On Mon, Jun 29, 2020 at 10:44 PM Pavel Begunkov <asml.silence@xxxxxxxxx> wrote: > After __io_free_req() put a ctx ref, it should assumed that the ctx may > already be gone. However, it can be accessed to put back fallback req. > Free req first and then put a req. Please stick "Fixes" tags on bug fixes to make it easy to see when the fixed bug was introduced (especially for ones that fix severe issues like UAFs). From a cursory glance, it kinda seems like this one _might_ have been introduced in 2b85edfc0c90ef, which would mean that it landed in 5.6? But I can't really tell for sure without investing more time; you probably know that better. And if this actually does affect existing releases, please also stick a "Cc: stable@xxxxxxxxxxxxxxx" tag on it so that the fix can be shipped to users of those releases.
