Most recent kernel where this bug did not occur: 2.6.13 Here's the oops I get when disconnecting a usb-storage device with the latest 2.6.14-rc1-git tree (also happens with 2.6.14-rc1 clean.) Nothing is mounted, the device has not been mounted at all yet. Unable to handle kernel paging request at virtual address 6b6b6b9b printing eip: c028f8cc *pde = 00000000 Oops: 0002 [#1] SMP Modules linked in: ub usb_storage usbhid uhci_hcd ehci_hcd usbcore CPU: 1 EIP: 0060:[<c028f8cc>] Not tainted VLI EFLAGS: 00010286 (2.6.14-rc1-g1619cca2) EIP is at scsi_remove_device+0x39/0x4f eax: 00000001 ebx: f711b2ec ecx: 00000000 edx: 6b6b6b6b esi: f7a28e60 edi: f7a28e58 ebp: f6f480bc esp: f7bf7dbc ds: 007b es: 007b ss: 0068 Process khubd (pid: 1292, threadinfo=f7bf6000 task=f7ac0030) Stack: f711b4f8 00000066 f711b2ec f7a28e60 c028f963 f711b2ec f7a28e64 f7a28e60 f7a28e64 f7a28e68 c028e739 f6f480bc f7a28e60 f8aaab00 f8aaab20 f7a29380 c02869c2 f7a28e60 00000003 f7a290dc f8aaab00 f8a9bcc0 f7a28e60 f79ee2c8 Call Trace: [<c028f963>] __scsi_remove_target+0x81/0xa9 [<c028e739>] scsi_forget_host+0x3b/0x61 [<c02869c2>] scsi_remove_host+0x49/0x93 [<f8a9bcc0>] storage_disconnect+0x19/0x26 [usb_storage] [<f88351c3>] usb_unbind_interface+0x7e/0x80 [usbcore] [<f8835145>] usb_unbind_interface+0x0/0x80 [usbcore] [<c025e52d>] __device_release_driver+0x9a/0xbc [<c025e580>] device_release_driver+0x31/0x43 [<c025dbbb>] bus_remove_device+0x96/0xb0 [<c025ca16>] device_del+0x2c/0x6e [<f883f21d>] usb_disable_device+0x12b/0x1a0 [usbcore] [<f8838006>] usb_disconnect+0xcc/0x1c5 [usbcore] [<f883a394>] hub_port_connect_change+0x39c/0x53c [usbcore] [<f883a92c>] hub_events+0x3f8/0x622 [usbcore] [<f883ab6f>] hub_thread+0x19/0x101 [usbcore] [<c013630a>] autoremove_wake_function+0x0/0x57 [<c013630a>] autoremove_wake_function+0x0/0x57 [<f883ab56>] hub_thread+0x0/0x101 [usbcore] [<c0135e54>] kthread+0xba/0xf0 [<c0135d9a>] kthread+0x0/0xf0 [<c0101469>] kernel_thread_helper+0x5/0xb Code: 14 8b 33 c7 44 24 04 66 00 00 00 c7 04 24 48 57 34 c0 e8 30 e3 e8 ff f0 ff 4e 30 0f 88 20 04 00 00 89 1c 24 e8 36 ff ff ff 8b 13 <f0> ff 42 30 0f 8e 19 04 00 00 8b 5c 24 08 8b 74 24 0c 83 c4 10
Created attachment 6033 [details] Full oops with sysfs and driver core debug messages Here's the full oops, with sysfs and driver core and usb core debug messages enabled. I'll enable usb-storage debug if you think it would help out any...
Created attachment 6036 [details] Fix SCSI device removal This is a known problem. I sent a patch for it to James Bottomley at the end of July, but he hasn't applied it yet. If you want to read the patch comment, it's http://marc.theaimsgroup.com/?l=linux-scsi&m=112238804301664&w=2 The attached patch for 2.6.14-rc1 fixes this problem plus another newly-introduced bug. There's yet a third bug fixed in the next attachment.
Created attachment 6037 [details] SCSI error handler exit patch When the SCSI error handler was converted to use the kthread library, the thread-exit code was botched. This fixes it.
*** Bug 5270 has been marked as a duplicate of this bug. ***
Fixed now in 2.6.14-rc3