Function devm_regmap_init_i2c() returns an ERR_PTR on errors, and its return value should be checked before using. Function hmc5843_i2c_probe() in drivers\iio\magnetometer\hmc5843_i2c.c use the return value of devm_regmap_init_i2c() as an argument of hmc5843_common_probe without validation. In addition, the hmc5843_common_probe() defined in drivers\iio\magnetometer\hmc5843_core.c as the following where the second parameter is used directly. Therefore, the return value of devm_regmap_init_i2c() is missing checked. drivers\iio\magnetometer\hmc5843_i2c.c: 60 { 61 return hmc5843_common_probe(&cli->dev, 62: devm_regmap_init_i2c(cli, &hmc5843_i2c_regmap_config), 63 id->driver_data, id->name); 64 } drivers\iio\magnetometer\hmc5843_core.c int hmc5843_common_probe(struct device *dev, struct regmap *regmap, enum hmc5843_ids id, const char *name) { struct hmc5843_data *data; struct iio_dev *indio_dev; int ret; indio_dev = devm_iio_device_alloc(dev, sizeof(*data)); if (!indio_dev) return -ENOMEM; dev_set_drvdata(dev, indio_dev); /* default settings at probe */ data = iio_priv(indio_dev); data->dev = dev; data->regmap = regmap; data->variant = &hmc5843_chip_info_tbl[id]; mutex_init(&data->lock); Here is the correct usage, input\touchscreen\tsc2004.c: 49 { 50 return tsc200x_probe(&i2c->dev, i2c->irq, &tsc2004_input_id, 51: devm_regmap_init_i2c(i2c, &tsc200x_regmap_config), 52 tsc2004_cmd); 53 } drivers\input\touchscreen\tsc200x-core.c int tsc200x_probe(struct device *dev, int irq, const struct input_id *tsc_id, struct regmap *regmap, int (*tsc200x_cmd)(struct device *dev, u8 cmd)) { struct tsc200x *ts; struct input_dev *input_dev; u32 x_plate_ohm; u32 esd_timeout; int error; if (irq <= 0) { dev_err(dev, "no irq\n"); return -ENODEV; } if (IS_ERR(regmap)) return PTR_ERR(regmap);
Long fixed. 536cc27deade8 ("iio: hmc5843: fix potential NULL pointer dereferences")