CVE-2025-38327

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> fgraph: Do not enable function_graph tracer when setting funcgraph-args<br /> <br /> When setting the funcgraph-args option when function graph tracer is net<br /> enabled, it incorrectly enables it. Worse, it unregisters itself when it<br /> was never registered. Then when it gets enabled again, it will register<br /> itself a second time causing a WARNing.<br /> <br /> ~# echo 1 &gt; /sys/kernel/tracing/options/funcgraph-args<br /> ~# head -20 /sys/kernel/tracing/trace<br /> # tracer: nop<br /> #<br /> # entries-in-buffer/entries-written: 813/26317372 #P:8<br /> #<br /> # _-----=&gt; irqs-off/BH-disabled<br /> # / _----=&gt; need-resched<br /> # | / _---=&gt; hardirq/softirq<br /> # || / _--=&gt; preempt-depth<br /> # ||| / _-=&gt; migrate-disable<br /> # |||| / delay<br /> # TASK-PID CPU# ||||| TIMESTAMP FUNCTION<br /> # | | | ||||| | |<br /> -0 [007] d..4. 358.966010: 7) 1.692 us | fetch_next_timer_interrupt(basej=4294981640, basem=357956000000, base_local=0xffff88823c3ae040, base_global=0xffff88823c3af300, tevt=0xffff888100e47cb8);<br /> -0 [007] d..4. 358.966012: 7) | tmigr_cpu_deactivate(nextexp=357988000000) {<br /> -0 [007] d..4. 358.966013: 7) | _raw_spin_lock(lock=0xffff88823c3b2320) {<br /> -0 [007] d..4. 358.966014: 7) 0.981 us | preempt_count_add(val=1);<br /> -0 [007] d..5. 358.966017: 7) 1.058 us | do_raw_spin_lock(lock=0xffff88823c3b2320);<br /> -0 [007] d..4. 358.966019: 7) 5.824 us | }<br /> -0 [007] d..5. 358.966021: 7) | tmigr_inactive_up(group=0xffff888100cb9000, child=0x0, data=0xffff888100e47bc0) {<br /> -0 [007] d..5. 358.966022: 7) | tmigr_update_events(group=0xffff888100cb9000, child=0x0, data=0xffff888100e47bc0) {<br /> <br /> Notice the "tracer: nop" at the top there. The current tracer is the "nop"<br /> tracer, but the content is obviously the function graph tracer.<br /> <br /> Enabling function graph tracing will cause it to register again and<br /> trigger a warning in the accounting:<br /> <br /> ~# echo function_graph &gt; /sys/kernel/tracing/current_tracer<br /> -bash: echo: write error: Device or resource busy<br /> <br /> With the dmesg of:<br /> <br /> ------------[ cut here ]------------<br /> WARNING: CPU: 7 PID: 1095 at kernel/trace/ftrace.c:3509 ftrace_startup_subops+0xc1e/0x1000<br /> Modules linked in: kvm_intel kvm irqbypass<br /> CPU: 7 UID: 0 PID: 1095 Comm: bash Not tainted 6.16.0-rc2-test-00006-gea03de4105d3 #24 PREEMPT<br /> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014<br /> RIP: 0010:ftrace_startup_subops+0xc1e/0x1000<br /> Code: 48 b8 22 01 00 00 00 00 ad de 49 89 84 24 88 01 00 00 8b 44 24 08 89 04 24 e9 c3 f7 ff ff c7 04 24 ed ff ff ff e9 b7 f7 ff ff 0b c7 04 24 f0 ff ff ff e9 a9 f7 ff ff c7 04 24 f4 ff ff ff e9<br /> RSP: 0018:ffff888133cff948 EFLAGS: 00010202<br /> RAX: 0000000000000001 RBX: 1ffff1102679ff31 RCX: 0000000000000000<br /> RDX: 1ffffffff0b27a60 RSI: ffffffff8593d2f0 RDI: ffffffff85941140<br /> RBP: 00000000000c2041 R08: ffffffffffffffff R09: ffffed1020240221<br /> R10: ffff88810120110f R11: ffffed1020240214 R12: ffffffff8593d2f0<br /> R13: ffffffff8593d300 R14: ffffffff85941140 R15: ffffffff85631100<br /> FS: 00007f7ec6f28740(0000) GS:ffff8882b5251000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 00007f7ec6f181c0 CR3: 000000012f1d0005 CR4: 0000000000172ef0<br /> Call Trace:<br /> <br /> ? __pfx_ftrace_startup_subops+0x10/0x10<br /> ? find_held_lock+0x2b/0x80<br /> ? ftrace_stub_direct_tramp+0x10/0x10<br /> ? ftrace_stub_direct_tramp+0x10/0x10<br /> ? trace_preempt_on+0xd0/0x110<br /> ? __pfx_trace_graph_entry_args+0x10/<br /> ---truncated---