0 x4 : 00000000ffffffd8 x3 : 0000000000000724
Jun 06 13:30:00 2f6621fd717d65e9 kernel: x2 : ffff8001c087f800 x1 : ffffd06fbdce0820 x0 : 0000000000000000
Jun 06 13:30:00 2f6621fd717d65e9 kernel: Call trace:
Jun 06 13:30:00 2f6621fd717d65e9 kernel:  brcmf_p2p_send_action_frame+0x23c/0xc58 [brcmfmac]
Jun 06 13:30:00 2f6621fd717d65e9 kernel:  brcmf_cfg80211_mgmt_tx+0x300/0x5b8 [brcmfmac]
Jun 06 13:30:00 2f6621fd717d65e9 kernel:  cfg80211_mlme_mgmt_tx+0x1a8/0x418 [cfg80211]
Jun 06 13:30:00 2f6621fd717d65e9 kernel:  nl80211_tx_mgmt+0x234/0x388 [cfg80211]
Jun 06 13:30:00 2f6621fd717d65e9 kernel:  genl_family_rcv_msg_doit+0xdc/0x150
Jun 06 13:30:00 2f6621fd717d65e9 kernel:  genl_rcv_msg+0x218/0x298
Jun 06 13:30:00 2f6621fd717d65e9 kernel:  netlink_rcv_skb+0x64/0x138
Jun 06 13:30:00 2f6621fd717d65e9 kernel:  genl_rcv+0x40/0x60
Jun 06 13:30:00 2f6621fd717d65e9 kernel:  netlink_unicast+0x314/0x380
Jun 06 13:30:00 2f6621fd717d65e9 kernel:  netlink_sendmsg+0x198/0x3f0
Jun 06 13:30:00 2f6621fd717d65e9 kernel:  __sock_sendmsg+0x64/0xc0
Jun 06 13:30:00 2f6621fd717d65e9 kernel:  ____sys_sendmsg+0x25c/0x298
Jun 06 13:30:00 2f6621fd717d65e9 kernel:  ___sys_sendmsg+0xb4/0x110
Jun 06 13:30:00 2f6621fd717d65e9 kernel:  __sys_sendmsg+0x8c/0xf0
Jun 06 13:30:00 2f6621fd717d65e9 kernel:  __arm64_sys_sendmsg+0x2c/0x40
Jun 06 13:30:00 2f6621fd717d65e9 kernel:  invoke_syscall+0x50/0x120
Jun 06 13:30:00 2f6621fd717d65e9 kernel:  el0_svc_common.constprop.0+0x48/0xf0
Jun 06 13:30:00 2f6621fd717d65e9 kernel:  do_el0_svc+0x24/0x38
Jun 06 13:30:00 2f6621fd717d65e9 kernel:  el0_svc+0x30/0xd0
Jun 06 13:30:00 2f6621fd717d65e9 kernel:  el0t_64_sync_handler+0x100/0x130
Jun 06 13:30:00 2f6621fd717d65e9 kernel:  el0t_64_sync+0x190/0x198
Jun 06 13:30:00 2f6621fd717d65e9 kernel: Code: f9401e80 aa1603e2 f9403be1 5280e483 (f9400000)
Jun 06 13:30:00 2f6621fd717d65e9 kernel: ---[ end trace 0000000000000000 ]---
Jun 06 13:30:00 2f6621fd717d65e9 systemd[1]: hostapd.service: Main process exited, code=killed, status=11/SEGV
Jun 06 13:30:00 2f6621fd717d65e9 systemd[1]: hostapd.service: Failed with result 'signal'.

Additional context

The log above is showing the trace w/ driver=nl80211 deinfed in hostapd.conf.
Without it the logs are less verbose, see below

Jun 06 13:45:09 2f6621fd717d65e9 systemd[1]: hostapd.service: Main process exited, code=killed, status=11/SEGV
Jun 06 13:45:09 2f6621fd717d65e9 systemd[1]: hostapd.service: Failed with result 'signal'.
Jun 06 13:45:11 2f6621fd717d65e9 systemd[1]: hostapd.service: Scheduled restart job, restart counter is at 1.
Jun 06 13:45:11 2f6621fd717d65e9 systemd[1]: Stopped hostapd.service - Access point and authentication server for Wi-Fi and Ethernet.
Jun 06 13:45:12 2f6621fd717d65e9 systemd[1]: Starting hostapd.service - Access point and authentication server for Wi-Fi and Ethernet...
Jun 06 13:46:42 2f6621fd717d65e9 systemd[1]: hostapd.service: start operation timed out. Terminating.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions