drivers/pci/hotplug/pnv_php.c:710 pnv_php_alloc_slot() warn: address of NULL pointer 'php_slot->bus'

From: Dan Carpenter
Date: Mon Jan 05 2026 - 07:46:57 EST

Next message: Alice Ryhl: "[PATCH v2 02/27] rust: blk: add __rust_helper to helpers"
Previous message: Alice Ryhl: "[PATCH v2 00/27] Allow inlining C helpers into Rust when using LTO"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 54e82e93ca93e49cb4c33988adec5c8cb9d0df31
commit: 4668619092554e1b95c9a5ac2941ca47ba6d548a PCI: pnv_php: Clean up allocated IRQs on unplug
config: powerpc64-randconfig-r071-20260104 (https://download.01.org/0day-ci/archive/20260105/202601050123.5JEZ4Znh-lkp@xxxxxxxxx/config)
compiler: clang version 22.0.0git (https://github.com/llvm/llvm-project 9b8addffa70cee5b2acc5454712d9cf78ce45710)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@xxxxxxxxx>
| Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
| Closes: https://lore.kernel.org/r/202601050123.5JEZ4Znh-lkp@xxxxxxxxx/

smatch warnings:
drivers/pci/hotplug/pnv_php.c:710 pnv_php_alloc_slot() warn: address of NULL pointer 'php_slot->bus'

vim +710 drivers/pci/hotplug/pnv_php.c

66725152fb9f17b Gavin Shan 2016-05-20 678 static struct pnv_php_slot *pnv_php_alloc_slot(struct device_node *dn)
66725152fb9f17b Gavin Shan 2016-05-20 679 {
66725152fb9f17b Gavin Shan 2016-05-20 680 struct pnv_php_slot *php_slot;
66725152fb9f17b Gavin Shan 2016-05-20 681 struct pci_bus *bus;
66725152fb9f17b Gavin Shan 2016-05-20 682 const char *label;
66725152fb9f17b Gavin Shan 2016-05-20 683 uint64_t id;
39f0d6fbdc3f205 Gavin Shan 2016-09-29 684 int ret;
66725152fb9f17b Gavin Shan 2016-05-20 685
39f0d6fbdc3f205 Gavin Shan 2016-09-29 686 ret = of_property_read_string(dn, "ibm,slot-label", &label);
39f0d6fbdc3f205 Gavin Shan 2016-09-29 687 if (ret)
66725152fb9f17b Gavin Shan 2016-05-20 688 return NULL;
66725152fb9f17b Gavin Shan 2016-05-20 689
66725152fb9f17b Gavin Shan 2016-05-20 690 if (pnv_pci_get_slot_id(dn, &id))
66725152fb9f17b Gavin Shan 2016-05-20 691 return NULL;
66725152fb9f17b Gavin Shan 2016-05-20 692
66725152fb9f17b Gavin Shan 2016-05-20 693 bus = pci_find_bus_by_node(dn);
149ba66a90a3b3c Gavin Shan 2016-09-28 694 if (!bus)
66725152fb9f17b Gavin Shan 2016-05-20 695 return NULL;
66725152fb9f17b Gavin Shan 2016-05-20 696
66725152fb9f17b Gavin Shan 2016-05-20 697 php_slot = kzalloc(sizeof(*php_slot), GFP_KERNEL);
149ba66a90a3b3c Gavin Shan 2016-09-28 698 if (!php_slot)
66725152fb9f17b Gavin Shan 2016-05-20 699 return NULL;
66725152fb9f17b Gavin Shan 2016-05-20 700
66725152fb9f17b Gavin Shan 2016-05-20 701 php_slot->name = kstrdup(label, GFP_KERNEL);
149ba66a90a3b3c Gavin Shan 2016-09-28 702 if (!php_slot->name) {
66725152fb9f17b Gavin Shan 2016-05-20 703 kfree(php_slot);
66725152fb9f17b Gavin Shan 2016-05-20 704 return NULL;
66725152fb9f17b Gavin Shan 2016-05-20 705 }
66725152fb9f17b Gavin Shan 2016-05-20 706
4668619092554e1 Timothy Pearson 2025-07-15 707 /* Allocate workqueue for this slot's interrupt handling */
4668619092554e1 Timothy Pearson 2025-07-15 708 php_slot->wq = alloc_workqueue("pciehp-%s", 0, 0, php_slot->name);
4668619092554e1 Timothy Pearson 2025-07-15 709 if (!php_slot->wq) {
4668619092554e1 Timothy Pearson 2025-07-15 @710 SLOT_WARN(php_slot, "Cannot alloc workqueue\n");

The SLOT_WARN() macro looks like:

#define SLOT_WARN(sl, x...) \
((sl)->pdev ? pci_warn((sl)->pdev, x) : dev_warn(&(sl)->bus->dev, x))

Neither ->pdev nor ->bus are set so it will crash.

4668619092554e1 Timothy Pearson 2025-07-15 711 kfree(php_slot->name);
4668619092554e1 Timothy Pearson 2025-07-15 712 kfree(php_slot);
4668619092554e1 Timothy Pearson 2025-07-15 713 return NULL;
4668619092554e1 Timothy Pearson 2025-07-15 714 }
4668619092554e1 Timothy Pearson 2025-07-15 715
149ba66a90a3b3c Gavin Shan 2016-09-28 716 if (dn->child && PCI_DN(dn->child))
66725152fb9f17b Gavin Shan 2016-05-20 717 php_slot->slot_no = PCI_SLOT(PCI_DN(dn->child)->devfn);
66725152fb9f17b Gavin Shan 2016-05-20 718 else
66725152fb9f17b Gavin Shan 2016-05-20 719 php_slot->slot_no = -1; /* Placeholder slot */
66725152fb9f17b Gavin Shan 2016-05-20 720
66725152fb9f17b Gavin Shan 2016-05-20 721 kref_init(&php_slot->kref);
66725152fb9f17b Gavin Shan 2016-05-20 722 php_slot->state = PNV_PHP_STATE_INITIALIZED;
66725152fb9f17b Gavin Shan 2016-05-20 723 php_slot->dn = dn;
66725152fb9f17b Gavin Shan 2016-05-20 724 php_slot->pdev = bus->self;
66725152fb9f17b Gavin Shan 2016-05-20 725 php_slot->bus = bus;
66725152fb9f17b Gavin Shan 2016-05-20 726 php_slot->id = id;
66725152fb9f17b Gavin Shan 2016-05-20 727 php_slot->power_state_check = false;
66725152fb9f17b Gavin Shan 2016-05-20 728 php_slot->slot.ops = &php_slot_ops;
66725152fb9f17b Gavin Shan 2016-05-20 729
66725152fb9f17b Gavin Shan 2016-05-20 730 INIT_LIST_HEAD(&php_slot->children);
66725152fb9f17b Gavin Shan 2016-05-20 731 INIT_LIST_HEAD(&php_slot->link);
66725152fb9f17b Gavin Shan 2016-05-20 732
66725152fb9f17b Gavin Shan 2016-05-20 733 return php_slot;
66725152fb9f17b Gavin Shan 2016-05-20 734 }

--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Next message: Alice Ryhl: "[PATCH v2 02/27] rust: blk: add __rust_helper to helpers"
Previous message: Alice Ryhl: "[PATCH v2 00/27] Allow inlining C helpers into Rust when using LTO"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]