CVE-2025-39914

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tracing: Silence warning when chunk allocation fails in trace_pid_write<br /> <br /> Syzkaller trigger a fault injection warning:<br /> <br /> WARNING: CPU: 1 PID: 12326 at tracepoint_add_func+0xbfc/0xeb0<br /> Modules linked in:<br /> CPU: 1 UID: 0 PID: 12326 Comm: syz.6.10325 Tainted: G U 6.14.0-rc5-syzkaller #0<br /> Tainted: [U]=USER<br /> Hardware name: Google Compute Engine/Google Compute Engine<br /> RIP: 0010:tracepoint_add_func+0xbfc/0xeb0 kernel/tracepoint.c:294<br /> Code: 09 fe ff 90 0f 0b 90 0f b6 74 24 43 31 ff 41 bc ea ff ff ff<br /> RSP: 0018:ffffc9000414fb48 EFLAGS: 00010283<br /> RAX: 00000000000012a1 RBX: ffffffff8e240ae0 RCX: ffffc90014b78000<br /> RDX: 0000000000080000 RSI: ffffffff81bbd78b RDI: 0000000000000001<br /> RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000<br /> R10: 0000000000000001 R11: 0000000000000001 R12: ffffffffffffffef<br /> R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff81c264f0<br /> FS: 00007f27217f66c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 0000001b2e80dff8 CR3: 00000000268f8000 CR4: 00000000003526f0<br /> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br /> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400<br /> Call Trace:<br /> <br /> tracepoint_probe_register_prio+0xc0/0x110 kernel/tracepoint.c:464<br /> register_trace_prio_sched_switch include/trace/events/sched.h:222 [inline]<br /> register_pid_events kernel/trace/trace_events.c:2354 [inline]<br /> event_pid_write.isra.0+0x439/0x7a0 kernel/trace/trace_events.c:2425<br /> vfs_write+0x24c/0x1150 fs/read_write.c:677<br /> ksys_write+0x12b/0x250 fs/read_write.c:731<br /> do_syscall_x64 arch/x86/entry/common.c:52 [inline]<br /> do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83<br /> entry_SYSCALL_64_after_hwframe+0x77/0x7f<br /> <br /> We can reproduce the warning by following the steps below:<br /> 1. echo 8 &gt;&gt; set_event_notrace_pid. Let tr-&gt;filtered_pids owns one pid<br /> and register sched_switch tracepoint.<br /> 2. echo &amp;#39; &amp;#39; &gt;&gt; set_event_pid, and perform fault injection during chunk<br /> allocation of trace_pid_list_alloc. Let pid_list with no pid and<br /> assign to tr-&gt;filtered_pids.<br /> 3. echo &amp;#39; &amp;#39; &gt;&gt; set_event_pid. Let pid_list is NULL and assign to<br /> tr-&gt;filtered_pids.<br /> 4. echo 9 &gt;&gt; set_event_pid, will trigger the double register<br /> sched_switch tracepoint warning.<br /> <br /> The reason is that syzkaller injects a fault into the chunk allocation<br /> in trace_pid_list_alloc, causing a failure in trace_pid_list_set, which<br /> may trigger double register of the same tracepoint. This only occurs<br /> when the system is about to crash, but to suppress this warning, let&amp;#39;s<br /> add failure handling logic to trace_pid_list_set.