Hello Christophe,
On Mon, Sep 29, 2025 at 07:01:43PM +0200, Christophe Leroy wrote:
> Le 29/09/2025 à 11:15, Breno Leitao a écrit :
> > diff --git a/drivers/pci/pcie/aer.c b/drivers/pci/pcie/aer.c
> > index e286c197d7167..55abc5e17b8b1 100644
> > --- a/drivers/pci/pcie/aer.c
> > +++ b/drivers/pci/pcie/aer.c
> > @@ -786,6 +786,9 @@ static void pci_rootport_aer_stats_incr(struct pci_dev
> > *pdev,
> > static int aer_ratelimit(struct pci_dev *dev, unsigned int severity)
> > {
> > + if (!dev->aer_info)
> > + return 1;
> > +
>
> This is a static function, it cannot be called from outside aer.c . Why do
> you need such a check ?
I have more than 5 hosts crash in recent kernel due to this issue. This
is causing real crashes.
[30745.821301] [ T964809] BUG: kernel NULL pointer dereference,
address: 0000000000000264
[30745.835249] [ T964809] #PF: supervisor read access in kernel mode
[30745.845541] [ T964809] #PF: error_code(0x0000) - not-present page
[30745.855831] [ T964809] PGD 7a26aa067 P4D 7a26aa067 PUD 2a807a067 PMD 0
[30745.867267] [ T964809] Oops: Oops: 0000 [#1] SMP
[30745.900469] [ T964809] Tainted: [S]=CPU_OUT_OF_SPEC,
[E]=UNSIGNED_MODULE
[30745.911999] [ T964809] Hardware name: Quanta Twin Lakes MP/Twin
Lakes Passive MP, BIOS F09_3A23 12/08/2020
[30745.929557] [ T964809] Workqueue: events aer_recover_work_func
[30745.939339] [ T964809] RIP: 0010:___ratelimit
(lib/ratelimit.c:33)
[30745.947896] [ T964809] Code: 89 06 48 8d 45 10 48 89 46 08 48 89 e0
48 89 46 10 48 89 df e8 18 48 0d 00 48 8d 65 f8 5b 5d c3 cc 55 41 57 41 56 41
54 53 50 <4c> 63 77 04 4d 85 f6 0f 9e c0 8b 5f 08 85 db 0f 9e c1 08 c1 80 f9
All code
========
0: 89 06 mov %eax,(%rsi)
2: 48 8d 45 10 lea 0x10(%rbp),%rax
6: 48 89 46 08 mov %rax,0x8(%rsi)
a: 48 89 e0 mov %rsp,%rax
d: 48 89 46 10 mov %rax,0x10(%rsi)
11: 48 89 df mov %rbx,%rdi
14: e8 18 48 0d 00 call 0xd4831
19: 48 8d 65 f8 lea -0x8(%rbp),%rsp
1d: 5b pop %rbx
1e: 5d pop %rbp
1f: c3 ret
20: cc int3
21: 55 push %rbp
22: 41 57 push %r15
24: 41 56 push %r14
26: 41 54 push %r12
28: 53 push %rbx
29: 50 push %rax
2a:* 4c 63 77 04 movslq 0x4(%rdi),%r14 <--
trapping instruction
2e: 4d 85 f6 test %r14,%r14
31: 0f 9e c0 setle %al
34: 8b 5f 08 mov 0x8(%rdi),%ebx
37: 85 db test %ebx,%ebx
39: 0f 9e c1 setle %cl
3c: 08 c1 or %al,%cl
3e: 80 .byte 0x80
3f: f9 stc
Code starting with the faulting instruction
===========================================
0: 4c 63 77 04 movslq 0x4(%rdi),%r14
4: 4d 85 f6 test %r14,%r14
7: 0f 9e c0 setle %al
a: 8b 5f 08 mov 0x8(%rdi),%ebx
d: 85 db test %ebx,%ebx
f: 0f 9e c1 setle %cl
12: 08 c1 or %al,%cl
14: 80 .byte 0x80
15: f9 stc
[30745.985517] [ T964809] RSP: 0018:ffffc9002a10fc88 EFLAGS: 00010206
[30745.996094] [ T964809] RAX: 0000000000000002 RBX: 0000000000000002
RCX: ffffffff8260c509
[30746.010396] [ T964809] RDX: 0000000000000000 RSI: ffffffff825f37b7
RDI: 0000000000000260
[30746.024710] [ T964809] RBP: 0000000000000000 R08: 8080808080808080
R09: 0000000000000000
[30746.039044] [ T964809] R10: ffffc9002a10fcf0 R11: 8080000000000000
R12: 0000000000000000
[30746.053349] [ T964809] R13: 0000000000000000 R14: ffff8882851f4000
R15: ffffc90000c312e0
[30746.067649] [ T964809] FS: 0000000000000000(0000)
GS:ffff8890fa91e000(0000) knlGS:0000000000000000
[30746.083875] [ T964809] CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
[30746.095394] [ T964809] CR2: 0000000000000264 CR3: 00000008150b6002
CR4: 00000000007726f0
[30746.109695] [ T964809] PKRU: 55555554
[30746.115123] [ T964809] Call Trace:
[30746.120028] [ T964809] <TASK>
[30746.124253] [ T964809] pci_print_aer (drivers/pci/pcie/aer.c:929)
[30746.140335] [ T964809] aer_recover_work_func
(drivers/pci/pcie/aer.c:1181)
[30746.149070] [ T964809] process_scheduled_works
(kernel/workqueue.c:3243 kernel/workqueue.c:3321)
[30746.158326] [ T964809] ? worker_thread (kernel/workqueue.c:3355)
[30746.166195] [ T964809] worker_thread (./include/linux/list.h:373
kernel/workqueue.c:946 kernel/workqueue.c:3403)
[30746.173718] [ T964809] kthread (kernel/kthread.c:466)
[30746.180018] [ T964809] ? kick_pool (kernel/workqueue.c:3348)
[30746.187183] [ T964809] ? finish_task_switch
(./include/linux/perf_event.h:? kernel/sched/core.c:5260)
[30746.195911] [ T964809] ? housekeeping_affine
(kernel/kthread.c:413)
[30746.204502] [ T964809] ret_from_fork
(arch/x86/kernel/process.c:154)
[30746.211842] [ T964809] ? housekeeping_affine
(kernel/kthread.c:413)
[30746.220400] [ T964809] ret_from_fork_asm
(arch/x86/entry/entry_64.S:258)
This stack is based on commit 038d61fd64227 ("Linux 6.16").
> I a check was to be made it should be in pci_aer_init() and in fact if
> kmalloc fails then all the probe should be made to fail.
Ok, the stack is not going through pci_aer_init(), but, through
aer_recover_work_func() -> pci_print_aer().
