syzbot report e55106f8389651870be0 revealed a crash in tdls handling
when the STA or AP STA info was missing.
Fix: replace WARN_ON_ONCE with a regular error log (sdata_err) and
return early if STA info is missing. Avoids panic_on_warn.

Reported-by: syzbot+e55106f8389651870be0@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=e55106f8389651870be0
Fixes: 3a8660878839 ("Linux 6.18-rc1")
Signed-off-by: Nikita Aleksandrov <N.Aleksandrovuk@gmail.com>
---
 net/mac80211/tdls.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/net/mac80211/tdls.c b/net/mac80211/tdls.c
index ba5fbacbeeda..7e54dcfad651 100644
--- a/net/mac80211/tdls.c
+++ b/net/mac80211/tdls.c
@@ -608,8 +608,12 @@ ieee80211_tdls_add_setup_cfm_ies(struct ieee80211_link_data *link,
 	sta = sta_info_get(sdata, peer);
 	ap_sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
 
-	if (WARN_ON_ONCE(!sta || !ap_sta))
+	if (!sta || !ap_sta) {
+		sdata_err(sdata, "Missing STA info for peer %pM or AP %pM\n",
+			  peer,
+			  sdata->vif.cfg.ap_addr);
 		return;
+	}
 
 	sta->tdls_chandef = link->conf->chanreq.oper;
 
-- 
2.51.1

On Sun, 2025-10-26 at 10:25 +0000, Nikita Aleksandrov wrote:
> syzbot report e55106f8389651870be0 revealed a crash in tdls handling
> when the STA or AP STA info was missing.
> Fix: replace WARN_ON_ONCE with a regular error log (sdata_err) and
> return early if STA info is missing. Avoids panic_on_warn.
> 

Wrong way to do this, we shouldn't get here that way.

johannes