On Tue, Jun 06, 2017 at 04:02:52PM +0000, Bart Van Assche wrote:

On Tue, 2017-06-06 at 23:22 +0800, Ming Lei wrote:

quoted

If queue is stopped, we shouldn't dispatch request into driver and
hardware, unfortunately the check is removed in bd166ef183c2(blk-mq-sched:
add framework for MQ capable IO schedulers).

This patch fixes the issue by moving the check back into
__blk_mq_try_issue_directly().

This patch fixes request use-after-free[1][2] during canceling requets
of NVMe in nvme_dev_disable(), which can be triggered easily during
NVMe reset & remove test.

Although I'm not convinced that this patch fixes [2], the patch itself looks

The .q_usage_counter will be leaked once request is double free.

Thanks,
Ming