ANDROID: block: Partially revert "Send requeued requests to the I/O scheduler"

See also commit 9102217567.

Revert the code that sends requests back to the I/O scheduler if
dispatching fails because it is suspected to have introduced the
following BFQ crash:

==================================================================
BUG: KASAN: invalid-access in bfq_get_queue+0x500/0x560
Write at addr faffff8056fd8b30 by task Thread-11/27396
Pointer tag: [fa], memory tag: [fe]

CPU: 5 PID: 27396 Comm: Thread-11 Tainted: G S      W  OE     5.15.110-android14-7-00150-gf82b53108826-ab10234611 #1
Call trace:
 dump_backtrace+0xf8/0x1e8
 dump_stack_lvl+0x74/0xa4
 print_report+0x344/0x958
 kasan_report+0x90/0xe4
 __do_kernel_fault+0xc4/0x2ac
 do_bad_area+0x3c/0x154
 do_tag_check_fault+0x18/0x24
 do_mem_abort+0x60/0x134
 el1_abort+0x38/0x54
 el1h_64_sync_handler+0x54/0x88
 el1h_64_sync+0x78/0x7c
 bfq_get_queue+0x500/0x560
 bfq_insert_requests+0x98c/0x1474
 blk_mq_sched_insert_requests+0xec/0x334
 blk_mq_flush_plug_list+0x138/0x234
 blk_flush_plug_list+0x118/0x164
 read_pages+0x38c/0x408
 page_cache_ra_unbounded+0x22c/0x2f4
 do_sync_mmap_readahead+0x1a4/0x208
 filemap_fault+0x27c/0x8f4
 f2fs_filemap_fault+0x28/0xfc
 __do_fault+0xc0/0x204
 handle_pte_fault+0x28c/0xdf8
 do_handle_mm_fault+0x504/0x7b8
 do_page_fault+0x5dc/0x798
 do_translation_fault+0x40/0x54
 do_mem_abort+0x60/0x134
 el0_ia+0x74/0x158
 el0t_64_sync_handler+0xac/0xe4
 el0t_64_sync+0x1b0/0x1b4

The buggy address belongs to the object at ffffff8056fd8a50
 which belongs to the cache bfq_io_cq of size 232
The buggy address is located 224 bytes inside of
 232-byte region [ffffff8056fd8a50, ffffff8056fd8b38)

The buggy address belongs to the physical page:
page:00000000a0db99e0 refcount:1 mapcount:0 mapping:0000000000000000 index:0xfaffff8056fd8a50 pfn:0xd6fd8
head:00000000a0db99e0 order:1 compound_mapcount:0
flags: 0x4000000000010200(slab|head|zone=1|kasantag=0x0)
raw: 4000000000010200 fffffffe2306b300 0000000400000004 f2ffff800a71f700
raw: faffff8056fd8a50 000000008022001d 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffffff8056fd8900: fe fe fe fe fe fe fd fd fd fd fd fd fd fd fd fd
 ffffff8056fd8a00: fd fd fd fd fd fe fe fe fe fe fe fe fe fe fe fe
>ffffff8056fd8b00: fe fe fe fe fb fb fb fb fb fb fb fb fb fb fb fb
                            ^
 ffffff8056fd8c00: fb fb fb f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4
 ffffff8056fd8d00: f4 f4 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
==================================================================

Bug: 285769645
Change-Id: Ia870feee81988ae47a2be0e1b145d18165588f8a
Signed-off-by: Bart Van Assche <bvanassche@google.com>

block/blk-mq.c

@@ -1406,31 +1406,14 @@ out:
 		/* For non-shared tags, the RESTART check will suffice */
 		bool no_tag = prep == PREP_DISPATCH_NO_TAG &&
 			(hctx->flags & BLK_MQ_F_TAG_QUEUE_SHARED);
-		LIST_HEAD(for_sched);
-		struct request *next;
 
 		if (nr_budgets)
 			blk_mq_release_budgets(q, list);
 
-		if (q->elevator)
-			list_for_each_entry_safe(rq, next, list, queuelist)
-				if (!blk_mq_sched_bypass_insert(rq))
-					list_move_tail(&rq->queuelist,
-						       &for_sched);
-
 		spin_lock(&hctx->lock);
 		list_splice_tail_init(list, &hctx->dispatch);
 		spin_unlock(&hctx->lock);
 
-		if (q->elevator && !list_empty(&for_sched)) {
-			if (q->elevator->type->ops.requeue_request)
-				list_for_each_entry(rq, &for_sched, queuelist)
-					q->elevator->type->ops.
-						requeue_request(rq);
-			q->elevator->type->ops.insert_requests(hctx, &for_sched,
-						       /*at_head=*/true);
-		}
-
 		/*
 		 * Order adding requests to hctx->dispatch and checking
 		 * SCHED_RESTART flag. The pair of this smp_mb() is the one