can_be_sta_and_ap() regexp fails on Raspi3

[macmpi]

Hi,

As reported here in few instances (issues #185 and #187 ), setting-up a passphrase-enabled AP with Raspberry Pi 3 fails if --no-virt is not set. Failure comes with an error message:
Failed to create interface mon.ap0: -95 (Operation not supported)
Indeed, in absence of --no-virt directive, create_ap script is trying to detect virtual interface support for particular wifi interface, and sets NO_VIRT flag accordingly.
This detection fails with rpi3 built-in interface, hence NO_VIRT is incorrect, and execution fails if --no-virt directive is not previously set.

Looking at this discussion about multiple SSID support and create_ap code, it turns out that can_be_sta_and_ap() may not properly process relevant info on raspi3.
For reference, iw list (or iw phy phy0 info) on raspi3 gives relevant info as:

    valid interface combinations:
          * #{ managed } <= 1, #{ P2P-device } <= 1, #{ P2P-client, P2P-GO } <= 1,
            total <= 3, #channels <= 2
          * #{ managed } <= 1, #{ AP } <= 1, #{ P2P-client } <= 1, #{ P2P-device } <= 1,
            total <= 4, #channels <= 1

which according to the aforementioned article and AP<=1 should indeed return 1 from can_be_sta_and_ap() (NO_VIRT=1), as this wifi chip can not support virtual interface (value of AP section should be at least 2 to support virtual interfaces).
I'm not an expert in regexp, so I won't propose a fix myself, but one may want to look into that.

Now, there might be another logic bug somewhere, as in current state (with regexp issue), setting hotspot with no password works on raspi3, even omitting --no-virt option: no error like in passphrase situation.
It's surprising as that raspi3 chip does not support virtual interface as we saw.
Unless I'm missing something, virtual interface availability is probably independent of the AP security mechanism (passphrase or not).
While this second issue will be hidden if NO_VIRT is properly set with eventual regexp fix, there might be something to look at here too.

Interested in any feedback.

[macmpi]

Here is a suggested fix for multiple SSID support detection in can_be_sta_and_ap().
Replace

can_be_sta_and_ap() {
    # iwconfig does not provide this information, assume false
    [[ $USE_IWCONFIG -eq 1 ]] && return 1
    get_adapter_info "$1" | grep -E '{.* managed.* AP.*}' > /dev/null 2>&1 && return 0
    get_adapter_info "$1" | grep -E '{.* AP.* managed.*}' > /dev/null 2>&1 && return 0
    return 1

by

can_be_sta_and_ap() {
    # iwconfig does not provide this information, assume false
    [[ $USE_IWCONFIG -eq 1 ]] && return 1
    get_adapter_info "$1"  | sed -r 's/.*\{.* AP.*\} *<= *([0-9]*).*/\1/g' | sed -r 's/([0-9]*).*/\1/g' | awk '$1 > 1' > /dev/null 2>&1 && return 0
    return 1

Hope this helps.

[NicoHood]

How would you test this fix? Can you please prepare a PR so we can test it on our own real quick?
I am able to test in on rpi3 with ALARM.

[macmpi]

Done.
On raspi3 you should not need to explicitly spell-out --no-virt option anymore, as with the fix, create_ap should set it by itself (NO_VIRT=1).
So test without --no-virt in your create_ap invocation, and see if you can create an AP with password, and connect to it with another machine without errors.

Hopefully it should not break detection for already working wifi adapters, and probably help support new ones by default...

[NicoHood]

I think it still does not work for me. I've just installed create_ap and patched line myself. This is the output i get:

[alarm@alarmpi AUR]$ sudo nano /usr/bin/create_ap 
[alarm@alarmpi AUR]$ sudo create_ap wlan0 eth0 MyAccessPoint 12345678
Config dir: /tmp/create_ap.wlan0.conf.QyptAQM3
PID: 18679
Creating a virtual WiFi interface... ap0 created.
Sharing Internet using method: nat
hostapd command-line interface: hostapd_cli -p /tmp/create_ap.wlan0.conf.QyptAQM3/hostapd_ctrl
Configuration file: /tmp/create_ap.wlan0.conf.QyptAQM3/hostapd.conf
Failed to create interface mon.ap0: -95 (Operation not supported)
ap0: Could not connect to kernel driver
Using interface ap0 with hwaddr <removed> and ssid "MyAccessPoint"
ap0: interface state UNINITIALIZED->ENABLED
ap0: AP-ENABLED 
^Cap0: interface state ENABLED->DISABLED

Doing cleanup.. ap0: AP-DISABLED 
nl80211: deinit ifname=ap0 disabled_11b_rates=0
done
[alarm@alarmpi AUR]$ sudo create_ap wlan0 eth0 MyAccessPoint 12345678
Config dir: /tmp/create_ap.wlan0.conf.swAGw6nY
PID: 19457
Creating a virtual WiFi interface... command failed: Device or resource busy (-16)

ERROR: Maybe your WiFi adapter does not fully support virtual interfaces.
       Try again with --no-virt.


Doing cleanup.. done
[alarm@alarmpi AUR]$ 

[macmpi]

from the command line, can you let me know the output of:
iw phy phy0 info | sed -r 's/.*\{.* AP.*\} *<= *([0-9]*).*/\1/g' | sed -r 's/([0-9]*).*/\1/g' | awk '$1 > 1'
Thanks.

[NicoHood]

It reports nothing.

[alarm@alarmpi AUR]$ iw phy phy0 info | sed -r 's/.*\{.* AP.*\} *<= *([0-9]*).*/\1/g' | sed -r 's/([0-9]*).*/\1/g' | awk '$1 > 1'
[alarm@alarmpi AUR]$ iw phy phy0 info
Wiphy phy0
    max # scan SSIDs: 10
    max scan IEs length: 2048 bytes
    max # sched scan SSIDs: 16
    max # match sets: 16
    max # scan plans: 1
    max scan plan interval: -1
    max scan plan iterations: 0
    Retry short limit: 7
    Retry long limit: 4
    Coverage class: 0 (up to 0m)
    Device supports T-DLS.
    Supported Ciphers:
        * WEP40 (00-0f-ac:1)
        * WEP104 (00-0f-ac:5)
        * TKIP (00-0f-ac:2)
        * CCMP (00-0f-ac:4)
        * CMAC (00-0f-ac:6)
    Available Antennas: TX 0 RX 0
    Supported interface modes:
         * IBSS
         * managed
         * AP
         * P2P-client
         * P2P-GO
         * P2P-device
    Band 1:
        Capabilities: 0x1020
            HT20
            Static SM Power Save
            RX HT20 SGI
            No RX STBC
            Max AMSDU length: 3839 bytes
            DSSS/CCK HT40
        Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
        Minimum RX AMPDU time spacing: 16 usec (0x07)
        HT TX/RX MCS rate indexes supported: 0-7
        Bitrates (non-HT):
            * 1.0 Mbps
            * 2.0 Mbps (short preamble supported)
            * 5.5 Mbps (short preamble supported)
            * 11.0 Mbps (short preamble supported)
            * 6.0 Mbps
            * 9.0 Mbps
            * 12.0 Mbps
            * 18.0 Mbps
            * 24.0 Mbps
            * 36.0 Mbps
            * 48.0 Mbps
            * 54.0 Mbps
        Frequencies:
            * 2412 MHz [1] (20.0 dBm)
            * 2417 MHz [2] (20.0 dBm)
            * 2422 MHz [3] (20.0 dBm)
            * 2427 MHz [4] (20.0 dBm)
            * 2432 MHz [5] (20.0 dBm)
            * 2437 MHz [6] (20.0 dBm)
            * 2442 MHz [7] (20.0 dBm)
            * 2447 MHz [8] (20.0 dBm)
            * 2452 MHz [9] (20.0 dBm)
            * 2457 MHz [10] (20.0 dBm)
            * 2462 MHz [11] (20.0 dBm)
            * 2467 MHz [12] (disabled)
            * 2472 MHz [13] (disabled)
            * 2484 MHz [14] (disabled)
    Supported commands:
         * new_interface
         * set_interface
         * new_key
         * start_ap
         * join_ibss
         * set_pmksa
         * del_pmksa
         * flush_pmksa
         * remain_on_channel
         * frame
         * set_channel
         * tdls_oper
         * start_sched_scan
         * start_p2p_device
         * crit_protocol_start
         * crit_protocol_stop
         * connect
         * disconnect
    Supported TX frame types:
         * managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
         * P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
         * P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
         * P2P-device: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
    Supported RX frame types:
         * managed: 0x40 0xd0
         * P2P-client: 0x40 0xd0
         * P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
         * P2P-device: 0x40 0xd0
    software interface modes (can always be added):
    valid interface combinations:
         * #{ managed } <= 1, #{ P2P-device } <= 1, #{ P2P-client, P2P-GO } <= 1,
           total <= 3, #channels <= 2
         * #{ managed } <= 1, #{ AP } <= 1, #{ P2P-client } <= 1, #{ P2P-device } <= 1,
           total <= 4, #channels <= 1
    Device supports scan flush.

[macmpi]

empty report is indeed what is expected in that case.
Issue is empty should be translated to false logic number before && return 0(underlooked awk does not return logical value unlike grep)

[macmpi]

properly chained the return code now.
There might probably be more elegant way to do it, but should work: let me know.

Now on Raspi3 (and others wifi interfaces not supporting multiple SSID), you should see the following warning that was missed before if you did not specify --no-virt at invocation:
WARN: Your adapter does not fully support AP virtual interface, enabling --no-virt
However AP would still be properly set-up then.

[macmpi]

Actually, error in your case seems to come-up from nl80211 driver inside hostapd, probably not an issue with create_ap capability detection (my bad).

I assume you may be running hostapd v2.3.
You may want to check if you get better chance with a more recent version which fixed a bunch of stuff in that driver (latest 2.6 for instance).

[macmpi]

Actually, looking at this, some crafted a setup that works (AP and client on Raspi3).
The caviar seems to make sure both use same channel as iw phy phy0 info indeed directs to (some people seem to have same hostapd error when using different channels).

Unsure create_ap enforces same channel depending on capability at this stage, however there is a channel option -c which can be set at invocation: let's try by setting channel # to the same as connected client side, and see if error Failed to create interface mon.ap0: -95 (Operation not supported) vanishes...

I do not have Raspi3 handy to test at this point, but seems an interesting track...

[NicoHood]

Why did you close your PR?
I am running the latest hostapd software as I am on archlinux. I never use outdated software :P

[macmpi]

I closed the PR because I think it does not address the issue the proper way. At this time I do not think it is a matter of improper detection of AP & Client capability.
Indeed rpi3 does support simultaneous AP & Client (and some people operated it without create_ap), so no reason for preventing it (which my PR did).

We now need to find the proper reason why create_ap may not configure hostapd properly: one clue might be the channel limitation.
Any chance you can test calling create_ap -c # wlan0 wlan0 MyAccessPoint MyPassPhrase where # is the channel number on which Raspi is connected as a client to other AP?
Does hostapd still report Failed to create interface mon.ap0: -95 (Operation not supported) ?

[NicoHood]

My raspi is currently not connected to any AP, but I've tried the command anyways:

[alarm@alarmpi hyperion-rpi]$ sudo create_ap -c 1 wlan0 wlan0 MyAccessPoint MyPassPhrase
[sudo] password for alarm: 
Config dir: /tmp/create_ap.wlan0.conf.9pAVIkvy
PID: 21868
Creating a virtual WiFi interface... ap0 created.
Sharing Internet using method: nat
hostapd command-line interface: hostapd_cli -p /tmp/create_ap.wlan0.conf.9pAVIkvy/hostapd_ctrl
Configuration file: /tmp/create_ap.wlan0.conf.9pAVIkvy/hostapd.conf
Failed to create interface mon.ap0: -95 (Operation not supported)
ap0: Could not connect to kernel driver
Using interface ap0 with hwaddr<removed> and ssid "MyAccessPoint"
ap0: interface state UNINITIALIZED->ENABLED
ap0: AP-ENABLED 

[macmpi]

I'm getting out of suggestions for now...
You may want to try the DIY method, and confirm whether it works in your case: if it does, then it will confirm something should be worked-out in create_ap, and one could dig into that, comparing the two methods.
If it does not, the issue may lay somewhere else (wifi driver, firmware, etc).

[oblique]

Probably something else is going on with rpi3. My Intel adapter has the following interface combinations and it can have an AP with passphrase while I'm connected to another AP.

        valid interface combinations:
                 * #{ managed } <= 1, #{ AP } <= 1,
                   total <= 2, #channels <= 1, STA/AP BI must match
                 * #{ managed } <= 2,
                   total <= 2, #channels <= 1

[macmpi]

Thanks @oblique for your feedback on this.
BTW is create_ap checking (and enforcing) the channel limitation: in your case do you take special care for using same channel for AP & client, or is create_ap doing it by itself?

Back to rpi3, looking at this method, do you see any meaningful setting that may be different from what create_ap is doing (particularly as far as hostapd is concerned)?

[oblique]

The method of the link is the same. I need to get a new nanosd to try it on my PI.

I dig a bit in the kernel and it looks like the cfg80211_check_combinations function is the one who determines if the virtual interface can start the AP.

Back to the PI, can you try the Ruby implementation if it works?

git clone https://github.com/oblique/create_ap
cd create_ap
git checkout ruby
bundle install --path vendor/bundle
vim create_ap.yml # change the interface
sudo ruby -Ilib ./bin/create_ap

PS: Ruby implementation is not finished yet. I may change many things.

[macmpi]

Can't look at it currently as I do not have rpi3 with me.

Also noticed wpa_driver_nl80211_status function in driver_nl80211.c from hostapd checking drv->has_capability
BTW that driver_nl80211.c evolved quite a bit across version 2.3 and 2.6 of hostapd.

[oblique]

I got new sdcard and found what is wrong with RPi3. The combinations are correct and adapter supports virtual interfaces.

The problem is in the Broadcom drivers, this is what I found:

• Driver can not delete a virtual interface with type AP. This is a problem because create_ap always try to create a new virtual interface and delete it on exit. If someone want virtual interface, then he/she must do the following workaround:

iw dev wlan0 interface add ap0 type __ap
create_ap --no-virt ap0 wlan0 MyAP

• With the above command you create AP on channel 1. If wlan0 is connected to another channel then you need to add -c 6 (if wlan0 is connected to channel 6), otherwise clients will not have internet and RPi3 will crash at some point.
• When you specify the same channel then everything works expect if you want to stop the AP. As soon as hostapd gets killed by create_ap, RPi3 crashes.

So, as a conclusion the best solution is to never use virtual interface with RPi3. If a user really wants virtual interface with RPi3 he/she must use the above commands and keep in mind that RPi3 will misbehave.

[oblique]

I'm not sure how create_ap should handle this. I'm thinking to blacklist Broadcom on creating virtual interface.

What are your suggestions?

[macmpi]

Thanks a lot for this in-depth analysis and workaround suggestions !
Hopefully there might be a driver fix at some point: do you have a way to report this issue to BCM?

As for create_ap, can you blacklist based on driver version and issue a warning/error message referring to this thread for users reference?
Would that change be applied to shell script, or only to ruby one?
Thanks again for your outstanding support.

[oblique]

I can do the change on shell script as well, since I do it with only 2-3 lines and yes I will print a warning with a link to this issue.

We can report this to the author of the driver, but first I prefer to get the crash dump of the kernel panic just to make sure that it crashes within the driver.

[NicoHood]

Does the fix mean that --no-virt is automatically applied now? Thanks for looking into the issue!
Have you also checked that if an usb adapter is used, you can still use virtual interfaces on a raspi?

If that all works, you should consider to tag (and sign) a new release ;)

[oblique]

New release is ready. Yes you can use another adapter, but it looks like I need to do some iptables changes because both adapters get internet and something goes wrong with NATing.

[oblique]

Sorry, forgot to delete the new iptables rule on cleanup. New release again.

[macmpi]

Last thing, is create_ap going to handle the channel limitations (i.e. creating the AP on same wifi channel if already client and capabilities show such limitations), of does user need to take care of that?

[oblique]

In ruby implementation will handle it. In Bash implementation it can only use only one channel.

[E3V3A]

@oblique

As soon as hostapd gets killed by create_ap, RPi3 crashes.

Why is that? Is there another way to kill it more softly?

[oblique]

No, it's a bug in the driver. It needs to be fixed there.

[macmpi]

noted this brcmfmac: Change stop_ap sequence: don't have pi3 with me to test if referenced kernels with updated driver "naturally" fixes this issue, and does not need the automatic --novirt anymore.

[limited1010]

"ERROR: Your adapter can not be a station (i.e. be connected) and an AP at the same time" , how can solve it, thansks.

[macmpi]

Would be nice to check if updated firmware being in final testing fixes this issue (do not have one handy to test unfortunately).

[acrogenesis]

@macmpi I got the new driver running on my rpi3 how should I test it?

[acrogenesis]

pi@raspberrypi:~ $ sudo iw dev wlan0 interface add ap0 type __ap
pi@raspberrypi:~ $ sudo create_ap --no-virt ap0 wlan0 MyAP -c 9
WARN: brmfmac driver doesn't work properly with virtual interfaces and
      it can cause kernel panic. For this reason we disallow virtual
      interfaces for your adapter.
      For more info: https://github.com/oblique/create_ap/issues/203
Config dir: /tmp/create_ap.ap0.conf.g7u6euoz
PID: 678
Sharing Internet using method: nat
hostapd command-line interface: hostapd_cli -p /tmp/create_ap.ap0.conf.g7u6euoz/hostapd_ctrl
WARN: Low entropy detected. We recommend you to install `haveged'
Configuration file: /tmp/create_ap.ap0.conf.g7u6euoz/hostapd.conf
Failed to create interface mon.ap0: -95 (Operation not supported)
ap0: Could not connect to kernel driver
Using interface ap0 with hwaddr b8:27:eb:fb:ef:79 and ssid "MyAP"

But devices can't connect, I'll try out the ruby branch

[acrogenesis]

pi@raspberrypi:~/create_ap $ sudo ruby -Ilib ./bin/create_ap
06:34:16.753: Using 802.11n
06:34:16.753: Using channel 9
06:34:16.913: hostapd-phy0: Configuration file: /run/create_ap/hostapd_phy0.conf
06:34:16.930: hostapd-phy0: Failed to create interface mon.ap-wlan0-1: -95 (Operation not supported)
06:34:16.937: hostapd-phy0: ap-wlan0-1: IEEE 802.11 Configured channel (9) not found from the channel list of current mode (1) IEEE 802.11g
06:34:16.938: hostapd-phy0: ap-wlan0-1: IEEE 802.11 Hardware does not support configured channel
06:34:16.939: hostapd-phy0: Could not select hw_mode and channel. (-3)
06:34:16.939: hostapd-phy0: ap-wlan0-1: interface state UNINITIALIZED->DISABLED
06:34:16.939: hostapd-phy0: ap-wlan0-1: AP-DISABLED 
06:34:16.940: hostapd-phy0: ap-wlan0-1: Unable to setup interface.
06:34:16.940: hostapd-phy0: ap-wlan0-1: interface state DISABLED->DISABLED
06:34:16.941: hostapd-phy0: ap-wlan0-1: AP-DISABLED 
06:34:16.941: hostapd-phy0: hostapd_free_hapd_data: Interface ap-wlan0-1 wasn't started
06:34:16.941: hostapd-phy0: nl80211: deinit ifname=ap-wlan0-1 disabled_11b_rates=0
06:34:18.900: WARN: Daemon 'hostapd-phy0' exited. Try to start it again.
06:34:18.922: hostapd-phy0: Configuration file: /run/create_ap/hostapd_phy0.conf
06:34:18.996: hostapd-phy0: Failed to create interface mon.ap-wlan0-1: -95 (Operation not supported)
06:34:19.003: hostapd-phy0: ap-wlan0-1: IEEE 802.11 Configured channel (9) not found from the channel list of current mode (1) IEEE 802.11g
06:34:19.006: hostapd-phy0: ap-wlan0-1: IEEE 802.11 Hardware does not support configured channel
06:34:19.008: hostapd-phy0: Could not select hw_mode and channel. (-3)
06:34:19.008: hostapd-phy0: ap-wlan0-1: interface state UNINITIALIZED->DISABLED
06:34:19.008: hostapd-phy0: ap-wlan0-1: AP-DISABLED 
06:34:19.008: hostapd-phy0: ap-wlan0-1: Unable to setup interface.
06:34:19.009: hostapd-phy0: ap-wlan0-1: interface state DISABLED->DISABLED
06:34:19.010: hostapd-phy0: ap-wlan0-1: AP-DISABLED 
06:34:19.011: hostapd-phy0: hostapd_free_hapd_data: Interface ap-wlan0-1 wasn't started
06:34:19.011: hostapd-phy0: nl80211: deinit ifname=ap-wlan0-1 disabled_11b_rates=0
06:34:20.910: WARN: Daemon 'hostapd-phy0' exited. Try to start it again.
06:34:20.932: hostapd-phy0: Configuration file: /run/create_ap/hostapd_phy0.conf
06:34:21.474: hostapd-phy0: Failed to create interface mon.ap-wlan0-1: -95 (Operation not supported)
06:34:21.482: hostapd-phy0: ap-wlan0-1: IEEE 802.11 Configured channel (9) not found from the channel list of current mode (1) IEEE 802.11g
06:34:21.485: hostapd-phy0: ap-wlan0-1: IEEE 802.11 Hardware does not support configured channel
06:34:21.486: hostapd-phy0: Could not select hw_mode and channel. (-3)
06:34:21.487: hostapd-phy0: ap-wlan0-1: interface state UNINITIALIZED->DISABLED
06:34:21.487: hostapd-phy0: ap-wlan0-1: AP-DISABLED 
06:34:21.488: hostapd-phy0: ap-wlan0-1: Unable to setup interface.
06:34:21.488: hostapd-phy0: ap-wlan0-1: interface state DISABLED->DISABLED
06:34:21.489: hostapd-phy0: ap-wlan0-1: AP-DISABLED 
06:34:21.489: hostapd-phy0: hostapd_free_hapd_data: Interface ap-wlan0-1 wasn't started
06:34:21.489: hostapd-phy0: nl80211: deinit ifname=ap-wlan0-1 disabled_11b_rates=0
06:34:22.921: ERROR: Daemon 'hostapd-phy0' exited too may times too quickly. Stop retrying.

edit: It seems it doesn't support channel 9 changing router to 6.. BRB

[acrogenesis]

Nope didn't work either

pi@raspberrypi:~/create_ap $ sudo ruby -Ilib ./bin/create_ap
06:42:31.010: Using 802.11n
06:42:31.010: Using channel 6
06:42:31.143: hostapd-phy0: Configuration file: /run/create_ap/hostapd_phy0.conf
06:42:31.154: hostapd-phy0: Failed to create interface mon.ap-wlan0-1: -95 (Operation not supported)
06:42:31.162: hostapd-phy0: Driver does not support configured HT capability [HT40*]
06:42:31.162: hostapd-phy0: ap-wlan0-1: interface state UNINITIALIZED->DISABLED
06:42:31.163: hostapd-phy0: ap-wlan0-1: AP-DISABLED 
06:42:31.163: hostapd-phy0: ap-wlan0-1: Unable to setup interface.
06:42:31.163: hostapd-phy0: ap-wlan0-1: interface state DISABLED->DISABLED
06:42:31.163: hostapd-phy0: ap-wlan0-1: AP-DISABLED 
06:42:31.163: hostapd-phy0: hostapd_free_hapd_data: Interface ap-wlan0-1 wasn't started
06:42:31.163: hostapd-phy0: nl80211: deinit ifname=ap-wlan0-1 disabled_11b_rates=0
06:42:33.162: WARN: Daemon 'hostapd-phy0' exited. Try to start it again.
06:42:33.185: hostapd-phy0: Configuration file: /run/create_ap/hostapd_phy0.conf
06:42:33.194: hostapd-phy0: Failed to create interface mon.ap-wlan0-1: -95 (Operation not supported)
06:42:33.201: hostapd-phy0: Driver does not support configured HT capability [HT40*]
06:42:33.202: hostapd-phy0: ap-wlan0-1: interface state UNINITIALIZED->DISABLED
06:42:33.203: hostapd-phy0: ap-wlan0-1: AP-DISABLED 
06:42:33.204: hostapd-phy0: ap-wlan0-1: Unable to setup interface.
06:42:33.204: hostapd-phy0: ap-wlan0-1: interface state DISABLED->DISABLED
06:42:33.205: hostapd-phy0: ap-wlan0-1: AP-DISABLED 
06:42:33.205: hostapd-phy0: hostapd_free_hapd_data: Interface ap-wlan0-1 wasn't started
06:42:33.205: hostapd-phy0: nl80211: deinit ifname=ap-wlan0-1 disabled_11b_rates=0
06:42:43.311: WARN: Daemon 'hostapd-phy0' exited. Try to start it again.
06:42:43.334: hostapd-phy0: Configuration file: /run/create_ap/hostapd_phy0.conf
06:42:43.343: hostapd-phy0: Failed to create interface mon.ap-wlan0-1: -95 (Operation not supported)
06:42:43.352: hostapd-phy0: Driver does not support configured HT capability [HT40*]
06:42:43.352: hostapd-phy0: ap-wlan0-1: interface state UNINITIALIZED->DISABLED
06:42:43.352: hostapd-phy0: ap-wlan0-1: AP-DISABLED 
06:42:43.353: hostapd-phy0: ap-wlan0-1: Unable to setup interface.
06:42:43.354: hostapd-phy0: ap-wlan0-1: interface state DISABLED->DISABLED
06:42:43.354: hostapd-phy0: ap-wlan0-1: AP-DISABLED 
06:42:43.355: hostapd-phy0: hostapd_free_hapd_data: Interface ap-wlan0-1 wasn't started
06:42:43.355: hostapd-phy0: nl80211: deinit ifname=ap-wlan0-1 disabled_11b_rates=0
06:42:45.322: ERROR: Daemon 'hostapd-phy0' exited too may times too quickly. Stop retrying.

[sherryr]

i can not change the password
so what's the problem?

[gdm85]

Actually, looking at this, some crafted a setup that works (AP and client on Raspi3).

I tested the RaspberryPi forums script/configuration and I confirm that it works flawlessly; I am using the same hardware but on a different board, kernel 5.8.16. Always make sure that your FORWARD configuration is correct and you should be able to reproduce the successful wifi repeater setup.