When I attempted to connect to a virt_wifi device using iw on 6.17-rc5,
a page fault occurred in __cfg80211_connect_result(), preventing successful
connection.

The page fault is triggered because virt_wifi_connect_complete() sets
requested_bss to NULL when no BSSID is specified.

This patch fixes the bug by adding a check for a NULL connected_addr
before calling ether_addr_copy() in __cfg80211_connect_result().

Reproduction:
	root@host:~# modprobe virt_wifi
	root@host:~# ip tuntap add tap0 mode tap
	root@host:~# ip link set tap0 up
	root@host:~# ip link add link tap0 name wlan0 type virt_wifi
	root@host:~# iw dev wlan0 scan
	root@host:~# iw dev wlan0 connect "VirtWifi"

Kernel panic occurred after running the connect command.
Below is panic messages from kernel:

[  150.197544] BUG: kernel NULL pointer dereference, address: 0000000000000000
[  150.199333] #PF: supervisor read access in kernel mode
[  150.199787] #PF: error_code(0x0000) - not-present page
[  150.200148] PGD 0 P4D 0
[  150.200339] Oops: Oops: 0000 [#1] SMP NOPTI
[  150.200641] CPU: 0 UID: 0 PID: 78 Comm: kworker/u4:5 Not tainted 6.17.0-rc5 #5 PREEMPT(voluntary)
[  150.201264] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[  150.202056] Workqueue: cfg80211 cfg80211_event_work [cfg80211]
[  150.202528] RIP: 0010:__cfg80211_connect_result+0x35d/0xa40 [cfg80211]
[  150.203032] Code: 8d 14 db 49 89 84 d6 00 04 00 00 41 0f b7 44 24 68 41 83 c5 01 44 89 eb 66 85 c0 75 b6 48 85 db 74 c0 41 80 8e a4 00 00 00 01 <41> 8b 07c
[  150.204305] RSP: 0018:ffffc9000069bd10 EFLAGS: 00010202
[  150.204670] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
[  150.205169] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff888110e1f830
[  150.205666] RBP: ffffc9000069bd90 R08: ffffffff0000afd4 R09: 0000000000000003
[  150.206169] R10: 0000000000000001 R11: 0000000000000000 R12: ffff8881065e4c18
[  150.206670] R13: 0000000000000001 R14: ffff888110e1f000 R15: 0000000000000000
[  150.207165] FS:  0000000000000000(0000) GS:ffff8881f7c3e000(0000) knlGS:0000000000000000
[  150.207723] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  150.208129] CR2: 0000000000000000 CR3: 000000010577d004 CR4: 0000000000372ef0
[  150.208627] Call Trace:
[  150.208811]  <TASK>
[  150.208972]  ? wakeup_preempt+0x74/0x80
[  150.209262]  cfg80211_process_wdev_events+0x13c/0x1b0 [cfg80211]
[  150.209738]  ? cfg80211_process_wdev_events+0x13c/0x1b0 [cfg80211]
[  150.210219]  cfg80211_process_rdev_events+0x2f/0x50 [cfg80211]
[  150.210766]  cfg80211_event_work+0x3a/0x60 [cfg80211]
[  150.211323]  process_scheduled_works+0xa3/0x420
[  150.211806]  worker_thread+0x12a/0x270
[  150.212170]  kthread+0x10d/0x230
[  150.212460]  ? __pfx_worker_thread+0x10/0x10
[  150.212770]  ? __pfx_kthread+0x10/0x10
[  150.213043]  ret_from_fork+0x8c/0x100
[  150.213322]  ? __pfx_kthread+0x10/0x10
[  150.213595]  ret_from_fork_asm+0x1a/0x30
[  150.213911]  </TASK>
[  150.214076] Modules linked in: virt_wifi cfg80211 intel_rapl_msr intel_rapl_common intel_uncore_frequency_common kvm_intel kvm bochs drm_client_lib drm_sh4
[  150.216925] CR2: 0000000000000000
[  150.217176] ---[ end trace 0000000000000000 ]---
[  150.217526] RIP: 0010:__cfg80211_connect_result+0x35d/0xa40 [cfg80211]
[  150.218120] Code: 8d 14 db 49 89 84 d6 00 04 00 00 41 0f b7 44 24 68 41 83 c5 01 44 89 eb 66 85 c0 75 b6 48 85 db 74 c0 41 80 8e a4 00 00 00 01 <41> 8b 07c
[  150.219483] RSP: 0018:ffffc9000069bd10 EFLAGS: 00010202
[  150.219863] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
[  150.220372] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff888110e1f830
[  150.220874] RBP: ffffc9000069bd90 R08: ffffffff0000afd4 R09: 0000000000000003
[  150.221379] R10: 0000000000000001 R11: 0000000000000000 R12: ffff8881065e4c18
[  150.221899] R13: 0000000000000001 R14: ffff888110e1f000 R15: 0000000000000000
[  150.222433] FS:  0000000000000000(0000) GS:ffff8881f7c3e000(0000) knlGS:0000000000000000
[  150.223192] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  150.223728] CR2: 0000000000000000 CR3: 000000010577d004 CR4: 0000000000372ef0
[  150.224373] note: kworker/u4:5[78] exited with irqs disabled

Signed-off-by: James Guan <guan_yufei@163.com>
---
 net/wireless/sme.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/wireless/sme.c b/net/wireless/sme.c
index 3a028ff287fb..6014d71d2845 100644
--- a/net/wireless/sme.c
+++ b/net/wireless/sme.c
@@ -863,7 +863,8 @@ void __cfg80211_connect_result(struct net_device *dev,
 		wdev->links[link].client.current_bss =
 			bss_from_pub(cr->links[link].bss);
 	wdev->connected = true;
-	ether_addr_copy(wdev->u.client.connected_addr, connected_addr);
+	if (connected_addr)
+		ether_addr_copy(wdev->u.client.connected_addr, connected_addr);
 	if (cr->valid_links) {
 		for_each_valid_link(cr, link)
 			memcpy(wdev->links[link].addr, cr->links[link].addr,
-- 
2.25.1