[Nouveau] Device release NULL pointer dereference

Mark Donovan markbdon at protonmail.com
Sun Oct 7 20:39:52 UTC 2018 

Greetings!

I am trying to do a hot driver swap between the vfio-pci and nouveau drivers for my secondary Nvidia graphics card.
I boot up with vfio-pci enabled.

With this script I give control over the GPU to nouveau:

echo "0000:01:00.0" > /sys/bus/pci/devices/0000\:01\:00.0/driver/unbind
echo 0x10de 0x11c6 > /sys/bus/pci/drivers/nouveau/new_id
echo 1 > /sys/bus/pci/rescan

Works great. Now I try to give the control back:

echo "0000:01:00.0" > /sys/bus/pci/devices/0000\:01\:00.0/driver/unbind

Right here the nouveau kernel module panics with a NULL pointer dereference.

So my questions are:
Is this hot-swap even possible? I use the card for VGA pass-through and want to control the card's fan while no VM is running.
If yes, do I do it right? (I omitted the swap from vfio-pci to snd_hda_intel for the card's sound device, but it looks like, that makes no difference).

Thank you!
  Mark

BUG: unable to handle kernel NULL pointer dereference at 0000000000000048
PGD 0 P4D 0
Oops: 0002 [#1] SMP PTI
CPU: 0 PID: 5698 Comm: bash Tainted: P           O      4.18.0-1-amd64 #1 Debian 4.18.6-1
Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./Z170 Pro4S, BIOS P7.30 11/28/2016
RIP: 0010:mutex_lock+0x19/0x30
Code: 00 0f 1f 44 00 00 be 02 00 00 00 e9 11 fb ff ff 90 0f 1f 44 00 00 53 48 89 fb e8 b2 e4 ff ff 65 48 8b 14 25 00 5c 01 00 31 c0 <f0> 48 0f b1 13 75 02 5b c3 48

RSP: 0018:ffffa985e2b9ba00 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000048 RCX: 0000000000000000
RDX: ffff88e039765b80 RSI: ffffa985e2b9b8ed RDI: 0000000000000048
RBP: 0000000000000048 R08: ffff88e055695760 R09: ffffa985c18f0410
R10: 0000000001040000 R11: ffff88e0415ae300 R12: ffff88e02677d400
R13: 0000000000000000 R14: ffffa985e2b9bbe0 R15: ffff88e01a7805a8
FS:  00007fca33a51740(0000) GS:ffff88e075c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000048 CR3: 000000042e65a004 CR4: 00000000003606f0
Call Trace:
nouveau_bo_move_m2mf.constprop.24+0x121/0x1e0 [nouveau]
nouveau_bo_move+0xaa/0x450 [nouveau]
? nvif_vmm_unmap+0x38/0x60 [nouveau]
? nouveau_vma_unmap+0x20/0x30 [nouveau]
ttm_bo_handle_move_mem+0x28a/0x5a0 [ttm]
ttm_bo_evict+0x171/0x350 [ttm]
? drm_mm_remove_node+0xbe/0x360 [drm]
ttm_mem_evict_first+0x18d/0x210 [ttm]
ttm_bo_force_list_clean+0xa1/0x170 [ttm]
ttm_bo_clean_mm+0x89/0xf0 [ttm]
nouveau_ttm_fini+0x2b/0xc0 [nouveau]
nouveau_drm_unload+0x7b/0xd0 [nouveau]
drm_dev_unregister+0x3f/0xd0 [drm]
drm_put_dev+0x27/0x40 [drm]
nouveau_drm_device_remove+0x47/0x70 [nouveau]
pci_device_remove+0x3b/0xb0
device_release_driver_internal+0x182/0x250
pci_stop_bus_device+0x7f/0xa0
pci_stop_and_remove_bus_device_locked+0x16/0x30
remove_store+0x75/0x90
kernfs_fop_write+0x10f/0x190
vfs_write+0xad/0x1a0
ksys_write+0x52/0xc0
do_syscall_64+0x55/0x110
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7fca33b3d2a4
Code: 89 02 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8d 05 41 37 0d 00 8b 00 85 c0 75 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 f3 c3 66 90 41 54 55 49 89 d4 53 48 89 f5
RSP: 002b:00007ffe5eec3fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fca33b3d2a4
RDX: 0000000000000002 RSI: 00005649fce6e450 RDI: 0000000000000001
RBP: 00005649fce6e450 R08: 000000000000000a R09: 00005649fcee96f0
R10: 000000000000000a R11: 0000000000000246 R12: 00007fca33c0c760
R13: 0000000000000002 R14: 00007fca33c07760 R15: 0000000000000002
Modules linked in: nouveau ttm ipt_MASQUERADE xt_CHECKSUM ipt_REJECT nf_reject_ipv4 tun bridge stp llc ebtable_filter ebtables devlink ip6table_filter ip6_tables pci_stub vboxpci(O) vboxnetadp(O) vboxnetflt(O) vboxdrv(O) iptable_mangle xt_nat iptable_nat nf_nat_ipv4 nf_nat xt_tcpudp nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack libcrc32c crc32c_generic cpufreq_powersave cpufreq_userspace cpufreq_conservative iptable_filter binfmt_misc nls_ascii nls_cp437 vfat fat intel_rapl joydev x86_pkg_temp_thermal intel_powerclamp kvm_intel kvm mxm_wmi crct10dif_pclmul crc32_pclmul ghash_clmulni_intel evdev intel_cstate serio_raw intel_uncore iTCO_wdt pcspkr iTCO_vendor_support sg efi_pstore intel_rapl_perf efivars intel_pch_thermal mei_me wmi mei acpi_pad pcc_cpufreq snd_hda_codec_hdmi
nct6775 snd_hda_codec_realtek hwmon_vid coretemp snd_hda_codec_generic i915 video button drm_kms_helper drm i2c_algo_bit snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_timer snd soundcore loop vfio_pci vfio_virqfd irqbypass vfio_iommu_type1 vfio ecryptfs efivarfs ip_tables x_tables autofs4 zfs(PO) zunicode(PO) zavl(PO) icp(PO) uas usb_storage zcommon(PO) znvpair(PO) spl(O) hid_generic usbhid hid sd_mod crc32c_intel aesni_intel aes_x86_64 crypto_simd ahci cryptd glue_helper libahci psmouse xhci_pci libata xhci_hcd e1000e i2c_i801 scsi_mod usbcore usb_common [last unloaded: nouveau]
CR2: 0000000000000048
---[ end trace 2f96674f67e14703 ]---
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/nouveau/attachments/20181007/0e66144c/attachment.html>

More information about the Nouveau mailing list