On Wed, Sep 08, 2021 at 03:37:06PM +0800, yukuai (C) wrote: > On 2021/09/08 15:30, Ming Lei wrote: > > > > +put_req: > > > + if (req) > > > + blk_mq_put_rq_ref(req); > > > return ret ? ERR_PTR(ret) : cmd; > > > > After the request's refcnt is dropped, it can be freed immediately, then > > one stale command is returned to caller. > > Hi, Ming > > It's right this patch leave this problem. Please take a look at patch 3 > and patch 4, the problem should be fixed with these patches. Not see it is addressed in patch 3 & 4, and it is one obvious fault in patch 2, please fix it from beginning by moving the refcnt drop into recv_work(). BTW, the approach in patch 3 looks fine, which is very similar with SCSI's handling. Thanks, Ming
