On 3/16/23 12:56 PM, Fedor Pchelkin wrote: > No upstream commit exists for this commit. > > The issue was introduced with backporting upstream commit c16bda37594f > ("io_uring/poll: allow some retries for poll triggering spuriously"). > > Memory allocation can possibly fail causing invalid pointer be > dereferenced just before comparing it to NULL value. > > Move the pointer check in proper place (upstream has the similar location > of the check). In case the request has REQ_F_POLLED flag up, apoll can't > be NULL so no need to check there. > > Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Ah thanks, yes that's a mistake. Looks good to me! -- Jens Axboe