There is a null pointer dereference if NL802154_ATTR_SCAN_TYPE is not set by the user. Fix this by adding a null pointer check. Reported-and-tested-by: syzbot+bd85b31816913a32e473@xxxxxxxxxxxxxxxxxxxxxxxxx Signed-off-by: Dongliang Mu <dzm91@xxxxxxxxxxx> --- net/ieee802154/nl802154.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c index 2215f576ee37..1cf00cffd63f 100644 --- a/net/ieee802154/nl802154.c +++ b/net/ieee802154/nl802154.c @@ -1412,7 +1412,8 @@ static int nl802154_trigger_scan(struct sk_buff *skb, struct genl_info *info) return -EOPNOTSUPP; } - if (!nla_get_u8(info->attrs[NL802154_ATTR_SCAN_TYPE])) { + if (!info->attrs[NL802154_ATTR_SCAN_TYPE] || + !nla_get_u8(info->attrs[NL802154_ATTR_SCAN_TYPE])) { NL_SET_ERR_MSG(info->extack, "Malformed request, missing scan type"); return -EINVAL; } -- 2.34.1