Re: [syzbot] [wireless?] WARNING in ieee80211_ocb_rx_no_sta (2)

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+b36445...@syzkaller.appspotmail.com
Tested-by: syzbot+b36445...@syzkaller.appspotmail.com

Tested on:

commit: 8f0b4cce Linux 6.19-rc1
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=112b29b4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=72e765d013fc99c
dashboard link: https://syzkaller.appspot.com/bug?extid=b364457b2d1d4e4a3054
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=108cad92580000

Note: testing is done by a robot and is best-effort only.

[Moon Hee Lee]

ieee80211_ocb_rx_no_sta() assumes a valid channel context, which is only
present after JOIN_OCB.

RX may run before JOIN_OCB is executed, in which case the OCB interface
is not operational. Skip RX peer handling when the interface is not
joined to avoid warnings in the RX path.

Reported-by: syzbot+b36445...@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=b364457b2d1d4e4a3054
Tested-by: syzbot+b36445...@syzkaller.appspotmail.com
Signed-off-by: Moon Hee Lee <moonhee...@gmail.com>
---
net/mac80211/ocb.c | 3 +++
1 file changed, 3 insertions(+)

diff --git a/net/mac80211/ocb.c b/net/mac80211/ocb.c
index a5d4358f122a..ebb4f4d88c23 100644
--- a/net/mac80211/ocb.c
+++ b/net/mac80211/ocb.c
@@ -47,6 +47,9 @@ void ieee80211_ocb_rx_no_sta(struct ieee80211_sub_if_data *sdata,
struct sta_info *sta;
int band;

+ if (!ifocb->joined)
+ return;
+
/* XXX: Consider removing the least recently used entry and
* allow new one to be added.
*/
--
2.43.0

[Moon Hee Lee]

#syz test