Created attachment 276637 [details] gentoo-sources-2.6.38-r7 configuration Like some other people, I faced bug 368999 (or bug 369843, that is presumably the same). However, patched kernels gentoo-sources-2.6.38-r7 and 2.6.39-r1 have not fixed the issue for me. Both kernels on one of my machines still sometimes panic after plugging a USB device. It seems that the problem is some other than the one from bug 368999. I can provide the following fragment of the trace from gentoo-sources-2.6.38-r7: ...Registers... ...Stack... Call Trace: <IRQ> [<ffffffff811a792d>] ? blk_run_queue+0x1d/0x50 [<ffffffff8124fd33>] ? scsi_run_queue+0xc3/0x360 [<ffffffff81250bfb>] ? scsi_next_command+0x3b/0x60 [<ffffffff81251807>] ? scsi_io_completion+0x0x337/0x530 [<ffffffff811ac3fd>] ? blk_done_softirq+0x6d/0x80 [<ffffffff81040371>] ? __do_softirq+0x91/0x120 [<ffffffff8100334c>] ? call_softirq+0x1c/0x30 <EOI> [<ffffffff81004fed>] ? do_softirq+0x4d/0x80 [<ffffffff8103ff07>] ? run_ksoftirqd+0x87/0x150 [<ffffffff8103fe80>] ? run_ksoftirqd+0x0/0x150 [<ffffffff8103fe80>] ? run_ksoftirqd+0x0/0x150 [<ffffffff81054aa6>] ? kthread+0x96/0xa0 [<ffffffff81003254>] ? kernel_thread_helper+0x4/0x10 [<ffffffff81054a10>] ? kthread+0x0/0xa0 [<ffffffff81003250>] ? kernel_thread_helper+0x0/0x10 Code: 00 00 00 b8 00 01 00 00 f0 66 0f c1 07 38 e0 74 06 f3 90 8a 07 eb f6 c3 66 66 2e 0f 1f 84 00 00 00 00 00 9c 58 fa ba 00 01 00 00 <f0> 66 0f c1 17 38 f2 74 06 f3 90 8a 17 eb f6 c3 0f 1f 84 00 00 RIP [<ffffffff81344268>] _raw_spin_lock_irqsave+0x8/0x20 RSP <ffff8800cfa83e20> CR2: 0000000000000000 Sometimes the trace is fairly similar but has the following at its end: Code: Bad RIP RIP [<0000000001000000>] 0x1000000 RSP <ffff8800cfb83e00> CR2: 0000000001000000 Of some interest could also be the message at the beginning of one trace: kernel BUG at block/blk-core.c:1932! invalid opcode: 0000 [#1] SMP
I have managed to obtain a full panic trace for gentoo-sources-2.6.39-r1. Note that the traces are (at the first sight) quite different from time to time. BUG: unable to handle kernel NULL pointer dereference at (null) IP: [<ffffffff811a64eb>] blk_dequeue_request+0x1b/0x60 PGD 21998e067 PUD 21998f067 PMD 0 Oops: 0002 [#1] SMP last sysfs file: /sys/devices/pci0000:00/0000:00:12.2/usb1/idVendor CPU 1 Modules linked in: usb_storage snd_seq snd_seq_device nfsd nfs lockd sunrpc bridge stp llc iptable_mangle iptable_nat nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_state iptable_filter xt_DSCP xt_dscp xt_owner xt_multiport xt_mark xt_connmark nf_conntrack ip_tables x_tables netconsole tun vboxnetadp vboxnetflt vboxdrv it87 hwmon_vid hwmon snd_hda_codec_realtek nvidia(P) scsi: killing requests for dead queue snd_hda_intel snd_hda_codec ohci_hcd snd_pcm ehci_hcd snd_timer snd r8169 i2c_core usbcore mii soundcore snd_page_alloc Pid: 9, comm: ksoftirqd/1 Tainted: P W 2.6.39-gentoo-r1 #3 Gigabyte Technology Co., Ltd. GA-MA770-UD3/GA-MA770-UD3 RIP: 0010:[<ffffffff811a64eb>] [<ffffffff811a64eb>] blk_dequeue_request+0x1b/0x60 RSP: 0018:ffff88022e899c98 EFLAGS: 00010046 RAX: ffff88022dba3f98 RBX: ffff88022dba39d0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff88022dba39d0 RDI: ffff88022dba39d0 RBP: ffff88022dba39d0 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000400 R12: ffff88022dba3408 R13: ffff88022dba36d0 R14: ffff88022988d040 R15: 0000000000000246 FS: 00007f269dfb3700(0000) GS:ffff88022fc80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 0000000000000000 CR3: 000000021998d000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process ksoftirqd/1 (pid: 9, threadinfo ffff88022e898000, task ffff88022e86ae80) Stack: ffffffff811a6ef9 ffff88022dba39d0 ffffffff811a7d45 0000000000000b0b 0000000000000000 0000000000000286 ffff88022dba3408 ffff88022dba3408 ffffffff81251ebc ffff88022988d000 ffff88022988b800 ffff88022988d000 Call Trace: [<ffffffff811a6ef9>] ? blk_start_request+0x9/0x40 [<ffffffff811a7d45>] ? blk_peek_request+0xd5/0x1d0 [<ffffffff81251ebc>] ? scsi_request_fn+0x3ec/0x4a0 [<ffffffff811a67e8>] ? blk_run_queue+0x28/0x50 [<ffffffff81251381>] ? scsi_run_queue+0xd1/0x270 [<ffffffff810c500a>] ? kmem_cache_free+0x9a/0xb0 [<ffffffff8125218b>] ? scsi_next_command+0x3b/0x60 [<ffffffff81252d77>] ? scsi_io_completion+0x2c7/0x5b0 [<ffffffff811ad3cd>] ? blk_done_softirq+0x6d/0x80 [<ffffffff8103f491>] ? __do_softirq+0x91/0x120 [<ffffffff8103f5c5>] ? run_ksoftirqd+0xa5/0x150 [<ffffffff8103f520>] ? __do_softirq+0x120/0x120 [<ffffffff8103f520>] ? __do_softirq+0x120/0x120 sd 6:0:0:0: [sdd] 1041920 512-byte logical blocks: (533 MB/508 MiB) [<ffffffff81054136>] ? kthread+0x96/0xa0 [<ffffffff8134c414>] ? kernel_thread_helper+0x4/0x10 [<ffffffff810540a0>] ? kthread_worker_fn+0x120/0x120 sd 6:0:0:0: [sdd] Write Protect is off sd 6:0:0:0: [sdd] Mode Sense: 03 00 00 00 sd 6:0:0:0: [sdd] Assuming drive cache: write through [<ffffffff8134c410>] ? gs_change+0xb/0xb Code: 02 00 00 5b c3 31 d2 e9 fb fe ff ff 0f 1f 40 00 48 8b 07 48 8b 4f 38 48 39 c7 74 46 48 83 7f 78 00 75 3b 48 8b 57 08 48 89 50 08 sd 6:0:0:0: [sdd] Assuming drive cache: write through 89 02 8b 47 40 48 89 3f 48 89 7f 08 f6 c4 40 74 1f 83 7f 44 RIP [<ffffffff811a64eb>] blk_dequeue_request+0x1b/0x60 RSP <ffff88022e899c98> CR2: 0000000000000000 ---[ end trace 78ffb57f2c261ff7 ]---
Created attachment 276705 [details] gentoo-sources-2.6.39-r1 configuration BTW, I think the following messages and their respective threads could be interesting w.r.t. the issue https://lkml.org/lkml/2011/5/31/31 https://lkml.org/lkml/2011/6/5/206 Please note an error message mentioned in both threads, which is also present in my report: scsi: killing requests for dead queue
Here is some explicit evidence that the issue persists for vanilla 2.6.39.1, hence for gentoo-sources-2.6.39-r1: https://bugzilla.kernel.org/show_bug.cgi?id=35682#c1
We'll follow the upstream bug and backport any fixes identified.
