Hot-unplug or delete scsi device causes RHEL 4.6 kernel panic in sysfs_hash_and_remove

Solution Verified - Updated -


  • When a scsi device is hot-unplugged (or deleted via the /sys/block/sdX/device/delete interface), the Red Hat Enterprise Linux 4.6 kernel sometimes panics in sysfs_hash_and_remove(), with the following stack backtrace :

    Unable to handle kernel NULL pointer dereference at 0000000000000010
    PML4 4244c067 PGD 11cf12067 PMD 0
    Oops: 0000 [1] SMP
    CPU 3
    Modules linked in: mptctl mptbase ipmi_si(U) ipmi_devintf(U)
    ipmi_msghandler(U) hp_ilo(U) pidentd(U) autofs4 i2c_dev i2c_core
    sunrpc 8021q ide_dump cciss_dump scsi_dump diskdump zlib_deflate
    deadman(U) joydev dm_mirror button battery ac hw_random e1000
    (U) bnx2(U) bond1(U) bonding(U) sg st ext3 jbd dm_mod qla2400(U)
    qla2300(U) qla2xxx(U) cciss(U) qla2xxx_conf(U) usb_storage uh
    ci_hcd ohci_hcd ehci_hcd sd_mod scsi_mod
    Pid: 20295, comm: Not tainted 2.6.9-67.ELsmp
    RIP: 0010:[<ffffffff801b5203>]
    RSP: 0018:000001009eda5e28  EFLAGS: 00010246
    RAX: 0000000000000000 RBX: 000001007efdb448 RCX: 0000000000000246
    RDX: ffffffffa0024670 RSI: ffffffff8032cb3b RDI: 0000000000000000
    RBP: 000001007efdb438 R08: ffffffffa0009fc3 R09: 0000000000000246
    R10: 000000000064b090 R11: 0000000000000246 R12: ffffffffa00245e0
    R13: 0000000000000000 R14: ffffffff8032cb3b R15: 000001009eda5f50
    FS:  0000002a9557fb00(0000) GS:ffffffff804f2f00(0000)
    CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
    CR2: 0000000000000010 CR3: 0000000005d44000 CR4: 00000000000006e0
    Process (pid: 20295, threadinfo 000001009eda4000, task
    Stack: 000001007efdb448 000001007efdb438 ffffffffa00245e0
    0000000000650ce0 ffffffff8024e2ba 000001012a768000
    000001007efdb100 000001012a768000
    Call Trace:<ffffffff8024e2ba>{class_device_del+156}

This is not always reproducible - a race condition exists that does not always trigger the panic.


  • Red Hat Enterprise Linux 4.6, 4.7 or 4.8
  • any SCSI device. This can also be reproduced using virtual scsi devices (e.g. scsi_debug)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In