In the Linux kernel, following vulnerability has been resolved: block: be a bit more careful in checking for NULL bdev while polling Wei reports crash with an application using polled IO: PGD 14265e067 P4D PUD 47ec50067 PMD 0 Oops: 0000 [#1] SMP CPU: 0 PID: 21915 Comm: iocore_0 Kdump: loaded Tainted: G S 5.12.0-0_fbk12_clang_7346_g1bb6f2e7058f #1 Hardware name: Wiwynn Delta Lake MP T8/Delta Lake-Class2, BIOS Y3DLM08 04/10/2022 RIP: 0010:bio_poll+0x25/0x200 Code: 0f 1f 44 00 55 41 57 56 54 53 48 83 ec 28 65 8b 04 25 89 24 20 47 08 <48> 80 70 02 4c 50 6f 34 31 db fd ff 75 65 RSP: 0018:ffffc90005fafdf8 EFLAGS: 00010292 RAX: 0000000000000000 RBX: RCX: 74b43cd65dd66600 RDX: 0000000000000003 RSI: ffffc90005fafe78 RDI: ffff8884b614e140 RBP: ffff88849964df78 R08: R09: 0000000000000008 R10: R11: R12: ffff88849964df00 R13: R14: ffff888137d3c378 R15: 0000000000000001 FS: 00007fd195000640(0000) GS:ffff88903f400000(0000) knlGS:0000000000000000 CS: 0010 DS: ES: CR0: 0000000080050033 CR2: 0000000000000270 CR3: 0000000466121001 CR4: 00000000007706f0 DR0: DR1: DR2: 0000000000000000 DR3: DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: iocb_bio_iopoll+0x1d/0x30 io_do_iopoll+0xac/0x250 __se_sys_io_uring_enter+0x3c5/0x5a0 ? __x64_sys_write+0x89/0xd0 do_syscall_64+0x2d/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x94f225d Code: cc 84 d0 c1 e0 10 09 c2 33 43 18 63 4b 0c b8 aa 01 05 <85> c0 88 85 29 03 45 f6 c7 RSP: 002b:00007fd194ffcd88 00000202 ORIG_RAX: 00000000000001aa RAX: ffffffffffffffda 00007fd194ffcdc0 00000000094f225d RDX: 0000000000000007 RBP: 00007fd194ffcdb0 0000000000000001 0000000000000202 00007fd269d68030 R13: 0000000000000000 which is due to bio->bi_bdev being NULL. This can happen if we have two tasks doing IO, and task B ends up completing IO from A if they are sharing poll queue. If completes puts the bio into our cache, then it allocate that bio again before A is done polling it. As would necessitate preempt between the two tasks, it's enough just for whether or not