The Wire · Showcase
KERNEL PROBES GET EMERGENCY FIXES AFTER NULL POINTER CRASHES
By RepoJournal · Filed · About Linux
The Linux kernel's dynamic tracing subsystem shipped critical fixes overnight to prevent general protection faults and crashes in fprobe handlers under concurrent registration.
A major NULL pointer dereference in fprobe_fgraph_entry() has been patched [1] [2]. The bug occurred when new fprobes registered on live instrumentation points became visible mid-operation, causing the shadow-stack fill walk to process exit handlers that the sizing walk never counted, writing past reserved bounds. This is not a theoretical race condition - it crashes production systems running concurrent kprobe registration. The kernel team also removed a WARN_ON_ONCE that users could trigger trivially [3], fixing developer experience when adding kprobe events with BTF parameters at raw addresses. In related fixes, the tracing subsystem now enforces mandatory $ prefix for comm access [4] to prevent ambiguity with event fields, and corrected a double-offset calculation bug in field dereference parsing [5] that corrupted memory access patterns. All five changes land in the probe fixes batch for v7.2-rc1.
Action items
- → Pull probes-fixes-v7.2-rc1 into your next kernel build if running kprobes or fprobes in production torvalds/linux [immediate]
- → Review any live kprobe registration scripts for $ prefix usage on comm variables torvalds/linux [plan]
- → Monitor systems using dynamic tracing for GPF events - patch before they surface torvalds/linux [immediate]
References
- [1] Merge tag 'probes-fixes-v7.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace torvalds/linux
- [2] tracing/fprobe: Fix NULL pointer dereference in fprobe_fgraph_entry() torvalds/linux
- [3] tracing/probes: Remove WARN_ON_ONCE from parse_btf_arg torvalds/linux
- [4] tracing/probes: Make the $ prefix mandatory for comm access torvalds/linux
- [5] tracing/probes: Fix double addition of offset for @+FOFFSET torvalds/linux
FAQ
- What changed in Linux on July 1, 2026?
- The Linux kernel's dynamic tracing subsystem shipped critical fixes overnight to prevent general protection faults and crashes in fprobe handlers under concurrent registration.
- What should Linux teams do about it?
- Pull probes-fixes-v7.2-rc1 into your next kernel build if running kprobes or fprobes in production • Review any live kprobe registration scripts for $ prefix usage on comm variables • Monitor systems using dynamic tracing for GPF events - patch before they surface
- Which Linux repositories shipped on July 1, 2026?
- torvalds/linux