Skip to content

oops in rmmod in nouveau_display_destroy (5.8.0 / (TU106 [GeForce RTX 2070]))

After skipping the fb release in #3

I think this was triggered by something like:

rebooted after oops in #3 remote login

#!/bin/bash
# Helpful to read output when debugging
set -x

for mod in vfio-pci vfio_iommu_type1 vfio
do
  modprobe -r $mod
done

# Unbind the GPU from display driver
# noteably wrong PCI ID
for fn in 0 1 2 3
do
  virsh nodedev-reattach pci_0001_00_00_$fn
done

# Rebind VTconsoles
echo 1 > /sys/class/vtconsole/vtcon0/bind
echo 1 > /sys/class/vtconsole/vtcon1/bind

# bind EFI-Framebuffer
echo efi-framebuffer.0 > /sys/bus/platform/drivers/efi-framebuffer/bind

for mod in drm nouveau
do 
 modprobe $mod
done

# TODO bit more suspend like https://www.freedesktop.org/software/systemd/man/org.freedesktop.login1.html#

# Stop display manager
systemctl restart gdm.service

Trigger the following as part for qemu hooks:

systemctl stop gdm.service
## Uncomment the following line if you use GDM
killall gdm-x-session

# Unbind VTconsoles
echo 0 > /sys/class/vtconsole/vtcon0/bind
echo 0 > /sys/class/vtconsole/vtcon1/bind

# Unbind EFI-Framebuffer - kernel oops
# echo efi-framebuffer.0 > /sys/bus/platform/drivers/efi-framebuffer/unbind

for mod in drm nouveau
do 
 modprobe -r $mod
done

modprobe vfio-pci

I had the aliases in modprobe enabled

/etc/modprobe.d/nvidia-vfio.conf 
#  for a in  /sys/bus/pci/devices/0000:01:00.*; do read p < $a/modalias; echo alias $p vfio-pci ; done > /etc/modprobe.d/nvidia-vio-pci.conf
alias pci:v000010DEd00001F02sv00001458sd000037C2bc03sc00i00 vfio-pci
alias pci:v000010DEd000010F9sv00001458sd000037C2bc04sc03i00 vfio-pci
alias pci:v000010DEd00001ADAsv00001458sd000037C2bc0Csc03i30 vfio-pci
alias pci:v000010DEd00001ADBsv00001458sd000037C2bc0Csc80i00 vfio-pci
#
##  lspci  -nn | grep NVIDIA
##01:00.0 VGA compatible controller [0300]: NVIDIA Corporation TU106 [GeForce RTX 2070] [10de:1f02] (rev a1)
##01:00.1 Audio device [0403]: NVIDIA Corporation TU106 High Definition Audio Controller [10de:10f9] (rev a1)
##01:00.2 USB controller [0c03]: NVIDIA Corporation TU106 USB 3.1 Host Controller [10de:1ada] (rev a1)
##01:00.3 Serial bus controller [0c80]: NVIDIA Corporation TU106 USB Type-C UCSI Controller [10de:1adb] (rev a1)
#
options vfio-pci ids=10de:1f02,10de:10f9,10de:1ada,10de:1adb
options vfio-pci disable_vga=1
[ 5744.171347] rfkill: input handler enabled
[ 5744.274875] Console: switching to colour dummy device 80x25
[ 5744.319728] VFIO - User Level meta-driver version: 0.3
[ 5744.330263] vfio_pci: add [10de:1f02[ffffffff:ffffffff]] class 0x000000/00000000
[ 5744.342217] vfio_pci: add [10de:10f9[ffffffff:ffffffff]] class 0x000000/00000000
[ 5744.342222] vfio_pci: add [10de:1ada[ffffffff:ffffffff]] class 0x000000/00000000
[ 5744.354111] vfio_pci: add [10de:1adb[ffffffff:ffffffff]] class 0x000000/00000000
[ 5744.364609] NET: Registered protocol family 40
[ 5744.422430] ------------[ cut here ]------------
[ 5744.422446] WARNING: CPU: 6 PID: 49414 at drivers/gpu/drm/drm_mode_config.c:538 drm_mode_config_cleanup+0x291/0x2b0 [drm]
[ 5744.422446] Modules linked in: vhost_vsock vmw_vsock_virtio_transport_common vhost vsock vhost_iotlb vfio_pci vfio_virqfd vfio_iommu_type1 vfio uinput rfcomm nouveau ttm xt
_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_nat_tftp nf_conntrack_tftp tun bridge stp llc nft_objref nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib
_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat ip6table_nat ip6table_mangle ip6table_raw ip6table_security iptable_na
t nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c iptable_mangle iptable_raw iptable_security ip_set nf_tables nfnetlink ip6table_filter ip6_tables iptable_filter 
cmac bnep sunrpc vfat fat squashfs loop intel_rapl_msr mei_hdcp ee1004 iTCO_wdt iTCO_vendor_support intel_rapl_common x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel 
kvm rapl intel_cstate intel_uncore eeepc_wmi asus_wmi sparse_keymap wmi_bmof pcspkr mxm_wmi joydev btusb btrtl btbcm btintel
[ 5744.422460]  snd_usb_audio bluetooth snd_usbmidi_lib snd_rawmidi mc apple_mfi_fastcharge ecdh_generic ecc snd_hda_codec_hdmi snd_sof_pci snd_sof_intel_byt snd_sof_intel_ipc
 snd_sof_intel_hda_common iwlmvm snd_soc_hdac_hda snd_hda_codec_realtek snd_sof_xtensa_dsp snd_sof_intel_hda snd_hda_codec_generic snd_sof ledtrig_audio snd_soc_skl mac80211 s
nd_soc_sst_ipc snd_soc_sst_dsp snd_hda_ext_core snd_soc_acpi_intel_match snd_soc_acpi snd_soc_core snd_compress ac97_bus snd_pcm_dmaengine snd_hda_intel snd_intel_dspcfg libar
c4 snd_hda_codec snd_hda_core acpi_tad acpi_pad iwlwifi snd_hwdep snd_seq snd_seq_device snd_pcm cfg80211 snd_timer snd i2c_i801 soundcore i2c_smbus mei_me mei rfkill ie31200_
edac ip_tables hid_logitech_hidpp hid_apple hid_logitech_dj hid_plantronics i915 cec i2c_algo_bit drm_kms_helper nvme crct10dif_pclmul crc32_pclmul crc32c_intel irqbypass e100
0e drm nvme_core ghash_clmulni_intel wmi video pinctrl_cannonlake pinctrl_intel fuse i2c_dev [last unloaded: vfio]
[ 5744.422474] CPU: 6 PID: 49414 Comm: libvirtd Not tainted 5.8.0 #6
[ 5744.422475] Hardware name: System manufacturer System Product Name/ROG STRIX Z390-E GAMING, BIOS 1502 02/21/2020
[ 5744.422483] RIP: 0010:drm_mode_config_cleanup+0x291/0x2b0 [drm]
[ 5744.422484] Code: 48 8b 70 48 48 c7 c7 14 7d 5c c0 e8 a9 f3 ff ff 48 89 e7 e8 01 93 ff ff 48 85 c0 75 e3 48 89 e7 e8 a4 92 ff ff e9 0e fe ff ff <0f> 0b e9 02 ff ff ff 0f 0b
 48 83 c4 30 5b 5d 41 5c 41 5d c3 66 66
[ 5744.422484] RSP: 0018:ffffad4ac78b3d48 EFLAGS: 00010212
[ 5744.422485] RAX: ffff8a4f0adbf508 RBX: ffff8a4f1748c3b0 RCX: 0000000080200001
[ 5744.422485] RDX: 0000000080200002 RSI: 0000000080200001 RDI: ffff8a4f1748c3b0
[ 5744.422486] RBP: ffff8a4f1748c000 R08: 0000000000000001 R09: 0000000000000000
[ 5744.422486] R10: 0000000000000001 R11: ffffad4ac78b3c00 R12: ffff8a4f1748c3d8
[ 5744.422486] R13: ffff8a4f1748c270 R14: ffffad4ac78b3f10 R15: ffff8a4e384480e0
[ 5744.422487] FS:  00007fc873fff700(0000) GS:ffff8a4f1dd80000(0000) knlGS:0000000000000000
[ 5744.422487] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 5744.422488] CR2: 00007fe548002158 CR3: 00000006b5d54004 CR4: 00000000003606e0
[ 5744.422488] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 5744.422489] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 5744.422489] Call Trace:
[ 5744.422523]  nouveau_display_destroy+0x67/0xa0 [nouveau]
[ 5744.422546]  nouveau_drm_device_fini+0x5f/0x160 [nouveau]
[ 5744.422569]  nouveau_drm_remove+0x5e/0x80 [nouveau]
[ 5744.422572]  pci_device_remove+0x3b/0xa0
[ 5744.422574]  __device_release_driver+0x15c/0x210
[ 5744.422575]  device_driver_detach+0x3c/0xa0
[ 5744.422577]  unbind_store+0x113/0x130
[ 5744.422578]  kernfs_fop_write+0xce/0x1b0
[ 5744.422580]  vfs_write+0xc7/0x1f0
[ 5744.422581]  ksys_write+0x4f/0xc0
[ 5744.422582]  do_syscall_64+0x52/0x90
[ 5744.422584]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 5744.422585] RIP: 0033:0x7fc889ed990f
[ 5744.422586] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44
 89 c7 48 89 44 24 08 e8 5c fd ff ff 48
[ 5744.422586] RSP: 002b:00007fc873ffe340 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 5744.422587] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007fc889ed990f
[ 5744.422587] RDX: 000000000000000c RSI: 00007fc860036ff0 RDI: 000000000000001e
[ 5744.422588] RBP: 00007fc860036ff0 R08: 0000000000000000 R09: 000000000000002f
[ 5744.422588] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000001e
[ 5744.422588] R13: 000000000000001e R14: 0000000000000000 R15: 00007fc8600381b0
[ 5744.422590] ---[ end trace 9220f2caeb9be74c ]---
[ 5744.422591] [leaked fb] framebuffer[117]:
[ 5744.422592] [leaked fb] 	allocated by = gnome-shell
[ 5744.422592] [leaked fb] 	refcount=1
[ 5744.422593] [leaked fb] 	format=XR24 little-endian (0x34325258)
[ 5744.422593] [leaked fb] 	modifier=0x0
[ 5744.422594] [leaked fb] 	size=3840x2160
[ 5744.422594] [leaked fb] 	layers:
[ 5744.422594] [leaked fb] 		size[0]=3840x2160
[ 5744.422595] [leaked fb] 		pitch[0]=15360
[ 5744.422595] [leaked fb] 		offset[0]=0
[ 5744.422596] [leaked fb] 		obj[0]:
[ 5744.422596] [leaked fb] 			name=0
[ 5744.422597] [leaked fb] 			refcount=1
[ 5744.422597] [leaked fb] 			start=00104051
[ 5744.422597] [leaked fb] 			size=33554432
[ 5744.422598] [leaked fb] 			imported=yes
[ 5744.422604] [leaked fb] framebuffer[118]:
[ 5744.422605] [leaked fb] 	allocated by = gnome-shell
[ 5744.422605] [leaked fb] 	refcount=1
[ 5744.422605] [leaked fb] 	format=XR24 little-endian (0x34325258)
[ 5744.422606] [leaked fb] 	modifier=0x0
[ 5744.422606] [leaked fb] 	size=3840x2160
[ 5744.422606] [leaked fb] 	layers:
[ 5744.422607] [leaked fb] 		size[0]=3840x2160
[ 5744.422607] [leaked fb] 		pitch[0]=15360
[ 5744.422607] [leaked fb] 		offset[0]=0
[ 5744.422608] [leaked fb] 		obj[0]:
[ 5744.422608] [leaked fb] 			name=0
[ 5744.422608] [leaked fb] 			refcount=1
[ 5744.422609] [leaked fb] 			start=00102051
[ 5744.422609] [leaked fb] 			size=33554432
[ 5744.422609] [leaked fb] 			imported=yes
[ 5744.446258] ------------[ cut here ]------------
[ 5744.446259] refcount_t: underflow; use-after-free.
[ 5744.446269] WARNING: CPU: 4 PID: 31487 at lib/refcount.c:28 refcount_warn_saturate+0xa6/0xf0
[ 5744.446269] Modules linked in: vhost_vsock vmw_vsock_virtio_transport_common vhost vsock vhost_iotlb vfio_pci vfio_virqfd vfio_iommu_type1 vfio uinput rfcomm nouveau ttm xt
_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_nat_tftp nf_conntrack_tftp tun bridge stp llc nft_objref nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib
_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat ip6table_nat ip6table_mangle ip6table_raw ip6table_security iptable_na
t nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c iptable_mangle iptable_raw iptable_security ip_set nf_tables nfnetlink ip6table_filter ip6_tables iptable_filter 
cmac bnep sunrpc vfat fat squashfs loop intel_rapl_msr mei_hdcp ee1004 iTCO_wdt iTCO_vendor_support intel_rapl_common x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel 
kvm rapl intel_cstate intel_uncore eeepc_wmi asus_wmi sparse_keymap wmi_bmof pcspkr mxm_wmi joydev btusb btrtl btbcm btintel
[ 5744.446285]  snd_usb_audio bluetooth snd_usbmidi_lib snd_rawmidi mc apple_mfi_fastcharge ecdh_generic ecc snd_hda_codec_hdmi snd_sof_pci snd_sof_intel_byt snd_sof_intel_ipc
 snd_sof_intel_hda_common iwlmvm snd_soc_hdac_hda snd_hda_codec_realtek snd_sof_xtensa_dsp snd_sof_intel_hda snd_hda_codec_generic snd_sof ledtrig_audio snd_soc_skl mac80211 s
nd_soc_sst_ipc snd_soc_sst_dsp snd_hda_ext_core snd_soc_acpi_intel_match snd_soc_acpi snd_soc_core snd_compress ac97_bus snd_pcm_dmaengine snd_hda_intel snd_intel_dspcfg libar
c4 snd_hda_codec snd_hda_core acpi_tad acpi_pad iwlwifi snd_hwdep snd_seq snd_seq_device snd_pcm cfg80211 snd_timer snd i2c_i801 soundcore i2c_smbus mei_me mei rfkill ie31200_
edac ip_tables hid_logitech_hidpp hid_apple hid_logitech_dj hid_plantronics i915 cec i2c_algo_bit drm_kms_helper nvme crct10dif_pclmul crc32_pclmul crc32c_intel irqbypass e100
0e drm nvme_core ghash_clmulni_intel wmi video pinctrl_cannonlake pinctrl_intel fuse i2c_dev [last unloaded: vfio]
[ 5744.446300] CPU: 4 PID: 31487 Comm: pool-gnome-shel Tainted: G        W         5.8.0 #6
[ 5744.446300] Hardware name: System manufacturer System Product Name/ROG STRIX Z390-E GAMING, BIOS 1502 02/21/2020
[ 5744.446301] RIP: 0010:refcount_warn_saturate+0xa6/0xf0
[ 5744.446302] Code: 05 80 2e 2f 01 01 e8 1f b9 bb ff 0f 0b c3 80 3d 6e 2e 2f 01 00 75 95 48 c7 c7 20 c9 3a 93 c6 05 5e 2e 2f 01 01 e8 00 b9 bb ff <0f> 0b c3 80 3d 4d 2e 2f 01
 00 0f 85 72 ff ff ff 48 c7 c7 78 c9 3a
[ 5744.446302] RSP: 0018:ffffad4aca67fbf0 EFLAGS: 00010286
[ 5744.446303] RAX: 0000000000000026 RBX: ffff8a4f0adbf5b0 RCX: ffff8a4f1dd18d08
[ 5744.446303] RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffff8a4f1dd18d00
[ 5744.446304] RBP: ffff8a4f0adbf500 R08: 0000000000000563 R09: 0000000000000003
[ 5744.446304] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8a4f0adbf5c8
[ 5744.446304] R13: ffff8a4f13085c88 R14: ffffad4aca67fc38 R15: dead000000000100
[ 5744.446305] FS:  00007fa9506ef700(0000) GS:ffff8a4f1dd00000(0000) knlGS:0000000000000000
[ 5744.446305] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 5744.446306] CR2: 00007f1d3358e740 CR3: 0000000855c68001 CR4: 00000000003606e0
[ 5744.446306] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 5744.446307] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 5744.446307] Call Trace:
[ 5744.446315]  drm_gem_fb_destroy+0x26/0x40 [drm_kms_helper]
[ 5744.446328]  drm_fb_release+0xf8/0x160 [drm]
[ 5744.446330]  ? __inode_wait_for_writeback+0x6e/0xc0
[ 5744.446522]  drm_file_free.part.0+0x1af/0x290 [drm]
[ 5744.446527]  drm_release+0x65/0x110 [drm]
[ 5744.446528]  __fput+0xe2/0x250
[ 5744.446530]  task_work_run+0x65/0xa0
[ 5744.446532]  do_exit+0x34e/0xaf0
[ 5744.446533]  do_group_exit+0x33/0xa0
[ 5744.446534]  get_signal+0x170/0x8c0
[ 5744.446535]  ? update_load_avg+0x7a/0x610
[ 5744.446537]  do_signal+0x30/0x700
[ 5744.446538]  ? pick_next_entity+0xcb/0x1e0
[ 5744.446538]  ? pick_next_task_fair+0x175/0x3a0
[ 5744.446540]  ? __x64_sys_futex+0x124/0x140
[ 5744.446542]  __prepare_exit_to_usermode+0x11f/0x1a0
[ 5744.446543]  do_syscall_64+0x5e/0x90
[ 5744.446545]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 5744.446546] RIP: 0033:0x7faa18077e92
[ 5744.446546] Code: Bad RIP value.
[ 5744.446547] RSP: 002b:00007fa9506ee240 EFLAGS: 00000282 ORIG_RAX: 00000000000000ca
[ 5744.446547] RAX: fffffffffffffe00 RBX: 000000000000006e RCX: 00007faa18077e92
[ 5744.446548] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa9fc0b6b58
[ 5744.446548] RBP: 00007fa9fc0b6b30 R08: 0000000000000000 R09: 00007fa9506edaa0
[ 5744.446548] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000
[ 5744.446549] R13: 00007fa9fc020680 R14: 00007fa9fc0b6b58 R15: 00007fa9506ee270
[ 5744.446550] ---[ end trace 9220f2caeb9be74d ]---
[ 5744.446551] list_del corruption, ffff8a4f0adbf508->next is LIST_POISON1 (dead000000000100)
[ 5744.446555] ------------[ cut here ]------------
[ 5744.446556] kernel BUG at lib/list_debug.c:45!
[ 5744.446560] invalid opcode: 0000 [#1] SMP NOPTI
[ 5744.446561] CPU: 4 PID: 31487 Comm: pool-gnome-shel Tainted: G        W         5.8.0 #6
[ 5744.446562] Hardware name: System manufacturer System Product Name/ROG STRIX Z390-E GAMING, BIOS 1502 02/21/2020
[ 5744.446564] RIP: 0010:__list_del_entry_valid.cold+0xf/0x55
[ 5744.446565] Code: c1 ff 0f 0b 48 89 d1 4c 89 c6 4c 89 ca 48 c7 c7 90 d6 3a 93 e8 b5 e7 c1 ff 0f 0b 48 89 fe 48 c7 c7 20 d7 3a 93 e8 a4 e7 c1 ff <0f> 0b 48 c7 c7 d0 d7 3a 93
 e8 96 e7 c1 ff 0f 0b 48 89 f2 48 89 fe
[ 5744.446567] RSP: 0018:ffffad4aca67fbd0 EFLAGS: 00010292
[ 5744.446568] RAX: 000000000000004e RBX: ffff8a4f0adbf500 RCX: ffff8a4f1dd18d08
[ 5744.446569] RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffff8a4f1dd18d00
[ 5744.446570] RBP: ffff8a4f1748c000 R08: 0000000000000592 R09: 0000000000000003
[ 5744.446570] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8a4f1748c248
[ 5744.446571] R13: ffff8a4f13085c88 R14: ffffad4aca67fc38 R15: dead000000000100
[ 5744.446572] FS:  00007fa9506ef700(0000) GS:ffff8a4f1dd00000(0000) knlGS:0000000000000000
[ 5744.446573] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 5744.446574] CR2: 00007f1d3358e740 CR3: 0000000855c68001 CR4: 00000000003606e0
[ 5744.446575] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 5744.446576] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 5744.446576] Call Trace:
[ 5744.446584]  drm_framebuffer_cleanup+0x27/0x70 [drm]
[ 5744.446589]  drm_gem_fb_destroy+0x33/0x40 [drm_kms_helper]
[ 5744.446597]  drm_fb_release+0xf8/0x160 [drm]
[ 5744.446598]  ? __inode_wait_for_writeback+0x6e/0xc0
[ 5744.446604]  drm_file_free.part.0+0x1af/0x290 [drm]
[ 5744.446609]  drm_release+0x65/0x110 [drm]
[ 5744.446610]  __fput+0xe2/0x250
[ 5744.446803]  task_work_run+0x65/0xa0
[ 5744.446804]  do_exit+0x34e/0xaf0
[ 5744.446805]  do_group_exit+0x33/0xa0
[ 5744.446807]  get_signal+0x170/0x8c0
[ 5744.446808]  ? update_load_avg+0x7a/0x610
[ 5744.446809]  do_signal+0x30/0x700
[ 5744.446810]  ? pick_next_entity+0xcb/0x1e0
[ 5744.446812]  ? pick_next_task_fair+0x175/0x3a0
[ 5744.446813]  ? __x64_sys_futex+0x124/0x140
[ 5744.446815]  __prepare_exit_to_usermode+0x11f/0x1a0
[ 5744.446816]  do_syscall_64+0x5e/0x90
[ 5744.446817]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 5744.446818] RIP: 0033:0x7faa18077e92
[ 5744.446819] Code: Bad RIP value.
[ 5744.446820] RSP: 002b:00007fa9506ee240 EFLAGS: 00000282 ORIG_RAX: 00000000000000ca
[ 5744.446821] RAX: fffffffffffffe00 RBX: 000000000000006e RCX: 00007faa18077e92
[ 5744.446822] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa9fc0b6b58
[ 5744.446823] RBP: 00007fa9fc0b6b30 R08: 0000000000000000 R09: 00007fa9506edaa0
[ 5744.446823] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000
[ 5744.446824] R13: 00007fa9fc020680 R14: 00007fa9fc0b6b58 R15: 00007fa9506ee270
[ 5744.446826] Modules linked in: vhost_vsock vmw_vsock_virtio_transport_common vhost vsock vhost_iotlb vfio_pci vfio_virqfd vfio_iommu_type1 vfio uinput rfcomm nouveau ttm xt
_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_nat_tftp nf_conntrack_tftp tun bridge stp llc nft_objref nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib
_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat ip6table_nat ip6table_mangle ip6table_raw ip6table_security iptable_na
t nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c iptable_mangle iptable_raw iptable_security ip_set nf_tables nfnetlink ip6table_filter ip6_tables iptable_filter 
cmac bnep sunrpc vfat fat squashfs loop intel_rapl_msr mei_hdcp ee1004 iTCO_wdt iTCO_vendor_support intel_rapl_common x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel 
kvm rapl intel_cstate intel_uncore eeepc_wmi asus_wmi sparse_keymap wmi_bmof pcspkr mxm_wmi joydev btusb btrtl btbcm btintel
[ 5744.446837]  snd_usb_audio bluetooth snd_usbmidi_lib snd_rawmidi mc apple_mfi_fastcharge ecdh_generic ecc snd_hda_codec_hdmi snd_sof_pci snd_sof_intel_byt snd_sof_intel_ipc
 snd_sof_intel_hda_common iwlmvm snd_soc_hdac_hda snd_hda_codec_realtek snd_sof_xtensa_dsp snd_sof_intel_hda snd_hda_codec_generic snd_sof ledtrig_audio snd_soc_skl mac80211 s
nd_soc_sst_ipc snd_soc_sst_dsp snd_hda_ext_core snd_soc_acpi_intel_match snd_soc_acpi snd_soc_core snd_compress ac97_bus snd_pcm_dmaengine snd_hda_intel snd_intel_dspcfg libar
c4 snd_hda_codec snd_hda_core acpi_tad acpi_pad iwlwifi snd_hwdep snd_seq snd_seq_device snd_pcm cfg80211 snd_timer snd i2c_i801 soundcore i2c_smbus mei_me mei rfkill ie31200_
edac ip_tables hid_logitech_hidpp hid_apple hid_logitech_dj hid_plantronics i915 cec i2c_algo_bit drm_kms_helper nvme crct10dif_pclmul crc32_pclmul crc32c_intel irqbypass e100
0e drm nvme_core ghash_clmulni_intel wmi video pinctrl_cannonlake pinctrl_intel fuse i2c_dev [last unloaded: vfio]
[ 5744.446857] ---[ end trace 9220f2caeb9be74e ]---
[ 5744.446859] RIP: 0010:__list_del_entry_valid.cold+0xf/0x55
[ 5744.446860] Code: c1 ff 0f 0b 48 89 d1 4c 89 c6 4c 89 ca 48 c7 c7 90 d6 3a 93 e8 b5 e7 c1 ff 0f 0b 48 89 fe 48 c7 c7 20 d7 3a 93 e8 a4 e7 c1 ff <0f> 0b 48 c7 c7 d0 d7 3a 93
 e8 96 e7 c1 ff 0f 0b 48 89 f2 48 89 fe
[ 5744.446862] RSP: 0018:ffffad4aca67fbd0 EFLAGS: 00010292
[ 5744.446862] RAX: 000000000000004e RBX: ffff8a4f0adbf500 RCX: ffff8a4f1dd18d08
[ 5744.446863] RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffff8a4f1dd18d00
[ 5744.446864] RBP: ffff8a4f1748c000 R08: 0000000000000592 R09: 0000000000000003
[ 5744.446865] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8a4f1748c248
[ 5744.446866] R13: ffff8a4f13085c88 R14: ffffad4aca67fc38 R15: dead000000000100
[ 5744.446867] FS:  00007fa9506ef700(0000) GS:ffff8a4f1dd00000(0000) knlGS:0000000000000000
[ 5744.446868] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 5744.446869] CR2: 00007f1d3358e740 CR3: 0000000855c68001 CR4: 00000000003606e0
[ 5744.446870] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 5744.446871] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 5744.446872] Fixing recursive fault but reboot is needed!
[ 5744.449116] BUG: kernel NULL pointer dereference, address: 0000000000000048
[ 5744.449118] #PF: supervisor write access in kernel mode
[ 5744.449119] #PF: error_code(0x0002) - not-present page
[ 5744.449120] PGD 0 P4D 0 
[ 5744.449122] Oops: 0002 [#2] SMP NOPTI
[ 5744.449123] CPU: 7 PID: 49414 Comm: libvirtd Tainted: G      D W         5.8.0 #6
[ 5744.449124] Hardware name: System manufacturer System Product Name/ROG STRIX Z390-E GAMING, BIOS 1502 02/21/2020
[ 5744.449126] RIP: 0010:mutex_lock+0x19/0x30
[ 5744.449128] Code: 00 0f 1f 44 00 00 be 02 00 00 00 e9 11 fb ff ff 90 0f 1f 44 00 00 55 48 89 fd e8 02 e6 ff ff 31 c0 65 48 8b 14 25 c0 7b 01 00 <f0> 48 0f b1 55 00 75 02 5d
 c3 48 89 ef 5d eb c7 0f 1f 80 00 00 00
[ 5744.449129] RSP: 0018:ffffad4ac78b3a60 EFLAGS: 00010246
[ 5744.449130] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 5744.449131] RDX: ffff8a4f11e74e80 RSI: ffffad4ac78b3955 RDI: 0000000000000048
[ 5744.449132] RBP: 0000000000000048 R08: 0000000000000000 R09: ffff8a4ef7a2d2e0
[ 5744.449133] R10: ffff8a4dc06c96c0 R11: ffff8a4e2ad2a060 R12: 0000000000000048
[ 5744.449134] R13: ffffad4ac78b3c20 R14: ffff8a4f17040608 R15: ffff8a4f1544ee00
[ 5744.449135] FS:  00007fc873fff700(0000) GS:ffff8a4f1ddc0000(0000) knlGS:0000000000000000
[ 5744.449136] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 5744.449137] CR2: 0000000000000048 CR3: 00000006b5d54005 CR4: 00000000003606e0
[ 5744.449138] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 5744.449139] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 5744.449140] Call Trace:
[ 5744.449325]  nouveau_bo_move_m2mf.constprop.0+0x109/0x1f0 [nouveau]
[ 5744.449350]  nouveau_bo_move+0xac/0x5c0 [nouveau]
[ 5744.449372]  ? nouveau_mem_map+0x79/0xd0 [nouveau]
[ 5744.449394]  ? nouveau_vma_map+0x34/0x50 [nouveau]
[ 5744.449577]  ttm_bo_handle_move_mem+0x13d/0x610 [ttm]
[ 5744.449580]  ttm_bo_evict+0x13c/0x1b0 [ttm]
[ 5744.449582]  ? kfree+0x1ea/0x200
[ 5744.449585]  ttm_mem_evict_first+0x126/0x3d0 [ttm]
[ 5744.449588]  ttm_bo_force_list_clean+0xcc/0x1d0 [ttm]
[ 5744.449590]  ttm_bo_clean_mm+0x8e/0xd0 [ttm]
[ 5744.449612]  nouveau_ttm_fini+0x2b/0xa0 [nouveau]
[ 5744.449634]  nouveau_drm_device_fini+0xe6/0x160 [nouveau]
[ 5744.449655]  nouveau_drm_remove+0x5e/0x80 [nouveau]
[ 5744.449658]  pci_device_remove+0x3b/0xa0
[ 5744.449660]  __device_release_driver+0x15c/0x210
[ 5744.449662]  device_driver_detach+0x3c/0xa0
[ 5744.449664]  unbind_store+0x113/0x130
[ 5744.449666]  kernfs_fop_write+0xce/0x1b0
[ 5744.449667]  vfs_write+0xc7/0x1f0
[ 5744.449668]  ksys_write+0x4f/0xc0
[ 5744.449669]  do_syscall_64+0x52/0x90
[ 5744.449671]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 5744.449672] RIP: 0033:0x7fc889ed990f
[ 5744.449674] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44
 89 c7 48 89 44 24 08 e8 5c fd ff ff 48
[ 5744.449675] RSP: 002b:00007fc873ffe340 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 5744.449677] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007fc889ed990f
[ 5744.449678] RDX: 000000000000000c RSI: 00007fc860036ff0 RDI: 000000000000001e
[ 5744.449678] RBP: 00007fc860036ff0 R08: 0000000000000000 R09: 000000000000002f
[ 5744.449679] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000001e
[ 5744.449680] R13: 000000000000001e R14: 0000000000000000 R15: 00007fc8600381b0
[ 5744.449681] Modules linked in: vhost_vsock vmw_vsock_virtio_transport_common vhost vsock vhost_iotlb vfio_pci vfio_virqfd vfio_iommu_type1 vfio uinput rfcomm nouveau ttm xt
_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_nat_tftp nf_conntrack_tftp tun bridge stp llc nft_objref nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib
_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat ip6table_nat ip6table_mangle ip6table_raw ip6table_security iptable_na
t nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c iptable_mangle iptable_raw iptable_security ip_set nf_tables nfnetlink ip6table_filter ip6_tables iptable_filter 
cmac bnep sunrpc vfat fat squashfs loop intel_rapl_msr mei_hdcp ee1004 iTCO_wdt iTCO_vendor_support intel_rapl_common x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel 
kvm rapl intel_cstate intel_uncore eeepc_wmi asus_wmi sparse_keymap wmi_bmof pcspkr mxm_wmi joydev btusb btrtl btbcm btintel
[ 5744.449847]  snd_usb_audio bluetooth snd_usbmidi_lib snd_rawmidi mc apple_mfi_fastcharge ecdh_generic ecc snd_hda_codec_hdmi snd_sof_pci snd_sof_intel_byt snd_sof_intel_ipc
 snd_sof_intel_hda_common iwlmvm snd_soc_hdac_hda snd_hda_codec_realtek snd_sof_xtensa_dsp snd_sof_intel_hda snd_hda_codec_generic snd_sof ledtrig_audio snd_soc_skl mac80211 s
nd_soc_sst_ipc snd_soc_sst_dsp snd_hda_ext_core snd_soc_acpi_intel_match snd_soc_acpi snd_soc_core snd_compress ac97_bus snd_pcm_dmaengine snd_hda_intel snd_intel_dspcfg libar
c4 snd_hda_codec snd_hda_core acpi_tad acpi_pad iwlwifi snd_hwdep snd_seq snd_seq_device snd_pcm cfg80211 snd_timer snd i2c_i801 soundcore i2c_smbus mei_me mei rfkill ie31200_
edac ip_tables hid_logitech_hidpp hid_apple hid_logitech_dj hid_plantronics i915 cec i2c_algo_bit drm_kms_helper nvme crct10dif_pclmul crc32_pclmul crc32c_intel irqbypass e100
0e drm nvme_core ghash_clmulni_intel wmi video pinctrl_cannonlake pinctrl_intel fuse i2c_dev [last unloaded: vfio]
[ 5744.449865] CR2: 0000000000000048
[ 5744.449866] ---[ end trace 9220f2caeb9be74f ]---
[ 5744.449868] RIP: 0010:__list_del_entry_valid.cold+0xf/0x55
[ 5744.449869] Code: c1 ff 0f 0b 48 89 d1 4c 89 c6 4c 89 ca 48 c7 c7 90 d6 3a 93 e8 b5 e7 c1 ff 0f 0b 48 89 fe 48 c7 c7 20 d7 3a 93 e8 a4 e7 c1 ff <0f> 0b 48 c7 c7 d0 d7 3a 93
 e8 96 e7 c1 ff 0f 0b 48 89 f2 48 89 fe
[ 5744.449871] RSP: 0018:ffffad4aca67fbd0 EFLAGS: 00010292
[ 5744.449872] RAX: 000000000000004e RBX: ffff8a4f0adbf500 RCX: ffff8a4f1dd18d08
[ 5744.449872] RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffff8a4f1dd18d00
[ 5744.449873] RBP: ffff8a4f1748c000 R08: 0000000000000592 R09: 0000000000000003
[ 5744.449874] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8a4f1748c248
[ 5744.449875] R13: ffff8a4f13085c88 R14: ffffad4aca67fc38 R15: dead000000000100
[ 5744.449876] FS:  00007fc873fff700(0000) GS:ffff8a4f1ddc0000(0000) knlGS:0000000000000000
[ 5744.449877] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 5744.449878] CR2: 0000000000000048 CR3: 00000006b5d54005 CR4: 00000000003606e0
[ 5744.449879] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 5744.449880] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

If this isn't complete enough, let me know and I'll try to repoduce again with a bit more certianty.

Also happy to test patches/discovery tests.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information