{"id":"CVE-2025-38327","summary":"fgraph: Do not enable function_graph tracer when setting funcgraph-args","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nfgraph: Do not enable function_graph tracer when setting funcgraph-args\n\nWhen setting the funcgraph-args option when function graph tracer is net\nenabled, it incorrectly enables it. Worse, it unregisters itself when it\nwas never registered. Then when it gets enabled again, it will register\nitself a second time causing a WARNing.\n\n ~# echo 1 \u003e /sys/kernel/tracing/options/funcgraph-args\n ~# head -20 /sys/kernel/tracing/trace\n # tracer: nop\n #\n # entries-in-buffer/entries-written: 813/26317372   #P:8\n #\n #                                _-----=\u003e irqs-off/BH-disabled\n #                               / _----=\u003e need-resched\n #                              | / _---=\u003e hardirq/softirq\n #                              || / _--=\u003e preempt-depth\n #                              ||| / _-=\u003e migrate-disable\n #                              |||| /     delay\n #           TASK-PID     CPU#  |||||  TIMESTAMP  FUNCTION\n #              | |         |   |||||     |         |\n           \u003cidle\u003e-0       [007] d..4.   358.966010:  7)   1.692 us    |          fetch_next_timer_interrupt(basej=4294981640, basem=357956000000, base_local=0xffff88823c3ae040, base_global=0xffff88823c3af300, tevt=0xffff888100e47cb8);\n           \u003cidle\u003e-0       [007] d..4.   358.966012:  7)               |          tmigr_cpu_deactivate(nextexp=357988000000) {\n           \u003cidle\u003e-0       [007] d..4.   358.966013:  7)               |            _raw_spin_lock(lock=0xffff88823c3b2320) {\n           \u003cidle\u003e-0       [007] d..4.   358.966014:  7)   0.981 us    |              preempt_count_add(val=1);\n           \u003cidle\u003e-0       [007] d..5.   358.966017:  7)   1.058 us    |              do_raw_spin_lock(lock=0xffff88823c3b2320);\n           \u003cidle\u003e-0       [007] d..4.   358.966019:  7)   5.824 us    |            }\n           \u003cidle\u003e-0       [007] d..5.   358.966021:  7)               |            tmigr_inactive_up(group=0xffff888100cb9000, child=0x0, data=0xffff888100e47bc0) {\n           \u003cidle\u003e-0       [007] d..5.   358.966022:  7)               |              tmigr_update_events(group=0xffff888100cb9000, child=0x0, data=0xffff888100e47bc0) {\n\nNotice the \"tracer: nop\" at the top there. The current tracer is the \"nop\"\ntracer, but the content is obviously the function graph tracer.\n\nEnabling function graph tracing will cause it to register again and\ntrigger a warning in the accounting:\n\n ~# echo function_graph \u003e /sys/kernel/tracing/current_tracer\n -bash: echo: write error: Device or resource busy\n\nWith the dmesg of:\n\n ------------[ cut here ]------------\n WARNING: CPU: 7 PID: 1095 at kernel/trace/ftrace.c:3509 ftrace_startup_subops+0xc1e/0x1000\n Modules linked in: kvm_intel kvm irqbypass\n CPU: 7 UID: 0 PID: 1095 Comm: bash Not tainted 6.16.0-rc2-test-00006-gea03de4105d3 #24 PREEMPT\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:ftrace_startup_subops+0xc1e/0x1000\n Code: 48 b8 22 01 00 00 00 00 ad de 49 89 84 24 88 01 00 00 8b 44 24 08 89 04 24 e9 c3 f7 ff ff c7 04 24 ed ff ff ff e9 b7 f7 ff ff \u003c0f\u003e 0b c7 04 24 f0 ff ff ff e9 a9 f7 ff ff c7 04 24 f4 ff ff ff e9\n RSP: 0018:ffff888133cff948 EFLAGS: 00010202\n RAX: 0000000000000001 RBX: 1ffff1102679ff31 RCX: 0000000000000000\n RDX: 1ffffffff0b27a60 RSI: ffffffff8593d2f0 RDI: ffffffff85941140\n RBP: 00000000000c2041 R08: ffffffffffffffff R09: ffffed1020240221\n R10: ffff88810120110f R11: ffffed1020240214 R12: ffffffff8593d2f0\n R13: ffffffff8593d300 R14: ffffffff85941140 R15: ffffffff85631100\n FS:  00007f7ec6f28740(0000) GS:ffff8882b5251000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f7ec6f181c0 CR3: 000000012f1d0005 CR4: 0000000000172ef0\n Call Trace:\n  \u003cTASK\u003e\n  ? __pfx_ftrace_startup_subops+0x10/0x10\n  ? find_held_lock+0x2b/0x80\n  ? ftrace_stub_direct_tramp+0x10/0x10\n  ? ftrace_stub_direct_tramp+0x10/0x10\n  ? trace_preempt_on+0xd0/0x110\n  ? __pfx_trace_graph_entry_args+0x10/\n---truncated---","modified":"2026-04-02T12:47:55.951117Z","published":"2025-07-10T08:15:01.577Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38327.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/300dedd9fe182d4c7424550d81cee595994486d1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/327e28664307d49ce3fa71ba30dcc0007c270974"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38327.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38327"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c7a60a733c373eed0094774c141bf2934237e7ff"},{"fixed":"300dedd9fe182d4c7424550d81cee595994486d1"},{"fixed":"327e28664307d49ce3fa71ba30dcc0007c270974"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38327.json"}}],"schema_version":"1.7.5"}