On Thu, 2025-07-24 at 00:15 -0700, Moon Hee Lee wrote: > A NULL pointer dereference may occur in ieee80211_sta_debugfs_remove() > when debugfs_remove_recursive() is called on a dentry whose inode has > already been freed. This can happen due to a race between STA teardown > and debugfs cleanup. > > Fix this by checking that both sta->debugfs_dir and its d_inode are > valid before invoking debugfs_remove_recursive(). > > This avoids the crash reported in syzbot bug: Maybe so, but it really looks like a bandaid?! Why are we trying to remove it twice in the first place? johannes
