CVE-2025-21862

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drop_monitor: fix incorrect initialization order<br /> <br /> Syzkaller reports the following bug:<br /> <br /> BUG: spinlock bad magic on CPU#1, syz-executor.0/7995<br /> lock: 0xffff88805303f3e0, .magic: 00000000, .owner: /-1, .owner_cpu: 0<br /> CPU: 1 PID: 7995 Comm: syz-executor.0 Tainted: G E 5.10.209+ #1<br /> Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020<br /> Call Trace:<br /> __dump_stack lib/dump_stack.c:77 [inline]<br /> dump_stack+0x119/0x179 lib/dump_stack.c:118<br /> debug_spin_lock_before kernel/locking/spinlock_debug.c:83 [inline]<br /> do_raw_spin_lock+0x1f6/0x270 kernel/locking/spinlock_debug.c:112<br /> __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:117 [inline]<br /> _raw_spin_lock_irqsave+0x50/0x70 kernel/locking/spinlock.c:159<br /> reset_per_cpu_data+0xe6/0x240 [drop_monitor]<br /> net_dm_cmd_trace+0x43d/0x17a0 [drop_monitor]<br /> genl_family_rcv_msg_doit+0x22f/0x330 net/netlink/genetlink.c:739<br /> genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]<br /> genl_rcv_msg+0x341/0x5a0 net/netlink/genetlink.c:800<br /> netlink_rcv_skb+0x14d/0x440 net/netlink/af_netlink.c:2497<br /> genl_rcv+0x29/0x40 net/netlink/genetlink.c:811<br /> netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]<br /> netlink_unicast+0x54b/0x800 net/netlink/af_netlink.c:1348<br /> netlink_sendmsg+0x914/0xe00 net/netlink/af_netlink.c:1916<br /> sock_sendmsg_nosec net/socket.c:651 [inline]<br /> __sock_sendmsg+0x157/0x190 net/socket.c:663<br /> ____sys_sendmsg+0x712/0x870 net/socket.c:2378<br /> ___sys_sendmsg+0xf8/0x170 net/socket.c:2432<br /> __sys_sendmsg+0xea/0x1b0 net/socket.c:2461<br /> do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46<br /> entry_SYSCALL_64_after_hwframe+0x62/0xc7<br /> RIP: 0033:0x7f3f9815aee9<br /> Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48<br /> RSP: 002b:00007f3f972bf0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e<br /> RAX: ffffffffffffffda RBX: 00007f3f9826d050 RCX: 00007f3f9815aee9<br /> RDX: 0000000020000000 RSI: 0000000020001300 RDI: 0000000000000007<br /> RBP: 00007f3f981b63bd R08: 0000000000000000 R09: 0000000000000000<br /> R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000<br /> R13: 000000000000006e R14: 00007f3f9826d050 R15: 00007ffe01ee6768<br /> <br /> If drop_monitor is built as a kernel module, syzkaller may have time<br /> to send a netlink NET_DM_CMD_START message during the module loading.<br /> This will call the net_dm_monitor_start() function that uses<br /> a spinlock that has not yet been initialized.<br /> <br /> To fix this, let&amp;#39;s place resource initialization above the registration<br /> of a generic netlink family.<br /> <br /> Found by InfoTeCS on behalf of Linux Verification Center<br /> (linuxtesting.org) with Syzkaller.