CVE-2025-37745

In the Linux kernel, the following vulnerability has been resolved:

PM: hibernate: Avoid deadlock in hibernatecompressorparam_set()

syzbot reported a deadlock in locksystemsleep() (see below).

The write operation to "/sys/module/hibernate/parameters/compressor" conflicts with the registration of ieee80211 device, resulting in a deadlock when attempting to acquire systemtransitionmutex under param_lock.

To avoid this deadlock, change hibernatecompressorparamset() to use mutextrylock() for attempting to acquire systemtransitionmutex and return -EBUSY when it fails.

Task flags need not be saved or adjusted before calling mutextrylock(&systemtransition_mutex) because the caller is not going to end up waiting for this mutex and if it runs concurrently with system suspend in progress, it will be frozen properly when it returns to user space.

syzbot report:

syz-executor895/5833 is trying to acquire lock: ffffffff8e0828c8 (systemtransitionmutex){+.+.}-{4:4}, at: locksystemsleep+0x87/0xa0 kernel/power/main.c:56

but task is already holding lock: ffffffff8e07dc68 (paramlock){+.+.}-{4:4}, at: kernelparamlock kernel/params.c:607 [inline] ffffffff8e07dc68 (paramlock){+.+.}-{4:4}, at: paramattrstore+0xe6/0x300 kernel/params.c:586

which lock already depends on the new lock.

the existing dependency chain (in reverse order) is:

-> #3 (paramlock){+.+.}-{4:4}: _mutexlockcommon kernel/locking/mutex.c:585 [inline] _mutexlock+0x19b/0xb10 kernel/locking/mutex.c:730 ieee80211ratecontrolopsget net/mac80211/rate.c:220 [inline] ratecontrolalloc net/mac80211/rate.c:266 [inline] ieee80211initratectrlalg+0x18d/0x6b0 net/mac80211/rate.c:1015 ieee80211registerhw+0x20cd/0x4060 net/mac80211/main.c:1531 mac80211hwsimnewradio+0x304e/0x54e0 drivers/net/wireless/virtual/mac80211hwsim.c:5558 initmac80211hwsim+0x432/0x8c0 drivers/net/wireless/virtual/mac80211hwsim.c:6910 dooneinitcall+0x128/0x700 init/main.c:1257 doinitcalllevel init/main.c:1319 [inline] doinitcalls init/main.c:1335 [inline] dobasicsetup init/main.c:1354 [inline] kernelinitfreeable+0x5c7/0x900 init/main.c:1568 kernelinit+0x1c/0x2b0 init/main.c:1457 retfromfork+0x45/0x80 arch/x86/kernel/process.c:148 retfromforkasm+0x1a/0x30 arch/x86/entry/entry_64.S:244

-> #2 (rtnlmutex){+.+.}-{4:4}: _mutexlockcommon kernel/locking/mutex.c:585 [inline] _mutexlock+0x19b/0xb10 kernel/locking/mutex.c:730 wgpmnotification drivers/net/wireguard/device.c:80 [inline] wgpmnotification+0x49/0x180 drivers/net/wireguard/device.c:64 notifiercallchain+0xb7/0x410 kernel/notifier.c:85 notifiercallchainrobust kernel/notifier.c:120 [inline] blockingnotifiercallchainrobust kernel/notifier.c:345 [inline] blockingnotifiercallchainrobust+0xc9/0x170 kernel/notifier.c:333 pmnotifiercallchainrobust+0x27/0x60 kernel/power/main.c:102 snapshotopen+0x189/0x2b0 kernel/power/user.c:77 miscopen+0x35a/0x420 drivers/char/misc.c:179 chrdevopen+0x237/0x6a0 fs/chardev.c:414 dodentryopen+0x735/0x1c40 fs/open.c:956 vfsopen+0x82/0x3f0 fs/open.c:1086 doopen fs/namei.c:3830 [inline] pathopenat+0x1e88/0x2d80 fs/namei.c:3989 dofilpopen+0x20c/0x470 fs/namei.c:4016 dosysopenat2+0x17a/0x1e0 fs/open.c:1428 dosysopen fs/open.c:1443 [inline] _dosysopenat fs/open.c:1459 [inline] _sesysopenat fs/open.c:1454 [inline] _x64sysopenat+0x175/0x210 fs/open.c:1454 dosyscallx64 arch/x86/entry/common.c:52 [inline] dosyscall64+0xcd/0x250 arch/x86/entry/common.c:83 entrySYSCALL64after_hwframe+0x77/0x7f

-> #1 ((pmchainhead).rwsem){++++}-{4:4}: downread+0x9a/0x330 kernel/locking/rwsem.c:1524 blockingnotifiercallchain_robust kerne ---truncated---