I can reproduce this on my ThinkPad X200s with exact instructions from Diego. I get the same backtrace in /var/log/kdm.log and I have also noticed the following oops in my /var/log/messages file:
Sep 10 00:18:23 lure kernel: [ 4629.464505] Pid: 3093, comm: Xorg Tainted: G C 2.6.31-10-generic #30-Ubuntu 74705HG Sep 10 00:18:23 lure kernel: [ 4629.464505] RIP: 0010:[<ffffffffa002e5f3>] [<ffffffffa002e5f3>] drm_ht_remove_item+0x13/0x40 [drm] Sep 10 00:18:23 lure kernel: [ 4629.464505] RSP: 0018:ffff88012fd45ac8 EFLAGS: 00010246 Sep 10 00:18:23 lure kernel: [ 4629.464505] RAX: ffffc90005105bf8 RBX: ffff88011bd8ed80 RCX: ffff88011bd89f10 Sep 10 00:18:23 lure kernel: [ 4629.464505] RDX: 0000000000000000 RSI: ffff88011bd8eda8 RDI: ffff880134d5b3f8 Sep 10 00:18:23 lure kernel: [ 4629.464505] RBP: ffff88012fd45ac8 R08: 0000000000000000 R09: 0000000000000000 Sep 10 00:18:23 lure kernel: [ 4629.464505] R10: 6db6db6db6db6db7 R11: 0000000000000000 R12: ffff88011bd8ef00 Sep 10 00:18:23 lure kernel: [ 4629.464505] R13: ffff88011bd8ef00 R14: 0000000000001000 R15: 0000000000000001 Sep 10 00:18:23 lure kernel: [ 4629.464505] FS: 00007f36028976f0(0000) GS:ffff880028040000(0000) knlGS:0000000000000000 Sep 10 00:18:23 lure kernel: [ 4629.464505] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b Sep 10 00:18:23 lure kernel: [ 4629.464505] CR2: ffffc90005105bf8 CR3: 000000011b5a6000 CR4: 00000000000006a0 Sep 10 00:18:23 lure kernel: [ 4629.464505] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 Sep 10 00:18:23 lure kernel: [ 4629.464505] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Sep 10 00:18:23 lure kernel: [ 4629.464505] Process Xorg (pid: 3093, threadinfo ffff88012fd44000, task ffff8801360c96b0) Sep 10 00:18:23 lure kernel: [ 4629.464505] ffff88012fd45af8 ffffffffa0061b46 ffff88012fd45ae8 ffff88013480a800 Sep 10 00:18:23 lure kernel: [ 4629.464505] <0> ffff88011bd8ed80 0000000000000534 ffff88012fd45b18 ffffffffa0027d0b Sep 10 00:18:23 lure kernel: [ 4629.464505] <0> ffff88011bd8ed80 ffffffffa0027ce0 ffff88012fd45b38 ffffffff81270507 Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffffa0061b46>] i915_gem_free_object+0x76/0xe0 [i915] Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffffa0027d0b>] drm_gem_object_free+0x2b/0x60 [drm] Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffffa0027ce0>] ? drm_gem_object_free+0x0/0x60 [drm] Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffff81270507>] kref_put+0x37/0x70 Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffffa00280b0>] drm_gem_object_release_handle+0x30/0x40 [drm] Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffff8126dce9>] idr_for_each+0x89/0xe0 Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffffa0028080>] ? drm_gem_object_release_handle+0x0/0x40 [drm] Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffff81521f59>] ? mutex_lock+0x19/0x50 Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffffa0027d75>] drm_gem_release+0x35/0x50 [drm] Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffffa002743b>] drm_release+0x33b/0x3d0 [drm] Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffff8111b6e0>] __fput+0xf0/0x210 Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffff8111b81d>] fput+0x1d/0x30 Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffff81117a98>] filp_close+0x58/0x90 Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffff8105b5f7>] put_files_struct+0x77/0xe0 Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffff8105b6af>] exit_files+0x4f/0x60 Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffff8105c9fb>] do_exit+0x14b/0x370 Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffff8105cc69>] do_group_exit+0x49/0xc0 Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffff8106a8eb>] get_signal_to_deliver+0x1bb/0x3b0 Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffff810119a0>] do_signal+0x70/0x1c0 Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffff81119e42>] ? vfs_write+0x132/0x1a0 Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffff8111a87c>] ? sys_write+0x4c/0x80 Sep 10 00:18:23 lure kernel: [ 4629.540591] [<ffffffff81011b28>] do_notify_resume+0x38/0x40 Sep 10 00:18:23 lure kernel: [ 4629.540591] [<ffffffff81012314>] int_signal+0x12/0x17 Sep 10 00:18:23 lure kernel: [ 4629.540591] RSP <ffff88012fd45ac8> Sep 10 00:18:23 lure kernel: [ 4629.540591] ---[ end trace 8ddc0ba7653ef6d2 ]---
Bryce: since this problem is easily reproducible, should we submit it upstream?
I can reproduce this on my ThinkPad X200s with exact instructions from Diego. I get the same backtrace in /var/log/kdm.log and I have also noticed the following oops in my /var/log/messages file:
Sep 10 00:18:23 lure kernel: [ 4629.464505] Pid: 3093, comm: Xorg Tainted: G C 2.6.31-10-generic #30-Ubuntu 74705HG ffffffffa002e5f 3>] [<ffffffffa002e 5f3>] drm_ht_ remove_ item+0x13/ 0x40 [drm] d45ac8 EFLAGS: 00010246 0(0000) GS:ffff88002804 0000(0000) knlGS:000000000 0000000 b46>] i915_gem_ free_object+ 0x76/0xe0 [i915] d0b>] drm_gem_ object_ free+0x2b/ 0x60 [drm] ce0>] ? drm_gem_ object_ free+0x0/ 0x60 [drm] 507>] kref_put+0x37/0x70 0b0>] drm_gem_ object_ release_ handle+ 0x30/0x40 [drm] ce9>] idr_for_ each+0x89/ 0xe0 080>] ? drm_gem_ object_ release_ handle+ 0x0/0x40 [drm] f59>] ? mutex_lock+ 0x19/0x50 d75>] drm_gem_ release+ 0x35/0x50 [drm] 43b>] drm_release+ 0x33b/0x3d0 [drm] 6e0>] __fput+0xf0/0x210 81d>] fput+0x1d/0x30 a98>] filp_close+ 0x58/0x90 5f7>] put_files_ struct+ 0x77/0xe0 6af>] exit_files+ 0x4f/0x60 9fb>] do_exit+0x14b/0x370 c69>] do_group_ exit+0x49/ 0xc0 8eb>] get_signal_ to_deliver+ 0x1bb/0x3b0 9a0>] do_signal+ 0x70/0x1c0 e42>] ? vfs_write+ 0x132/0x1a0 87c>] ? sys_write+0x4c/0x80 b28>] do_notify_ resume+ 0x38/0x40 314>] int_signal+ 0x12/0x17
Sep 10 00:18:23 lure kernel: [ 4629.464505] RIP: 0010:[<
Sep 10 00:18:23 lure kernel: [ 4629.464505] RSP: 0018:ffff88012f
Sep 10 00:18:23 lure kernel: [ 4629.464505] RAX: ffffc90005105bf8 RBX: ffff88011bd8ed80 RCX: ffff88011bd89f10
Sep 10 00:18:23 lure kernel: [ 4629.464505] RDX: 0000000000000000 RSI: ffff88011bd8eda8 RDI: ffff880134d5b3f8
Sep 10 00:18:23 lure kernel: [ 4629.464505] RBP: ffff88012fd45ac8 R08: 0000000000000000 R09: 0000000000000000
Sep 10 00:18:23 lure kernel: [ 4629.464505] R10: 6db6db6db6db6db7 R11: 0000000000000000 R12: ffff88011bd8ef00
Sep 10 00:18:23 lure kernel: [ 4629.464505] R13: ffff88011bd8ef00 R14: 0000000000001000 R15: 0000000000000001
Sep 10 00:18:23 lure kernel: [ 4629.464505] FS: 00007f36028976f
Sep 10 00:18:23 lure kernel: [ 4629.464505] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
Sep 10 00:18:23 lure kernel: [ 4629.464505] CR2: ffffc90005105bf8 CR3: 000000011b5a6000 CR4: 00000000000006a0
Sep 10 00:18:23 lure kernel: [ 4629.464505] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Sep 10 00:18:23 lure kernel: [ 4629.464505] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Sep 10 00:18:23 lure kernel: [ 4629.464505] Process Xorg (pid: 3093, threadinfo ffff88012fd44000, task ffff8801360c96b0)
Sep 10 00:18:23 lure kernel: [ 4629.464505] ffff88012fd45af8 ffffffffa0061b46 ffff88012fd45ae8 ffff88013480a800
Sep 10 00:18:23 lure kernel: [ 4629.464505] <0> ffff88011bd8ed80 0000000000000534 ffff88012fd45b18 ffffffffa0027d0b
Sep 10 00:18:23 lure kernel: [ 4629.464505] <0> ffff88011bd8ed80 ffffffffa0027ce0 ffff88012fd45b38 ffffffff81270507
Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffffa0061
Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffffa0027
Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffffa0027
Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffff81270
Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffffa0028
Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffff8126d
Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffffa0028
Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffff81521
Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffffa0027
Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffffa0027
Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffff8111b
Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffff8111b
Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffff81117
Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffff8105b
Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffff8105b
Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffff8105c
Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffff8105c
Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffff8106a
Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffff81011
Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffff81119
Sep 10 00:18:23 lure kernel: [ 4629.464505] [<ffffffff8111a
Sep 10 00:18:23 lure kernel: [ 4629.540591] [<ffffffff81011
Sep 10 00:18:23 lure kernel: [ 4629.540591] [<ffffffff81012
Sep 10 00:18:23 lure kernel: [ 4629.540591] RSP <ffff88012fd45ac8>
Sep 10 00:18:23 lure kernel: [ 4629.540591] ---[ end trace 8ddc0ba7653ef6d2 ]---
Bryce: since this problem is easily reproducible, should we submit it upstream?