Hi, I was hacking on ConnMan and was able to reliable trigger this crash with the current head: ++++++++ backtrace ++++++++ #0 0x7f4e1504e530 in /lib64/libc.so.6 #1 0x432b54 in network_get_security() at src/network.c:253 #2 0x416e92 in station_handshake_setup() at src/station.c:937 #3 0x41a505 in __station_connect_network() at src/station.c:2551 #4 0x41a683 in station_disconnect_onconnect_cb() at src/station.c:2581 #5 0x40b4ae in netdev_disconnect() at src/netdev.c:3142 #6 0x41a719 in station_disconnect_onconnect() at src/station.c:2603 #7 0x41a89d in station_connect_network() at src/station.c:2652 #8 0x433f1d in network_connect_psk() at src/network.c:886 #9 0x43483a in network_connect() at src/network.c:1183 #10 0x4add11 in _dbus_object_tree_dispatch() at ell/dbus-service.c:1802 #11 0x49ff54 in message_read_handler() at ell/dbus.c:285 #12 0x496d2f in io_callback() at ell/io.c:120 #13 0x495894 in l_main_iterate() at ell/main.c:478 #14 0x49599b in l_main_run() at ell/main.c:521 #15 0x495cb3 in l_main_run_with_signal() at ell/main.c:647 #16 0x404add in main() at src/main.c:490 #17 0x7f4e15038b25 in /lib64/libc.so.6 The sequence which seems to be to trigger it - set autoconnect to a known network - connnect to this network immediately I was not sure if setting the autoconnect will trigger the connect or not. Anyway, crashing seems a a bit harsh to let me know that me I am doing something wrong ;) The same crash happened when I blocked the STA from the AP. I've collected a pcap as well. Not sure if you need it. https://www.monom.org/data/blocked.pcap Thanks, Daniel ps: note the above call trace, the pcap and the call trace bellow are collected from separate crashes. (gdb) bt full #0 0x000000000043306e in network_get_security (network=0x0) at src/network.c:253 No locals. #1 0x00000000004172eb in station_handshake_setup (station=0x54bf40, network=0x0, bss=0x0) at src/station.c:938 security = 5553984 settings = 0x4e8070 <__func__.14> wiphy = 0x417de5 hs = 0x7fffffffe710 ssid = 0x54d6d0 "" eapol_proto_version = 0 value = 0x4e71eb "State" full_random = false override = false new_addr = "\177\000\000QwA" __func__ = "station_handshake_setup" #2 0x000000000041a9b7 in __station_connect_network (station=0x54bf40, network=0x0, bss=0x0) at src/station.c:2553 extra_ies = 0x7fffffffe810 iov_elems = 0 hs = 0x0 r = 0 __func__ = "__station_connect_network" #3 0x000000000041ab35 in station_disconnect_onconnect_cb (netdev=0x54b4a0, success=true, user_data=0x54bf40) at src/station.c:2583 station = 0x54bf40 err = 0 #4 0x000000000040b81e in netdev_disconnect (netdev=0x54b4a0, cb=0x41aae8 , user_data=0x54bf40) at src/netdev.c:3242 disconnect = 0x7fffffffe7d8 send_disconnect = false #5 0x000000000041abcb in station_disconnect_onconnect (station=0x54bf40, network=0x558720, bss=0x5593e0, message=0x557bc0) at src/station.c:2605 No locals. #6 0x000000000041ad60 in station_connect_network (station=0x54bf40, network=0x558720, bss=0x5593e0, message=0x557bc0) at src/station.c:2653 dbus = 0x538d00 err = 2 #7 0x0000000000434437 in network_connect_psk (network=0x558720, bss=0x5593e0, message=0x557bc0) at src/network.c:884 station = 0x54bf40 need_passphrase = false __func__ = "network_connect_psk" #8 0x0000000000434d54 in network_connect (dbus=0x538d00, message=0x557bc0, user_data=0x558720) at src/network.c:1183 network = 0x558720 station = 0x54bf40 bss = 0x5593e0 __func__ = "network_connect" #9 0x00000000004ae3f7 in _dbus_object_tree_dispatch (tree=0x53bee0, dbus=0x538d00, message=0x557bc0) at ell/dbus-service.c:1802 path = 0x558c38 "/net/connman/iwd/2/39/41636865726f6e_psk" interface = 0x558c88 "net.connman.iwd.Network" member = 0x558ca8 "Connect" msg_sig = 0x4fadd9 "" sig = 0x5464a5 "" node = 0x54cd10 instance = 0x551b70 method = 0x546490 reply = 0x0 #10 0x00000000004a063a in message_read_handler (io=0x539df0, user_data=0x538d00) at ell/dbus.c:285 dbus = 0x538d00 message = 0x557bc0 header = 0x558c20 body = 0x0 header_size = 160 body_size = 0 msgtype = DBUS_MESSAGE_TYPE_METHOD_CALL #11 0x0000000000497415 in io_callback (fd=6, events=1, user_data=0x539df0) at ell/io.c:120 io = 0x539df0 #12 0x0000000000495f7a in l_main_iterate (timeout=-1) at ell/main.c:478 events = {{events = 1, data = {ptr = 0x539e70, fd = 5480048, u32 = 5480048, u64 = 5480048}}, {events = 4, data = {ptr = 0x539e70, fd = 5480048, u32 = 5480048, u64 = 5480048}}, {events = 4, data = {ptr = 0x539e70, fd = 5480048, u32 = 5480048, u64 = 5480048}}, {events = 5, data = {ptr = 0x539e70, fd = 5480048, u32 = 5480048, u64 = 5480048}}, {events = 1, data = { ptr = 0x54ff50, fd = 5570384, u32 = 5570384, u64 = 5570384}}, {events = 0, data = {ptr = 0x10, fd = 16, u32 = 16, u64 = 16}}, {events = 4294967224, data = {ptr = 0xffffffff, fd = -1, u32 = 4294967295, u64 = 4294967295}}, {events = 0, data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}}, {events = 0, data = {ptr = 0xf7e6334400000000, fd = 0, u32 = 0, u64 = 17863021339162443776}}, {events = 32767, data = {ptr = 0x53e6b0, fd = 5498544, u32 = 5498544, u64 = 5498544}}} data = 0x539e70 n = 0 nfds = 1 #13 0x0000000000496081 in l_main_run () at ell/main.c:525 timeout = -1 #14 0x0000000000496399 in l_main_run_with_signal (callback=0x403a2e , user_data=0x0) at ell/main.c:647 data = 0x53e4e0 sigint = 0x53e500 sigterm = 0x53e680 result = 0 #15 0x0000000000404add in main (argc=2, argv=0x7fffffffec58) at src/main.c:490 enable_dbus_debug = false exit_status = 1 dbus = 0x538d00 config_dir = 0x4e3a51 "/etc/iwd" config_dirs = 0x5347a0 i = 1 __func__ = "main"