Sashiko reports: *** If an allocation fails here during i40e_rebuild(), i40e_vsi_clear() frees the main VSI and sets pf->vsi[vsi->idx] = NULL, and the rebuild will abort without stopping the PTP clock. Later, if the device is removed or unbound, i40e_remove() unconditionally calls i40e_ptp_stop(), which does: drivers/net/ethernet/intel/i40e/i40e_ptp.c:i40e_ptp_stop() { ... struct i40e_vsi *main_vsi = i40e_pf_get_main_vsi(pf); ... dev_info(&pf->pdev->dev, "%s: removed PHC on %s\n", __func__, main_vsi->netdev->name); ... } Would this cause a NULL pointer dereference since main_vsi is now NULL? *** Check if main_vsi is not null before calling dev_info(). Fixes: beb0dff1251d ("i40e: enable PTP") Reported-by: Sashiko AI Review Signed-off-by: Maciej Fijalkowski --- drivers/net/ethernet/intel/i40e/i40e_ptp.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/intel/i40e/i40e_ptp.c b/drivers/net/ethernet/intel/i40e/i40e_ptp.c index ff62b5f2c815..ca93df4d6785 100644 --- a/drivers/net/ethernet/intel/i40e/i40e_ptp.c +++ b/drivers/net/ethernet/intel/i40e/i40e_ptp.c @@ -1556,8 +1556,9 @@ void i40e_ptp_stop(struct i40e_pf *pf) if (pf->ptp_clock) { ptp_clock_unregister(pf->ptp_clock); pf->ptp_clock = NULL; - dev_info(&pf->pdev->dev, "%s: removed PHC on %s\n", __func__, - main_vsi->netdev->name); + if (main_vsi) + dev_info(&pf->pdev->dev, "%s: removed PHC on %s\n", __func__, + main_vsi->netdev->name); } if (i40e_is_ptp_pin_dev(&pf->hw)) { -- 2.43.0