From nobody Wed Apr 8 02:49:22 2026 Received: from mail-pj1-f54.google.com (mail-pj1-f54.google.com [209.85.216.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0DBB43BADBE for ; Tue, 10 Mar 2026 16:00:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.54 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773158423; cv=none; b=Ytt2hZ6lFuK/jSMUHHu1AxBz/4kyvvNT1y69iSNbO7CWowfa7QyJwzVeL5asEWJmgXpcHVq3fcoggQhfV/ku9Byr6Vypw01cdo0IvQYAmhjgx80QeU1S5OHCRrg/+PyAjnYJp7gqHT9/Bqx67RQGAcW4QRb8b0mNzauHGIjJSgg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773158423; c=relaxed/simple; bh=TRuvZ4S1MzXyaUkOso+Dc7l046VDE4OoSzr5jLgg6zI=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=DA+/R1v3vxTbF7+RmZG1z3nwMc2FTdBLAkr7fIA6zk5ESvGU8yIIJj37LHXxobNpv/totnutbS6rUIW4wQMIokDubK4wQkVgYu3sZy3Al6r+98qL2O0zu2HwVs3YN6IArumGPtNGKcZfYjQDVyOIX/FTxWaw/fhslkL29C7I8oE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=jBNgBfjN; arc=none smtp.client-ip=209.85.216.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="jBNgBfjN" Received: by mail-pj1-f54.google.com with SMTP id 98e67ed59e1d1-359863611faso3989166a91.3 for ; Tue, 10 Mar 2026 09:00:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773158421; x=1773763221; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=5K+H/IceKxyox6ZakgYOlccZsAjUOP17fRgxkl+6MeM=; b=jBNgBfjNlAqCewkpIVNTA5zv5kQQsflRLvyaovxjSMnCGAnMCGwMRVkelaroZD+4LP MpQDlouxDBGb54WZpNOBfjqkI8qvzwl6piKRLvfXKya60IjyAngWVHRQQW9JtBUAj1mS TMnV7b3tpalmbTraJpba0G3cJlzeDnj7AiIUq6+qWgv1+CHG9ueUE1m9dUmObxIBWhmJ +V5Nui/i0a/8Vv6UGd8hG9k7J3L6JxhBNO5c4+S/EyCWCvgu2q3VgDyDTOtcMU3nwcHZ A3rRWYW3Z6Ut9slhfxRB1NNICEeOQan7jyUh9uLFvfKvKC6IsYEgHQiCJUMZGfS7BPXq ExGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773158421; x=1773763221; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=5K+H/IceKxyox6ZakgYOlccZsAjUOP17fRgxkl+6MeM=; b=faqCc4y8vvqCEQevUZnQX/Td8ae1DMd4jqwR/zn5IzejM+ejOSZ/XCLjoKFyWSe/tI zcdyHfCVBIQlkqnPrX5yrtn2x8Cj93FSGce7MqL9HFaXF1+spjbjwttKih9uKDF3S6hb yMNlRfhpI99pzQq7KdWTyytWBbsZSv6To7PgsOAiPg8ph9rjvjgn4SwtgxCLHj4zniLc UZkegQLG7jBG1iIBdlhrnw9Vmx+660aaLJty4oRkAC++2zuBLdR0q+Hv2RNcEUqOmC5x Si++3qqCZ0yPXeCrLULaRPGN45cNVPqVi30RICmmNEVOCjMrf8BkGif+OB8hytCm5ca8 zErA== X-Forwarded-Encrypted: i=1; AJvYcCViMOaAJIZ8XqTVShUK+1SGQKjKjfZ8D8yfQ3/oeY+y/N6eCrNVd0FnTwQiPh0ROjgY2xZcmYERdmVnzoY=@vger.kernel.org X-Gm-Message-State: AOJu0Yw8G6gIFZOF4+8C8snpmWGWCKO+tCwMd96NY+ELIKm70Du4rVRE JLFKg6FS4clPKQ2oIGoG17gX2ogPkWDs3j5nYuc/9FDJqCmsbsKadIts X-Gm-Gg: ATEYQzzkYMKsMbPb+0tI6/PTFiGxC/gSGfD+wAzaPEfmEjdn7UevItycLWUk+ryWBNe gO6+LiQSyxCY7Y7+kL14XHXfpb+zyIIR7ekw1heBswme+y1TKgLHxgShXbuadSjwXcAr5SK9lbF Hu1ZIkKT9E63DHIptqiNpI+RzVYspclj5FmOPrhCQHINiR6cdRl0vlhjPss54aCtNei83WJlCZY xBv2as6Rbh2BFbJXvixeoMi0JgGEaIQO4QDXEfl5NtGIOWNwhj1EiBByx4xcnGXF7Oi20tgLQQs M77isKClj1l0BCPjWlZBi50xsqYhd4D6CcBpGHNDtG6nz2In5ZW9bdZmIDghvqAr6o3rGQmhBzD 0g/euBDsw5ljx/zpzvEurnAod3aKHQk8QoXndwiwBwBtR69LpbMJtvHFlGOXVaBeVdIHL/grmdK ot2w1WH8AAu+x52MK+kJ979bsMnvHiFOxAm2F/HDPpRZ4YVg7reTh/vqs9wqZbViNpv0y06TeKD K3to2g= X-Received: by 2002:a17:902:e790:b0:2aa:d630:cd5d with SMTP id d9443c01a7336-2ae82505f47mr153997235ad.44.1773158421024; Tue, 10 Mar 2026 09:00:21 -0700 (PDT) Received: from deepanshu-kernel-hacker.. ([2405:201:682f:389d:556d:5acf:90c3:ea17]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2ae83f8a629sm194496085ad.62.2026.03.10.09.00.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Mar 2026 09:00:20 -0700 (PDT) From: Deepanshu Kartikey To: johannes@sipsolutions.net Cc: linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org, Deepanshu Kartikey , syzbot+56b6a844a4ea74487b7b@syzkaller.appspotmail.com Subject: [PATCH] wifi: mac80211: fix WARN_ON_ONCE in ieee80211_tdls_oper Date: Tue, 10 Mar 2026 21:30:13 +0530 Message-ID: <20260310160013.515096-1-kartikey406@gmail.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" NL80211_TDLS_ENABLE_LINK can be called without completing the TDLS setup handshake, or after the TDLS_PEER_SETUP_TIMEOUT (15 seconds) has expired and tdls_peer_del_work has zeroed out the peer address. In both cases the WARN_ON_ONCE triggers because tdls_peer is either zero or mismatched with the requested peer. Replace the WARN_ON_ONCE with a proper check that returns -ENOLINK to enforce that ENABLE_LINK can only proceed after a successful TDLS handshake. Reported-by: syzbot+56b6a844a4ea74487b7b@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=3D56b6a844a4ea74487b7b Tested-by: syzbot+56b6a844a4ea74487b7b@syzkaller.appspotmail.com Signed-off-by: Deepanshu Kartikey --- net/mac80211/tdls.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/mac80211/tdls.c b/net/mac80211/tdls.c index dbbfe2d6842f..d7d8b2fcc3ee 100644 --- a/net/mac80211/tdls.c +++ b/net/mac80211/tdls.c @@ -1457,8 +1457,9 @@ int ieee80211_tdls_oper(struct wiphy *wiphy, struct n= et_device *dev, =20 set_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH); =20 - WARN_ON_ONCE(is_zero_ether_addr(sdata->u.mgd.tdls_peer) || - !ether_addr_equal(sdata->u.mgd.tdls_peer, peer)); + if (is_zero_ether_addr(sdata->u.mgd.tdls_peer) || + !ether_addr_equal(sdata->u.mgd.tdls_peer, peer)) + return -ENOLINK; break; case NL80211_TDLS_DISABLE_LINK: /* --=20 2.43.0