To clear up the situation here, this is what we have so far (note, commit hashes are from the Ubuntu natty git kernel tree):
Linux 2.6.38-10.44, which is based on 2.6.38.7, has the regression reported here. Bisecting it, we found that regression is related to patch
commit 39a0cfed63b656486fb2feee063aa033816a90e0
put stricter guards on queue dead checks
This commit has a follow up fix, which is already in the Linux 2.6.38-10.44 kernel in Ubuntu:
commit 57bd324dbd799b271cad945224df5a21b151297b
fix oops in scsi_run_queue()
So even with this follow up fix, we still have the crash. The fix that are in the 2.6.38.8 kernel upstream and could help us here is the commit titled "block: add proper state guards to __elv_next_request", but testing on 2.6.38.8 shows that the regression still happens (comment #10). So we have to investigate further, but meanwhile the commits 39a0cfed63b656486fb2feee063aa033816a90e0 and 57bd324dbd799b271cad945224df5a21b151297b can be reverted to avoid the regression.
To clear up the situation here, this is what we have so far (note, commit hashes are from the Ubuntu natty git kernel tree):
Linux 2.6.38-10.44, which is based on 2.6.38.7, has the regression reported here. Bisecting it, we found that regression is related to patch
commit 39a0cfed63b6564 86fb2feee063aa0 33816a90e0
put stricter guards on queue dead checks
This commit has a follow up fix, which is already in the Linux 2.6.38-10.44 kernel in Ubuntu:
commit 57bd324dbd799b2 71cad945224df5a 21b151297b
fix oops in scsi_run_queue()
So even with this follow up fix, we still have the crash. The fix that are in the 2.6.38.8 kernel upstream and could help us here is the commit titled "block: add proper state guards to __elv_next_ request" , but testing on 2.6.38.8 shows that the regression still happens (comment #10). So we have to investigate further, but meanwhile the commits 39a0cfed63b6564 86fb2feee063aa0 33816a90e0 and 57bd324dbd799b2 71cad945224df5a 21b151297b can be reverted to avoid the regression.