From: Johannes Berg <johannes@sipsolutions.net>
To: Greg KH <gregkh@linuxfoundation.org>, Wxm-233 <lty2wxm@gmail.com>
Cc: linux-wireless@vger.kernel.org, brauner@kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [BUG] mac80211: lockdep warning from key debugfs creation
Date: Mon, 20 Apr 2026 08:54:07 +0200 [thread overview]
Message-ID: <f1b1c971acd5e3dfc9eae2b2dc5f9b6d0405efc9.camel@sipsolutions.net> (raw)
In-Reply-To: <2026041944-dallying-unsettled-6e38@gregkh>
On Sun, 2026-04-19 at 08:48 +0200, Greg KH wrote:
> > The warning becomes possible because there is already an existing
> > dependency from relay_open_buf()/relay_create_buf_file(): that path
> > holds relay_channels_mutex and then enters the same debugfs/VFS
> > creation flow, which reaches the directory inode lock.
For the record, I have no idea what code path you're talking about here,
perhaps that's hidden away in some driver?
> > With both chains present, lockdep reports the cycle:
> >
> > fs_reclaim -> relay_channels_mutex -> inode rwsem -> fs_reclaim
> >
> > This looks more like a real locking problem than a pure fuzzing
> > artifact. The trigger is a syzkaller-style key creation workload, but
> > the questionable part is that mac80211 performs non-essential debugfs
> > creation inside the locked key installation path.
> >
> > A possible fix direction would be to avoid creating per-key debugfs
> > entries while still in the locked add-key path, for example by
> > deferring the debugfs population until after the critical section or by
> > moving it to a safer asynchronous context.
> >
> > Relevant source locations in current trees are:
> >
> > net/wireless/nl80211.c: nl80211_pre_doit(), nl80211_new_key()
> > net/mac80211/key.c: ieee80211_key_link()
> > net/mac80211/debugfs_key.c: ieee80211_debugfs_key_add()
> > fs/namei.c: start_dirop()
> >
> > If useful, I can also send the full report/log pair.
>
> Why not send a fix for this so you get full credit for it?
Agree, that'd be nice, especially since you can actually reproduce and
therefore test it.
Note though that trying to fix this on the mac80211 side as you suggest
above ("A possible fix direction ...") is not going to work, you'll need
to address this on the other side (that relay thing.)
johannes
prev parent reply other threads:[~2026-04-20 6:54 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-17 17:12 [BUG] mac80211: lockdep warning from key debugfs creation Wxm-233
2026-04-19 6:48 ` Greg KH
2026-04-20 6:54 ` Johannes Berg [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f1b1c971acd5e3dfc9eae2b2dc5f9b6d0405efc9.camel@sipsolutions.net \
--to=johannes@sipsolutions.net \
--cc=brauner@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=lty2wxm@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox