Re: trouble with commit: AP: Support disconnect with MLD

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Am 26.01.2025 um 21:38 schrieb Jouni Malinen:

On Sun, Jan 12, 2025 at 09:25:42AM +0100, e9hack wrote:

something is broken in commit

01677c47fb13976e078b5a2157aa6bebf19f1731
AP: Support disconnect with MLD

I've setup a 2G AP in WPA-PSK/SAE mixed mode. All clients which using WPA-PSK will be disconnect after a few seconds:

Sun Jan 12 08:22:13 2025 daemon.info hostapd: 2G-ap4: STA cc:cc:cc:cc:cc:cc IEEE 802.11: authenticated

...

Would you be able to provide a more detailed debug log from hostapd
(e.g., stdout with -ddt on the command line) showing this?

Fri Jan 31 10:15:20 2025 daemon.info hostapd: 5G-ap1: STA 1a:xx:xx:xx:xx:xx IEEE 802.11: authenticated
Fri Jan 31 10:15:20 2025 daemon.info hostapd: 5G-ap1: STA 1a:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 2)
Fri Jan 31 10:15:20 2025 daemon.notice hostapd: 5G-ap1: CTRL-EVENT-EAP-STARTED 1a:xx:xx:xx:xx:xx
Fri Jan 31 10:15:20 2025 daemon.notice hostapd: 5G-ap1: CTRL-EVENT-EAP-STARTED 1a:xx:xx:xx:xx:xx
Fri Jan 31 10:15:20 2025 daemon.notice hostapd: 5G-ap1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Fri Jan 31 10:15:20 2025 daemon.notice hostapd: 5G-ap1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
Fri Jan 31 10:15:21 2025 daemon.notice hostapd: EAP-PEAP: TLV Result - Success - requested Success
Fri Jan 31 10:15:21 2025 daemon.notice hostapd: 5G-ap1: CTRL-EVENT-EAP-SUCCESS 1a:xx:xx:xx:xx:xx
Fri Jan 31 10:15:21 2025 daemon.info hostapd: 5G-ap1: STA 1a:xx:xx:xx:xx:xx WPA: pairwise key handshake completed (RSN)
Fri Jan 31 10:15:21 2025 daemon.notice hostapd: 5G-ap1: EAPOL-4WAY-HS-COMPLETED 1a:xx:xx:xx:xx:xx
Fri Jan 31 10:15:21 2025 daemon.notice hostapd: 5G-ap1: AP-STA-CONNECTED 1a:xx:xx:xx:xx:xx auth_alg=open
Fri Jan 31 10:15:21 2025 daemon.info hostapd: 5G-ap1: STA 1a:xx:xx:xx:xx:xx RADIUS: starting accounting session 2F94845A06B2CE4D
Fri Jan 31 10:15:21 2025 daemon.info hostapd: 5G-ap1: STA 1a:xx:xx:xx:xx:xx IEEE 802.1X: authenticated - EAP type: 0 (unknown)
Fri Jan 31 10:16:00 2025 daemon.notice hostapd: 5G-ap1: AP-STA-DISCONNECTED 1a:xx:xx:xx:xx:xx
Fri Jan 31 10:16:03 2025 daemon.info hostapd: 5G-ap1: STA 1a:xx:xx:xx:xx:xx IEEE 802.11: authenticated
Fri Jan 31 10:16:03 2025 daemon.info hostapd: 5G-ap1: STA 1a:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 2)
Fri Jan 31 10:16:03 2025 daemon.notice hostapd: 5G-ap1: CTRL-EVENT-EAP-STARTED 1a:xx:xx:xx:xx:xx
Fri Jan 31 10:16:03 2025 daemon.info hostapd: 5G-ap1: STA 1a:xx:xx:xx:xx:xx IEEE 802.11: authenticated
Fri Jan 31 10:16:03 2025 daemon.info hostapd: 5G-ap1: STA 1a:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 2)
Fri Jan 31 10:16:04 2025 daemon.notice hostapd: 5G-ap1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Fri Jan 31 10:16:07 2025 daemon.notice hostapd: 5G-ap1: CTRL-EVENT-EAP-RETRANSMIT 1a:xx:xx:xx:xx:xx
Fri Jan 31 10:16:13 2025 daemon.notice hostapd: 5G-ap1: CTRL-EVENT-EAP-RETRANSMIT 1a:xx:xx:xx:xx:xx
Fri Jan 31 10:16:25 2025 daemon.notice hostapd: 5G-ap1: CTRL-EVENT-EAP-RETRANSMIT 1a:xx:xx:xx:xx:xx
Fri Jan 31 10:16:32 2025 daemon.info hostapd: 2G-ap3: STA f4:xx:xx:xx:xx:xx IEEE 802.11: authenticated
Fri Jan 31 10:16:32 2025 daemon.info hostapd: 2G-ap3: STA f4:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1)
Fri Jan 31 10:16:32 2025 daemon.notice hostapd: Assigned VLAN ID 202 from wpa_psk_file to f4:xx:xx:xx:xx:xx
Fri Jan 31 10:16:32 2025 daemon.notice hostapd: 2G-ap3: AP-STA-CONNECTED f4:xx:xx:xx:xx:xx auth_alg=open
Fri Jan 31 10:16:32 2025 daemon.info hostapd: 2G-ap3: STA f4:xx:xx:xx:xx:xx RADIUS: starting accounting session 4225B8F1C8F8E16A
Fri Jan 31 10:16:32 2025 daemon.info hostapd: 2G-ap3: STA f4:xx:xx:xx:xx:xx WPA: pairwise key handshake completed (RSN)
Fri Jan 31 10:16:32 2025 daemon.notice hostapd: 2G-ap3: EAPOL-4WAY-HS-COMPLETED f4:xx:xx:xx:xx:xx
Fri Jan 31 10:16:45 2025 daemon.notice hostapd: 5G-ap1: CTRL-EVENT-EAP-RETRANSMIT 1a:xx:xx:xx:xx:xx
Fri Jan 31 10:17:05 2025 daemon.notice hostapd: 5G-ap1: CTRL-EVENT-EAP-RETRANSMIT 1a:xx:xx:xx:xx:xx
Fri Jan 31 10:17:25 2025 daemon.notice hostapd: 5G-ap1: CTRL-EVENT-EAP-RETRANSMIT 1a:xx:xx:xx:xx:xx
Fri Jan 31 10:17:25 2025 daemon.notice hostapd: 5G-ap1: CTRL-EVENT-EAP-TIMEOUT-FAILURE 1a:xx:xx:xx:xx:xx
Fri Jan 31 10:17:25 2025 daemon.notice hostapd: 5G-ap1: STA 1a:xx:xx:xx:xx:xx IEEE 802.11: did not acknowledge authentication response
Fri Jan 31 10:17:30 2025 daemon.info hostapd: 5G-ap1: STA 1a:xx:xx:xx:xx:xx IEEE 802.11: deauthenticated due to local deauth request
Fri Jan 31 10:17:31 2025 daemon.info hostapd: 5G-ap1: STA 1a:xx:xx:xx:xx:xx IEEE 802.11: authenticated
Fri Jan 31 10:17:31 2025 daemon.info hostapd: 5G-ap1: STA 1a:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 2)
Fri Jan 31 10:17:31 2025 daemon.notice hostapd: 5G-ap1: CTRL-EVENT-EAP-STARTED 1a:xx:xx:xx:xx:xx
Fri Jan 31 10:17:32 2025 daemon.notice hostapd: 5G-ap1: CTRL-EVENT-EAP-STARTED 1a:xx:xx:xx:xx:xx
Fri Jan 31 10:17:32 2025 daemon.notice hostapd: 5G-ap1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Fri Jan 31 10:17:34 2025 daemon.notice hostapd: 5G-ap1: CTRL-EVENT-EAP-RETRANSMIT 1a:xx:xx:xx:xx:xx
Fri Jan 31 10:17:35 2025 daemon.notice hostapd: 5G-ap1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
Fri Jan 31 10:17:35 2025 kern.info kernel: [ 1801.054117] do_page_fault(): sending SIGSEGV to hostapd for invalid write access to 0000096c
Fri Jan 31 10:17:35 2025 kern.info kernel: [ 1801.062636] epc = 77e3f6fc in libc.so[77db0000+bd000]
Fri Jan 31 10:17:35 2025 kern.info kernel: [ 1801.067755] ra  = 5566e8df in hostapd[55640000+e7000]
Fri Jan 31 10:17:35 2025 daemon.warn netifd: Wireless device 'radio1' setup failed, retry=3
Fri Jan 31 10:17:35 2025 daemon.warn netifd: Wireless device 'radio0' setup failed, retry=3
Fri Jan 31 10:17:35 2025 daemon.notice netifd: Network device '5G-ap2' link is down
Fri Jan 31 10:17:35 2025 kern.info kernel: [ 1801.099896] br-tor: port 2(5G-ap2) entered disabled state
Fri Jan 31 10:17:35 2025 kern.info kernel: [ 1801.245830] br-tor: port 2(5G-ap2) entered disabled state
Fri Jan 31 10:17:35 2025 kern.info kernel: [ 1801.334126] mt7915e 0000:02:00.0 5G-ap2 (unregistering): left allmulticast mode
Fri Jan 31 10:17:35 2025 kern.info kernel: [ 1801.341504] mt7915e 0000:02:00.0 5G-ap2 (unregistering): left promiscuous mode
Fri Jan 31 10:17:35 2025 kern.info kernel: [ 1801.349009] br-tor: port 2(5G-ap2) entered disabled state

I see two types of page faults. The other one is:

Fri Jan 31 09:38:12 2025 kern.info kernel: [  664.802512] do_page_fault(): sending SIGSEGV to hostapd for invalid read access from 087f000c
Fri Jan 31 09:38:12 2025 kern.info kernel: [  664.811101] epc = 55599a6d in hostapd[55560000+e7000]
Fri Jan 31 09:38:12 2025 kern.info kernel: [  664.816176] ra  = 55596091 in hostapd[55560000+e7000]

The page fault with read access occurs for 90% of the this page faults.

I trigger the page fault by rebooting a windows 10 client. The fault occurs at the time where the windows 10 client tries automatically to reconnect to the wifi. It occurs on every reboot. A simple disconnect and reconnect does trigger the issue not very often.



It would also
be helpful to get a hostapd configuration file that shows the exact
configuration that results in such behavior.

The configuration files are generated by openwrt from the wireless config file.

hostapd-phy0.conf:

driver=nl80211
logger_syslog=4
logger_syslog_level=2
logger_stdout=4
logger_stdout_level=2
country_code=DE
ieee80211d=1
spectrum_mgmt_required=0
supported_rates=60 90 120 180 240 360 480 540
basic_rates=60 120 240
beacon_int=100
noscan=1
airtime_mode=0
rssi_reject_assoc_rssi=0
rssi_ignore_probe_request=0
acs_exclude_dfs=0
min_tx_power=0
hw_mode=g
channel=9
ieee80211n=1
ht_coex=1
ht_capab=[HT40-][LDPC][SHORT-GI-20][SHORT-GI-40][TX-STBC][MAX-AMSDU-7935][RX-STBC1]
he_bss_color=128
he_spr_sr_control=3
ieee80211ax=1
he_su_beamformer=1
he_su_beamformee=1
he_mu_beamformer=1
he_twt_required=0
he_default_pe_duration=4
he_rts_threshold=1023
he_mu_edca_qos_info_param_count=0
he_mu_edca_qos_info_q_ack=0
he_mu_edca_qos_info_queue_request=0
he_mu_edca_qos_info_txop_request=0
he_mu_edca_ac_be_aifsn=8
he_mu_edca_ac_be_aci=0
he_mu_edca_ac_be_ecwmin=9
he_mu_edca_ac_be_ecwmax=10
he_mu_edca_ac_be_timer=255
he_mu_edca_ac_bk_aifsn=15
he_mu_edca_ac_bk_aci=1
he_mu_edca_ac_bk_ecwmin=9
he_mu_edca_ac_bk_ecwmax=10
he_mu_edca_ac_bk_timer=255
he_mu_edca_ac_vi_ecwmin=5
he_mu_edca_ac_vi_ecwmax=7
he_mu_edca_ac_vi_aifsn=5
he_mu_edca_ac_vi_aci=2
he_mu_edca_ac_vi_timer=255
he_mu_edca_ac_vo_aifsn=5
he_mu_edca_ac_vo_aci=3
he_mu_edca_ac_vo_ecwmin=5
he_mu_edca_ac_vo_ecwmax=7
he_mu_edca_ac_vo_timer=255
stationary_ap=1
mbssid=0

#num_global_macaddr=1

# Setup interface: 2G-ap0
interface=2G-ap0
bssid=50:xx:xx:xx:xx:xx
ctrl_interface=/var/run/hostapd
ap_isolate=0
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=1
skip_inactivity_poll=0
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
utf8_ssid=1
ssid=xxxx
bridge=br-xxxx
snoop_iface=br-xxxx.100
preamble=1
wmm_enabled=1
qos_map_set=0,0,2,16,1,1,255,255,18,22,24,38,40,40,44,46,48,56
dtim_period=2
eapol_key_index_workaround=1
ieee8021x=1
sae_require_mfp=1
sae_pwe=2
wpa_group_rekey=3600
eapol_version=2
wpa_disable_eapol_key_retries=0
wpa=2
wpa_pairwise=CCMP
rrm_neighbor_report=1
rrm_beacon_report=1
rnr=1
vlan_file=/var/run/hostapd-2G-ap0.vlan
check_crl=2
eap_server=1
eap_server_erp=1
eap_user_file=/etc/hostapd/haprad.eap_user
ca_cert=/var/run/hostapd-2G-ap0.crl
server_cert=/etc/certs/ap.crt
private_key=/etc/certs/ap.encrypted.key
private_key_passwd=xxxx
server_id=xxxx
ieee80211w=1
group_mgmt_cipher=AES-128-CMAC
okc=0
disable_pmksa_caching=1
wpa_key_mgmt=WPA-EAP WPA-EAP-SHA256
broadcast_deauth=1
#default_macaddr

# Setup interface: 2G-ap1
bss=2G-ap1
bssid=52:xx:xx:xx:xx:xx
ctrl_interface=/var/run/hostapd
ap_isolate=0
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=1
skip_inactivity_poll=0
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
utf8_ssid=1
ssid=xxxx
preamble=1
wmm_enabled=1
qos_map_set=0,0,2,16,1,1,255,255,18,22,24,38,40,40,44,46,48,56
dtim_period=2
sae_password=>xxxx|mac=ff:ff:ff:ff:ff:ff|vlanid=100
sae_require_mfp=1
sae_pwe=2
wpa_group_rekey=3600
wpa_psk_file=/etc/hostapd/hostapd.xxxx.wpa_psk
dynamic_vlan=1
eap_reauth_period=0
wpa_disable_eapol_key_retries=0
wpa=2
wpa_pairwise=CCMP
rrm_neighbor_report=1
rrm_beacon_report=1
rnr=1
vlan_file=/etc/hostapd/hostapd.2G-ap1.vlan
dynamic_vlan=1
vlan_naming=1
vlan_no_bridge=0
vlan_tagged_interface=eth0
ieee80211w=1
group_mgmt_cipher=AES-128-CMAC
okc=1
wpa_key_mgmt=WPA-PSK SAE WPA-PSK-SHA256
broadcast_deauth=1
#default_macaddr

# Setup interface: 2G-ap2
bss=2G-ap2
bssid=56:xx:xx:xx:xx:xx
ctrl_interface=/var/run/hostapd
ap_isolate=0
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=1
skip_inactivity_poll=0
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
utf8_ssid=1
ssid=xxxx
preamble=1
wmm_enabled=1
qos_map_set=0,0,2,16,1,1,255,255,18,22,24,38,40,40,44,46,48,56
dtim_period=2
sae_password=xxxx|mac=e8:xx:xx:xx:xx:xx|vlanid=201
sae_password=xxxx|mac=f8:xx:xx:xx:xx:xx|vlanid=201
sae_password=xxxx|mac=d0:xx:xx:xx:xx:xx|vlanid=201
sae_require_mfp=1
sae_pwe=2
wpa_group_rekey=3600
wpa_psk_file=/etc/hostapd/hostapd.xxxx.wpa_psk
dynamic_vlan=1
eap_reauth_period=0
wpa_disable_eapol_key_retries=0
wpa=2
wpa_pairwise=CCMP
rrm_neighbor_report=1
rrm_beacon_report=1
rnr=1
deny_mac_file=/var/run/hostapd-2G-ap2.maclist
macaddr_acl=0
vlan_file=/etc/hostapd/hostapd.xxxx.vlan
dynamic_vlan=1
vlan_naming=1
vlan_no_bridge=0
vlan_tagged_interface=eth0
ieee80211w=1
group_mgmt_cipher=AES-128-CMAC
okc=1
wpa_key_mgmt=WPA-PSK SAE WPA-PSK-SHA256
broadcast_deauth=1
#default_macaddr

# Setup interface: 2G-ap3
bss=2G-ap3
bssid=5a:xx:xx:xx:xx:xx
ctrl_interface=/var/run/hostapd
ap_isolate=0
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=1
skip_inactivity_poll=0
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
utf8_ssid=1
ssid=xxxx
preamble=1
wmm_enabled=1
bss_transition=1
qos_map_set=0,0,2,16,1,1,255,255,18,22,24,38,40,40,44,46,48,56
dtim_period=2
sae_password=xxxx|mac=98:xx:xx:xx:xx:xx|vlanid=202
sae_password=xxxx|mac=ff:ff:ff:ff:ff:ff|vlanid=202
sae_require_mfp=1
sae_pwe=2
wpa_group_rekey=3600
wpa_passphrase=xxxx
wpa_psk_file=/etc/hostapd/hostapd.xxxx.wpa_psk
dynamic_vlan=1
eap_reauth_period=0
wpa_disable_eapol_key_retries=0
wpa=2
wpa_pairwise=CCMP
rrm_neighbor_report=1
rrm_beacon_report=1
rnr=1
deny_mac_file=/var/run/hostapd-2G-ap3.maclist
macaddr_acl=0
vlan_file=/etc/hostapd/hostapd.xxxx.vlan
dynamic_vlan=1
vlan_naming=1
vlan_no_bridge=0
vlan_tagged_interface=eth0
ieee80211w=0
okc=1
wpa_key_mgmt=WPA-PSK SAE
broadcast_deauth=1
#default_macaddr

# Setup interface: 2G-ap5
bss=2G-ap5
bssid=00:xx:xx:xx:xx:xx
ctrl_interface=/var/run/hostapd
ap_isolate=1
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=1
skip_inactivity_poll=0
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
utf8_ssid=1
ssid=xxxx
bridge=br-xxxx
snoop_iface=br-xxxx
preamble=1
wmm_enabled=1
qos_map_set=0,0,2,16,1,1,255,255,18,22,24,38,40,40,44,46,48,56
dtim_period=2
sae_password=xxxx
sae_require_mfp=1
sae_pwe=2
wpa_group_rekey=3600
wpa_passphrase=xxxx
wpa_psk_file=/var/run/hostapd-2G-ap5.psk
dynamic_vlan=0
eap_reauth_period=0
wpa_disable_eapol_key_retries=0
wpa=2
wpa_pairwise=CCMP
rrm_neighbor_report=1
rrm_beacon_report=1
rnr=1
vlan_file=/var/run/hostapd-2G-ap5.vlan
ieee80211w=1
group_mgmt_cipher=AES-128-CMAC
okc=1
wpa_key_mgmt=WPA-PSK SAE WPA-PSK-SHA256
broadcast_deauth=1

# Setup interface: 2G-ap6
bss=2G-ap6
bssid=5e:xx:xx:xx:xx:xx
ctrl_interface=/var/run/hostapd
ap_isolate=0
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=1
skip_inactivity_poll=0
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
utf8_ssid=1
ssid=xxxx
bridge=br-xxxx
snoop_iface=br-xxxx.100
preamble=1
wmm_enabled=1
qos_map_set=0,0,2,16,1,1,255,255,18,22,24,38,40,40,44,46,48,56
dtim_period=2
sae_password=xxxx|mac=ff:ff:ff:ff:ff:ff
sae_require_mfp=1
sae_pwe=2
wpa_group_rekey=3600
wpa_passphrase=xxxx
wpa_psk_file=/var/run/hostapd-2G-ap6.psk
dynamic_vlan=0
wpa_disable_eapol_key_retries=0
wpa=2
wpa_pairwise=CCMP
rrm_neighbor_report=1
rrm_beacon_report=1
rnr=1
vlan_file=/var/run/hostapd-2G-ap6.vlan
ieee80211w=2
group_mgmt_cipher=AES-128-CMAC
okc=1
wpa_key_mgmt=SAE
broadcast_deauth=1
#default_macaddr

# Setup interface: 2G-ap7
bss=2G-ap7
bssid=42:xx:xx:xx:xx:xx
ctrl_interface=/var/run/hostapd
ap_isolate=0
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=1
skip_inactivity_poll=0
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
utf8_ssid=1
ssid=xxxx
bridge=br-xxxx
snoop_iface=br-xxxx.100
preamble=1
wmm_enabled=1
qos_map_set=0,0,2,16,1,1,255,255,18,22,24,38,40,40,44,46,48,56
dtim_period=2
eapol_key_index_workaround=1
ieee8021x=1
sae_require_mfp=1
sae_pwe=2
wpa_group_rekey=3600
eapol_version=2
wpa_disable_eapol_key_retries=0
wpa=2
wpa_pairwise=GCMP-256
rrm_neighbor_report=1
rrm_beacon_report=1
rnr=1
vlan_file=/var/run/hostapd-2G-ap7.vlan
check_crl=2
eap_server=1
eap_server_erp=1
eap_user_file=/etc/hostapd/haprad.eap_user
ca_cert=/var/run/hostapd-2G-ap7.crl
server_cert=/etc/certs/ap.crt
private_key=/etc/certs/ap.encrypted.key
private_key_passwd=xxxx
server_id=xxxx
ieee80211w=2
group_mgmt_cipher=BIP-GMAC-256
okc=0
disable_pmksa_caching=1
wpa_key_mgmt=WPA-EAP-SUITE-B-192
broadcast_deauth=1
#default_macaddr

hostapd-phy1.conf:

driver=nl80211
logger_syslog=127
logger_syslog_level=4
logger_stdout=127
logger_stdout_level=4
country_code=DE
ieee80211h=1
ieee80211d=1
spectrum_mgmt_required=0
beacon_int=100
noscan=0
airtime_mode=0
rssi_reject_assoc_rssi=0
rssi_ignore_probe_request=0
acs_exclude_dfs=0
enable_background_radar=0
min_tx_power=0
hw_mode=a
channel=0
chanlist=36-128 149-165
ieee80211n=1
ht_coex=0
ht_capab=[HT40+][LDPC][SHORT-GI-20][SHORT-GI-40][TX-STBC][MAX-AMSDU-7935][RX-STBC1]
ieee80211ac=1
vht_oper_chwidth=1
vht_oper_centr_freq_seg0_idx=-6
vht_capab=[RXLDPC][TX-STBC-2BY1][SU-BEAMFORMER][SU-BEAMFORMEE][MU-BEAMFORMER][MU-BEAMFORMEE][RX-ANTENNA-PATTERN][TX-ANTENNA-PATTERN][RX-STBC1][SOUNDING-DIMENSION-2][BF-ANTENNA-2][MAX-MPDU-7991]
he_bss_color=8
he_spr_sr_control=3
ieee80211ax=1
he_oper_chwidth=1
he_oper_centr_freq_seg0_idx=-6
he_su_beamformer=1
he_su_beamformee=1
he_mu_beamformer=1
he_twt_required=0
he_default_pe_duration=4
he_rts_threshold=1023
he_mu_edca_qos_info_param_count=0
he_mu_edca_qos_info_q_ack=0
he_mu_edca_qos_info_queue_request=0
he_mu_edca_qos_info_txop_request=0
he_mu_edca_ac_be_aifsn=8
he_mu_edca_ac_be_aci=0
he_mu_edca_ac_be_ecwmin=9
he_mu_edca_ac_be_ecwmax=10
he_mu_edca_ac_be_timer=255
he_mu_edca_ac_bk_aifsn=15
he_mu_edca_ac_bk_aci=1
he_mu_edca_ac_bk_ecwmin=9
he_mu_edca_ac_bk_ecwmax=10
he_mu_edca_ac_bk_timer=255
he_mu_edca_ac_vi_ecwmin=5
he_mu_edca_ac_vi_ecwmax=7
he_mu_edca_ac_vi_aifsn=5
he_mu_edca_ac_vi_aci=2
he_mu_edca_ac_vi_timer=255
he_mu_edca_ac_vo_aifsn=5
he_mu_edca_ac_vo_aci=3
he_mu_edca_ac_vo_ecwmin=5
he_mu_edca_ac_vo_ecwmax=7
he_mu_edca_ac_vo_timer=255
tx_queue_data2_burst=2.0
stationary_ap=1
mbssid=0
ssid_protection=1
use_sta_nsts=1

#num_global_macaddr=1

# Setup interface: 5G-ap0
interface=5G-ap0
bssid=50:xx:xx:xx:xx:xx
ctrl_interface=/var/run/hostapd
ap_isolate=0
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=0
skip_inactivity_poll=0
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
utf8_ssid=1
ssid=xxxx
bridge=br-xxxx
snoop_iface=br-xxxx.100
preamble=1
wmm_enabled=1
qos_map_set=0,0,2,16,1,1,255,255,18,22,24,38,40,40,44,46,48,56
dtim_period=2
sae_password=xxxx|mac=FF:FF:FF:FF:FF:FF
sae_require_mfp=1
sae_pwe=2
wpa_group_rekey=3600
wpa_psk_file=/etc/hostapd/hostapd.wpa_psk
dynamic_vlan=0
eap_reauth_period=0
wpa_disable_eapol_key_retries=0
wpa=2
wpa_pairwise=CCMP
rrm_neighbor_report=1
rrm_beacon_report=1
rnr=1
vlan_file=/var/run/hostapd-5G-ap0.vlan
ieee80211w=1
group_mgmt_cipher=AES-128-CMAC
okc=1
wpa_key_mgmt=WPA-PSK SAE WPA-PSK-SHA256
broadcast_deauth=1
#default_macaddr

# Setup interface: 5G-ap1
bss=5G-ap1
bssid=52:xx:xx:xx:xx:xx
ctrl_interface=/var/run/hostapd
ap_isolate=0
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=1
skip_inactivity_poll=0
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
utf8_ssid=1
ssid=xxxx
bridge=br-xxxx
snoop_iface=br-xxxx.100
preamble=1
wmm_enabled=1
qos_map_set=0,0,2,16,1,1,255,255,18,22,24,38,40,40,44,46,48,56
dtim_period=2
eapol_key_index_workaround=1
ieee8021x=1
sae_require_mfp=1
sae_pwe=2
wpa_group_rekey=3600
eapol_version=2
eap_reauth_period=0
wpa_disable_eapol_key_retries=0
wpa=2
wpa_pairwise=CCMP
erp_domain=1a0a
fils_realm=1a0a
erp_send_reauth_start=1
fils_cache_id=7f9b
rrm_neighbor_report=1
rrm_beacon_report=1
rnr=1
vlan_file=/var/run/hostapd-5G-ap1.vlan
check_crl=2
eap_server=1
eap_server_erp=1
eap_user_file=/etc/hostapd/haprad.eap_user
ca_cert=/var/run/hostapd-5G-ap1.crl
server_cert=/etc/certs/ap.crt
private_key=/etc/certs/ap.encrypted.key
private_key_passwd=xxxx
server_id=xxxx
ieee80211w=1
group_mgmt_cipher=AES-128-CMAC
okc=0
wpa_key_mgmt=WPA-EAP WPA-EAP-SHA256 FILS-SHA256
broadcast_deauth=1
#default_macaddr

# Setup interface: 5G-ap2
bss=5G-ap2
bssid=00:xx:xx:xx:xx:xx
ctrl_interface=/var/run/hostapd
ap_isolate=1
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=0
skip_inactivity_poll=0
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
utf8_ssid=1
ssid=xxxx
bridge=br-xxxx
snoop_iface=br-xxxx
preamble=1
wmm_enabled=1
qos_map_set=0,0,2,16,1,1,255,255,18,22,24,38,40,40,44,46,48,56
dtim_period=2
sae_require_mfp=1
sae_pwe=2
wpa_group_rekey=3600
wpa_passphrase=xxxx
wpa_psk_file=/var/run/hostapd-5G-ap2.psk
dynamic_vlan=0
eap_reauth_period=0
wpa_disable_eapol_key_retries=0
wpa=2
wpa_pairwise=CCMP
rrm_neighbor_report=1
rrm_beacon_report=1
rnr=1
vlan_file=/var/run/hostapd-5G-ap2.vlan
ieee80211w=1
group_mgmt_cipher=AES-128-CMAC
okc=1
wpa_key_mgmt=WPA-PSK SAE WPA-PSK-SHA256
broadcast_deauth=1




I've setup a 5G AP in WPA-EAP mode using the internal radius server. Clients (windows 10) can connect and the connection is stable.
If I reboot a client, hostapd crashes with a page fault. Output from gdb:

Core was generated by `/usr/sbin/hostapd -s -g /var/run/hostapd/global'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x5560a4a8 in eapol_port_timers_tick (eloop_ctx=0x0, timeout_ctx=0x775e9240) at ../src/eapol_auth/eapol_auth_sm.c:180
180             if (state->eap_if->retransWhile > 0) {


Would you be able to provide the full backtrace for this?

Write access page fault:

Reading symbols from staging_dir/target-mipsel_1004kc_musl/root-ramips/usr/sbin/hostapd...
[New LWP 16110]
warning: .dynamic section for "/data/src/LEDE/RT-AX53U-6.6.x/scripts/../staging_dir/target-mipsel_1004kc_musl/root-ramips/lib/libgcc_s.so.1" is not at the expected address (wrong library or version mismatch?)
Core was generated by `/usr/sbin/hostapd -ddt -s -g /var/run/hostapd/global'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x77e3f6fc in memset (dest=0x96c, c=0, n=2417) at src/string/memset.c:14
14              s[0] = c;
(gdb) bt
#0  0x77e3f6fc in memset (dest=0x96c, c=0, n=2417) at src/string/memset.c:14
#1  0x5566e8df in forced_memzero (ptr=<optimized out>, len=<optimized out>) at ../src/utils/common.c:1317
#2  0x5566e947 in bin_clear_free (bin=0x96c, len=<optimized out>) at ../src/utils/common.c:1020
#3  0x556c9393 in sm_EAP_INITIALIZE_Enter (sm=0x7764e480, global=<optimized out>) at ../src/eap_server/eap_server.c:238
#4  0x556c94ad in sm_EAP_Step (sm=0x7764e480) at ../src/eap_server/eap_server.c:1416
#5  0x556c97a5 in eap_server_sm_step (sm=0x7764e480) at ../src/eap_server/eap_server.c:1825
#6  0x556799af in eapol_sm_step_run (sm=0x77648db0) at ../src/eapol_auth/eapol_auth_sm.c:955
#7  0x55679a85 in eapol_port_timers_tick (eloop_ctx=<optimized out>, timeout_ctx=0x77648db0) at ../src/eapol_auth/eapol_auth_sm.c:191
#8  0x55676091 in eloop_run () at ../src/utils/eloop.c:1216
#9  0x556ff4cf in hostapd_global_run.isra.0 (warning: (Internal error: pc 0x556465d0 in read in CU, but not in symtab.)
warning: (Error: pc 0x556465d0 in address map, but not in symtab.)
daemonize=<optimized out>, pid_file=<optimized out>, ifaces=<optimized out>) at main.c:594
#10 0x55646a69 in main (argc=<optimized out>, argv=<optimized out>) at main.c:1085

Read access page fault:

Reading symbols from staging_dir/target-mipsel_1004kc_musl/root-ramips/usr/sbin/hostapd...
[New LWP 2285]
warning: .dynamic section for "/data/src/LEDE/RT-AX53U-6.6.x/scripts/../staging_dir/target-mipsel_1004kc_musl/root-ramips/lib/libgcc_s.so.1" is not at the expected address (wrong library or version mismatch?)
Core was generated by `/usr/sbin/hostapd -ddt -s -g /var/run/hostapd/global'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x55599a6d in eapol_port_timers_tick (eloop_ctx=0x0, timeout_ctx=0x776b45c0) at ../src/eapol_auth/eapol_auth_sm.c:180
180             if (state->eap_if->retransWhile > 0) {
(gdb) bt
#0  0x55599a6d in eapol_port_timers_tick (eloop_ctx=0x0, timeout_ctx=0x776b45c0) at ../src/eapol_auth/eapol_auth_sm.c:180
#1  0x55596091 in eloop_run () at ../src/utils/eloop.c:1216
#2  0x5561f4cf in hostapd_global_run.isra.0 (warning: (Internal error: pc 0x555665d0 in read in CU, but not in symtab.)
warning: (Error: pc 0x555665d0 in address map, but not in symtab.)
daemonize=<optimized out>, pid_file=<optimized out>, ifaces=<optimized out>) at main.c:594
#3  0x55566a69 in main (argc=<optimized out>, argv=<optimized out>) at main.c:1085




I'm using hostap on OpenWrt. OpenWrt does update hostap to the version from 2025/01/01.

If I revert the mentioned commit only, I see no issues.


If I've understood correctly, there are a number of custom changes in
OpenWrt and the issue might be related to how those interact with the
identified commit. I'd need to be able to reproduce this with the exact
upstream version and/or get more details to be able to figure out what
exactly happens here.


The modifications are in this two commits: https://github.com/openwrt/openwrt/pull/17423/commits

The first one contains all the patches to modify hostap. The second one reverts the hostap commit which seems to be responsible for this page fault.



_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux