[PATCH RFC] wifi: mac80211: remove broken reset debugfs interface
0 views
Skip to first unread message
syzbot
May 13, 2026, 3:34:41 PM (2 days ago) May 13
to syzkaller-upst...@googlegroups.com, syz...@lists.linux.dev
The `reset` debugfs entry was originally introduced as a hack to test
the suspend/resume code paths without requiring a full system suspend.
However, since the generic suspend/resume procedures were cleaned up in
2013, the responsibility for tearing down interfaces and releasing
channel contexts before a suspend was delegated to the `cfg80211` layer.
The `reset_write()` function bypassed this `cfg80211` teardown phase,
directly calling `__ieee80211_suspend()`. As a result, if there were any
active interfaces, their channel contexts were never released, leading
to a `WARN_ON(!list_empty(&local->chanctx_list))` assertion failure in
`__ieee80211_suspend()`.
Because the `reset` debugfs entry can no longer accurately simulate a
real suspend/resume cycle and has been fundamentally broken for over a
decade when active interfaces are present, remove it entirely to prevent
the crash.
Fixes: 12e7f517029dad819c45eca9ca01fdb9ba57616b ("mac80211: cleanup generic suspend/resume procedures")
Assisted-by: Gemini:gemini-3.1-pro-preview
Reported-by: syzbot+56a1a4...@syzkaller.appspotmail.com
Link: https://syzkaller.appspot.com/bug?extid=56a1a45a9a2c04d425ff
Link: https://syzkaller.appspot.com/ai_job?id=42504dac-87d9-412c-b393-0d219ade8e49
To: <joha...@sipsolutions.net>
To: <linux-w...@vger.kernel.org>
Cc: <linux-...@vger.kernel.org>
---
diff --git a/net/mac80211/debugfs.c b/net/mac80211/debugfs.c
index 5a1831b08..46630d997 100644
--- a/net/mac80211/debugfs.c
+++ b/net/mac80211/debugfs.c
@@ -400,33 +400,6 @@ static const struct debugfs_short_fops force_tx_status_ops = {
.llseek = default_llseek,
};
-#ifdef CONFIG_PM
-static ssize_t reset_write(struct file *file, const char __user *user_buf,
- size_t count, loff_t *ppos)
-{
- struct ieee80211_local *local = file->private_data;
- int ret;
-
- rtnl_lock();
- wiphy_lock(local->hw.wiphy);
- __ieee80211_suspend(&local->hw, NULL);
- ret = __ieee80211_resume(&local->hw);
- wiphy_unlock(local->hw.wiphy);
-
- if (ret)
- cfg80211_shutdown_all_interfaces(local->hw.wiphy);
-
- rtnl_unlock();
-
- return count;
-}
-
-static const struct debugfs_short_fops reset_ops = {
- .write = reset_write,
- .llseek = noop_llseek,
-};
-#endif
-
static const char *hw_flag_names[] = {
#define FLAG(F) [IEEE80211_HW_##F] = #F
FLAG(HAS_RATE_CONTROL),
@@ -682,9 +655,6 @@ void debugfs_hw_add(struct ieee80211_local *local)
DEBUGFS_ADD(rate_ctrl_alg);
DEBUGFS_ADD(queues);
DEBUGFS_ADD(misc);
-#ifdef CONFIG_PM
- DEBUGFS_ADD_MODE(reset, 0200);
-#endif
DEBUGFS_ADD_MODE(hwflags, 0600);
DEBUGFS_ADD(user_power);
DEBUGFS_ADD(power);
base-commit: 5d6919055dec134de3c40167a490f33c74c12581
--
This is an AI-generated patch subject to moderation.
Reply with '#syz upstream' to send it to the mailing list.
Reply with '#syz reject' to reject it.
See for more information.
the suspend/resume code paths without requiring a full system suspend.
However, since the generic suspend/resume procedures were cleaned up in
2013, the responsibility for tearing down interfaces and releasing
channel contexts before a suspend was delegated to the `cfg80211` layer.
The `reset_write()` function bypassed this `cfg80211` teardown phase,
directly calling `__ieee80211_suspend()`. As a result, if there were any
active interfaces, their channel contexts were never released, leading
to a `WARN_ON(!list_empty(&local->chanctx_list))` assertion failure in
`__ieee80211_suspend()`.
Because the `reset` debugfs entry can no longer accurately simulate a
real suspend/resume cycle and has been fundamentally broken for over a
decade when active interfaces are present, remove it entirely to prevent
the crash.
Fixes: 12e7f517029dad819c45eca9ca01fdb9ba57616b ("mac80211: cleanup generic suspend/resume procedures")
Assisted-by: Gemini:gemini-3.1-pro-preview
Reported-by: syzbot+56a1a4...@syzkaller.appspotmail.com
Link: https://syzkaller.appspot.com/bug?extid=56a1a45a9a2c04d425ff
Link: https://syzkaller.appspot.com/ai_job?id=42504dac-87d9-412c-b393-0d219ade8e49
To: <joha...@sipsolutions.net>
To: <linux-w...@vger.kernel.org>
Cc: <linux-...@vger.kernel.org>
---
diff --git a/net/mac80211/debugfs.c b/net/mac80211/debugfs.c
index 5a1831b08..46630d997 100644
--- a/net/mac80211/debugfs.c
+++ b/net/mac80211/debugfs.c
@@ -400,33 +400,6 @@ static const struct debugfs_short_fops force_tx_status_ops = {
.llseek = default_llseek,
};
-#ifdef CONFIG_PM
-static ssize_t reset_write(struct file *file, const char __user *user_buf,
- size_t count, loff_t *ppos)
-{
- struct ieee80211_local *local = file->private_data;
- int ret;
-
- rtnl_lock();
- wiphy_lock(local->hw.wiphy);
- __ieee80211_suspend(&local->hw, NULL);
- ret = __ieee80211_resume(&local->hw);
- wiphy_unlock(local->hw.wiphy);
-
- if (ret)
- cfg80211_shutdown_all_interfaces(local->hw.wiphy);
-
- rtnl_unlock();
-
- return count;
-}
-
-static const struct debugfs_short_fops reset_ops = {
- .write = reset_write,
- .llseek = noop_llseek,
-};
-#endif
-
static const char *hw_flag_names[] = {
#define FLAG(F) [IEEE80211_HW_##F] = #F
FLAG(HAS_RATE_CONTROL),
@@ -682,9 +655,6 @@ void debugfs_hw_add(struct ieee80211_local *local)
DEBUGFS_ADD(rate_ctrl_alg);
DEBUGFS_ADD(queues);
DEBUGFS_ADD(misc);
-#ifdef CONFIG_PM
- DEBUGFS_ADD_MODE(reset, 0200);
-#endif
DEBUGFS_ADD_MODE(hwflags, 0600);
DEBUGFS_ADD(user_power);
DEBUGFS_ADD(power);
base-commit: 5d6919055dec134de3c40167a490f33c74c12581
--
This is an AI-generated patch subject to moderation.
Reply with '#syz upstream' to send it to the mailing list.
Reply with '#syz reject' to reject it.
See for more information.
Reply all
Reply to author
Forward
0 new messages