search

openwrt / openwrt

This repository is a mirror of https://git.openwrt.org/openwrt/openwrt.git It is for reference only and is not active for check-ins. We will continue to accept Pull Requests here. They will be merged via staging trees then into openwrt.git.
Other
19.72k stars 10.28k forks source link

hostapd: SIGSEGV when trying to send ubus messages for BSS Transition Management responses #10332

Open stevenj opened 2 years ago

stevenj commented 2 years ago

When a BSS Transition Management response is received by hostapd, that is NOT the WNM_BSS_TM_ACCEPT status, the bss target variable remains uninitialized and causes the ubus message marshaling to access invalid memory, which results in a segfault. This is reported by the kernel like so:

do_page_fault(): sending SIGSEGV to hostapd for invalid read access from 00000005
epc = 555d4775 in wpad[555cd000+103000]
ra = 555d4775 in wpad[555cd000+103000]

hostapd terminates, and brings the WiFi down which is highly disruptive to all devices connected on WiFi.

This is only seen when a band steering service is running, because it is a response to their operation. I have seen it with dawn and I believe usteer will also trigger this segfault if it uses these messages.

stevenj commented 2 years ago

This is fixed by: http://lists.openwrt.org/pipermail/openwrt-devel/2022-July/039097.html

Ramon-0011 commented 2 years ago

I am suffering from this bug in 21.02, so please cherry pick for 21.02 an 22.03 branches as well!

Ramon-0011 commented 2 years ago

Note I am currently using usteer, so yes usteer triggers this as well