From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev,
syzbot+b364457b2d1d4e4a3054@syzkaller.appspotmail.com,
Moon Hee Lee <moonhee.lee.ca@gmail.com>,
Johannes Berg <johannes.berg@intel.com>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.10 06/41] wifi: mac80211: ocb: skip rx_no_sta when interface is not joined
Date: Mon, 9 Feb 2026 15:24:27 +0100 [thread overview]
Message-ID: <20260209142257.032781620@linuxfoundation.org> (raw)
In-Reply-To: <20260209142256.797267956@linuxfoundation.org>
5.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Moon Hee Lee <moonhee.lee.ca@gmail.com>
[ Upstream commit ff4071c60018a668249dc6a2df7d16330543540e ]
ieee80211_ocb_rx_no_sta() assumes a valid channel context, which is only
present after JOIN_OCB.
RX may run before JOIN_OCB is executed, in which case the OCB interface
is not operational. Skip RX peer handling when the interface is not
joined to avoid warnings in the RX path.
Reported-by: syzbot+b364457b2d1d4e4a3054@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=b364457b2d1d4e4a3054
Tested-by: syzbot+b364457b2d1d4e4a3054@syzkaller.appspotmail.com
Signed-off-by: Moon Hee Lee <moonhee.lee.ca@gmail.com>
Link: https://patch.msgid.link/20251216035932.18332-1-moonhee.lee.ca@gmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/ocb.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/mac80211/ocb.c b/net/mac80211/ocb.c
index 7c1a735b9eee3..736e5c08bfd7b 100644
--- a/net/mac80211/ocb.c
+++ b/net/mac80211/ocb.c
@@ -47,6 +47,9 @@ void ieee80211_ocb_rx_no_sta(struct ieee80211_sub_if_data *sdata,
struct sta_info *sta;
int band;
+ if (!ifocb->joined)
+ return;
+
/* XXX: Consider removing the least recently used entry and
* allow new one to be added.
*/
--
2.51.0
next prev parent reply other threads:[~2026-02-09 14:51 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-09 14:24 [PATCH 5.10 00/41] 5.10.250-rc1 review Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 01/41] rbd: check for EOD after exclusive lock is ensured to be held Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 02/41] ARM: 9468/1: fix memset64() on big-endian Greg Kroah-Hartman
2026-02-21 20:21 ` Ben Hutchings
2026-02-21 21:45 ` Matthew Wilcox
2026-02-09 14:24 ` [PATCH 5.10 03/41] KVM: Dont clobber irqfd routing type when deassigning irqfd Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 04/41] netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 05/41] binderfs: fix ida_alloc_max() upper bound Greg Kroah-Hartman
2026-02-09 14:24 ` Greg Kroah-Hartman [this message]
2026-02-09 14:24 ` [PATCH 5.10 07/41] wifi: wlcore: ensure skb headroom before skb_push Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 08/41] net: usb: sr9700: support devices with virtual driver CD Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 09/41] block,bfq: fix aux stat accumulation destination Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 10/41] HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 11/41] HID: intel-ish-hid: Reset enum_devices_done before enumeration Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 12/41] ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 13/41] HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 14/41] HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101) Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 15/41] ring-buffer: Avoid softlockup in ring_buffer_resize() during memory free Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 16/41] wifi: mac80211: collect station statistics earlier when disconnect Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 17/41] ASoC: davinci-evm: Fix reference leak in davinci_evm_probe Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 18/41] ASoC: tlv320adcx140: Propagate error codes during probe Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 19/41] wifi: cfg80211: Fix bitrate calculation overflow for HE rates Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 20/41] scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 21/41] scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 22/41] wifi: mac80211: dont increment crypto_tx_tailroom_needed_cnt twice Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 23/41] platform/x86: toshiba_haps: Fix memory leaks in add/remove routines Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 24/41] platform/x86: intel_telemetry: Fix PSS event register mask Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 25/41] net: liquidio: Initialize netdev pointer before queue setup Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 26/41] net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 27/41] net: liquidio: Fix off-by-one error in VF " Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 28/41] macvlan: fix error recovery in macvlan_common_newlink() Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 29/41] tipc: use kfree_sensitive() for session key material Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 30/41] hwmon: (occ) Mark occ_init_attribute() as __printf Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 31/41] nvmet-tcp: add an helper to free the cmd buffers Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 32/41] nvmet-tcp: fix memory leak when performing a controller reset Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 33/41] nvmet-tcp: fix regression in data_digest calculation Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 34/41] nvmet-tcp: dont map pages which cant come from HIGHMEM Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 35/41] nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 36/41] ASoC: amd: fix memory leak in acp3x pdm dma ops Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 37/41] platform/x86: intel_telemetry: Fix swapped arrays in PSS output Greg Kroah-Hartman
2026-02-09 14:24 ` [PATCH 5.10 38/41] gve: Fix stats report corruption on queue count change Greg Kroah-Hartman
2026-02-09 14:25 ` [PATCH 5.10 39/41] tracing: Fix ftrace event field alignments Greg Kroah-Hartman
2026-02-09 14:25 ` [PATCH 5.10 40/41] gve: Correct ethtool rx_dropped calculation Greg Kroah-Hartman
2026-02-09 14:25 ` [PATCH 5.10 41/41] nvmet-tcp: pass iov_len instead of sg->length to bvec_set_page() Greg Kroah-Hartman
2026-02-09 18:15 ` [PATCH 5.10 00/41] 5.10.250-rc1 review Brett A C Sheffield
2026-02-09 20:55 ` Jon Hunter
2026-02-10 3:01 ` Florian Fainelli
2026-02-10 12:52 ` Woody Suwalski
2026-02-10 13:25 ` Mark Brown
2026-02-11 7:26 ` Barry K. Nathan
2026-02-11 7:29 ` Barry K. Nathan
2026-02-11 11:00 ` Jeffrin Thalakkottoor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260209142257.032781620@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=johannes.berg@intel.com \
--cc=moonhee.lee.ca@gmail.com \
--cc=patches@lists.linux.dev \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=syzbot+b364457b2d1d4e4a3054@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.