{"id":"CVE-2025-39813","summary":"ftrace: Fix potential warning in trace_printk_seq during ftrace_dump","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix potential warning in trace_printk_seq during ftrace_dump\n\nWhen calling ftrace_dump_one() concurrently with reading trace_pipe,\na WARN_ON_ONCE() in trace_printk_seq() can be triggered due to a race\ncondition.\n\nThe issue occurs because:\n\nCPU0 (ftrace_dump)                              CPU1 (reader)\necho z \u003e /proc/sysrq-trigger\n\n!trace_empty(&iter)\ntrace_iterator_reset(&iter) \u003c- len = size = 0\n                                                cat /sys/kernel/tracing/trace_pipe\ntrace_find_next_entry_inc(&iter)\n  __find_next_entry\n    ring_buffer_empty_cpu \u003c- all empty\n  return NULL\n\ntrace_printk_seq(&iter.seq)\n  WARN_ON_ONCE(s-\u003eseq.len \u003e= s-\u003eseq.size)\n\nIn the context between trace_empty() and trace_find_next_entry_inc()\nduring ftrace_dump, the ring buffer data was consumed by other readers.\nThis caused trace_find_next_entry_inc to return NULL, failing to populate\n`iter.seq`. At this point, due to the prior trace_iterator_reset, both\n`iter.seq.len` and `iter.seq.size` were set to 0. Since they are equal,\nthe WARN_ON_ONCE condition is triggered.\n\nMove the trace_printk_seq() into the if block that checks to make sure the\nreturn value of trace_find_next_entry_inc() is non-NULL in\nftrace_dump_one(), ensuring the 'iter.seq' is properly populated before\nsubsequent operations.","modified":"2026-03-31T17:29:24.285531Z","published":"2025-09-16T13:00:14.846Z","related":["SUSE-SU-2025:21040-1","SUSE-SU-2025:21052-1","SUSE-SU-2025:21056-1","SUSE-SU-2025:21064-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","SUSE-SU-2025:4057-1","SUSE-SU-2025:4128-1","SUSE-SU-2025:4132-1","SUSE-SU-2025:4140-1","SUSE-SU-2025:4141-1","SUSE-SU-2025:4189-1","SUSE-SU-2025:4301-1","SUSE-SU-2026:0447-1","SUSE-SU-2026:0471-1","SUSE-SU-2026:0472-1","SUSE-SU-2026:0473-1","SUSE-SU-2026:0587-1","SUSE-SU-2026:20477-1","SUSE-SU-2026:20498-1","SUSE-SU-2026:20555-1","SUSE-SU-2026:20599-1","SUSE-SU-2026:20615-1","SUSE-SU-2026:20845-1","SUSE-SU-2026:20876-1","openSUSE-SU-2025:20081-1","openSUSE-SU-2026:20287-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39813.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/28c8fb7ae2ad27d81c8de3c4fe608c509f6a18aa"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4013aef2ced9b756a410f50d12df9ebe6a883e4a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5ab0ec206deb99eb3baf8f1d7602aeaa91dbcc85"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a6f0f8873cc30fd4543b09adf03f7f51d293f0e6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ced94e137e6cd5e79c65564841d3b7695d0f5fa3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e80ff23ba8bdb0f41a1afe2657078e4097d13a9a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f299353e7ccbcc5c2ed8993c48fbe7609cbe729a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fbd4cf7ee4db65ef36796769fe978e9eba6f0de4"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39813.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39813"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"d769041f865330034131525ee6a7f72eb4af2a24"},{"fixed":"f299353e7ccbcc5c2ed8993c48fbe7609cbe729a"},{"fixed":"5ab0ec206deb99eb3baf8f1d7602aeaa91dbcc85"},{"fixed":"a6f0f8873cc30fd4543b09adf03f7f51d293f0e6"},{"fixed":"e80ff23ba8bdb0f41a1afe2657078e4097d13a9a"},{"fixed":"28c8fb7ae2ad27d81c8de3c4fe608c509f6a18aa"},{"fixed":"ced94e137e6cd5e79c65564841d3b7695d0f5fa3"},{"fixed":"fbd4cf7ee4db65ef36796769fe978e9eba6f0de4"},{"fixed":"4013aef2ced9b756a410f50d12df9ebe6a883e4a"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39813.json"}}],"schema_version":"1.7.5"}