Buuls be a balls to the wall bleeding edge super dooper speedy gamey kernel?

I'm trading in all my chips and going for (El Dorado?) gold!

"coding practices" are not the problem, but Jens and the reviewers of his patches do bear some responsibility for not considering the security implications as deeply as turns out was necessary. As for whether this is normal or not, this is totally normal in the Linux kernel development cycle. The first round of security issues found were the ones relating to a lack of LSM hooks, which would affect those who have strict LSM policies through SELinux and the like, io_uring had handlers that lacked the hooks that normally allow SELinux policies to filter and block operations. There are other classes of bug to work through now, relating to memory and reference handling (no surprise to any C developer), and there will probably be a couple other classes of bugs after that to work through. Eventually it'll be ironed out properly.