[PATCH mt76] wifi: mt76: mt7996: Do not run ieee80211_iter_keys() for scanning links in mt7996_vif_link_remove()
Ben Greear
greearb at candelatech.com
Mon Nov 17 09:02:18 PST 2025
On 11/15/25 2:41 AM, Lorenzo Bianconi wrote:
> mt7996_vif_link_remove routine is executed by mt76_scan_complete()
> without holding the wiphy mutex triggering the following lockdep warning.
Hello Lorenzo,
Thank you for the patch. This appears to fix the lockdep splats I was
seeing, and kernel is stable in at least initial testing.
Thanks,
Ben
>
> WARNING: CPU: 0 PID: 72 at net/mac80211/key.c:1029 ieee80211_iter_keys+0xe4/0x1a0 [mac80211]
> CPU: 0 UID: 0 PID: 72 Comm: kworker/u32:2 Tainted: G S 6.18.0-rc5+ #27 PREEMPT(full)
> Tainted: [S]=CPU_OUT_OF_SPEC
> Hardware name: Default string Default string/SKYBAY, BIOS 5.12 02/15/2023
> Workqueue: phy3 mt76_scan_work [mt76]
> RIP: 0010:ieee80211_iter_keys+0xe4/0x1a0 [mac80211]
> Code: 4c 48 83 c4 10 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 8b 47 48 be ff ff ff ff 48 8d 78 68 e8 b4 eb 1e e1 85 c0 0f 85 49
> ff ff ff 4c 8b ab 90 1a 00 00 48 8d 83 90
> RSP: 0018:ffffc900002f7cb0 EFLAGS: 00010246
> RAX: 0000000000000000 RBX: ffff888127e00ee0 RCX: 0000000000000000
> RDX: 0000000000000000 RSI: ffff888127e00788 RDI: ffff88811132b5c8
> RBP: ffffffffa0ddf400 R08: 0000000000000001 R09: 000000009dcc1dac
> R10: 0000000000000001 R11: ffff88811132b5a0 R12: ffffc900002f7d00
> R13: ffff8882581e6a80 R14: ffff888127e0afc8 R15: ffff888158832038
> FS: 0000000000000000(0000) GS:ffff8884da486000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000000030a0fd90 CR3: 0000000002c52004 CR4: 00000000003706f0
> Call Trace:
> <TASK>
> ? lock_acquire+0xc2/0x2c0
> mt7996_vif_link_remove+0x64/0x2b0 [mt7996e]
> mt76_put_vif_phy_link+0x41/0x50 [mt76]
> mt76_scan_complete+0x77/0x100 [mt76]
> mt76_scan_work+0x2eb/0x3f0 [mt76]
> ? process_one_work+0x1e5/0x6d0
> process_one_work+0x221/0x6d0
> worker_thread+0x19a/0x340
> ? rescuer_thread+0x450/0x450
> kthread+0x108/0x220
> ? kthreads_online_cpu+0x110/0x110
> ret_from_fork+0x1c6/0x220
> ? kthreads_online_cpu+0x110/0x110
> ret_from_fork_asm+0x11/0x20
> </TASK>
> irq event stamp: 45471
> hardirqs last enabled at (45477): [<ffffffff813d446e>] __up_console_sem+0x5e/0x70
> hardirqs last disabled at (45482): [<ffffffff813d4453>] __up_console_sem+0x43/0x70
> softirqs last enabled at (44500): [<ffffffff81f2ae0c>] napi_pp_put_page+0xac/0xd0
> softirqs last disabled at (44498): [<ffffffff81fa32a0>] page_pool_put_unrefed_netmem+0x290/0x3d0
> ---[ end trace 0000000000000000 ]---
>
> Fix the issue skipping ieee80211_iter_keys() for scanning links in
> mt7996_vif_link_remove routine since we have not uploaded any hw keys
> for these links.
>
> Fixes: 04414d7bba78 ("wifi: mt76: mt7996: delete vif keys when requested")
> Signed-off-by: Lorenzo Bianconi <lorenzo at kernel.org>
> ---
> drivers/net/wireless/mediatek/mt76/mt7996/main.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/net/wireless/mediatek/mt76/mt7996/main.c b/drivers/net/wireless/mediatek/mt76/mt7996/main.c
> index 2a45db398fd597180c0b2bfc12e019b514f24fd6..beed795edb24c67e1b7b44fe87fd5de125a21d94 100644
> --- a/drivers/net/wireless/mediatek/mt76/mt7996/main.c
> +++ b/drivers/net/wireless/mediatek/mt76/mt7996/main.c
> @@ -392,7 +392,8 @@ void mt7996_vif_link_remove(struct mt76_phy *mphy, struct ieee80211_vif *vif,
> };
> int idx = msta_link->wcid.idx;
>
> - ieee80211_iter_keys(mphy->hw, vif, mt7996_key_iter, &it);
> + if (!mlink->wcid->offchannel)
> + ieee80211_iter_keys(mphy->hw, vif, mt7996_key_iter, &it);
>
> mt7996_mcu_add_sta(dev, link_conf, NULL, link, NULL,
> CONN_STATE_DISCONNECT, false);
>
> ---
> base-commit: 09600421ffe2acc1a00ec466b25485f11b6bb957
> change-id: 20251115-mt7996-key-iter-link-remove-fix-7cf4d529c5a0
>
> Best regards,
--
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc http://www.candelatech.com
More information about the linux-arm-kernel
mailing list