group rekeying failing

Hi,

I'm currently facing trouble using hostapd from git (2012-07-07), 
though the problem has been present for quite some time with openwrt.
The setup is a multi-ssid with wpa-psk (radius) and wpa-eap (radius) 
using WPA-2 and multi-vlan. peerkey, okc and rsn_preauth are enabled, 
but the problem persists even without and across psk and 802.1X. The 
STAs are wpa-supplicant 0.6.10 and 0.7.3, but the problem has also been 
seen with MacOS 10.6, the AP is OpenWRT von P1020WLAN with two AR9300 
cards.

After authentication, all stations receive broadcast frames sent by the 
AP. Then, group key renegotiation occurs, and _some_ stations are now 
failing to receive broadcast frames. This then breaks IPv6 soon after, 
because neighbourhood discovery does no longer work.

I've patched driver_nl80211.c to debug the broadcast key actually set 
by the driver, and it differs between ap and sta during rekeying but not 
during auth.
Further, I looks like the stations not failing are those, for whose BSS 
hostap did not issue an set_key command during rekeying. Even though, on 
the stations failing, wpa supplicant sets the same key as already set 
before again, but hostap uses a different key than before. I further 
seen some warnings on GKeyDoneStations>1, which I guess are related.

There are also ap and sta logs for single-sta logged-in failing 
(log-sta and log-ap) and an ap log for two-stas, where only one is 
failing (log-ap-2).
For size reasons, those are downloadable here:
   http://pastebin.com/tCiTvBrT (log-ap)
   http://pastebin.com/M1QDfwRg (log-ap-2)
   http://pastebin.com/kN9GRTVw (log-sta)

Do you have any hints on what is actually failing here?

Regards,
  M. Braun