In the Linux kernel, the following vulnerability has been resolved: block: don't call rqqosops->donebio if the bio isn't tracked rqqos framework is only applied on request based driver, so: 1) rqqosdonebio() needn't to be called for bio based driver 2) rqqosdonebio() needn't to be called for bio which isn't tracked, such as bios ended from error handling code. Especially in bioendio(): 1) request queue is referred via bio->bibdev->bddisk->queue, which may be gone since request queue refcount may not be held in above two cases 2) q->rqqos may be freed in blkcleanupqueue() when calling into _rqqosdonebio() Fix the potential kernel panic by not calling rqqosops->donebio if the bio isn't tracked. This way is safe because both iocrqosdonebio() and blkcgiolatencydone_bio() are nop if the bio isn't tracked.