CVE-2025-39914

In the Linux kernel, the following vulnerability has been resolved:

tracing: Silence warning when chunk allocation fails in tracepidwrite

Syzkaller trigger a fault injection warning:

WARNING: CPU: 1 PID: 12326 at tracepointaddfunc+0xbfc/0xeb0 Modules linked in: CPU: 1 UID: 0 PID: 12326 Comm: syz.6.10325 Tainted: G U 6.14.0-rc5-syzkaller #0 Tainted: [U]=USER Hardware name: Google Compute Engine/Google Compute Engine RIP: 0010:tracepointaddfunc+0xbfc/0xeb0 kernel/tracepoint.c:294 Code: 09 fe ff 90 0f 0b 90 0f b6 74 24 43 31 ff 41 bc ea ff ff ff RSP: 0018:ffffc9000414fb48 EFLAGS: 00010283 RAX: 00000000000012a1 RBX: ffffffff8e240ae0 RCX: ffffc90014b78000 RDX: 0000000000080000 RSI: ffffffff81bbd78b RDI: 0000000000000001 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: ffffffffffffffef R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff81c264f0 FS: 00007f27217f66c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2e80dff8 CR3: 00000000268f8000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> tracepointproberegisterprio+0xc0/0x110 kernel/tracepoint.c:464 registertraceprioschedswitch include/trace/events/sched.h:222 [inline] registerpidevents kernel/trace/traceevents.c:2354 [inline] eventpidwrite.isra.0+0x439/0x7a0 kernel/trace/traceevents.c:2425 vfswrite+0x24c/0x1150 fs/readwrite.c:677 ksyswrite+0x12b/0x250 fs/readwrite.c:731 dosyscallx64 arch/x86/entry/common.c:52 [inline] dosyscall64+0xcd/0x250 arch/x86/entry/common.c:83 entrySYSCALL64after_hwframe+0x77/0x7f

We can reproduce the warning by following the steps below: 1. echo 8 >> seteventnotracepid. Let tr->filteredpids owns one pid and register schedswitch tracepoint. 2. echo ' ' >> seteventpid, and perform fault injection during chunk allocation of tracepidlistalloc. Let pidlist with no pid and assign to tr->filteredpids. 3. echo ' ' >> seteventpid. Let pidlist is NULL and assign to tr->filteredpids. 4. echo 9 >> seteventpid, will trigger the double register sched_switch tracepoint warning.

The reason is that syzkaller injects a fault into the chunk allocation in tracepidlistalloc, causing a failure in tracepidlistset, which may trigger double register of the same tracepoint. This only occurs when the system is about to crash, but to suppress this warning, let's add failure handling logic to tracepidlist_set.