wpa_supplicant on buster fails with WPA enterprise

Bug #1834749 reported by Nick Sayer on 2019-06-29
62
This bug affects 12 people
Affects Status Importance Assigned to Milestone
Raspbian
Undecided
Unassigned

Bug Description

the version of wpa_supplicant included on buster can't successfully negotiate wpa_enterprise connections. Downgrading wpa_supplicant to the stretch version works.

So far as I can tell, the best diagnostic I've found is this in kern.log:

Jun 29 09:56:08 srv-pizero kernel: [ 1699.002587] ------------[ cut here ]------------
Jun 29 09:56:08 srv-pizero kernel: [ 1699.003038] WARNING: CPU: 0 PID: 16477 at drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c:5126 brcmf_cfg80211_set_pmk+0x64/0x84 [brcmfmac]
Jun 29 09:56:08 srv-pizero kernel: [ 1699.003049] Modules linked in: bnep hci_uart btbcm serdev bluetooth ecdh_generic 8021q garp stp llc spidev brcmfmac brcmutil sha256_generic cfg80211 ras
pberrypi_hwmon hwmon rfkill bcm2835_codec(C) bcm2835_v4l2(C) v4l2_mem2mem bcm2835_mmal_vchiq(C) v4l2_common videobuf2_dma_contig videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_c
ommon spi_bcm2835 videodev media fixed uio_pdrv_genirq uio usb_f_acm u_serial g_serial libcomposite dwc2 udc_core ip_tables x_tables ipv6
Jun 29 09:56:08 srv-pizero kernel: [ 1699.003266] CPU: 0 PID: 16477 Comm: wpa_supplicant Tainted: G WC 4.19.50+ #896
Jun 29 09:56:08 srv-pizero kernel: [ 1699.003273] Hardware name: BCM2835
Jun 29 09:56:08 srv-pizero kernel: [ 1699.003324] [<c0017edc>] (unwind_backtrace) from [<c0014e24>] (show_stack+0x20/0x24)
Jun 29 09:56:08 srv-pizero kernel: [ 1699.003356] [<c0014e24>] (show_stack) from [<c06b8350>] (dump_stack+0x20/0x28)
Jun 29 09:56:08 srv-pizero kernel: [ 1699.003393] [<c06b8350>] (dump_stack) from [<c0024450>] (__warn+0xf4/0x11c)
Jun 29 09:56:08 srv-pizero kernel: [ 1699.003418] [<c0024450>] (__warn) from [<c00245a8>] (warn_slowpath_null+0x4c/0x58)
Jun 29 09:56:08 srv-pizero kernel: [ 1699.003697] [<c00245a8>] (warn_slowpath_null) from [<bf404aec>] (brcmf_cfg80211_set_pmk+0x64/0x84 [brcmfmac])
Jun 29 09:56:08 srv-pizero kernel: [ 1699.005132] [<bf404aec>] (brcmf_cfg80211_set_pmk [brcmfmac]) from [<bf26d37c>] (nl80211_set_pmk+0x160/0x1f8 [cfg80211])
Jun 29 09:56:08 srv-pizero kernel: [ 1699.006250] [<bf26d37c>] (nl80211_set_pmk [cfg80211]) from [<c05f6e94>] (genl_rcv_msg+0x238/0x458)
Jun 29 09:56:08 srv-pizero kernel: [ 1699.006292] [<c05f6e94>] (genl_rcv_msg) from [<c05f5eb0>] (netlink_rcv_skb+0x100/0x138)
Jun 29 09:56:08 srv-pizero kernel: [ 1699.006320] [<c05f5eb0>] (netlink_rcv_skb) from [<c05f6c48>] (genl_rcv+0x30/0x44)
Jun 29 09:56:08 srv-pizero kernel: [ 1699.006345] [<c05f6c48>] (genl_rcv) from [<c05f55dc>] (netlink_unicast+0x1a8/0x23c)
Jun 29 09:56:08 srv-pizero kernel: [ 1699.006370] [<c05f55dc>] (netlink_unicast) from [<c05f5a24>] (netlink_sendmsg+0x2f0/0x364)
Jun 29 09:56:08 srv-pizero kernel: [ 1699.006397] [<c05f5a24>] (netlink_sendmsg) from [<c058a550>] (sock_sendmsg+0x24/0x34)
Jun 29 09:56:08 srv-pizero kernel: [ 1699.006419] [<c058a550>] (sock_sendmsg) from [<c058ad3c>] (___sys_sendmsg+0x20c/0x228)
Jun 29 09:56:08 srv-pizero kernel: [ 1699.006442] [<c058ad3c>] (___sys_sendmsg) from [<c058be00>] (__sys_sendmsg+0x5c/0xa0)
Jun 29 09:56:08 srv-pizero kernel: [ 1699.006463] [<c058be00>] (__sys_sendmsg) from [<c058be60>] (sys_sendmsg+0x1c/0x20)
Jun 29 09:56:08 srv-pizero kernel: [ 1699.006486] [<c058be60>] (sys_sendmsg) from [<c0009000>] (ret_fast_syscall+0x0/0x28)
Jun 29 09:56:08 srv-pizero kernel: [ 1699.006497] Exception stack(0xd8845fa8 to 0xd8845ff0)
Jun 29 09:56:08 srv-pizero kernel: [ 1699.006514] 5fa0: 01d39210 01d3a8d8 00000004 bec1efd0 00000000 00000000
Jun 29 09:56:08 srv-pizero kernel: [ 1699.006531] 5fc0: 01d39210 01d3a8d8 01d39198 00000128 b6f87000 ffffffff 00000001 00000004
Jun 29 09:56:08 srv-pizero kernel: [ 1699.006544] 5fe0: 0000006c bec1ef88 b6f6c5bc b6ad2980
Jun 29 09:56:08 srv-pizero kernel: [ 1699.006556] ---[ end trace c696f3cfa961932b ]---

Honestly, I have no idea if that's a red herring or not.

Revision history for this message
Chris (chrispage) wrote :
Download full text (4.0 KiB)

I'm experiencing the same problem attempting to connect to eduroam, wpa_supplicant contains:

network={
     ssid="eduroam"
     identity="<username>@<institution>"
     password="<password>"
     eap=PEAP
     phase1="peaplabel=0"
     phase2="auth=MSCHAPV2"
     key_mgmt=WPA-EAP
     scan_ssid=1
}

Kernel error is similar:

Jun 20 18:42:41 raspberrypi kernel: [ 609.883403] ------------[ cut here ]------------
Jun 20 18:42:41 raspberrypi kernel: [ 609.883546] WARNING: CPU: 2 PID: 483 at drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c:5126 brcmf_cfg80211
_set_pmk+0x6c/0x80 [brcmfmac]
Jun 20 18:42:41 raspberrypi kernel: [ 609.883556] Modules linked in: rfcomm bnep hci_uart btbcm serdev bluetooth ecdh_generic fuse 8021q garp stp llc evdev v
3d vc4 gpu_sched drm_kms_helper snd_soc_core snd_bcm2835(C) drm brcmfmac snd_compress brcmutil snd_pcm_dmaengine syscopyarea sysfillrect sysimgblt raspberrypi
_hwmon sha256_generic fb_sys_fops drm_panel_orientation_quirks snd_pcm hwmon cfg80211 snd_timer rfkill snd bcm2835_v4l2(C) bcm2835_codec(C) v4l2_common videob
uf2_vmalloc v4l2_mem2mem bcm2835_mmal_vchiq(C) videobuf2_dma_contig videobuf2_memops videobuf2_v4l2 videobuf2_common videodev media argon_mem fixed uio_pdrv_g
enirq uio i2c_dev ip_tables x_tables ipv6
Jun 20 18:42:41 raspberrypi kernel: [ 609.884075] CPU: 2 PID: 483 Comm: wpa_supplicant Tainted: G WC 4.19.50-v7l+ #895
Jun 20 18:42:41 raspberrypi kernel: [ 609.884083] Hardware name: BCM2835
Jun 20 18:42:41 raspberrypi kernel: [ 609.884115] [<c0212c80>] (unwind_backtrace) from [<c020d49c>] (show_stack+0x20/0x24)
Jun 20 18:42:41 raspberrypi kernel: [ 609.884136] [<c020d49c>] (show_stack) from [<c0978f60>] (dump_stack+0xd4/0x118)
Jun 20 18:42:41 raspberrypi kernel: [ 609.884157] [<c0978f60>] (dump_stack) from [<c0222270>] (__warn+0x104/0x11c)
Jun 20 18:42:41 raspberrypi kernel: [ 609.884173] [<c0222270>] (__warn) from [<c02223c0>] (warn_slowpath_null+0x50/0x58)
Jun 20 18:42:41 raspberrypi kernel: [ 609.884294] [<c02223c0>] (warn_slowpath_null) from [<bf5b8ae0>] (brcmf_cfg80211_set_pmk+0x6c/0x80 [brcmfmac])
Jun 20 18:42:41 raspberrypi kernel: [ 609.884551] [<bf5b8ae0>] (brcmf_cfg80211_set_pmk [brcmfmac]) from [<bf2debfc>] (nl80211_set_pmk+0x160/0x26c [cfg80211])
Jun 20 18:42:41 raspberrypi kernel: [ 609.884697] [<bf2debfc>] (nl80211_set_pmk [cfg80211]) from [<c08b3784>] (genl_rcv_msg+0x244/0x464)
Jun 20 18:42:41 raspberrypi kernel: [ 609.884714] [<c08b3784>] (genl_rcv_msg) from [<c08b277c>] (netlink_rcv_skb+0x104/0x138)
Jun 20 18:42:41 raspberrypi kernel: [ 609.884728] [<c08b277c>] (netlink_rcv_skb) from [<c08b3530>] (genl_rcv+0x34/0x44)
Jun 20 18:42:41 raspberrypi kernel: [ 609.884742] [<c08b3530>] (genl_rcv) from [<c08b1e9c>] (netlink_unicast+0x1b0/0x234)
Jun 20 18:42:41 raspberrypi kernel: [ 609.884756] [<c08b1e9c>] (netlink_unicast) from [<c08b22c0>] (netlink_sendmsg+0x2dc/0x364)
Jun 20 18:42:41 raspberrypi kernel: [ 609.884771] [<c08b22c0>] (netlink_sendmsg) from [<c0842968>] (sock_sendmsg+0x24/0x34)
Jun 20 18:42:41 raspberrypi kernel: [ 609.884789] [<c0842968>] (sock_sendmsg) from [<c08431b4>] (___sys_sendmsg+0x214/0x228)
Jun 20 18:42:41 raspberrypi ke...

Read more...

Pander (pander) on 2019-07-17
tags: added: buster wifi
Revision history for this message
Ted Lum (tlum) wrote :

I have the same problem - no way to use wifi, so this is SERIOUS issue for me.

This appears to be this:

https://www.spinics.net/lists/linux-wireless/msg187184.html

v2.8 supplicant is illegally trying to use 4-way handshake offloading in NL80211_CMD_SET_PMK without declaring it's intent to use it with NL80211_ATTR_WANT_1X_4WAY_HS in NL80211_CMD_CONNECT, so the violation of the contract results in a warning being thrown... and the call fails.

Revision history for this message
Will Bratton (wfbratton) wrote :

Encountering same issue attempting to connect Raspberry Pi 4 running Buster to enterprise Wifi. Raspberry Pi 3s running Jessie connect with no issue.

Thanks!

Revision history for this message
Christian Gut (cycloon) wrote :

This seems to have been already corrected by Redhat:
https://bugzilla.redhat.com/show_bug.cgi?id=1665608

See also this:
https://patchwork.ozlabs.org/patch/1125655/

Revision history for this message
Sergei Morozov (sergeimorozov) wrote :

I'm experiencing a similar problem on Ubuntu 19.10 (wpasupplicant 2.9): https://askubuntu.com/questions/1185373/cannot-connect-to-an-enterprise-wifi-network-after-an-upgrade-to-ubuntu-19-10.

Is it the same one that was solved in the ticket above?

Revision history for this message
Joey Dodson (ninjawailer) wrote :

Can anyone experiencing this bug try running:

$apt list -a firmware-brcm80211

to see if the version installed is firmware-brcm80211 1:20190114-1+rpt5

I was able to solve an issue similar to this (or the same?) by downgrading this package to firmware-brcm80211 1:20190114-1+rpt4. You can see more about my problem on Stack Exchange here:

https://raspberrypi.stackexchange.com/questions/110786/rpi4-with-buster-wpa-supplicant-fails-to-connect-to-hostapd-network-hosted-on-ub/110796?noredirect=1#comment189464_110796

Revision history for this message
ktf (mvanb1) wrote :

@ninjawailer
I tried running firmware-brcm80211 and I was running 1:20190114-1+rpt6

Downgrading to +rt4 only made things worse. With the newer version, I could still get things running through WEXT (though it still was rather unstable), with the downgrade WEXT nor nl80211 worked.

I downgraded from Buster to Stretch to fix this issue.

Revision history for this message
Ruben Di Battista (tid91) wrote :

Same problem here, the DHCP cannot lease an IP effectively if using the nl80211 interface. Using legacy Wext option fixes the problem for me on eduroam.

firmware-brcm80211/testing,now 1:20190114-1+rpt8

Revision history for this message
Mark A. Ziesemer (ziesemer) wrote :

For what it's worth, instead of falling-back to the legacy Wext, I resolved this for myself by pushing-forward to the latest wpa_supplicant with the included fixes.

My cheat-sheet for next time I need this (until a fixed wpa_supplicant is readily available):

wget https://w1.fi/releases/wpa_supplicant-2.9.tar.gz
tar -xvf wpa_supplicant-2.9.tar.gz
sudo apt install libnl-3-dev libdbus-1-dev libnl-genl-3-dev
cd wpa_supplicant-2.9/wpa_supplicant/
cp -p defconfig .config
make
sudo make install
sudo EDITOR=vim systemctl edit wpa_supplicant

[Service]
ExecStart=
ExecStart=/usr/local/sbin/wpa_supplicant -u -s -O /run/wpa_supplicant

sudo systemctl daemon-reload
sudo systemctl restart wpa_supplicant

Can we please just have a new wpa_supplicant packaged and made available here to simplify this?

Revision history for this message
Daniel Blittschau (dblitt) wrote :

+1 for this bug and for packaging wpa_supplicant 2.9. Completely fixes the issue.

Just to add on to ziesemer's instructions, you also need libssl-dev to compile wpa_supplicant

Changed in raspbian:
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.