{"id":"CVE-2025-39914","summary":"tracing: Silence warning when chunk allocation fails in trace_pid_write","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Silence warning when chunk allocation fails in trace_pid_write\n\nSyzkaller trigger a fault injection warning:\n\nWARNING: CPU: 1 PID: 12326 at tracepoint_add_func+0xbfc/0xeb0\nModules linked in:\nCPU: 1 UID: 0 PID: 12326 Comm: syz.6.10325 Tainted: G U 6.14.0-rc5-syzkaller #0\nTainted: [U]=USER\nHardware name: Google Compute Engine/Google Compute Engine\nRIP: 0010:tracepoint_add_func+0xbfc/0xeb0 kernel/tracepoint.c:294\nCode: 09 fe ff 90 0f 0b 90 0f b6 74 24 43 31 ff 41 bc ea ff ff ff\nRSP: 0018:ffffc9000414fb48 EFLAGS: 00010283\nRAX: 00000000000012a1 RBX: ffffffff8e240ae0 RCX: ffffc90014b78000\nRDX: 0000000000080000 RSI: ffffffff81bbd78b RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000001 R12: ffffffffffffffef\nR13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff81c264f0\nFS:  00007f27217f66c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b2e80dff8 CR3: 00000000268f8000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n tracepoint_probe_register_prio+0xc0/0x110 kernel/tracepoint.c:464\n register_trace_prio_sched_switch include/trace/events/sched.h:222 [inline]\n register_pid_events kernel/trace/trace_events.c:2354 [inline]\n event_pid_write.isra.0+0x439/0x7a0 kernel/trace/trace_events.c:2425\n vfs_write+0x24c/0x1150 fs/read_write.c:677\n ksys_write+0x12b/0x250 fs/read_write.c:731\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nWe can reproduce the warning by following the steps below:\n1. echo 8 \u003e\u003e set_event_notrace_pid. Let tr-\u003efiltered_pids owns one pid\n   and register sched_switch tracepoint.\n2. echo ' ' \u003e\u003e set_event_pid, and perform fault injection during chunk\n   allocation of trace_pid_list_alloc. Let pid_list with no pid and\nassign to tr-\u003efiltered_pids.\n3. echo ' ' \u003e\u003e set_event_pid. Let pid_list is NULL and assign to\n   tr-\u003efiltered_pids.\n4. echo 9 \u003e\u003e set_event_pid, will trigger the double register\n   sched_switch tracepoint warning.\n\nThe reason is that syzkaller injects a fault into the chunk allocation\nin trace_pid_list_alloc, causing a failure in trace_pid_list_set, which\nmay trigger double register of the same tracepoint. This only occurs\nwhen the system is about to crash, but to suppress this warning, let's\nadd failure handling logic to trace_pid_list_set.","modified":"2026-03-20T12:43:05.902144Z","published":"2025-10-01T07:44:37.018Z","related":["MGASA-2025-0309","MGASA-2025-0310"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39914.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1262bda871dace8c6efae25f3b6a2d34f6f06d54"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7583a73c53f1d1ae7a39b130eb7190a11f0a902f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/793338906ff57d8c683f44fe48ca99d49c8782a7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/88525accf16947ab459f8e91c27c8c53e1d612d7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cd4453c5e983cf1fd5757e9acb915adb1e4602b6"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39914.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39914"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"8d6e90983ade25ec7925211ac31d9ccaf64b7edf"},{"fixed":"7583a73c53f1d1ae7a39b130eb7190a11f0a902f"},{"fixed":"1262bda871dace8c6efae25f3b6a2d34f6f06d54"},{"fixed":"88525accf16947ab459f8e91c27c8c53e1d612d7"},{"fixed":"793338906ff57d8c683f44fe48ca99d49c8782a7"},{"fixed":"cd4453c5e983cf1fd5757e9acb915adb1e4602b6"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39914.json"}}],"schema_version":"1.7.5"}