RepoJournal
Linux

Linux

The kernel, distros, and the rigs of the moment

Pick a date

The Wire · Showcase

KERNEL PROBES GET EMERGENCY FIXES AFTER NULL POINTER CRASHES

By RepoJournal · Filed · About Linux

The Linux kernel's dynamic tracing subsystem shipped critical fixes overnight to prevent general protection faults and crashes in fprobe handlers under concurrent registration.

A major NULL pointer dereference in fprobe_fgraph_entry() has been patched [1] [2]. The bug occurred when new fprobes registered on live instrumentation points became visible mid-operation, causing the shadow-stack fill walk to process exit handlers that the sizing walk never counted, writing past reserved bounds. This is not a theoretical race condition - it crashes production systems running concurrent kprobe registration. The kernel team also removed a WARN_ON_ONCE that users could trigger trivially [3], fixing developer experience when adding kprobe events with BTF parameters at raw addresses. In related fixes, the tracing subsystem now enforces mandatory $ prefix for comm access [4] to prevent ambiguity with event fields, and corrected a double-offset calculation bug in field dereference parsing [5] that corrupted memory access patterns. All five changes land in the probe fixes batch for v7.2-rc1.

Action items

References

  1. [1] Merge tag 'probes-fixes-v7.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace torvalds/linux
  2. [2] tracing/fprobe: Fix NULL pointer dereference in fprobe_fgraph_entry() torvalds/linux
  3. [3] tracing/probes: Remove WARN_ON_ONCE from parse_btf_arg torvalds/linux
  4. [4] tracing/probes: Make the $ prefix mandatory for comm access torvalds/linux
  5. [5] tracing/probes: Fix double addition of offset for @+FOFFSET torvalds/linux

FAQ

What changed in Linux on July 1, 2026?
The Linux kernel's dynamic tracing subsystem shipped critical fixes overnight to prevent general protection faults and crashes in fprobe handlers under concurrent registration.
What should Linux teams do about it?
Pull probes-fixes-v7.2-rc1 into your next kernel build if running kprobes or fprobes in production • Review any live kprobe registration scripts for $ prefix usage on comm variables • Monitor systems using dynamic tracing for GPF events - patch before they surface
Which Linux repositories shipped on July 1, 2026?
torvalds/linux

Related across the cluster

For your repos

The showcase is a teaser.
Your wire is the product.

Same engine. Different stack. Below: what changes when the wire is yours.

Showcase wire

  • 14 famous open source orgs
  • One wire per day
  • Public, generic
  • Read on the web, when you remember

Your wire

  • Up to 1,500 of your repos - orgs, deps, vendors
  • Morning and evening briefs
  • Action items routed to your team
  • Slack delivery, email, breaking-news CVE alerts

Want a hands-on demo first? Ask a current user for an invite link.