[PATCH RFC v2] wifi: cfg80211: replace WARN_ON() with dev_err() in netns switch
4 views
Skip to first unread message
syzbot
May 18, 2026, 6:07:59 PM (yesterday) May 18
to syzkaller-upst...@googlegroups.com, syz...@lists.linux.dev
The syzkaller reported a kernel panic in cfg802154_switch_netns() when
device_rename() fails with -ENOMEM. The crash occurs because WARN_ON()
is used to handle the memory allocation failure, which escalates into a
kernel panic when panic_on_warn is enabled.
Memory allocation failures are expected runtime events under memory
pressure and should be handled gracefully. The WARN_ON() macro must not
be used for conditions that can legitimately happen. Failing to rename
the device or change the network namespace is not a fatal system error.
Replace the WARN_ON() calls with dev_err() in both
cfg802154_switch_netns() and cfg80211_switch_netns(), as well as in
their respective pernet exit handlers (cfg802154_pernet_exit() and
cfg80211_pernet_exit()). This ensures that memory allocation failures
under pressure are handled gracefully, logging the error for debugging
purposes without bringing down the entire system.
Fixes: 04600794958f1833f5571c6cde40f260ab557f55 ("cfg80211: support sysfs namespaces")
Assisted-by: Gemini:gemini-3.1-pro-preview Gemini:gemini-3-flash-preview
Reported-by: syzbot+bd5829...@syzkaller.appspotmail.com
Link: https://syzkaller.appspot.com/bug?extid=bd5829ba3619f08e2341
Link: https://syzkaller.appspot.com/ai_job?id=a1cfc84c-7c0f-4340-891d-885fcee80cad
To: <alex....@gmail.com>
To: <da...@davemloft.net>
To: <edum...@google.com>
To: <ku...@kernel.org>
To: <linux...@vger.kernel.org>
To: <miquel...@bootlin.com>
To: <net...@vger.kernel.org>
To: <pab...@redhat.com>
To: <ste...@datenfreihafen.org>
Cc: <ho...@kernel.org>
Cc: <joha...@sipsolutions.net>
Cc: <linux-...@vger.kernel.org>
Cc: <linux-w...@vger.kernel.org>
---
v2:
- Replaced pr_err() with dev_err() to include device details in the error messages.
v1:
https://lore.kernel.org/all/7d949fbc-9781-4428...@mail.kernel.org/T/
---
diff --git a/net/ieee802154/core.c b/net/ieee802154/core.c
index 89b671b12..07082857c 100644
--- a/net/ieee802154/core.c
+++ b/net/ieee802154/core.c
@@ -245,7 +245,9 @@ int cfg802154_switch_netns(struct cfg802154_registered_device *rdev,
wpan_dev->netdev->netns_immutable = false;
err = dev_change_net_namespace(wpan_dev->netdev, net,
"wpan%d");
- WARN_ON(err);
+ if (err)
+ dev_err(&rdev->wpan_phy.dev,
+ "failed to change netns: %d\n", err);
wpan_dev->netdev->netns_immutable = true;
}
@@ -255,7 +257,9 @@ int cfg802154_switch_netns(struct cfg802154_registered_device *rdev,
wpan_phy_net_set(&rdev->wpan_phy, net);
err = device_rename(&rdev->wpan_phy.dev, dev_name(&rdev->wpan_phy.dev));
- WARN_ON(err);
+ if (err)
+ dev_err(&rdev->wpan_phy.dev, "failed to rename device: %d\n",
+ err);
return 0;
}
@@ -350,8 +354,11 @@ static void __net_exit cfg802154_pernet_exit(struct net *net)
rtnl_lock();
list_for_each_entry(rdev, &cfg802154_rdev_list, list) {
- if (net_eq(wpan_phy_net(&rdev->wpan_phy), net))
- WARN_ON(cfg802154_switch_netns(rdev, &init_net));
+ if (net_eq(wpan_phy_net(&rdev->wpan_phy), net)) {
+ if (cfg802154_switch_netns(rdev, &init_net))
+ dev_err(&rdev->wpan_phy.dev,
+ "failed to switch netns on exit\n");
+ }
}
rtnl_unlock();
}
diff --git a/net/wireless/core.c b/net/wireless/core.c
index 6783e0672..6badcec46 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -184,7 +184,9 @@ int cfg80211_switch_netns(struct cfg80211_registered_device *rdev,
wdev->netdev->netns_immutable = false;
err = dev_change_net_namespace(wdev->netdev, net,
"wlan%d");
- WARN_ON(err);
+ if (err)
+ dev_err(&rdev->wiphy.dev,
+ "failed to change netns: %d\n", err);
wdev->netdev->netns_immutable = true;
}
@@ -204,7 +206,8 @@ int cfg80211_switch_netns(struct cfg80211_registered_device *rdev,
wiphy_net_set(&rdev->wiphy, net);
err = device_rename(&rdev->wiphy.dev, dev_name(&rdev->wiphy.dev));
- WARN_ON(err);
+ if (err)
+ dev_err(&rdev->wiphy.dev, "failed to rename device: %d\n", err);
nl80211_notify_wiphy(rdev, NL80211_CMD_NEW_WIPHY);
@@ -1809,8 +1812,11 @@ static void __net_exit cfg80211_pernet_exit(struct net *net)
rtnl_lock();
for_each_rdev(rdev) {
- if (net_eq(wiphy_net(&rdev->wiphy), net))
- WARN_ON(cfg80211_switch_netns(rdev, &init_net));
+ if (net_eq(wiphy_net(&rdev->wiphy), net)) {
+ if (cfg80211_switch_netns(rdev, &init_net))
+ dev_err(&rdev->wiphy.dev,
+ "failed to switch netns on exit\n");
+ }
}
rtnl_unlock();
}
base-commit: 5d6919055dec134de3c40167a490f33c74c12581
--
This is an AI-generated patch subject to moderation.
Reply with '#syz upstream' to send it to the mailing list.
Reply with '#syz reject' to reject it.
See for more information.
device_rename() fails with -ENOMEM. The crash occurs because WARN_ON()
is used to handle the memory allocation failure, which escalates into a
kernel panic when panic_on_warn is enabled.
Memory allocation failures are expected runtime events under memory
pressure and should be handled gracefully. The WARN_ON() macro must not
be used for conditions that can legitimately happen. Failing to rename
the device or change the network namespace is not a fatal system error.
Replace the WARN_ON() calls with dev_err() in both
cfg802154_switch_netns() and cfg80211_switch_netns(), as well as in
their respective pernet exit handlers (cfg802154_pernet_exit() and
cfg80211_pernet_exit()). This ensures that memory allocation failures
under pressure are handled gracefully, logging the error for debugging
purposes without bringing down the entire system.
Fixes: 04600794958f1833f5571c6cde40f260ab557f55 ("cfg80211: support sysfs namespaces")
Assisted-by: Gemini:gemini-3.1-pro-preview Gemini:gemini-3-flash-preview
Reported-by: syzbot+bd5829...@syzkaller.appspotmail.com
Link: https://syzkaller.appspot.com/bug?extid=bd5829ba3619f08e2341
Link: https://syzkaller.appspot.com/ai_job?id=a1cfc84c-7c0f-4340-891d-885fcee80cad
To: <alex....@gmail.com>
To: <da...@davemloft.net>
To: <edum...@google.com>
To: <ku...@kernel.org>
To: <linux...@vger.kernel.org>
To: <miquel...@bootlin.com>
To: <net...@vger.kernel.org>
To: <pab...@redhat.com>
To: <ste...@datenfreihafen.org>
Cc: <ho...@kernel.org>
Cc: <joha...@sipsolutions.net>
Cc: <linux-...@vger.kernel.org>
Cc: <linux-w...@vger.kernel.org>
---
v2:
- Replaced pr_err() with dev_err() to include device details in the error messages.
v1:
https://lore.kernel.org/all/7d949fbc-9781-4428...@mail.kernel.org/T/
---
diff --git a/net/ieee802154/core.c b/net/ieee802154/core.c
index 89b671b12..07082857c 100644
--- a/net/ieee802154/core.c
+++ b/net/ieee802154/core.c
@@ -245,7 +245,9 @@ int cfg802154_switch_netns(struct cfg802154_registered_device *rdev,
wpan_dev->netdev->netns_immutable = false;
err = dev_change_net_namespace(wpan_dev->netdev, net,
"wpan%d");
- WARN_ON(err);
+ if (err)
+ dev_err(&rdev->wpan_phy.dev,
+ "failed to change netns: %d\n", err);
wpan_dev->netdev->netns_immutable = true;
}
@@ -255,7 +257,9 @@ int cfg802154_switch_netns(struct cfg802154_registered_device *rdev,
wpan_phy_net_set(&rdev->wpan_phy, net);
err = device_rename(&rdev->wpan_phy.dev, dev_name(&rdev->wpan_phy.dev));
- WARN_ON(err);
+ if (err)
+ dev_err(&rdev->wpan_phy.dev, "failed to rename device: %d\n",
+ err);
return 0;
}
@@ -350,8 +354,11 @@ static void __net_exit cfg802154_pernet_exit(struct net *net)
rtnl_lock();
list_for_each_entry(rdev, &cfg802154_rdev_list, list) {
- if (net_eq(wpan_phy_net(&rdev->wpan_phy), net))
- WARN_ON(cfg802154_switch_netns(rdev, &init_net));
+ if (net_eq(wpan_phy_net(&rdev->wpan_phy), net)) {
+ if (cfg802154_switch_netns(rdev, &init_net))
+ dev_err(&rdev->wpan_phy.dev,
+ "failed to switch netns on exit\n");
+ }
}
rtnl_unlock();
}
diff --git a/net/wireless/core.c b/net/wireless/core.c
index 6783e0672..6badcec46 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -184,7 +184,9 @@ int cfg80211_switch_netns(struct cfg80211_registered_device *rdev,
wdev->netdev->netns_immutable = false;
err = dev_change_net_namespace(wdev->netdev, net,
"wlan%d");
- WARN_ON(err);
+ if (err)
+ dev_err(&rdev->wiphy.dev,
+ "failed to change netns: %d\n", err);
wdev->netdev->netns_immutable = true;
}
@@ -204,7 +206,8 @@ int cfg80211_switch_netns(struct cfg80211_registered_device *rdev,
wiphy_net_set(&rdev->wiphy, net);
err = device_rename(&rdev->wiphy.dev, dev_name(&rdev->wiphy.dev));
- WARN_ON(err);
+ if (err)
+ dev_err(&rdev->wiphy.dev, "failed to rename device: %d\n", err);
nl80211_notify_wiphy(rdev, NL80211_CMD_NEW_WIPHY);
@@ -1809,8 +1812,11 @@ static void __net_exit cfg80211_pernet_exit(struct net *net)
rtnl_lock();
for_each_rdev(rdev) {
- if (net_eq(wiphy_net(&rdev->wiphy), net))
- WARN_ON(cfg80211_switch_netns(rdev, &init_net));
+ if (net_eq(wiphy_net(&rdev->wiphy), net)) {
+ if (cfg80211_switch_netns(rdev, &init_net))
+ dev_err(&rdev->wiphy.dev,
+ "failed to switch netns on exit\n");
+ }
}
rtnl_unlock();
}
base-commit: 5d6919055dec134de3c40167a490f33c74c12581
--
This is an AI-generated patch subject to moderation.
Reply with '#syz upstream' to send it to the mailing list.
Reply with '#syz reject' to reject it.
See for more information.
Aleksandr Nogikh
10:08 AM (9 hours ago) 10:08 AM
to syzbot, syzkaller-upst...@googlegroups.com, syz...@lists.linux.dev
Debugging went 100% astray because of an strace output in the repro run results.
#syz reject
On Tue, May 19, 2026 at 12:08 AM 'syzbot' via
syzkaller-upstream-moderation
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-upstream-moderation" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-upstream-m...@googlegroups.com.
> To view this discussion visit https://groups.google.com/d/msgid/syzkaller-upstream-moderation/4e2d36a7-9417-4c50-9ec1-3e82c7a670f3%40mail.kernel.org.
#syz reject
On Tue, May 19, 2026 at 12:08 AM 'syzbot' via
syzkaller-upstream-moderation
> You received this message because you are subscribed to the Google Groups "syzkaller-upstream-moderation" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-upstream-m...@googlegroups.com.
> To view this discussion visit https://groups.google.com/d/msgid/syzkaller-upstream-moderation/4e2d36a7-9417-4c50-9ec1-3e82c7a670f3%40mail.kernel.org.
Dmitry Vyukov
10:20 AM (9 hours ago) 10:20 AM
to syzbot, syzkaller-upst...@googlegroups.com, syz...@lists.linux.dev
On Tue, 19 May 2026 at 00:07, 'syzbot' via
syzkaller-upstream-moderation
1. Don't concentrate on the fact that syzkaller triggered it, this
detail is irrelevant.
2. Don't assume that panic_on_warn is set. It is usually not set on
production systems, and it won't be fatal system error. Say just that
WARN_ON is not a correct way to handle conditions that can happen.
syzkaller-upstream-moderation
<syzkaller-upst...@googlegroups.com> wrote:
>
> The syzkaller reported a kernel panic in cfg802154_switch_netns() when
> device_rename() fails with -ENOMEM. The crash occurs because WARN_ON()
> is used to handle the memory allocation failure, which escalates into a
> kernel panic when panic_on_warn is enabled.
>
> Memory allocation failures are expected runtime events under memory
> pressure and should be handled gracefully. The WARN_ON() macro must not
> be used for conditions that can legitimately happen. Failing to rename
> the device or change the network namespace is not a fatal system error.
>
> Replace the WARN_ON() calls with dev_err() in both
> cfg802154_switch_netns() and cfg80211_switch_netns(), as well as in
> their respective pernet exit handlers (cfg802154_pernet_exit() and
> cfg80211_pernet_exit()). This ensures that memory allocation failures
> under pressure are handled gracefully, logging the error for debugging
> purposes without bringing down the entire system.
Change the description in 2 ways:
>
> The syzkaller reported a kernel panic in cfg802154_switch_netns() when
> device_rename() fails with -ENOMEM. The crash occurs because WARN_ON()
> is used to handle the memory allocation failure, which escalates into a
> kernel panic when panic_on_warn is enabled.
>
> Memory allocation failures are expected runtime events under memory
> pressure and should be handled gracefully. The WARN_ON() macro must not
> be used for conditions that can legitimately happen. Failing to rename
> the device or change the network namespace is not a fatal system error.
>
> Replace the WARN_ON() calls with dev_err() in both
> cfg802154_switch_netns() and cfg80211_switch_netns(), as well as in
> their respective pernet exit handlers (cfg802154_pernet_exit() and
> cfg80211_pernet_exit()). This ensures that memory allocation failures
> under pressure are handled gracefully, logging the error for debugging
> purposes without bringing down the entire system.
1. Don't concentrate on the fact that syzkaller triggered it, this
detail is irrelevant.
2. Don't assume that panic_on_warn is set. It is usually not set on
production systems, and it won't be fatal system error. Say just that
WARN_ON is not a correct way to handle conditions that can happen.
Aleksandr Nogikh
10:23 AM (9 hours ago) 10:23 AM
to syzbot, syzkaller-upst...@googlegroups.com, syz...@lists.linux.dev
On Tue, May 19, 2026 at 4:07 PM Aleksandr Nogikh <nog...@google.com> wrote:
>
> Debugging went 100% astray because of an strace output in the repro run results.
>
> #syz reject
Please ignore.
>
> Debugging went 100% astray because of an strace output in the repro run results.
>
> #syz reject
Dmitry correctly noted that this message is not related to this patch.
Dmitry Vyukov
10:32 AM (9 hours ago) 10:32 AM
to Aleksandr Nogikh, syzbot, syzkaller-upst...@googlegroups.com, syz...@lists.linux.dev
On Tue, 19 May 2026 at 16:23, 'Aleksandr Nogikh' via
syzkaller-upstream-moderation
> To view this discussion visit https://groups.google.com/d/msgid/syzkaller-upstream-moderation/CANp29Y6v%2B-wW3SjwcGwc_b7OeLjRoHw_1dgdXc2EK-XKfp8%2Bkw%40mail.gmail.com.
syzkaller-upstream-moderation
<syzkaller-upst...@googlegroups.com> wrote:
>
> On Tue, May 19, 2026 at 4:07 PM Aleksandr Nogikh <nog...@google.com> wrote:
> >
> > Debugging went 100% astray because of an strace output in the repro run results.
> >
> > #syz reject
>
> Please ignore.
> Dmitry correctly noted that this message is not related to this patch.
>
> >
> > On Tue, May 19, 2026 at 12:08 AM 'syzbot' via
> > syzkaller-upstream-moderation
> > <syzkaller-upst...@googlegroups.com> wrote:
> > >
> > > The syzkaller reported a kernel panic in cfg802154_switch_netns() when
> > > device_rename() fails with -ENOMEM. The crash occurs because WARN_ON()
> > > is used to handle the memory allocation failure, which escalates into a
> > > kernel panic when panic_on_warn is enabled.
> > >
> > > Memory allocation failures are expected runtime events under memory
> > > pressure and should be handled gracefully. The WARN_ON() macro must not
> > > be used for conditions that can legitimately happen. Failing to rename
> > > the device or change the network namespace is not a fatal system error.
> > >
> > > Replace the WARN_ON() calls with dev_err() in both
> > > cfg802154_switch_netns() and cfg80211_switch_netns(), as well as in
> > > their respective pernet exit handlers (cfg802154_pernet_exit() and
> > > cfg80211_pernet_exit()). This ensures that memory allocation failures
> > > under pressure are handled gracefully, logging the error for debugging
> > > purposes without bringing down the entire system.
>
> On Tue, May 19, 2026 at 4:07 PM Aleksandr Nogikh <nog...@google.com> wrote:
> >
> > Debugging went 100% astray because of an strace output in the repro run results.
> >
> > #syz reject
>
> Please ignore.
> Dmitry correctly noted that this message is not related to this patch.
>
> >
> > On Tue, May 19, 2026 at 12:08 AM 'syzbot' via
> > syzkaller-upstream-moderation
> > <syzkaller-upst...@googlegroups.com> wrote:
> > >
> > > The syzkaller reported a kernel panic in cfg802154_switch_netns() when
> > > device_rename() fails with -ENOMEM. The crash occurs because WARN_ON()
> > > is used to handle the memory allocation failure, which escalates into a
> > > kernel panic when panic_on_warn is enabled.
> > >
> > > Memory allocation failures are expected runtime events under memory
> > > pressure and should be handled gracefully. The WARN_ON() macro must not
> > > be used for conditions that can legitimately happen. Failing to rename
> > > the device or change the network namespace is not a fatal system error.
> > >
> > > Replace the WARN_ON() calls with dev_err() in both
> > > cfg802154_switch_netns() and cfg80211_switch_netns(), as well as in
> > > their respective pernet exit handlers (cfg802154_pernet_exit() and
> > > cfg80211_pernet_exit()). This ensures that memory allocation failures
> > > under pressure are handled gracefully, logging the error for debugging
> > > purposes without bringing down the entire system.
Change the description in 2 ways:
1. Don't concentrate on the fact that syzkaller triggered it, this
detail is irrelevant.
2. Don't assume that panic_on_warn is set. It is usually not set on
production systems, and it won't be fatal system error. Say just that
WARN_ON is not a correct way to handle conditions that can happen.
1. Don't concentrate on the fact that syzkaller triggered it, this
detail is irrelevant.
2. Don't assume that panic_on_warn is set. It is usually not set on
production systems, and it won't be fatal system error. Say just that
WARN_ON is not a correct way to handle conditions that can happen.
Reply all
Reply to author
Forward
0 new messages