On Wed, 25 May 2011, Linus Torvalds wrote: > On Wed, May 25, 2011 at 4:00 PM, Parag Warudkar <parag.lkml@xxxxxxxxx> wrote: > > > > It doesn't seem to help. Machine locked up and I was dropped to text > > console. I could only capture the oops by a camera. > > Hmm. That's a different oops. It is now in scsi_prep_state_check(). Different at top but the call trace upto scsi_set_medium_removal is the same. And since now we are upping the refcnt we keep the request queue around it was kind of expected that it won't oops on the request queue. > > At the beginning of it too. You can't see the "Code: " line in the > pictures, but the only dereference I see there is "sdev" itself being > NULL. And %cr2 is 0x640, which would seem to agree (the 'sdev' > structure is absolutely disgustingly big, and sdev->sdev_state is > indeed at an offset in that region. > > That 'sdev' comes from scsi_prep_fn() doing > > struct scsi_device *sdev = q->queuedata; > > is that queuedata perhaps cleared even if the queue itself stays > around due to refcounts? So now the issue is with scsi_device refcnt? Parag -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html