Hi, When I hot-plug a bridge, but there is no bus number available for its downstreambus, the kernel crashes. This can be reproduced with something like: qemu-system-x86_64 -machine pc-q35-2.10 \ -kernel ../build-pci/arch/x86/boot/bzImage \ -drive "file=img,format=raw" \ -m 2048 -smp 2 -enable-kvm \ -append "console=ttyS0 root=/dev/sda" \ -nographic \ -device pcie-root-port,bus=pcie.0,id=rp1,slot=1,bus-reserve=0 Note the "bus-reserve=0": no bus number is reserved for hot-plugging a bridge. After booting is completed, a PCI bridge can be hot-added with the QEMU command: device_add pcie-pci-bridge,id=br1,bus=rp1 After this command, the kernel crashes (crash log below). The reason is that, hot-plugging a bridge is done with pci_hp_add_bridge() and this can fail. However, its returned value is not checked, and the kernel proceeds despite the bridge was not added correctly. This results in the crash. Best regards, Nam [ 77.763860] pcieport 0000:00:03.0: pciehp: Slot(1): Button press: will power on in 5 sec [ 77.765343] pcieport 0000:00:03.0: pciehp: Slot(1): Card present [ 77.766385] pcieport 0000:00:03.0: pciehp: Slot(1): Link Up [ 78.881224] pci 0000:01:00.0: [1b36:000e] type 01 class 0x060400 PCIe to PCI/PCI-X bridge [ 78.883650] pci 0000:01:00.0: BAR 0 [mem 0x00000000-0x000000ff 64bit] [ 78.884849] pci 0000:01:00.0: PCI bridge to [bus 00] [ 78.886433] pci 0000:01:00.0: bridge window [io 0x0000-0x0fff] [ 78.887541] pci 0000:01:00.0: bridge window [mem 0x00000000-0x000fffff] [ 78.889479] pci 0000:01:00.0: bridge window [mem 0x00000000-0x000fffff 64bit pref] [ 78.892464] pci 0000:01:00.0: No bus number available for hot-added bridge [ 78.893717] pci 0000:01:00.0: BAR 0 [mem 0xfe800000-0xfe8000ff 64bit]: assigned [ 78.895703] pcieport 0000:00:03.0: PCI bridge to [bus 01] [ 78.896708] pcieport 0000:00:03.0: bridge window [io 0x1000-0x1fff] [ 78.898878] pcieport 0000:00:03.0: bridge window [mem 0xfe800000-0xfe9fffff] [ 78.900829] pcieport 0000:00:03.0: bridge window [mem 0xfe000000-0xfe1fffff 64bit pref] [ 78.905378] shpchp 0000:01:00.0: HPC vendor_id 1b36 device_id e ss_vid 0 ss_did 0 [ 78.906729] shpchp 0000:01:00.0: enabling device (0000 -> 0002) [ 78.910290] BUG: kernel NULL pointer dereference, address: 00000000000000da [ 78.911539] #PF: supervisor write access in kernel mode [ 78.912484] #PF: error_code(0x0002) - not-present page [ 78.913407] PGD 0 P4D 0 [ 78.913871] Oops: 0002 [#1] PREEMPT SMP NOPTI [ 78.914652] CPU: 0 PID: 45 Comm: irq/24-pciehp Not tainted 6.8.6 #31 [ 78.915774] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 78.917395] RIP: 0010:shpc_init+0x3fb/0x9d0 [ 78.918162] Code: 8b 48 08 40 80 ff 02 0f 84 15 04 00 00 f7 c2 00 00 00 1f 0f 84 44 02 00 00 b8 04 00 00 00 b9 04 00 0f [ 78.921407] RSP: 0018:ffffc9000018fad8 EFLAGS: 00010246 [ 78.922330] RAX: 0000000000000000 RBX: ffff88800459ab00 RCX: 0000000000000000 [ 78.923591] RDX: 00000000000000ff RSI: 0000000000000000 RDI: ffffffff83015701 [ 78.924845] RBP: ffffc9000018fb20 R08: ffff888003658280 R09: 0000000000000000 [ 78.926093] R10: 0000000000000000 R11: ffff888006888780 R12: ffff8880042ff000 [ 78.927358] R13: 0000000000000000 R14: 000000007f000d0f R15: 000000000000001f [ 78.928622] FS: 0000000000000000(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000 [ 78.930040] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 78.931056] CR2: 00000000000000da CR3: 000000000471a000 CR4: 00000000000006f0 [ 78.932321] Call Trace: [ 78.932770] <TASK> [ 78.933175] ? show_regs+0x64/0x70 [ 78.933793] ? __die+0x23/0x70 [ 78.934351] ? page_fault_oops+0x17b/0x460 [ 78.935087] ? search_module_extables+0x18/0x60 [ 78.935907] ? shpc_init+0x3fb/0x9d0 [ 78.936548] ? kernelmode_fixup_or_oops+0x9d/0x120 [ 78.937420] ? __bad_area_nosemaphore+0x16b/0x220 [ 78.938272] ? bad_area_nosemaphore+0x11/0x20 [ 78.939068] ? do_user_addr_fault+0x28c/0x610 [ 78.939858] ? exc_page_fault+0x6e/0x160 [ 78.940566] ? asm_exc_page_fault+0x2b/0x30 [ 78.941332] ? shpc_init+0x3fb/0x9d0 [ 78.941976] ? shpc_init+0x569/0x9d0 [ 78.942618] shpc_probe+0x92/0x390 [ 78.943232] local_pci_probe+0x46/0xa0 [ 78.943922] pci_device_probe+0xb0/0x190 [ 78.944491] really_probe+0xc2/0x2d0 [ 78.944996] ? __pfx___device_attach_driver+0x10/0x10 [ 78.945693] __driver_probe_device+0x73/0x120 [ 78.946300] driver_probe_device+0x1f/0xf0 [ 78.946869] __device_attach_driver+0x8d/0x120 [ 78.947489] bus_for_each_drv+0x96/0xf0 [ 78.948031] __device_attach+0xae/0x1a0 [ 78.948571] device_attach+0xf/0x20 [ 78.949062] pci_bus_add_device+0x58/0x90 [ 78.949628] pci_bus_add_devices+0x30/0x70 [ 78.950201] pciehp_configure_device+0xa8/0x150 [ 78.950840] pciehp_handle_presence_or_link_change+0x161/0x4a0 [ 78.951655] pciehp_ist+0x20f/0x240 [ 78.952144] ? __pfx_irq_thread_fn+0x10/0x10 [ 78.952744] irq_thread_fn+0x23/0x60 [ 78.953245] irq_thread+0xfa/0x1c0 [ 78.953726] ? __pfx_irq_thread_dtor+0x10/0x10 [ 78.954346] ? __pfx_irq_thread+0x10/0x10 [ 78.955175] kthread+0xe0/0x110 [ 78.955631] ? __pfx_kthread+0x10/0x10 [ 78.956160] ret_from_fork+0x3c/0x60 [ 78.956661] ? __pfx_kthread+0x10/0x10 [ 78.957207] ret_from_fork_asm+0x1b/0x30 [ 78.957754] </TASK> [ 78.958070] Modules linked in: [ 78.958501] CR2: 00000000000000da [ 78.958970] ---[ end trace 0000000000000000 ]--- [ 78.959615] RIP: 0010:shpc_init+0x3fb/0x9d0 [ 78.960201] Code: 8b 48 08 40 80 ff 02 0f 84 15 04 00 00 f7 c2 00 00 00 1f 0f 84 44 02 00 00 b8 04 00 00 00 b9 04 00 0f [ 78.962745] RSP: 0018:ffffc9000018fad8 EFLAGS: 00010246 [ 78.963462] RAX: 0000000000000000 RBX: ffff88800459ab00 RCX: 0000000000000000 [ 78.964441] RDX: 00000000000000ff RSI: 0000000000000000 RDI: ffffffff83015701 [ 78.965469] RBP: ffffc9000018fb20 R08: ffff888003658280 R09: 0000000000000000 [ 78.966537] R10: 0000000000000000 R11: ffff888006888780 R12: ffff8880042ff000 [ 78.967531] R13: 0000000000000000 R14: 000000007f000d0f R15: 000000000000001f [ 78.968539] FS: 0000000000000000(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000 [ 78.969662] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 78.970472] CR2: 00000000000000da CR3: 000000000471a000 CR4: 00000000000006f0 [ 78.971449] note: irq/24-pciehp[45] exited with irqs disabled [ 78.972281] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 78.973232] #PF: supervisor instruction fetch in kernel mode [ 78.974012] #PF: error_code(0x0010) - not-present page [ 78.974717] PGD 0 P4D 0 [ 78.975075] Oops: 0010 [#2] PREEMPT SMP NOPTI [ 78.975686] CPU: 0 PID: 45 Comm: irq/24-pciehp Tainted: G D 6.8.6 #31 [ 78.976751] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 78.978011] RIP: 0010:0x0 [ 78.978383] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 78.979274] RSP: 0018:ffffc9000018fe98 EFLAGS: 00010286 [ 78.979996] RAX: 0000000000000000 RBX: ffff888003d2c740 RCX: 00000000000001c0 [ 78.980973] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffc9000018fea0 [ 78.981949] RBP: ffffc9000018feb8 R08: 0000000000009ffb R09: 00000000ffffdfff [ 78.982924] R10: 0000000000000001 R11: ffffffff82a58aa0 R12: ffff888003d2c740 [ 78.983901] R13: ffff888003d2cf54 R14: ffff888003e78001 R15: 0000000000000000 [ 78.984884] FS: 0000000000000000(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000 [ 78.985992] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 78.986786] CR2: ffffffffffffffd6 CR3: 000000000471a000 CR4: 00000000000006f0 [ 78.987793] Call Trace: [ 78.988143] <TASK> [ 78.988443] ? show_regs+0x64/0x70 [ 78.988924] ? __die+0x23/0x70 [ 78.989355] ? page_fault_oops+0x17b/0x460 [ 78.989925] ? do_user_addr_fault+0x2d1/0x610 [ 78.990539] ? _prb_read_valid+0x2e6/0x370 [ 78.991132] ? exc_page_fault+0x6e/0x160 [ 78.991688] ? asm_exc_page_fault+0x2b/0x30 [ 78.992318] task_work_run+0x60/0x90 [ 78.992798] do_exit+0x355/0xb00 [ 78.993234] make_task_dead+0x7e/0x160 [ 78.993708] rewind_stack_and_make_dead+0x17/0x20 [ 78.994303] </TASK> [ 78.994589] Modules linked in: [ 78.994984] CR2: 0000000000000000 [ 78.995408] ---[ end trace 0000000000000000 ]--- [ 78.995984] RIP: 0010:shpc_init+0x3fb/0x9d0 [ 78.996503] Code: 8b 48 08 40 80 ff 02 0f 84 15 04 00 00 f7 c2 00 00 00 1f 0f 84 44 02 00 00 b8 04 00 00 00 b9 04 00 0f [ 78.998828] RSP: 0018:ffffc9000018fad8 EFLAGS: 00010246 [ 78.999500] RAX: 0000000000000000 RBX: ffff88800459ab00 RCX: 0000000000000000 [ 79.000406] RDX: 00000000000000ff RSI: 0000000000000000 RDI: ffffffff83015701 [ 79.001282] RBP: ffffc9000018fb20 R08: ffff888003658280 R09: 0000000000000000 [ 79.002159] R10: 0000000000000000 R11: ffff888006888780 R12: ffff8880042ff000 [ 79.003036] R13: 0000000000000000 R14: 000000007f000d0f R15: 000000000000001f [ 79.003926] FS: 0000000000000000(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000 [ 79.004921] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 79.005637] CR2: ffffffffffffffd6 CR3: 000000000471a000 CR4: 00000000000006f0 [ 79.006523] note: irq/24-pciehp[45] exited with irqs disabled [ 79.007261] Fixing recursive fault but reboot is needed! [ 79.007942] BUG: scheduling while atomic: irq/24-pciehp/45/0x00000000 [ 79.008740] Modules linked in: [ 79.009151] CPU: 0 PID: 45 Comm: irq/24-pciehp Tainted: G D 6.8.6 #31 [ 79.010117] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 79.011255] Call Trace: [ 79.011573] <TASK> [ 79.011845] dump_stack_lvl+0x5f/0x80 [ 79.012310] dump_stack+0x14/0x20 [ 79.012730] __schedule_bug+0x51/0x70 [ 79.013195] __schedule+0x79c/0x890 [ 79.013634] ? vprintk+0x31/0x40 [ 79.014044] ? _printk+0x5f/0x80 [ 79.014456] do_task_dead+0x43/0x50 [ 79.014897] make_task_dead+0x142/0x160 [ 79.015378] rewind_stack_and_make_dead+0x17/0x20 [ 79.015971] </TASK> Nam Cao (2): PCI: shpchp: Abort hot-plug if pci_hp_add_bridge() fails PCI: pciehp: Abort hot-plug if pci_hp_add_bridge() fails drivers/pci/hotplug/pciehp_pci.c | 6 ++++-- drivers/pci/hotplug/shpchp_pci.c | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) -- 2.39.2