Comment 35 for bug 793796

To clear up the situation here, this is what we have so far (note, commit hashes are from the Ubuntu natty git kernel tree):

Linux 2.6.38-10.44, which is based on 2.6.38.7, has the regression reported here. Bisecting it, we found that regression is related to patch

commit 39a0cfed63b656486fb2feee063aa033816a90e0
put stricter guards on queue dead checks

This commit has a follow up fix, which is already in the Linux 2.6.38-10.44 kernel in Ubuntu:

commit 57bd324dbd799b271cad945224df5a21b151297b
fix oops in scsi_run_queue()

So even with this follow up fix, we still have the crash. The fix that are in the 2.6.38.8 kernel upstream and could help us here is the commit titled "block: add proper state guards to __elv_next_request", but testing on 2.6.38.8 shows that the regression still happens (comment #10). So we have to investigate further, but meanwhile the commits 39a0cfed63b656486fb2feee063aa033816a90e0 and 57bd324dbd799b271cad945224df5a21b151297b can be reverted to avoid the regression.