Wind River Support Network

Description

In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().[EOL][EOL]syzbot reported a warning below during atm_dev_register(). [0][EOL][EOL]Before creating a new device and procfs/sysfs for it, atm_dev_register()[EOL]looks up a duplicated device by __atm_dev_lookup().  These operations are[EOL]done under atm_dev_mutex.[EOL][EOL]However, when removing a device in atm_dev_deregister(), it releases the[EOL]mutex just after removing the device from the list that __atm_dev_lookup()[EOL]iterates over.[EOL][EOL]So, there will be a small race window where the device does not exist on[EOL]the device list but procfs/sysfs are still not removed, triggering the[EOL]splat.[EOL][EOL]Let's hold the mutex until procfs/sysfs are removed in[EOL]atm_dev_deregister().[EOL][EOL][0]:[EOL]proc_dir_entry 'atm/atmtcp:0' already registered[EOL]WARNING: CPU: 0 PID: 5919 at fs/proc/generic.c:377 proc_register+0x455/0x5f0 fs/proc/generic.c:377[EOL]Modules linked in:[EOL]CPU: 0 UID: 0 PID: 5919 Comm: syz-executor284 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full)[EOL]Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025[EOL]RIP: 0010:proc_register+0x455/0x5f0 fs/proc/generic.c:377[EOL]Code: 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 a2 01 00 00 48 8b 44 24 10 48 c7 c7 20 c0 c2 8b 48 8b b0 d8 00 00 00 e8 0c 02 1c ff 90 <0f> 0b 90 90 48 c7 c7 80 f2 82 8e e8 0b de 23 09 48 8b 4c 24 28 48[EOL]RSP: 0018:ffffc9000466fa30 EFLAGS: 00010282[EOL]RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817ae248[EOL]RDX: ffff888026280000 RSI: ffffffff817ae255 RDI: 0000000000000001[EOL]RBP: ffff8880232bed48 R08: 0000000000000001 R09: 0000000000000000[EOL]R10: 0000000000000000 R11: 0000000000000001 R12: ffff888076ed2140[EOL]R13: dffffc0000000000 R14: ffff888078a61340 R15: ffffed100edda444[EOL]FS:  00007f38b3b0c6c0(0000) GS:ffff888124753000(0000) knlGS:0000000000000000[EOL]CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033[EOL]CR2: 00007f38b3bdf953 CR3: 0000000076d58000 CR4: 00000000003526f0[EOL]DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000[EOL]DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400[EOL]Call Trace:[EOL] <TASK>[EOL] proc_create_data+0xbe/0x110 fs/proc/generic.c:585[EOL] atm_proc_dev_register+0x112/0x1e0 net/atm/proc.c:361[EOL] atm_dev_register+0x46d/0x890 net/atm/resources.c:113[EOL] atmtcp_create+0x77/0x210 drivers/atm/atmtcp.c:369[EOL] atmtcp_attach drivers/atm/atmtcp.c:403 [inline][EOL] atmtcp_ioctl+0x2f9/0xd60 drivers/atm/atmtcp.c:464[EOL] do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159[EOL] sock_do_ioctl+0x115/0x280 net/socket.c:1190[EOL] sock_ioctl+0x227/0x6b0 net/socket.c:1311[EOL] vfs_ioctl fs/ioctl.c:51 [inline][EOL] __do_sys_ioctl fs/ioctl.c:907 [inline][EOL] __se_sys_ioctl fs/ioctl.c:893 [inline][EOL] __x64_sys_ioctl+0x18b/0x210 fs/ioctl.c:893[EOL] do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline][EOL] do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94[EOL] entry_SYSCALL_64_after_hwframe+0x77/0x7f[EOL]RIP: 0033:0x7f38b3b74459[EOL]Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48[EOL]RSP: 002b:00007f38b3b0c198 EFLAGS: 00000246 ORIG_RAX: 0000000000000010[EOL]RAX: ffffffffffffffda RBX: 00007f38b3bfe318 RCX: 00007f38b3b74459[EOL]RDX: 0000000000000000 RSI: 0000000000006180 RDI: 0000000000000005[EOL]RBP: 00007f38b3bfe310 R08: 65732f636f72702f R09: 65732f636f72702f[EOL]R10: 65732f636f72702f R11: 0000000000000246 R12: 00007f38b3bcb0ac[EOL]R13: 00007f38b3b0c1a0 R14: 0000200000000200 R15: 00007f38b3bcb03b[EOL] </TASK>

CREATE(Triage):(User=admin) [CVE-2025-38245 (https://nvd.nist.gov/vuln/detail/CVE-2025-38245)