Before call blk_mq_start_request() in null_queue_rq(), initialize rq->state to
MQ_RQ_IDLE.
Reported-and-tested-by: syzbot+fcc47ba2476570cbbeb0@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Edward Adam Davis <eadavis@xxxxxx>
---
drivers/block/null_blk/main.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/block/null_blk/main.c b/drivers/block/null_blk/main.c
index 22a3cf7f32e2..0726534a5a24 100644
--- a/drivers/block/null_blk/main.c
+++ b/drivers/block/null_blk/main.c
@@ -1724,6 +1724,8 @@ static blk_status_t null_queue_rq(struct blk_mq_hw_ctx *hctx,
cmd->fake_timeout = should_timeout_request(rq) ||
blk_should_fake_timeout(rq->q);
+ if (READ_ONCE(rq->state))
+ WRITE_ONCE(rq->state, MQ_RQ_IDLE);
blk_mq_start_request(rq);
if (should_requeue_request(rq)) {
--
2.25.1
