On Fri, Jan 31, 2025 at 11:42:22AM +0100, e9hack wrote: > Am 26.01.2025 um 21:38 schrieb Jouni Malinen: > > On Sun, Jan 12, 2025 at 09:25:42AM +0100, e9hack wrote: > > > something is broken in commit > > > > > > 01677c47fb13976e078b5a2157aa6bebf19f1731 > > > AP: Support disconnect with MLD > Fri Jan 31 10:17:25 2025 daemon.notice hostapd: 5G-ap1: CTRL-EVENT-EAP-TIMEOUT-FAILURE 1a:xx:xx:xx:xx:xx > Fri Jan 31 10:17:25 2025 daemon.notice hostapd: 5G-ap1: STA 1a:xx:xx:xx:xx:xx IEEE 802.11: did not acknowledge authentication response > Fri Jan 31 10:17:30 2025 daemon.info hostapd: 5G-ap1: STA 1a:xx:xx:xx:xx:xx IEEE 802.11: deauthenticated due to local deauth request This is the trigger for the issues.. > I trigger the page fault by rebooting a windows 10 client. The fault occurs at the time where the windows 10 client tries automatically to reconnect to the wifi. It occurs on every reboot. A simple disconnect and reconnect does trigger the issue not very often. This needs somewhat interrupted behavior from the client, i.e., there needs to be something that start EAP authentication and then makes the STA disappear without actually telling the AP about that. I don't know why that particular sequences causes that, but anyway, I was able to reproduce this with an automated hwsim test case. > Write access page fault: > (gdb) bt > #0 0x77e3f6fc in memset (dest=0x96c, c=0, n=2417) at src/string/memset.c:14 > #1 0x5566e8df in forced_memzero (ptr=<optimized out>, len=<optimized out>) at ../src/utils/common.c:1317 > #2 0x5566e947 in bin_clear_free (bin=0x96c, len=<optimized out>) at ../src/utils/common.c:1020 > #3 0x556c9393 in sm_EAP_INITIALIZE_Enter (sm=0x7764e480, global=<optimized out>) at ../src/eap_server/eap_server.c:238 > #4 0x556c94ad in sm_EAP_Step (sm=0x7764e480) at ../src/eap_server/eap_server.c:1416 > #5 0x556c97a5 in eap_server_sm_step (sm=0x7764e480) at ../src/eap_server/eap_server.c:1825 > #6 0x556799af in eapol_sm_step_run (sm=0x77648db0) at ../src/eapol_auth/eapol_auth_sm.c:955 > #7 0x55679a85 in eapol_port_timers_tick (eloop_ctx=<optimized out>, timeout_ctx=0x77648db0) at ../src/eapol_auth/eapol_auth_sm.c:191 > #8 0x55676091 in eloop_run () at ../src/utils/eloop.c:1216 This looks a bit confusing, but what happens here is the EAP timeout resulting in the AP disconnecting the STA. With that recent commit, this ended up freeing the EAPOL and EAP state for the STA from within a processing step of the state machine and that left remaining state machine operations using freed memory. > The modifications are in this two commits: https://github.com/openwrt/openwrt/pull/17423/commits > > The first one contains all the patches to modify hostap. The second one reverts the hostap commit which seems to be responsible for this page fault. This fixes the issue: https://w1.fi/cgit/hostap/commit/?id=d37045e859860a10c37a69f6d7de84c928799d6a -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
