tracing: Add NULL pointer check to trigger_data_free()

groeck · Sasha Levin · commit 477469223b2b · 2026-03-12T07:10:01.000-04:00
[ Upstream commit 457965c ] If trigger_data_alloc() fails and returns NULL, event_hist_trigger_parse() jumps to the out_free error path. While kfree() safely handles a NULL pointer, trigger_data_free() does not. This causes a NULL pointer dereference in trigger_data_free() when evaluating data->cmd_ops->set_filter. Fix the problem by adding a NULL pointer check to trigger_data_free(). The problem was found by an experimental code review agent based on gemini-3.1-pro while reviewing backports into v6.18.y. Cc: Miaoqian Lin <linmq006@gmail.com> Cc: Masami Hiramatsu <mhiramat@kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Cc: Steven Rostedt (Google) <rostedt@goodmis.org> Link: https://patch.msgid.link/20260305193339.2810953-1-linux@roeck-us.net Fixes: 0550069 ("tracing: Properly process error handling in event_hist_trigger_parse()") Assisted-by: Gemini:gemini-3.1-pro Signed-off-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
diff --git a/kernel/trace/trace_events_trigger.c b/kernel/trace/trace_events_trigger.c
@@ -50,6 +50,9 @@ static int trigger_kthread_fn(void *ignore)
 
 void trigger_data_free(struct event_trigger_data *data)
 {
+	if (!data)
+		return;
+
 	if (data->cmd_ops->set_filter)
 		data->cmd_ops->set_filter(NULL, data, NULL);
 

Original file line number	Diff line number	Diff line change
`@@ -50,6 +50,9 @@ static int trigger_kthread_fn(void *ignore)`
`50`	`50`
`51`	`51`	`void trigger_data_free(struct event_trigger_data *data)`
`52`	`52`	`{`
	`53`	`+ if (!data)`
	`54`	`+ return;`
	`55`	`+`
`53`	`56`	`if (data->cmd_ops->set_filter)`
`54`	`57`	`data->cmd_ops->set_filter(NULL, data, NULL);`
`55`	`58`