[PATCH v4 1/1] nvmet-tcp: Fix NULL pointer dereference during release

[Sagi Grimberg]

> nvmet-tcp frees CMD buffers in nvmet_tcp_uninit_data_in_cmds(),
> and waits the inflight IO requests in nvmet_sq_destroy(). During wait
> the inflight IO requests, the callback nvmet_tcp_queue_response()
> is called from backend after IO complete, this leads a typical
> Use-After-Free issue like this:

Would it be possible to resend this patch rebased on top of nvme-6.1?