Fixed
Created: Oct 23, 2025
Updated: Oct 26, 2025
Resolved Date: Oct 26, 2025
Found In Version: 10.21.20.1
Fix Version: 10.21.20.20
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]ring-buffer: Do not swap cpu_buffer during resize process[EOL][EOL]When ring_buffer_swap_cpu was called during resize process,[EOL]the cpu buffer was swapped in the middle, resulting in incorrect state.[EOL]Continuing to run in the wrong state will result in oops.[EOL][EOL]This issue can be easily reproduced using the following two scripts:[EOL]/tmp # cat test1.sh[EOL]//#! /bin/sh[EOL]for i in `seq 0 100000`[EOL]do[EOL] echo 2000 > /sys/kernel/debug/tracing/buffer_size_kb[EOL] sleep 0.5[EOL] echo 5000 > /sys/kernel/debug/tracing/buffer_size_kb[EOL] sleep 0.5[EOL]done[EOL]/tmp # cat test2.sh[EOL]//#! /bin/sh[EOL]for i in `seq 0 100000`[EOL]do[EOL] echo irqsoff > /sys/kernel/debug/tracing/current_tracer[EOL] sleep 1[EOL] echo nop > /sys/kernel/debug/tracing/current_tracer[EOL] sleep 1[EOL]done[EOL]/tmp # ./test1.sh &[EOL]/tmp # ./test2.sh &[EOL][EOL]A typical oops log is as follows, sometimes with other different oops logs.[EOL][EOL][ 231.711293] WARNING: CPU: 0 PID: 9 at kernel/trace/ring_buffer.c:2026 rb_update_pages+0x378/0x3f8[EOL][ 231.713375] Modules linked in:[EOL][ 231.714735] CPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W 6.5.0-rc1-00276-g20edcec23f92 #15[EOL][ 231.716750] Hardware name: linux,dummy-virt (DT)[EOL][ 231.718152] Workqueue: events update_pages_handler[EOL][ 231.719714] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)[EOL][ 231.721171] pc : rb_update_pages+0x378/0x3f8[EOL][ 231.722212] lr : rb_update_pages+0x25c/0x3f8[EOL][ 231.723248] sp : ffff800082b9bd50[EOL][ 231.724169] x29: ffff800082b9bd50 x28: ffff8000825f7000 x27: 0000000000000000[EOL][ 231.726102] x26: 0000000000000001 x25: fffffffffffff010 x24: 0000000000000ff0[EOL][ 231.728122] x23: ffff0000c3a0b600 x22: ffff0000c3a0b5c0 x21: fffffffffffffe0a[EOL][ 231.730203] x20: ffff0000c3a0b600 x19: ffff0000c0102400 x18: 0000000000000000[EOL][ 231.732329] x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffffe7aa8510[EOL][ 231.734212] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000002[EOL][ 231.736291] x11: ffff8000826998a8 x10: ffff800082b9baf0 x9 : ffff800081137558[EOL][ 231.738195] x8 : fffffc00030e82c8 x7 : 0000000000000000 x6 : 0000000000000001[EOL][ 231.740192] x5 : ffff0000ffbafe00 x4 : 0000000000000000 x3 : 0000000000000000[EOL][ 231.742118] x2 : 00000000000006aa x1 : 0000000000000001 x0 : ffff0000c0007208[EOL][ 231.744196] Call trace:[EOL][ 231.744892] rb_update_pages+0x378/0x3f8[EOL][ 231.745893] update_pages_handler+0x1c/0x38[EOL][ 231.746893] process_one_work+0x1f0/0x468[EOL][ 231.747852] worker_thread+0x54/0x410[EOL][ 231.748737] kthread+0x124/0x138[EOL][ 231.749549] ret_from_fork+0x10/0x20[EOL][ 231.750434] ---[ end trace 0000000000000000 ]---[EOL][ 233.720486] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000[EOL][ 233.721696] Mem abort info:[EOL][ 233.721935] ESR = 0x0000000096000004[EOL][ 233.722283] EC = 0x25: DABT (current EL), IL = 32 bits[EOL][ 233.722596] SET = 0, FnV = 0[EOL][ 233.722805] EA = 0, S1PTW = 0[EOL][ 233.723026] FSC = 0x04: level 0 translation fault[EOL][ 233.723458] Data abort info:[EOL][ 233.723734] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000[EOL][ 233.724176] CM = 0, WnR = 0, TnD = 0, TagAccess = 0[EOL][ 233.724589] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0[EOL][ 233.725075] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000104943000[EOL][ 233.725592] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000[EOL][ 233.726231] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP[EOL][ 233.726720] Modules linked in:[EOL][ 233.727007] CPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W 6.5.0-rc1-00276-g20edcec23f92 #15[EOL][ 233.727777] Hardware name: linux,dummy-virt (DT)[EOL][ 233.728225] Workqueue: events update_pages_handler[EOL][ 233.728655] pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)[EOL][ 233.729054] pc : rb_update_pages+0x1a8/0x3f8[EOL][ 233.729334] lr : rb_update_pages+0x154/0x3f8[EOL][ 233.729592] sp : ffff800082b9bd50[EOL][ 233.729792] x29: ffff800082b9bd50 x28: ffff8000825f7000 x27: 00000000[EOL]---truncated---
