Kernel BUG in AP mode when client attempts to connect

[dimich-dmb]

After starting hostapd i see the AP SSID in list of APs. But after attempt to connect i got "Authentication problem" on client device and following message in host's kernel log:

[259380.895615] RTL871X: assoc success
[259380.897180] RTL871X: set group key camid:1, addr:00:00:00:00:00:00, kid:1, type:TKIP
[259508.046409] BUG: unable to handle kernel paging request at ffffdcf0c72ff088
[259508.046415] PGD 7fdfd6067 P4D 7fdfd6067 PUD 0 
[259508.046422] Oops: 0000 [#1] PREEMPT SMP PTI
[259508.046427] CPU: 2 PID: 22035 Comm: RTW_CMD_THREAD Tainted: P           OE     4.20.6-arch1-1-ARCH #1
[259508.046429] Hardware name: Gigabyte Technology Co., Ltd. B75M-D3P/B75M-D3P, BIOS F7 11/01/2013
[259508.046437] RIP: 0010:kfree+0x4f/0x1a0
[259508.046440] Code: 80 49 01 da 0f 82 64 01 00 00 48 c7 c7 00 00 00 80 48 2b 3d b3 0b ef 00 49 01 fa 49 c1 ea 0c 49 c1 e2 06 4c 03 15 91 0b ef 00 <49> 8b 42 08 48 8d 50 ff a8 01 4c 0f 45 d2 49 8b 52 08 48 8d 42 ff
[259508.046443] RSP: 0018:ffffae2fcbbb7cd8 EFLAGS: 00010282
[259508.046446] RAX: 0000000000000000 RBX: ffffae2fcbfc2584 RCX: 0000000000000000
[259508.046449] RDX: 000000000000003e RSI: ffffa1347ddf76ba RDI: 00005ed180000000
[259508.046451] RBP: ffffa1348409c100 R08: 0000000000000044 R09: ffffa13537d9d0ee
[259508.046454] R10: ffffdcf0c72ff080 R11: 0000000000000004 R12: ffffffffc064bae5
[259508.046456] R13: ffffa13537d9d030 R14: ffffae2fcbfc2b04 R15: 0000000000000000
[259508.046459] FS:  0000000000000000(0000) GS:ffffa135fdb00000(0000) knlGS:0000000000000000
[259508.046462] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[259508.046464] CR2: ffffdcf0c72ff088 CR3: 000000025d00a004 CR4: 00000000001606e0
[259508.046467] Call Trace:
[259508.046503]  nl80211_send_station.isra.47+0xb05/0xd30 [cfg80211]
[259508.046526]  cfg80211_new_sta+0x7a/0x150 [cfg80211]
[259508.046555]  rtw_cfg80211_indicate_sta_assoc+0x6e/0x8e [8723bu]
[259508.046579]  ? rtl8723b_set_FwMacIdConfig_cmd+0x6f/0x89 [8723bu]
[259508.046601]  ? rtl8723b_Add_RateATid+0x61/0x8b [8723bu]
[259508.046623]  rtw_stassoc_event_callback+0x106/0x206 [8723bu]
[259508.046644]  mlme_evt_hdl+0x68/0x81 [8723bu]
[259508.046658]  rtw_cmd_thread+0x15a/0x33e [8723bu]
[259508.046673]  ? rtw_stop_cmd_thread+0x51/0x51 [8723bu]
[259508.046678]  kthread+0x112/0x130
[259508.046682]  ? kthread_park+0x80/0x80
[259508.046687]  ret_from_fork+0x35/0x40
[259508.046692] Modules linked in: nfnetlink_queue nfnetlink_log nfnetlink cmac rfcomm bnep btusb btrtl btbcm btintel bluetooth ecdh_generic snd_hrtimer iptable_mangle xt_REDIRECT xt_multiport iptable_nat nf_nat_ipv4 nf_nat iptable_filter it87 hwmon_vid nvidia_drm(POE) nvidia_modeset(POE) nvidia(POE) input_leds mousedev joydev intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass drm_kms_helper snd_hda_codec_realtek snd_hda_codec_hdmi crct10dif_pclmul snd_hda_codec_generic crc32_pclmul ipmi_devintf ghash_clmulni_intel ipmi_msghandler mei_wdt aesni_intel snd_hda_intel mei_me mei syscopyarea snd_hda_codec r8169 sysfillrect iTCO_wdt sysimgblt aes_x86_64 fb_sys_fops realtek iTCO_vendor_support libphy i2c_i801 crypto_simd cryptd snd_hda_core lpc_ich glue_helper snd_hwdep intel_cstate ie31200_edac intel_uncore evdev mac_hid pcspkr intel_rapl_perf pcc_cpufreq vboxnetflt(OE) vboxnetadp(OE) vboxpci(OE) vboxdrv(OE) drm agpgart usbip_host usbip_core snd_ac97_codec
[259508.046739]  snd_seq_dummy snd_rawmidi snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_pcm snd_timer snd_mixer_oss snd soundcore ac97_bus 8723bu(OE) cfg80211 rfkill nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c tun slhc 8139too 8139cp mii vfat fat nls_iso8859_1 nls_cp866 nls_cp437 nls_utf8 cifs ccm dns_resolver fscache cuse fuse cp210x pl2303 usb_storage i2c_ch341(OE) i2c_dev ppdev parport_pc parport crypto_user ip_tables x_tables sd_mod hid_generic ata_generic usbhid pata_acpi hid ahci ata_piix libahci libata xhci_pci scsi_mod ehci_pci xhci_hcd ehci_hcd dm_mod ext4 crc32c_generic crc32c_intel crc16 mbcache jbd2 fscrypto
[259508.046784] CR2: ffffdcf0c72ff088
[259508.046788] ---[ end trace 9965176a5b0f08c7 ]---
[259508.046792] RIP: 0010:kfree+0x4f/0x1a0
[259508.046795] Code: 80 49 01 da 0f 82 64 01 00 00 48 c7 c7 00 00 00 80 48 2b 3d b3 0b ef 00 49 01 fa 49 c1 ea 0c 49 c1 e2 06 4c 03 15 91 0b ef 00 <49> 8b 42 08 48 8d 50 ff a8 01 4c 0f 45 d2 49 8b 52 08 48 8d 42 ff
[259508.046797] RSP: 0018:ffffae2fcbbb7cd8 EFLAGS: 00010282
[259508.046800] RAX: 0000000000000000 RBX: ffffae2fcbfc2584 RCX: 0000000000000000
[259508.046803] RDX: 000000000000003e RSI: ffffa1347ddf76ba RDI: 00005ed180000000
[259508.046805] RBP: ffffa1348409c100 R08: 0000000000000044 R09: ffffa13537d9d0ee
[259508.046808] R10: ffffdcf0c72ff080 R11: 0000000000000004 R12: ffffffffc064bae5
[259508.046810] R13: ffffa13537d9d030 R14: ffffae2fcbfc2b04 R15: 0000000000000000
[259508.046813] FS:  0000000000000000(0000) GS:ffffa135fdb00000(0000) knlGS:0000000000000000
[259508.046816] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[259508.046818] CR2: ffffdcf0c72ff088 CR3: 000000025d00a004 CR4: 00000000001606e0
[259518.071805] RTL871X: ap recv deauth reason code(3) sta:28:fc:f6:03:06:32

$ uname -a Linux dimich 4.20.6-arch1-1-ARCH #1 SMP PREEMPT Thu Jan 31 08:22:01 UTC 2019 x86_64 GNU/Linux

hostapd.conf:

interface=wlan0
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
ssid=dmbpc
country_code=UA
hw_mode=g
channel=13
beacon_int=1000
dtim_period=2
max_num_sta=4
rts_threshold=-1
fragm_threshold=-1
macaddr_acl=0
auth_algs=3
ignore_broadcast_ssid=0
wmm_enabled=1
wmm_ac_bk_cwmin=4
wmm_ac_bk_cwmax=10
wmm_ac_bk_aifs=7
wmm_ac_bk_txop_limit=0
wmm_ac_bk_acm=0
wmm_ac_be_aifs=3
wmm_ac_be_cwmin=4
wmm_ac_be_cwmax=10
wmm_ac_be_txop_limit=0
wmm_ac_be_acm=0
wmm_ac_vi_aifs=2
wmm_ac_vi_cwmin=3
wmm_ac_vi_cwmax=4
wmm_ac_vi_txop_limit=94
wmm_ac_vi_acm=0
wmm_ac_vo_aifs=2
wmm_ac_vo_cwmin=2
wmm_ac_vo_cwmax=3
wmm_ac_vo_txop_limit=47
wmm_ac_vo_acm=0
eapol_key_index_workaround=0
eap_server=0
wpa=2
wpa_passphrase=secret

[lwfinger]

I have not had time to look very deeply into this, but channel 13 is ONLY valid in Japan. You are stating that your country code is Ukraine.

[dimich-dmb]

Thank you for quick answer. Channel number doesn't matter, i tried different channels and got the same result. BTW, channel 14 is only in Japan. Channel 13 is allowed in Europe.

[Thomas1415]

This patch should fix the problem:

Author: Thomas Graziadei <thomas.graziadei@omicronenergy.com>
Date:   Wed May 8 16:08:08 2019 +0200

    rtl8723bu: Initialize pertid pointer in sinfo struct.

    Signed-off-by: Thomas Graziadei <thomas.graziadei@omicronenergy.com>

diff --git a/os_dep/ioctl_cfg80211.c b/os_dep/ioctl_cfg80211.c
index f4bfa9c..57b7b5d 100644
--- a/os_dep/ioctl_cfg80211.c
+++ b/os_dep/ioctl_cfg80211.c
@@ -3302,6 +3302,7 @@ void rtw_cfg80211_indicate_sta_assoc(_adapter *padapter, u8 *pmgmt_frame, uint f
                        ie_offset = _REASOCREQ_IE_OFFSET_;

                sinfo.filled = 0;
+               sinfo.pertid = 0;
                sinfo.filled = STATION_INFO_ASSOC_REQ_IES;
                sinfo.assoc_req_ies = pmgmt_frame + WLAN_HDR_A3_LEN + ie_offset;
                sinfo.assoc_req_ies_len = frame_len - WLAN_HDR_A3_LEN - ie_offset;

[lwfinger]

A couple of small corrections: (1) the fsinfo.filled = 0 can be removed as it is immediately followed by a statement that sets sinfo.filled, and (2) sinfo.pertid is a pointer, thus it should be initialized with a NULL, not a plain zero.

Thanks for debugging this.

[dimich-dmb]

Now it works good. Thank you all.