Hello, dkirjanov@xxxxxxx wrote on Tue, 7 Mar 2023 11:43:46 +0300: > On 3/7/23 10:30, Dongliang Mu wrote: > > There is a null pointer dereference if NL802154_ATTR_SCAN_TYPE is > > not set by the user. > > > > Fix this by adding a null pointer check. Thanks for the patch! This has been fixed already: https://lore.kernel.org/linux-wpan/20230301154450.547716-1-miquel.raynal@xxxxxxxxxxx/T/#u > > Reported-and-tested-by: syzbot+bd85b31816913a32e473@xxxxxxxxxxxxxxxxxxxxxxxxx Just for reference, this tag shall not be used: "Please do not use combined tags, e.g. ``Reported-and-tested-by``" Documentation/process/maintainer-tip.rst > > Signed-off-by: Dongliang Mu <dzm91@xxxxxxxxxxx> > > Please add a Fixes: tag > > > --- > > net/ieee802154/nl802154.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c > > index 2215f576ee37..1cf00cffd63f 100644 > > --- a/net/ieee802154/nl802154.c > > +++ b/net/ieee802154/nl802154.c > > @@ -1412,7 +1412,8 @@ static int nl802154_trigger_scan(struct sk_buff *skb, struct genl_info *info) > > return -EOPNOTSUPP; > > } > > > > - if (!nla_get_u8(info->attrs[NL802154_ATTR_SCAN_TYPE])) { > > + if (!info->attrs[NL802154_ATTR_SCAN_TYPE] || > > + !nla_get_u8(info->attrs[NL802154_ATTR_SCAN_TYPE])) { > > NL_SET_ERR_MSG(info->extack, "Malformed request, missing scan type"); > > return -EINVAL; > > } Thanks, Miquèl