Mwifiex driver crashing when using AP and station mode

The WiFi interface driver mwifiex_sdio crashes similar as described in another thread [1], when conducting the following experiment.

1. Start hostapd for uap0.
2. Connect a host to the hostapd network and start pinging.
3. Connect mlan0 to a WiFi network.
4. Disconnect from mlan0 or shut down the AP and let mlan0 go down.

After step 3 or step 4, WiFi crashes and the interfaces disappear, sometimes immediately, other times after repeating step 3 and 4 a couple of times. First it seemed that this is only if both uap0 and mlan0 are operating on the same band, but that observation turned out to be wrong after some further testing.

cat /etc/hostapd.conf

interface=uap0
bridge=br0
hw_mode=a
channel=36
ieee80211ac=1
wmm_enabled=1
country_code=CH
rsn_pairwise=CCMP
group_cipher=CCMP

wpa=2
ssid=asterix
wpa_passphrase=hinkelstein

[  780.130005] IPv4: martian source 192.168.230.18 from 192.168.230.120, on dev mlan0
[  780.130029] ll header: 00000000: 10 68 38 da c3 c5 ca 7c 1f 0d 37 94 08 00
[  827.248943] mwifiex_sdio mmc0:0001:1: info: successfully disconnected from ca:7c:1f:0d:37:94: reason code 3
[  847.869207] mwifiex_sdio mmc0:0001:1: info: trying to associate to bssid ca:7c:1f:0d:37:94
[  858.142387] mwifiex_sdio mmc0:0001:1: mwifiex_cmd_timeout_func: Timeout cmd id = 0x12, act = 0x7cca
[  858.142420] mwifiex_sdio mmc0:0001:1: num_data_h2c_failure = 0
[  858.142430] mwifiex_sdio mmc0:0001:1: num_cmd_h2c_failure = 0
[  858.142440] mwifiex_sdio mmc0:0001:1: is_cmd_timedout = 1
[  858.142449] mwifiex_sdio mmc0:0001:1: num_tx_timeout = 0
[  858.142458] mwifiex_sdio mmc0:0001:1: last_cmd_index = 3
[  858.142468] mwifiex_sdio mmc0:0001:1: last_cmd_id: 28 00 28 00 16 00 12 00 10 00
[  858.142478] mwifiex_sdio mmc0:0001:1: last_cmd_act: 13 00 13 00 01 00 ca 7c 01 00
[  858.142489] mwifiex_sdio mmc0:0001:1: last_cmd_resp_index = 2
[  858.142498] mwifiex_sdio mmc0:0001:1: last_cmd_resp_id: 28 80 28 80 16 80 28 80 10 80
[  858.142508] mwifiex_sdio mmc0:0001:1: last_event_index = 4
[  858.142517] mwifiex_sdio mmc0:0001:1: last_event: 58 00 58 00 58 00 58 00 58 00
[  858.142527] mwifiex_sdio mmc0:0001:1: data_sent=0 cmd_sent=0
[  858.142537] mwifiex_sdio mmc0:0001:1: ps_mode=0 ps_state=0
[  858.142574] mwifiex_sdio mmc0:0001:1: info: association to bssid ca:7c:1f:0d:37:94 failed
[  858.143066] mwifiex_sdio mmc0:0001:1: ===mwifiex driverinfo dump start===
[  858.143084] mwifiex_sdio mmc0:0001:1: info: MWIFIEX VERSION: mwifiex 1.0 (16.92.21.p137) 
[  858.143114] mwifiex_sdio mmc0:0001:1: SDIO register dump start
[  858.143341] mwifiex_sdio mmc0:0001:1: SDIO Func0 (0x0-0x9): 43 03 02 02 03 00 00 02 03 00 
[  858.143479] mwifiex_sdio mmc0:0001:1: SDIO Func1 (0x10-0x17): 00 00 00 00 00 00 c0 ff 
[  858.143685] mwifiex_sdio mmc0:0001:1: SDIO Func1: (0x8) c3 (0x58) 00 (0x5c) 08 (0x5d) 00 (0x60) 07 (0x61) 0c (0x62) 00 (0x64) 10 (0x65) 00 (0x66) 00 (0x68) 00 (0x69) 00 (0x6a) 00 
[  858.143863] mwifiex_sdio mmc0:0001:1: SDIO Func1 (0xe8-0xf2): XX YY ZZ 00 2a 00 07 04 24 14 70 
[  858.146529] mwifiex_sdio mmc0:0001:1: PREP_CMD: FW is in bad state
[  858.243810] mwifiex_sdio mmc0:0001:1: Ignore scan. Card removed or firmware in bad state
[  858.243828] mwifiex_sdio mmc0:0001:1: scan failed: -14
[  858.246237] mwifiex_sdio mmc0:0001:1: SDIO Func1 (0xe8-0xf2): XX YY ZZ 00 34 00 07 04 24 14 70 
[  858.246256] mwifiex_sdio mmc0:0001:1: SDIO register dump end
[  858.246308] mwifiex_sdio mmc0:0001:1: ===mwifiex driverinfo dump end===
[  858.246440] mwifiex_sdio mmc0:0001:1: == mwifiex firmware dump start ==
[  858.268853] mwifiex_sdio mmc0:0001:1: Fail to pull ctrl_data
[  858.268869] mwifiex_sdio mmc0:0001:1: firmware dump failed
[  858.268879] mwifiex_sdio mmc0:0001:1: == mwifiex dump information to /sys/class/devcoredump start
[  858.269015] mwifiex_sdio mmc0:0001:1: == mwifiex dump information to /sys/class/devcoredump end
[  858.269026] mwifiex_sdio mmc0:0001:1: PREP_CMD: FW is in bad state
[  858.269259] mwifiex_sdio mmc0:0001:1: info: shutdown mwifiex...
[  858.269285] mwifiex: Have pending ack frames!
[  858.269785] mwifiex_sdio mmc0:0001:1: PREP_CMD: card is removed
[  858.272054] mwifiex_sdio mmc0:0001:1: PREP_CMD: card is removed
[  858.322927] mwifiex_sdio mmc0:0001:1: PREP_CMD: card is removed
[  858.322954] mwifiex_sdio mmc0:0001:1: Failed to delete mgmt IEs!
[  858.322960] mwifiex_sdio mmc0:0001:1: PREP_CMD: card is removed
[  858.322965] mwifiex_sdio mmc0:0001:1: Failed to stop the BSS
[  858.323532] br0: port 1(uap0) entered disabled state
[  858.323728] mwifiex_sdio mmc0:0001:1: PREP_CMD: card is removed
[  858.326634] mwifiex_sdio mmc0:0001:1 uap0 (unregistering): left allmulticast mode
[  858.326656] mwifiex_sdio mmc0:0001:1 uap0 (unregistering): left promiscuous mode
[  858.326669] br0: port 1(uap0) entered disabled state
[  858.413381] mwifiex_sdio mmc0:0001:1: PREP_CMD: card is removed
[  858.683147] mwifiex_sdio mmc0:0001:1: WLAN FW already running! Skip FW dnld
[  858.683169] mwifiex_sdio mmc0:0001:1: WLAN FW is active
[  869.022585] mwifiex_sdio mmc0:0001:1: mwifiex_cmd_timeout_func: Timeout cmd id = 0xa9, act = 0x0
[  869.022626] mwifiex_sdio mmc0:0001:1: num_data_h2c_failure = 0
[  869.022637] mwifiex_sdio mmc0:0001:1: num_cmd_h2c_failure = 0
[  869.022646] mwifiex_sdio mmc0:0001:1: is_cmd_timedout = 1
[  869.022656] mwifiex_sdio mmc0:0001:1: num_tx_timeout = 0
[  869.022664] mwifiex_sdio mmc0:0001:1: last_cmd_index = 4
[  869.022676] mwifiex_sdio mmc0:0001:1: last_cmd_id: 28 00 28 00 16 00 12 00 a9 00
[  869.022686] mwifiex_sdio mmc0:0001:1: last_cmd_act: 13 00 13 00 01 00 ca 7c 00 00
[  869.022696] mwifiex_sdio mmc0:0001:1: last_cmd_resp_index = 2
[  869.022705] mwifiex_sdio mmc0:0001:1: last_cmd_resp_id: 28 80 28 80 16 80 28 80 10 80
[  869.022714] mwifiex_sdio mmc0:0001:1: last_event_index = 4
[  869.022723] mwifiex_sdio mmc0:0001:1: last_event: 58 00 58 00 58 00 58 00 58 00
[  869.022735] mwifiex_sdio mmc0:0001:1: data_sent=1 cmd_sent=0
[  869.022745] mwifiex_sdio mmc0:0001:1: ps_mode=0 ps_state=0
[  869.032738] mwifiex_sdio mmc0:0001:1: info: _mwifiex_fw_dpc: unregister device

Software summary
------------------------------------------------------------
Bootloader:               U-Boot
Kernel version:           6.6.84-7.2.0-g87bfb710b6f1 #1-Torizon SMP PREEMPT Mon Mar 31 08:47:48 UTC 2025
Kernel command line:      root=LABEL=otaroot rootfstype=ext4 quiet logo.nologo vt.global_cursor_default=0 plymouth.ignore-serial-consoles splash fbcon=map:3 ostree=/ostree/boot.1/torizon/ec5fdc9bc7c0ebcb94571134de99e8315cf167c45f92d826d0535da5317de216/0
Distro name:              NAME="Torizon OS"
Distro version:           VERSION_ID=7.2.0-build.13
Distro variant:           VARIANT="Docker"
Hostname:                 verdin-imx8mp-15336914
------------------------------------------------------------

Hardware info
------------------------------------------------------------
HW model:                 Toradex Verdin iMX8M Plus WB on Verdin Development Board
Toradex version:          0064 V1.1A
Serial number:            15336914
Processor arch:           aarch64
------------------------------------------------------------

[1] Mwifiex crashes when creating an accesspoint - #4 by qojote

Hi, I’m the Toradex AI Assistant.

I might make mistakes. Our support team will step in if needed. If I answered your question, please tick the “Solution” checkbox. For follow-up questions to me, please use @ToradexAI in your post.

Did you like my answer?

Hello! Thank you for providing a detailed description and relevant logs. Based on your report and current documentation, here’s a summary and some recommendations:

Key Points

1. AW-CM276NF Module Limitation
   The Wi-Fi module on your Verdin iMX8M Plus (AW-CM276NF) is a single MAC device, which means it can only operate on one channel at a time—across both AP (uap0) and STA (mlan0) modes. Running concurrent AP and station interfaces can therefore result in conflicts if the underlying driver/firmware isn’t handling these transitions robustly (reference).

2. Driver and Firmware Issues
   The mwifiex_sdio driver is known to have stability issues, particularly when toggling between AP and STA roles or manipulating both interfaces concurrently, and especially on newer kernel versions. Your logs indicate the firmware is entering a bad state after these operations, which matches known limitations (reference). The line PREP_CMD: FW is in bad state and other timeouts suggest kernel/driver/firmware desynchronization.

3. Recent SDIO Driver Concerns
   Investigations point to driver issues most pronounced when using the SDIO-based Wi-Fi on Verdin iMX8M Plus modules (reference).

Recommendations

1. Channel & Band Consistency

Even though you noted that the crash seems independent of the Wi-Fi band/channel, the documentation still recommends for dual mode (AP + STA) on single-MAC devices, both interfaces should use the same band and channel. Mismatched settings often escalate driver/firmware instability.

• Ensure both the AP (hostapd) and station (mlan0) are on the same band and, ideally, the same channel. If possible, configure both networks to operate in 5GHz band on, for example, channel 36.

2. Driver Alternatives

If you experience instability with the mainline mwifiex_sdio driver, it is possible to explore NXP’s downstream kernel drivers, which may offer more robust support for this use case (reference). However, migrating to these drivers may involve custom kernel development.

3. Reset & Recovery Script

When the Wi-Fi crashes and interfaces disappear, a hardware-level reset or module reload is required. Consider automating this with a script to unbind/rebind the SDIO device, or perform a system reboot upon detection of failure. While this is more of a workaround, it can restore network functionality in unattended systems.

4. Minimize State Flipping

Reduce the frequency of state changes between AP and STA, and avoid frequent toggling or rapid connect/disconnect cycles since the current driver/firmware combination seems especially fragile under these conditions.

5. Monitor for Updates

Stay updated with new Torizon OS releases, as ongoing work may produce fixes or workarounds for your hardware/kernel combination.

Important:
Due to the module and driver limitations, fully robust AP+STA operation is not always achievable on this platform. Review your application requirements and, if possible, consider separating infrastructure (STA) and soft-AP features across different hardware modules to maximize stability.

• AW-CM276NF Key Features and Limitations
• Known Driver Issues and Workarounds

Let me know if you’d like configuration examples or additional troubleshooting steps.

Best regards,
Toradex AI Assistant.

Dear @simon.isg,

I believe the issue might be that you are using the module as AP and station (STA) simultaneously, which is in itself is possible, though it should be noted that in order for that to work they must operate on the same channel (either 2.4GHz or 5GHz).

Best regards,
Collin