We occasionally found ath9k could receive some packets from Linux IP stack with empty source and destination mac address,which will result in the driver cannot find the station node in TX complete. And thus, the driver will complete this buffer but without updating the block ack window. To fix this issue, we should drop this kind of error packet before it goes into the driver. --- According to review feedback, use the is_zero_ether_addr to check if the mac address is empty. Signed-off-by: Ming Chen <ming.chen@xxxxxxxxxxxxxx> --- net/mac80211/tx.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index db38be1b75fa..b18745a3f6b0 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -2489,6 +2489,13 @@ static struct sk_buff *ieee80211_build_hdr(struct ieee80211_sub_if_data *sdata, if (IS_ERR(sta)) sta = NULL; + /* drop this skb when source mac or destination mac is empty */ + if (is_zero_ether_addr(skb->data) || + is_zero_ether_addr(skb->data + ETH_ALEN)) { + ret = -ENOTCONN; + goto free; + } + #ifdef CONFIG_MAC80211_DEBUGFS if (local->force_tx_status) info_flags |= IEEE80211_TX_CTL_REQ_TX_STATUS; @@ -3435,6 +3442,11 @@ static bool ieee80211_xmit_fast(struct ieee80211_sub_if_data *sdata, if (skb->sk && skb_shinfo(skb)->tx_flags & SKBTX_WIFI_STATUS) return false; + /* drop this skb when source mac or destination mac is empty */ + if (is_zero_ether_addr(skb->data) || + is_zero_ether_addr(skb->data + ETH_ALEN)) + return false; + if (hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_QOS_DATA)) { tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK; tid_tx = rcu_dereference(sta->ampdu_mlme.tid_tx[tid]); -- 2.17.1