Created attachment 112139 [details] kernel 3.17.8 log [164345.580485] general protection fault: 0000 [#1] SMP [164345.581123] Modules linked in: loop rfcomm fuse xt_CHECKSUM ipt_MASQUERADE nf_conntrack_netbios_ns nf_conntrack_broadcast ip6t_rpfilter ip6t_REJECT xt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw bnep btrfs hid_logitech_dj iTCO_wdt iTCO_vendor_support ppdev xor intel_rapl vfat x86_pkg_temp_thermal fat coretemp raid6_pq kvm_intel kvm crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel snd_hda_codec_realtek snd_hda_codec_generic snd_emu10k1 snd_hda_codec_hdmi snd_util_mem snd_hda_intel snd_rawmidi snd_hda_controller [164345.582808] snd_ac97_codec snd_hda_codec serio_raw snd_hwdep ac97_bus snd_seq snd_seq_device snd_pcm emu10k1_gp gameport lpc_ich i2c_i801 mei_me mfd_core mei snd_timer shpchp snd soundcore parport_pc parport btusb bluetooth rfkill tpm_infineon tpm_tis tpm nfsd auth_rpcgss nfs_acl lockd binfmt_misc sunrpc i915 i2c_algo_bit drm_kms_helper firewire_ohci drm firewire_core r8169 crc_itu_t mii video [164345.584836] CPU: 7 PID: 1194 Comm: Xorg.bin Tainted: G W 3.17.8-300.fc21.x86_64+debug #1 [164345.585677] Hardware name: Gigabyte Technology Co., Ltd. Z87M-D3H/Z87M-D3H, BIOS F11 08/12/2014 [164345.585679] task: ffff8807f03a2660 ti: ffff8807d9d68000 task.ti: ffff8807d9d68000 [164345.585711] RIP: 0010:[<ffffffffa00fcc71>] [<ffffffffa00fcc71>] i915_gem_set_tiling+0x291/0x5e0 [i915] [164345.585712] RSP: 0018:ffff8807d9d6bd90 EFLAGS: 00010206 [164345.585713] RAX: ffff8804682f1100 RBX: ffff8804682f1000 RCX: dead000000100098 [164345.585713] RDX: dead000000100100 RSI: 0000000000000001 RDI: ffff8807ebd30000 [164345.585714] RBP: ffff8807d9d6bdc0 R08: 0000000000000000 R09: 0000000000040000 [164345.585714] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8807ee265000 [164345.585715] R13: ffff8807ebd30000 R14: ffff8807d9d6be10 R15: ffff8807d9d4b400 [164345.585716] FS: 00007f61290d39c0(0000) GS:ffff8807ffa00000(0000) knlGS:0000000000000000 [164345.585716] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [164345.585717] CR2: 00007f96eb303000 CR3: 000000003f050000 CR4: 00000000001407e0 [164345.585718] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [164345.585718] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [164345.585719] Stack: [164345.585721] fffffffffffffff2 ffff8807d9d6be10 0000000000000061 fffffffffffffff2 [164345.585722] ffff8807ee265000 ffff8807d9d4b400 ffff8807d9d6bec0 ffffffffa004f38f [164345.585723] 0000000000000478 ffff8807d9d6be10 ffff8807d9d6be10 ffffffffa01813e0 [164345.585724] Call Trace: [164345.585740] [<ffffffffa004f38f>] drm_ioctl+0x1df/0x6a0 [drm] [164345.585745] [<ffffffff81385bf1>] ? inode_has_perm.isra.48+0x51/0x90 [164345.585748] [<ffffffff81275cd0>] do_vfs_ioctl+0x2f0/0x520 [164345.585749] [<ffffffff812821c5>] ? __fget+0x5/0x2f0 [164345.585751] [<ffffffff81275f81>] SyS_ioctl+0x81/0xa0 [164345.585753] [<ffffffff8183fee9>] system_call_fastpath+0x16/0x1b [164345.585768] Code: d4 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 66 2e 0f 1f 84 00 00 00 00 00 48 8b 51 68 48 39 d0 48 8d 4a 98 0f 84 67 fe ff ff <f6> 42 40 0f 74 e9 8b 0b 83 f9 01 0f 84 01 03 00 00 8d 51 ff 89 [164345.585785] RIP [<ffffffffa00fcc71>] i915_gem_set_tiling+0x291/0x5e0 [i915] [164345.585785] RSP <ffff8807d9d6bd90> [164345.592342] ---[ end trace 0aabcfc6dcf13a8e ]---
Created attachment 112140 [details] Xorg.log
It's a use after free. It would help to get the line number for i915_gem_set_tiling+0x291 (use gdb i915.ko, list *i915_gem_set_tiling+0x291).
[root@localhost ~]# find / -name i915 /usr/lib/modules/3.18.2-200.fc21.x86_64+debug/kernel/drivers/gpu/drm/i915 /usr/lib/modules/3.17.8-300.fc21.x86_64/kernel/drivers/gpu/drm/i915 /usr/lib/modules/3.18.3-201.fc21.x86_64+debug/kernel/drivers/gpu/drm/i915 /usr/lib/modules/3.18.3-201.fc21.x86_64/kernel/drivers/gpu/drm/i915 /usr/lib/modules/3.17.8-300.fc21.x86_64+debug/kernel/drivers/gpu/drm/i915 /usr/lib/modules/3.18.2-200.fc21.x86_64/kernel/drivers/gpu/drm/i915 /usr/src/debug/mesa-20150124/src/mesa/drivers/dri/i915 /sys/bus/pci/drivers/i915 /sys/kernel/debug/tracing/events/i915 /sys/module/drm/holders/i915 /sys/module/i915 /sys/module/video/holders/i915 /sys/module/drm_kms_helper/holders/i915 /sys/module/i2c_algo_bit/holders/i915 find: ‘/run/user/1000/gvfs’: Permission denied /proc/irq/29/i915 /var/cache/abrt-di/usr/src/debug/mesa-20141214/src/mesa/drivers/dri/i915 /var/cache/abrt-di/usr/src/debug/mesa-20141230/src/mesa/drivers/dri/i915 [root@localhost ~]# gdb i915 GNU gdb (GDB) Fedora 7.8.2-38.fc21 Copyright (C) 2014 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... i915: No such file or directory. (gdb) q [root@localhost ~]# gdb /sys/module/i915 GNU gdb (GDB) Fedora 7.8.2-38.fc21 Copyright (C) 2014 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... /sys/module/i915: Success. (gdb) list *i915_gem_set_tiling+0x291 No symbol table is loaded. Use the "file" command. (gdb) Sorry don't understand what I must to do?
If you can still reproduce this, you need to find the actual i915.ko file, which is the driver module binary. Then you can gdb that file and run the command Chris requested.
# find / -name i915.* find: ‘/run/user/1000/gvfs’: Permission denied /usr/lib/modules/4.0.0-0.rc1.git0.1.fc22.x86_64/kernel/drivers/gpu/drm/i915/i915.ko.xz /usr/lib/modules/4.0.0-0.rc2.git0.1.fc22.x86_64/kernel/drivers/gpu/drm/i915/i915.ko.xz I couldn't find unpacked i915.ko on my system.
Almost certainly fixed by commit 6c31a614c43ae274546f736b2a33363e149c3dc2 Author: Chris Wilson <chris@chris-wilson.co.uk> Date: Thu Feb 12 07:53:18 2015 +0000 drm/i915: Check obj->vma_list under the struct_mutex *** This bug has been marked as a duplicate of bug 89085 ***
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.