[PATCH mt76] wifi: mt76: mt7996: Do not run ieee80211_iter_keys() for scanning links in mt7996_vif_link_remove()

Lorenzo Bianconi lorenzo at kernel.org
Sat Nov 15 02:41:00 PST 2025 

mt7996_vif_link_remove routine is executed by mt76_scan_complete()
without holding the wiphy mutex triggering the following lockdep warning.

 WARNING: CPU: 0 PID: 72 at net/mac80211/key.c:1029 ieee80211_iter_keys+0xe4/0x1a0 [mac80211]
 CPU: 0 UID: 0 PID: 72 Comm: kworker/u32:2 Tainted: G S                  6.18.0-rc5+ #27 PREEMPT(full)
 Tainted: [S]=CPU_OUT_OF_SPEC
 Hardware name: Default string Default string/SKYBAY, BIOS 5.12 02/15/2023
 Workqueue: phy3 mt76_scan_work [mt76]
 RIP: 0010:ieee80211_iter_keys+0xe4/0x1a0 [mac80211]
 Code: 4c 48 83 c4 10 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 8b 47 48 be ff ff ff ff 48 8d 78 68 e8 b4 eb 1e e1 85 c0 0f 85 49
ff ff ff 4c 8b ab 90 1a 00 00 48 8d 83 90
 RSP: 0018:ffffc900002f7cb0 EFLAGS: 00010246
 RAX: 0000000000000000 RBX: ffff888127e00ee0 RCX: 0000000000000000
 RDX: 0000000000000000 RSI: ffff888127e00788 RDI: ffff88811132b5c8
 RBP: ffffffffa0ddf400 R08: 0000000000000001 R09: 000000009dcc1dac
 R10: 0000000000000001 R11: ffff88811132b5a0 R12: ffffc900002f7d00
 R13: ffff8882581e6a80 R14: ffff888127e0afc8 R15: ffff888158832038
 FS:  0000000000000000(0000) GS:ffff8884da486000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000000030a0fd90 CR3: 0000000002c52004 CR4: 00000000003706f0
 Call Trace:
  <TASK>
  ? lock_acquire+0xc2/0x2c0
  mt7996_vif_link_remove+0x64/0x2b0 [mt7996e]
  mt76_put_vif_phy_link+0x41/0x50 [mt76]
  mt76_scan_complete+0x77/0x100 [mt76]
  mt76_scan_work+0x2eb/0x3f0 [mt76]
  ? process_one_work+0x1e5/0x6d0
  process_one_work+0x221/0x6d0
  worker_thread+0x19a/0x340
  ? rescuer_thread+0x450/0x450
  kthread+0x108/0x220
  ? kthreads_online_cpu+0x110/0x110
  ret_from_fork+0x1c6/0x220
  ? kthreads_online_cpu+0x110/0x110
  ret_from_fork_asm+0x11/0x20
  </TASK>
 irq event stamp: 45471
 hardirqs last  enabled at (45477): [<ffffffff813d446e>] __up_console_sem+0x5e/0x70
 hardirqs last disabled at (45482): [<ffffffff813d4453>] __up_console_sem+0x43/0x70
 softirqs last  enabled at (44500): [<ffffffff81f2ae0c>] napi_pp_put_page+0xac/0xd0
 softirqs last disabled at (44498): [<ffffffff81fa32a0>] page_pool_put_unrefed_netmem+0x290/0x3d0
 ---[ end trace 0000000000000000 ]---

Fix the issue skipping ieee80211_iter_keys() for scanning links in
mt7996_vif_link_remove routine since we have not uploaded any hw keys
for these links.

Fixes: 04414d7bba78 ("wifi: mt76: mt7996: delete vif keys when requested")
Signed-off-by: Lorenzo Bianconi <lorenzo at kernel.org>
---
 drivers/net/wireless/mediatek/mt76/mt7996/main.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/net/wireless/mediatek/mt76/mt7996/main.c b/drivers/net/wireless/mediatek/mt76/mt7996/main.c
index 2a45db398fd597180c0b2bfc12e019b514f24fd6..beed795edb24c67e1b7b44fe87fd5de125a21d94 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7996/main.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7996/main.c
@@ -392,7 +392,8 @@ void mt7996_vif_link_remove(struct mt76_phy *mphy, struct ieee80211_vif *vif,
 	};
 	int idx = msta_link->wcid.idx;
 
-	ieee80211_iter_keys(mphy->hw, vif, mt7996_key_iter, &it);
+	if (!mlink->wcid->offchannel)
+		ieee80211_iter_keys(mphy->hw, vif, mt7996_key_iter, &it);
 
 	mt7996_mcu_add_sta(dev, link_conf, NULL, link, NULL,
 			   CONN_STATE_DISCONNECT, false);

---
base-commit: 09600421ffe2acc1a00ec466b25485f11b6bb957
change-id: 20251115-mt7996-key-iter-link-remove-fix-7cf4d529c5a0

Best regards,
-- 
Lorenzo Bianconi <lorenzo at kernel.org>

More information about the linux-arm-kernel mailing list