CVE-2025-38285

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix WARN() in getbpfrawtpregs

syzkaller reported an issue:

WARNING: CPU: 3 PID: 5971 at kernel/trace/bpftrace.c:1861 getbpfrawtpregs+0xa4/0x100 kernel/trace/bpftrace.c:1861 Modules linked in: CPU: 3 UID: 0 PID: 5971 Comm: syz-executor205 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:getbpfrawtpregs+0xa4/0x100 kernel/trace/bpftrace.c:1861 RSP: 0018:ffffc90003636fa8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff81c6bc4c RDX: ffff888032efc880 RSI: ffffffff81c6bc83 RDI: 0000000000000005 RBP: ffff88806a730860 R08: 0000000000000005 R09: 0000000000000003 R10: 0000000000000004 R11: 0000000000000000 R12: 0000000000000004 R13: 0000000000000001 R14: ffffc90003637008 R15: 0000000000000900 FS: 0000000000000000(0000) GS:ffff8880d6cdf000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f7baee09130 CR3: 0000000029f5a000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> bpfgetstackrawtp kernel/trace/bpftrace.c:1934 [inline] bpfgetstackrawtp+0x24/0x160 kernel/trace/bpftrace.c:1931 bpfprogec3b2eefa702d8d3+0x43/0x47 bpfdispatchernopfunc include/linux/bpf.h:1316 [inline] _bpfprogrun include/linux/filter.h:718 [inline] bpfprogrun include/linux/filter.h:725 [inline] _bpftracerun kernel/trace/bpftrace.c:2363 [inline] bpftracerun3+0x23f/0x5a0 kernel/trace/bpftrace.c:2405 _bpftracemmaplockacquirereturned+0xfc/0x140 include/trace/events/mmaplock.h:47 _traceitermmaplockacquirereturned+0x79/0xc0 include/trace/events/mmaplock.h:47 _dotracemmaplockacquirereturned include/trace/events/mmaplock.h:47 [inline] tracemmaplockacquirereturned include/trace/events/mmaplock.h:47 [inline] _mmaplockdotraceacquirereturned+0x138/0x1f0 mm/mmaplock.c:35 _mmaplocktraceacquirereturned include/linux/mmaplock.h:36 [inline] mmapreadtrylock include/linux/mmaplock.h:204 [inline] stackmapgetbuildidoffset+0x535/0x6f0 kernel/bpf/stackmap.c:157 _bpfgetstack+0x307/0xa10 kernel/bpf/stackmap.c:483 _bpfgetstack kernel/bpf/stackmap.c:499 [inline] bpfgetstack+0x32/0x40 kernel/bpf/stackmap.c:496 _bpfgetstackrawtp kernel/trace/bpftrace.c:1941 [inline] bpfgetstackrawtp+0x124/0x160 kernel/trace/bpftrace.c:1931 bpfprog_ec3b2eefa702d8d3+0x43/0x47

Tracepoint like tracemmaplockacquirereturned may cause nested call as the corner case show above, which will be resolved with more general method in the future. As a result, WARNONONCE will be triggered. As Alexei suggested, remove the WARNONONCE first.