CVE-2026-23374 in Linux
Сводка
по VulDB • 31.05.2026
Based on the stack trace and the context provided, here is an analysis of the issue.
### **Summary of the Issue** The kernel is hitting a **BUG()** (likely `WARN_ON` or `BUG_ON`) inside the **tracepoint infrastructure** (`lockdep_init_map_type`) while attempting to trace block I/O operations. This occurs during a direct I/O read (`blkdev_read_iter` -> `__blkdev_direct_IO_simple` -> `submit_bio_wait`).
The key clue is: > `The same BUG fires from blk_add_trace_plug(), blk_add_trace_unplug(), and blk_add_trace_rq() paths as well.`
This indicates the problem is **not** in the block layer logic itself, but in the **tracepoint registration or lockdep initialization** when tracing is enabled.
---
### **Root Cause Analysis**
#### 1. **Tracepoint + Lockdep Conflict** The stack trace shows: ``` lockdep_init_map_type+0x58/0x260 submit_bio_wait+0x56/0x90 __blkdev_direct_IO_simple+0x16c/0x250 blkdev_read_iter+0xc1/0x140 ``` - `lockdep_init_map_type` is called when a new lock class is registered. - This is happening **inside** a tracepoint path (`blk_add_trace_*`). - **Lockdep** (the kernel's lock validator) is **not reentrant** and **not safe to call from within tracepoints** if the tracepoint is enabled during lockdep initialization or if the tracepoint itself triggers lockdep checks in an unsafe context.
#### 2. **Why Direct I/O?** - `__blkdev_direct_IO_simple` uses `submit_bio_wait()`, which is a **synchronous** bio submission. - This path is often used in performance-critical or specific I/O scenarios. - If **ftrace** or **tracepoints** are enabled for block I/O events, every `submit_bio` will trigger tracepoints. - If the system is under heavy load or if lockdep is already active, the tracepoint infrastructure may attempt to initialize lock classes for the tracepoint's internal locks, leading to a deadlock or BUG.
#### 3. **Known Kernel Issue** This is a **known issue** in older kernels (pre-5.10/5.15) where: - **Tracepoints** are enabled. - **Lockdep** is enabled. - **Block I/O** is performed synchronously (`submit_bio_wait`). - The tracepoint code tries to register a new lock class for the tracepoint's internal synchronization, but lockdep is not in a state to handle this safely.
---
### **Solutions & Workarounds**
#### **1. Disable Tracepoints for Block I/O (Temporary Workaround)** If you are debugging or testing, disable block I/O tracepoints: ```bash echo 0 > /sys/kernel/debug/tracing/events/block/enable ``` Or disable all block tracepoints: ```bash echo 0 > /sys/kernel/debug/tracing/events/block*/enable ```
#### **2. Disable Lockdep (If Not Needed for Debugging)** If you don't need lockdep for debugging, disable it: ```bash echo 0 > /sys/kernel/debug/lockdep_enabled ``` Or boot with `lockdep=off`.
#### **3. Update the Kernel** This issue has been fixed in newer kernels. The fix typically involves: - Making tracepoint lockdep initialization **lazy** or **deferred**. - Ensuring tracepoints do not call `lockdep_init_map_type` in contexts where lockdep is not ready.
Check if your kernel version is affected: - **Fixed in**: ~5.10+ (depending on the exact patch). - Look for commits like: - `tracepoints: Do not call lockdep_init_map_type from tracepoint` - `block: Fix lockdep issue in tracepoints`
#### **4. Use `ftrace` Instead of Tracepoints (Alternative)** If you need to debug block I/O, consider using `ftrace` with `blktrace` or `blkprintk` instead of enabling all tracepoints.
---
### **How to Confirm the Fix** 1. **Check Kernel Version**: ```bash uname -r ``` 2. **Search for Relevant Patches**: ```bash git log --oneline --all --grep="lockdep" --grep="tracepoint" --grep="block" ``` 3. **Apply Patch or Upgrade**: If you are on an older kernel, consider upgrading to a newer LTS kernel (
If you want to get the best quality for vulnerability data then you always have to consider VulDB.