Bug 153961

Summary: mac80211 crash under monitoring
Product: Drivers Reporter: Kamil Toman (kamil.toman)
Component: network-wirelessAssignee: Johannes Berg (johannes)
Status: CLOSED CODE_FIX    
Severity: normal CC: arik, luca
Priority: P1    
Hardware: Intel   
OS: Linux   
Kernel Version: 4.6.4 Subsystem:
Regression: No Bisected commit-id:

Description Kamil Toman 2016-08-25 20:25:34 UTC 
System went unresponsive under a monitored networking operation:
Aug 25 21:25:18 oryx kernel: [  400.464843] NMI watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [wpa_supplicant:4260]

Aug 25 21:24:50 oryx kernel: [  372.764887] ------------[ cut here ]------------
Aug 25 21:24:50 oryx kernel: [  372.764940] WARNING: CPU: 0 PID: 4260 at net/mac80211/util.c:2847 ieee80211_chandef_downgrade+0x40/0x160 [mac80211]
Aug 25 21:24:50 oryx kernel: [  372.764944] Modules linked in: bnep vmnet(OE) vmw_vsock_vmci_transport vsock vmw_vmci vmmon(OE) drbg ansi_cprng ctr ccm ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack x_tables nf_nat nf_conntrack br_netfilter bridge stp llc overlay ec_sys binfmt_misc nls_iso8859_1 snd_hda_codec_hdmi mxm_wmi arc4 intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm snd_hda_codec_realtek irqbypass snd_hda_codec_generic crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel snd_hda_intel aes_x86_64 lrw gf128mul glue_helper snd_hda_codec ablk_helper cryptd snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_core rtsx_pci_ms input_leds iwlmvm joydev videodev memstick snd_seq mac80211 media snd_seq_device snd_timer serio_raw iwlwifi cfg80211 mei_me snd soundcore mei shpchp nvidia_uvm(POE) hci_uart btbcm wmi btqca btintel bluetooth intel_lpss_acpi intel_lpss acpi_pad mac_hid parport_pc ppdev lp parport autofs4 btrfs xor raid6_pq dm_mirror dm_region_hash dm_log hid_generic usbhid rtsx_pci_sdmmc nvidia_drm(POE) nvidia_modeset(POE) drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops drm psmouse nvidia(POE) nvme r8169 nvme_core rtsx_pci ahci mii libahci pinctrl_sunrisepoint i2c_hid video pinctrl_intel hid fjes
Aug 25 21:24:50 oryx kernel: [  372.765089] CPU: 0 PID: 4260 Comm: wpa_supplicant Tainted: P           OE   4.6.4-katox #2
Aug 25 21:24:50 oryx kernel: [  372.765092] Hardware name: System76, Inc. Oryx Pro/Oryx Pro, BIOS 1.05.09RSA1 11/16/2015
Aug 25 21:24:50 oryx kernel: [  372.765096]  0000000000000286 0000000048d9dce9 ffff88084ca93840 ffffffff813ede93
Aug 25 21:24:50 oryx kernel: [  372.765102]  0000000000000000 0000000000000000 ffff88084ca93880 ffffffff8108184b
Aug 25 21:24:50 oryx kernel: [  372.765108]  00000b1fc1034392 ffff88084ca938c0 ffff88084eae4000 ffff880851e90840
Aug 25 21:24:50 oryx kernel: [  372.765113] Call Trace:
Aug 25 21:24:50 oryx kernel: [  372.765124]  [<ffffffff813ede93>] dump_stack+0x63/0x90
Aug 25 21:24:50 oryx kernel: [  372.765131]  [<ffffffff8108184b>] __warn+0xcb/0xf0
Aug 25 21:24:50 oryx kernel: [  372.765137]  [<ffffffff8108197d>] warn_slowpath_null+0x1d/0x20
Aug 25 21:24:50 oryx kernel: [  372.765174]  [<ffffffffc1123cd0>] ieee80211_chandef_downgrade+0x40/0x160 [mac80211]
Aug 25 21:24:50 oryx kernel: [  372.765216]  [<ffffffffc1143595>] ieee80211_tdls_chandef_vht_upgrade+0x105/0x1f0 [mac80211]
Aug 25 21:24:50 oryx kernel: [  372.765254]  [<ffffffffc11442e4>] ieee80211_tdls_build_mgmt_packet_data+0xa44/0x1090 [mac80211]
Aug 25 21:24:50 oryx kernel: [  372.765290]  [<ffffffffc114537f>] ieee80211_tdls_prep_mgmt_packet.constprop.7+0xaf/0x2c0 [mac80211]
Aug 25 21:24:50 oryx kernel: [  372.765322]  [<ffffffffc1145904>] ieee80211_tdls_mgmt+0x2e4/0x4c0 [mac80211]
Aug 25 21:24:50 oryx kernel: [  372.765355]  [<ffffffffc1019942>] nl80211_tdls_mgmt+0x132/0x240 [cfg80211]
Aug 25 21:24:50 oryx kernel: [  372.765364]  [<ffffffff817609bb>] genl_family_rcv_msg+0x1db/0x3b0
Aug 25 21:24:50 oryx kernel: [  372.765371]  [<ffffffff81713cb3>] ? skb_queue_tail+0x43/0x50
Aug 25 21:24:50 oryx kernel: [  372.765377]  [<ffffffff8175d24e>] ? __netlink_sendskb+0x3e/0x60
Aug 25 21:24:50 oryx kernel: [  372.765384]  [<ffffffff81760b90>] ? genl_family_rcv_msg+0x3b0/0x3b0
Aug 25 21:24:50 oryx kernel: [  372.765390]  [<ffffffff81760c06>] genl_rcv_msg+0x76/0xb0
Aug 25 21:24:50 oryx kernel: [  372.765396]  [<ffffffff81760114>] netlink_rcv_skb+0xa4/0xc0
Aug 25 21:24:50 oryx kernel: [  372.765401]  [<ffffffff817607c8>] genl_rcv+0x28/0x40
Aug 25 21:24:50 oryx kernel: [  372.765407]  [<ffffffff8175faf3>] netlink_unicast+0x183/0x230
Aug 25 21:24:50 oryx kernel: [  372.765413]  [<ffffffff8175fe9b>] netlink_sendmsg+0x2fb/0x3a0
Aug 25 21:24:50 oryx kernel: [  372.765421]  [<ffffffff8170ce68>] sock_sendmsg+0x38/0x50
Aug 25 21:24:50 oryx kernel: [  372.765428]  [<ffffffff8170d91e>] ___sys_sendmsg+0x28e/0x2a0
Aug 25 21:24:50 oryx kernel: [  372.765433]  [<ffffffff813f6e92>] ? memzero_explicit+0x12/0x20
Aug 25 21:24:50 oryx kernel: [  372.765440]  [<ffffffff8151c7ec>] ? extract_entropy_user+0x11c/0x1b0
Aug 25 21:24:50 oryx kernel: [  372.765448]  [<ffffffff81236153>] ? dput+0xb3/0x220
Aug 25 21:24:50 oryx kernel: [  372.765454]  [<ffffffff8123f814>] ? mntput+0x24/0x40
Aug 25 21:24:50 oryx kernel: [  372.765460]  [<ffffffff812204e3>] ? __fput+0x193/0x230
Aug 25 21:24:50 oryx kernel: [  372.765464]  [<ffffffff8170e274>] __sys_sendmsg+0x54/0x90
Aug 25 21:24:50 oryx kernel: [  372.765469]  [<ffffffff8170e2c2>] SyS_sendmsg+0x12/0x20
Aug 25 21:24:50 oryx kernel: [  372.765477]  [<ffffffff818385b6>] entry_SYSCALL_64_fastpath+0x1e/0xa8
Aug 25 21:24:50 oryx kernel: [  372.765481] ---[ end trace e487d8b0f5c0eff6 ]---
Comment 1 Luca Coelho 2016-08-29 11:24:41 UTC 
Arik has found the problem and has implemented a fix for it, which we will soon send out.

Assigning to Johannes so he can close it when the fix is applied.