1.7 KiB
CVE-2025-39780
Description
In the Linux kernel, the following vulnerability has been resolved:sched/ext: Fix invalid task state transitions on class switchWhen enabling a sched_ext scheduler, we may trigger invalid task statetransitions, resulting in warnings like the following (which can beeasily reproduced by running the hotplug selftest in a loop): sched_ext: Invalid task state transition 0 -> 3 for fish[770] WARNING: CPU: 18 PID: 787 at kernel/sched/ext.c:3862 scx_set_task_state+0x7c/0xc0 ... RIP: 0010:scx_set_task_state+0x7c/0xc0 ... Call Trace: scx_enable_task+0x11f/0x2e0 switching_to_scx+0x24/0x110 scx_enable.isra.0+0xd14/0x13d0 bpf_struct_ops_link_create+0x136/0x1a0 __sys_bpf+0x1edd/0x2c30 __x64_sys_bpf+0x21/0x30 do_syscall_64+0xbb/0x370 entry_SYSCALL_64_after_hwframe+0x77/0x7fThis happens because we skip initialization for tasks that are alreadydead (with their usage counter set to zero), but we don't exclude themduring the scheduling class transition phase.Fix this by also skipping dead tasks during class swiching, preventinginvalid task state transitions.
POC
Reference
No PoCs from references.