Hi, hmm, doubt that would work. Fundamentally, the problem is that when we switch between MLO and non-MLO (multi-link operation), we need to recreate the debugfs because the layout changes. However, in that case we should not have any active stations and running ieee80211_debugfs_recreate_netdev should usually not be problematic. So, the simple way to prevent this error is to make sure that ieee80211_debugfs_recreate_netdev is never called while we have a station. In the case of this report we seem to be getting there via a mac address change (i.e. ieee80211_change_mac) and the sane thing would be to just return -EBUSY instead of permitting the operation to continue. To fix the error, one could possibly prevent the stations debugfs entries from being deleted by ieee80211_debugfs_recreate_netdev or also recreate them. However, keeping them is not really correct unless MLO is not toggled and I am not sure how straight forward it would be to recreate them. Benjamin On Thu, 2024-07-18 at 20:03 +0300, Dmitry Antipov wrote: > The following quirk looks like a (briefly tested with CONFIG_KMEMLEAK) > fix for https://syzkaller.appspot.com/bug?extid=d5dc2801166df6d34774: > > diff --git a/net/mac80211/debugfs_sta.c b/net/mac80211/debugfs_sta.c > index 1e9389c49a57..8224257e5d93 100644 > --- a/net/mac80211/debugfs_sta.c > +++ b/net/mac80211/debugfs_sta.c > @@ -1284,7 +1284,9 @@ void ieee80211_sta_debugfs_add(struct sta_info *sta) > > void ieee80211_sta_debugfs_remove(struct sta_info *sta) > { > - debugfs_remove_recursive(sta->debugfs_dir); > + if (!sta->debugfs_shared) > + debugfs_remove_recursive(sta->debugfs_dir); > + sta->debugfs_shared = false; > sta->debugfs_dir = NULL; > } > > @@ -1319,6 +1321,7 @@ void ieee80211_link_sta_debugfs_add(struct link_sta_info *link_sta) > return; > > link_sta->debugfs_dir = link_sta->sta->debugfs_dir; > + link_sta->sta->debugfs_shared = true; > } > > DEBUGFS_ADD(ht_capa); > diff --git a/net/mac80211/sta_info.h b/net/mac80211/sta_info.h > index 9195d5a2de0a..d76ba36ca794 100644 > --- a/net/mac80211/sta_info.h > +++ b/net/mac80211/sta_info.h > @@ -708,6 +708,7 @@ struct sta_info { > > #ifdef CONFIG_MAC80211_DEBUGFS > struct dentry *debugfs_dir; > + bool debugfs_shared; > #endif > > struct codel_params cparams; > > So what about managing debugfs entries wih krefs? E.g.: > > diff --git a/net/mac80211/sta_info.h b/net/mac80211/sta_info.h > index 9195d5a2de0a..1f4561533530 100644 > --- a/net/mac80211/sta_info.h > +++ b/net/mac80211/sta_info.h > @@ -466,6 +466,15 @@ struct ieee80211_fragment_cache { > unsigned int next; > }; > > +#ifdef CONFIG_MAC80211_DEBUGFS > + > +struct sta_debugfs_entry { > + struct dentry *debugfs_dir; > + struct kref kref; > +}; > + > +#endif /* CONFIG_MAC80211_DEBUGFS */ > + > /* > * The bandwidth threshold below which the per-station CoDel parameters will be > * scaled to be more lenient (to prevent starvation of slow stations). This > @@ -563,7 +572,7 @@ struct link_sta_info { > enum ieee80211_sta_rx_bandwidth cur_max_bandwidth; > > #ifdef CONFIG_MAC80211_DEBUGFS > - struct dentry *debugfs_dir; > + struct sta_debugfs_entry *debugfs_entry; > #endif > > struct ieee80211_link_sta *pub; > @@ -707,7 +716,7 @@ struct sta_info { > struct sta_ampdu_mlme ampdu_mlme; > > #ifdef CONFIG_MAC80211_DEBUGFS > - struct dentry *debugfs_dir; > + struct sta_debugfs_entry *debugfs_entry; > #endif > > struct codel_params cparams; > > Dmitry Intel Deutschland GmbH Registered Address: Am Campeon 10, 85579 Neubiberg, Germany Tel: +49 89 99 8853-0, www.intel.de Managing Directors: Sean Fennelly, Jeffrey Schneiderman, Tiffany Doon Silva Chairperson of the Supervisory Board: Nicole Lau Registered Office: Munich Commercial Register: Amtsgericht Muenchen HRB 186928
