A WARN_ON(wdev->conn) would trigger in cfg80211_sme_connect(), if multiple send_msg() system calls are made from the userland, which should be anticipated and handled by the wireless driver. Convert this WARN() to pr_warn to prevent a kernel panic if kernel is configured to "panic on warn". Bug reported by syzbot. Reported-by: syzbot+5f9392825de654244975@xxxxxxxxxxxxxxxxxxxxxxxxx Signed-off-by: Du Cheng <ducheng2@xxxxxxxxx> --- link to syzkaller: https://syzkaller.appspot.com/bug?extid=5f9392825de654244975 this patch has passed syzbot test. net/wireless/sme.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/wireless/sme.c b/net/wireless/sme.c index 07756ca5e3b5..87a65a4c40ae 100644 --- a/net/wireless/sme.c +++ b/net/wireless/sme.c @@ -529,8 +529,10 @@ static int cfg80211_sme_connect(struct wireless_dev *wdev, cfg80211_sme_free(wdev); } - if (WARN_ON(wdev->conn)) + if (wdev->conn) { + pr_warn("%s: wdev->conn != NULL, sme connect in progress", __func__); return -EINPROGRESS; + } wdev->conn = kzalloc(sizeof(*wdev->conn), GFP_KERNEL); if (!wdev->conn) -- 2.30.2
