System crash due to use-after-free in NVMe request double completion

Issue

• System crash due to use-after-free in NVMe request double completion:

nvme nvme0: I/O 75 QID 6 timeout, aborting
nvme nvme0: Abort status: 0x0
nvme nvme0: I/O 75 QID 6 timeout, reset controller
nvme nvme0: 15/0/0 default/read/poll queues
BUG: unable to handle kernel paging request at 0000000000027cd4
PGD 0 P4D 0 
Oops: 0000 [#1] SMP NOPTI
CPU: 5 PID: 44 Comm: ksoftirqd/5 Kdump: loaded Tainted: G                 ---------r-  - 4.18.0-425.3.1.el8.x86_64 #1
Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020
RIP: 0010:dma_direct_unmap_sg+0x46/0x1b0
....
Call Trace:
 <IRQ>
 nvme_unmap_data+0x10b/0x140 [nvme]
 nvme_pci_complete_rq+0x2b/0x40 [nvme]
 nvme_irq+0x15c/0x250 [nvme]
 __handle_irq_event_percpu+0x40/0x190
 handle_irq_event_percpu+0x30/0x80
 handle_irq_event+0x36/0x57
 handle_edge_irq+0x82/0x190
 handle_irq+0x1c/0x30
 do_IRQ+0x49/0xd0
 common_interrupt+0xf/0xf
 </IRQ>
RIP: 0010:__slab_free+0x9/0x350
....
 ? rcu_do_batch+0x1c5/0x470
 ? rcu_do_batch+0x1c5/0x470
 kmem_cache_free+0x2d6/0x300
 rcu_do_batch+0x1c5/0x470
 rcu_core+0x14c/0x210
 __do_softirq+0xd7/0x2c8
 ? sort_range+0x20/0x20
 run_ksoftirqd+0x2a/0x40
....