diff --git a/debian/changelog b/debian/changelog
index 4f221aa02..2383a8899 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1818,6 +1818,7 @@ linux (4.19.118-1) UNRELEASED; urgency=medium
   * net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
     (CVE-2020-1749)
   * blktrace: Protect q->blk_trace with RCU (CVE-2019-19768)
+  * blktrace: fix dereference after null check
 
   [ Ben Hutchings ]
   * [x86] Drop "Add a SysRq option to lift kernel lockdown" (Closes: #947021)
diff --git a/debian/patches/bugfix/all/blktrace-fix-dereference-after-null-check.patch b/debian/patches/bugfix/all/blktrace-fix-dereference-after-null-check.patch
new file mode 100644
index 000000000..8c10a8166
--- /dev/null
+++ b/debian/patches/bugfix/all/blktrace-fix-dereference-after-null-check.patch
@@ -0,0 +1,66 @@
+From: Cengiz Can <cengiz@kernel.wtf>
+Date: Wed, 4 Mar 2020 13:58:19 +0300
+Subject: blktrace: fix dereference after null check
+Origin: https://git.kernel.org/linus/153031a301bb07194e9c37466cfce8eacb977621
+
+There was a recent change in blktrace.c that added a RCU protection to
+`q->blk_trace` in order to fix a use-after-free issue during access.
+
+However the change missed an edge case that can lead to dereferencing of
+`bt` pointer even when it's NULL:
+
+Coverity static analyzer marked this as a FORWARD_NULL issue with CID
+1460458.
+
+```
+/kernel/trace/blktrace.c: 1904 in sysfs_blk_trace_attr_store()
+1898            ret = 0;
+1899            if (bt == NULL)
+1900                    ret = blk_trace_setup_queue(q, bdev);
+1901
+1902            if (ret == 0) {
+1903                    if (attr == &dev_attr_act_mask)
+>>>     CID 1460458:  Null pointer dereferences  (FORWARD_NULL)
+>>>     Dereferencing null pointer "bt".
+1904                            bt->act_mask = value;
+1905                    else if (attr == &dev_attr_pid)
+1906                            bt->pid = value;
+1907                    else if (attr == &dev_attr_start_lba)
+1908                            bt->start_lba = value;
+1909                    else if (attr == &dev_attr_end_lba)
+```
+
+Added a reassignment with RCU annotation to fix the issue.
+
+Fixes: c780e86dd48 ("blktrace: Protect q->blk_trace with RCU")
+Reviewed-by: Ming Lei <ming.lei@redhat.com>
+Reviewed-by: Bob Liu <bob.liu@oracle.com>
+Reviewed-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Signed-off-by: Cengiz Can <cengiz@kernel.wtf>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/trace/blktrace.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c
+index 99f6cdbf2f540..6cea8bbca03cb 100644
+--- a/kernel/trace/blktrace.c
++++ b/kernel/trace/blktrace.c
+@@ -1893,8 +1893,11 @@ static ssize_t sysfs_blk_trace_attr_store(struct device *dev,
+ 	}
+ 
+ 	ret = 0;
+-	if (bt == NULL)
++	if (bt == NULL) {
+ 		ret = blk_trace_setup_queue(q, bdev);
++		bt = rcu_dereference_protected(q->blk_trace,
++				lockdep_is_held(&q->blk_trace_mutex));
++	}
+ 
+ 	if (ret == 0) {
+ 		if (attr == &dev_attr_act_mask)
+-- 
+2.20.1
+
diff --git a/debian/patches/series b/debian/patches/series
index 784028b18..fa45b7320 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -298,5 +298,6 @@ bugfix/all/f2fs-fix-to-avoid-memory-leakage-in-f2fs_listxattr.patch
 bugfix/all/net-ipv6-add-net-argument-to-ip6_dst_lookup_flow.patch
 bugfix/all/net-ipv6_stub-use-ip6_dst_lookup_flow-instead-of-ip6.patch
 bugfix/all/blktrace-protect-q-blk_trace-with-rcu.patch
+bugfix/all/blktrace-fix-dereference-after-null-check.patch
 
 # ABI maintenance