Hi Kiwoong, url: https://github.com/0day-ci/linux/commits/Kiwoong-Kim/ufs-introduce-callbacks-to-get-command-information/20200620-150310 base: https://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git for-next config: x86_64-randconfig-m001-20200620 (attached as .config) compiler: gcc-9 (Debian 9.3.0-13) 9.3.0 If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot Reported-by: Dan Carpenter smatch warnings: drivers/scsi/ufs/ufshcd.c:2548 ufshcd_queuecommand() warn: variable dereferenced before check 'cmd' (see line 2475) # https://github.com/0day-ci/linux/commit/cff1afd5a0773e6da9106e953721996a56a9332c git remote add linux-review https://github.com/0day-ci/linux git remote update linux-review git checkout cff1afd5a0773e6da9106e953721996a56a9332c vim +/cmd +2548 drivers/scsi/ufs/ufshcd.c 7a3e97b0dc4bba Santosh Yaraganavi 2012-02-29 2465 static int ufshcd_queuecommand(struct Scsi_Host *host, struct scsi_cmnd *cmd) 7a3e97b0dc4bba Santosh Yaraganavi 2012-02-29 2466 { 7a3e97b0dc4bba Santosh Yaraganavi 2012-02-29 2467 struct ufshcd_lrb *lrbp; 7a3e97b0dc4bba Santosh Yaraganavi 2012-02-29 2468 struct ufs_hba *hba; 7a3e97b0dc4bba Santosh Yaraganavi 2012-02-29 2469 unsigned long flags; 7a3e97b0dc4bba Santosh Yaraganavi 2012-02-29 2470 int tag; 7a3e97b0dc4bba Santosh Yaraganavi 2012-02-29 2471 int err = 0; 7a3e97b0dc4bba Santosh Yaraganavi 2012-02-29 2472 7a3e97b0dc4bba Santosh Yaraganavi 2012-02-29 2473 hba = shost_priv(host); 7a3e97b0dc4bba Santosh Yaraganavi 2012-02-29 2474 7a3e97b0dc4bba Santosh Yaraganavi 2012-02-29 @2475 tag = cmd->request->tag; ^^^^^^^^^^^^^^^^^ Dereference. 14497328b6a628 Yaniv Gardi 2016-02-01 2476 if (!ufshcd_valid_tag(hba, tag)) { 14497328b6a628 Yaniv Gardi 2016-02-01 2477 dev_err(hba->dev, 14497328b6a628 Yaniv Gardi 2016-02-01 2478 "%s: invalid command tag %d: cmd=0x%p, cmd->request=0x%p", 14497328b6a628 Yaniv Gardi 2016-02-01 2479 __func__, tag, cmd, cmd->request); 14497328b6a628 Yaniv Gardi 2016-02-01 2480 BUG(); 14497328b6a628 Yaniv Gardi 2016-02-01 2481 } 7a3e97b0dc4bba Santosh Yaraganavi 2012-02-29 2482 a3cd5ec55f6c72 Subhash Jadavani 2017-02-03 2483 if (!down_read_trylock(&hba->clk_scaling_lock)) a3cd5ec55f6c72 Subhash Jadavani 2017-02-03 2484 return SCSI_MLQUEUE_HOST_BUSY; a3cd5ec55f6c72 Subhash Jadavani 2017-02-03 2485 3441da7ddbdedf Sujit Reddy Thumma 2014-05-26 2486 spin_lock_irqsave(hba->host->host_lock, flags); 3441da7ddbdedf Sujit Reddy Thumma 2014-05-26 2487 switch (hba->ufshcd_state) { 3441da7ddbdedf Sujit Reddy Thumma 2014-05-26 2488 case UFSHCD_STATE_OPERATIONAL: 3441da7ddbdedf Sujit Reddy Thumma 2014-05-26 2489 break; 141f81651037ea Zang Leigang 2016-11-16 2490 case UFSHCD_STATE_EH_SCHEDULED: 3441da7ddbdedf Sujit Reddy Thumma 2014-05-26 2491 case UFSHCD_STATE_RESET: 7a3e97b0dc4bba Santosh Yaraganavi 2012-02-29 2492 err = SCSI_MLQUEUE_HOST_BUSY; 3441da7ddbdedf Sujit Reddy Thumma 2014-05-26 2493 goto out_unlock; 3441da7ddbdedf Sujit Reddy Thumma 2014-05-26 2494 case UFSHCD_STATE_ERROR: 3441da7ddbdedf Sujit Reddy Thumma 2014-05-26 2495 set_host_byte(cmd, DID_ERROR); 3441da7ddbdedf Sujit Reddy Thumma 2014-05-26 2496 cmd->scsi_done(cmd); 3441da7ddbdedf Sujit Reddy Thumma 2014-05-26 2497 goto out_unlock; 3441da7ddbdedf Sujit Reddy Thumma 2014-05-26 2498 default: 3441da7ddbdedf Sujit Reddy Thumma 2014-05-26 2499 dev_WARN_ONCE(hba->dev, 1, "%s: invalid state %d\n", 3441da7ddbdedf Sujit Reddy Thumma 2014-05-26 2500 __func__, hba->ufshcd_state); 3441da7ddbdedf Sujit Reddy Thumma 2014-05-26 2501 set_host_byte(cmd, DID_BAD_TARGET); 3441da7ddbdedf Sujit Reddy Thumma 2014-05-26 2502 cmd->scsi_done(cmd); 3441da7ddbdedf Sujit Reddy Thumma 2014-05-26 2503 goto out_unlock; 7a3e97b0dc4bba Santosh Yaraganavi 2012-02-29 2504 } 53c12d0ef6fcb7 Yaniv Gardi 2016-02-01 2505 53c12d0ef6fcb7 Yaniv Gardi 2016-02-01 2506 /* if error handling is in progress, don't issue commands */ 53c12d0ef6fcb7 Yaniv Gardi 2016-02-01 2507 if (ufshcd_eh_in_progress(hba)) { 53c12d0ef6fcb7 Yaniv Gardi 2016-02-01 2508 set_host_byte(cmd, DID_ERROR); 53c12d0ef6fcb7 Yaniv Gardi 2016-02-01 2509 cmd->scsi_done(cmd); 53c12d0ef6fcb7 Yaniv Gardi 2016-02-01 2510 goto out_unlock; 53c12d0ef6fcb7 Yaniv Gardi 2016-02-01 2511 } 3441da7ddbdedf Sujit Reddy Thumma 2014-05-26 2512 spin_unlock_irqrestore(hba->host->host_lock, flags); 7a3e97b0dc4bba Santosh Yaraganavi 2012-02-29 2513 7fabb77b3aa016 Gilad Broner 2017-02-03 2514 hba->req_abort_count = 0; 7fabb77b3aa016 Gilad Broner 2017-02-03 2515 1ab27c9cf8b63d Sahitya Tummala 2014-09-25 2516 err = ufshcd_hold(hba, true); 1ab27c9cf8b63d Sahitya Tummala 2014-09-25 2517 if (err) { 1ab27c9cf8b63d Sahitya Tummala 2014-09-25 2518 err = SCSI_MLQUEUE_HOST_BUSY; 1ab27c9cf8b63d Sahitya Tummala 2014-09-25 2519 goto out; 1ab27c9cf8b63d Sahitya Tummala 2014-09-25 2520 } 1ab27c9cf8b63d Sahitya Tummala 2014-09-25 2521 WARN_ON(hba->clk_gating.state != CLKS_ON); 1ab27c9cf8b63d Sahitya Tummala 2014-09-25 2522 7a3e97b0dc4bba Santosh Yaraganavi 2012-02-29 2523 lrbp = &hba->lrb[tag]; 7a3e97b0dc4bba Santosh Yaraganavi 2012-02-29 2524 5a0b0cb9bee767 Sujit Reddy Thumma 2013-07-30 2525 WARN_ON(lrbp->cmd); 7a3e97b0dc4bba Santosh Yaraganavi 2012-02-29 2526 lrbp->cmd = cmd; 09a5a24ff36f90 Avri Altman 2018-11-22 2527 lrbp->sense_bufflen = UFS_SENSE_SIZE; 7a3e97b0dc4bba Santosh Yaraganavi 2012-02-29 2528 lrbp->sense_buffer = cmd->sense_buffer; 7a3e97b0dc4bba Santosh Yaraganavi 2012-02-29 2529 lrbp->task_tag = tag; 0ce147d48a3e33 Subhash Jadavani 2014-09-25 2530 lrbp->lun = ufshcd_scsi_to_upiu_lun(cmd->device->lun); b852190e589abe Yaniv Gardi 2015-05-17 2531 lrbp->intr_cmd = !ufshcd_is_intr_aggr_allowed(hba) ? true : false; e0b299e36004f5 Gilad Broner 2017-02-03 2532 lrbp->req_abort_skip = false; 7a3e97b0dc4bba Santosh Yaraganavi 2012-02-29 2533 300bb13f5c7b1d Joao Pinto 2016-05-11 2534 ufshcd_comp_scsi_upiu(hba, lrbp); 300bb13f5c7b1d Joao Pinto 2016-05-11 2535 75b1cc4ad63afa Kiwoong Kim 2016-11-22 2536 err = ufshcd_map_sg(hba, lrbp); 5a0b0cb9bee767 Sujit Reddy Thumma 2013-07-30 2537 if (err) { 5a0b0cb9bee767 Sujit Reddy Thumma 2013-07-30 2538 lrbp->cmd = NULL; 17c7d35f141ef6 Can Guo 2019-12-05 2539 ufshcd_release(hba); 7a3e97b0dc4bba Santosh Yaraganavi 2012-02-29 2540 goto out; 5a0b0cb9bee767 Sujit Reddy Thumma 2013-07-30 2541 } ad1a1b9cd67a4b Gilad Broner 2016-10-17 2542 /* Make sure descriptors are ready before ringing the doorbell */ ad1a1b9cd67a4b Gilad Broner 2016-10-17 2543 wmb(); 7a3e97b0dc4bba Santosh Yaraganavi 2012-02-29 2544 7a3e97b0dc4bba Santosh Yaraganavi 2012-02-29 2545 /* issue command to the controller */ 7a3e97b0dc4bba Santosh Yaraganavi 2012-02-29 2546 spin_lock_irqsave(hba->host->host_lock, flags); 5905d4648e7ec2 Bart Van Assche 2020-01-22 2547 ufshcd_vops_setup_xfer_req(hba, tag, true); cff1afd5a0773e Kiwoong Kim 2020-06-20 @2548 if (cmd) ^^^ If "cmd" is NULL then we would have already crashed. cff1afd5a0773e Kiwoong Kim 2020-06-20 2549 ufshcd_vops_cmd_log(hba, cmd, 1); 7a3e97b0dc4bba Santosh Yaraganavi 2012-02-29 2550 ufshcd_send_command(hba, tag); 3441da7ddbdedf Sujit Reddy Thumma 2014-05-26 2551 out_unlock: 7a3e97b0dc4bba Santosh Yaraganavi 2012-02-29 2552 spin_unlock_irqrestore(hba->host->host_lock, flags); 7a3e97b0dc4bba Santosh Yaraganavi 2012-02-29 2553 out: a3cd5ec55f6c72 Subhash Jadavani 2017-02-03 2554 up_read(&hba->clk_scaling_lock); 7a3e97b0dc4bba Santosh Yaraganavi 2012-02-29 2555 return err; 7a3e97b0dc4bba Santosh Yaraganavi 2012-02-29 2556 } --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org