Home

Description

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump When calling ftrace_dump_one() concurrently with reading trace_pipe, a WARN_ON_ONCE() in trace_printk_seq() can be triggered due to a race condition. The issue occurs because: CPU0 (ftrace_dump) CPU1 (reader) echo z > /proc/sysrq-trigger !trace_empty(&iter) trace_iterator_reset(&iter) <- len = size = 0 cat /sys/kernel/tracing/trace_pipe trace_find_next_entry_inc(&iter) __find_next_entry ring_buffer_empty_cpu <- all empty return NULL trace_printk_seq(&iter.seq) WARN_ON_ONCE(s->seq.len >= s->seq.size) In the context between trace_empty() and trace_find_next_entry_inc() during ftrace_dump, the ring buffer data was consumed by other readers. This caused trace_find_next_entry_inc to return NULL, failing to populate `iter.seq`. At this point, due to the prior trace_iterator_reset, both `iter.seq.len` and `iter.seq.size` were set to 0. Since they are equal, the WARN_ON_ONCE condition is triggered. Move the trace_printk_seq() into the if block that checks to make sure the return value of trace_find_next_entry_inc() is non-NULL in ftrace_dump_one(), ensuring the 'iter.seq' is properly populated before subsequent operations.

PUBLISHED Reserved 2025-04-16 | Published 2025-09-16 | Updated 2025-09-29 | Assigner Linux

Product status

Default status
unaffected

d769041f865330034131525ee6a7f72eb4af2a24 (git) before f299353e7ccbcc5c2ed8993c48fbe7609cbe729a
affected

d769041f865330034131525ee6a7f72eb4af2a24 (git) before 5ab0ec206deb99eb3baf8f1d7602aeaa91dbcc85
affected

d769041f865330034131525ee6a7f72eb4af2a24 (git) before a6f0f8873cc30fd4543b09adf03f7f51d293f0e6
affected

d769041f865330034131525ee6a7f72eb4af2a24 (git) before e80ff23ba8bdb0f41a1afe2657078e4097d13a9a
affected

d769041f865330034131525ee6a7f72eb4af2a24 (git) before 28c8fb7ae2ad27d81c8de3c4fe608c509f6a18aa
affected

d769041f865330034131525ee6a7f72eb4af2a24 (git) before ced94e137e6cd5e79c65564841d3b7695d0f5fa3
affected

d769041f865330034131525ee6a7f72eb4af2a24 (git) before fbd4cf7ee4db65ef36796769fe978e9eba6f0de4
affected

d769041f865330034131525ee6a7f72eb4af2a24 (git) before 4013aef2ced9b756a410f50d12df9ebe6a883e4a
affected

Default status
affected

2.6.28
affected

Any version before 2.6.28
unaffected

5.4.298 (semver)
unaffected

5.10.242 (semver)
unaffected

5.15.191 (semver)
unaffected

6.1.150 (semver)
unaffected

6.6.104 (semver)
unaffected

6.12.45 (semver)
unaffected

6.16.5 (semver)
unaffected

6.17 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/f299353e7ccbcc5c2ed8993c48fbe7609cbe729a

git.kernel.org/...c/5ab0ec206deb99eb3baf8f1d7602aeaa91dbcc85

git.kernel.org/...c/a6f0f8873cc30fd4543b09adf03f7f51d293f0e6

git.kernel.org/...c/e80ff23ba8bdb0f41a1afe2657078e4097d13a9a

git.kernel.org/...c/28c8fb7ae2ad27d81c8de3c4fe608c509f6a18aa

git.kernel.org/...c/ced94e137e6cd5e79c65564841d3b7695d0f5fa3

git.kernel.org/...c/fbd4cf7ee4db65ef36796769fe978e9eba6f0de4

git.kernel.org/...c/4013aef2ced9b756a410f50d12df9ebe6a883e4a

cve.org (CVE-2025-39813)

nvd.nist.gov (CVE-2025-39813)

Download JSON