CVE-2025-39900

In the Linux kernel, the following vulnerability has been resolved:

netsched: genestimator: fix esttimer() vs CONFIGPREEMPT_RT=y

syzbot reported a WARNING in est_timer() [1]

Problem here is that with CONFIGPREEMPTRT=y, timer callbacks can be preempted.

Adopt preemptdisablenested()/preemptenablenested() to fix this.

[1] WARNING: CPU: 0 PID: 16 at ./include/linux/seqlock.h:221 __seqpropassert include/linux/seqlock.h:221 [inline] WARNING: CPU: 0 PID: 16 at ./include/linux/seqlock.h:221 esttimer+0x6dc/0x9f0 net/core/genestimator.c:93 Modules linked in: CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT{RT,(full)} Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 RIP: 0010:__seqpropassert include/linux/seqlock.h:221 [inline] RIP: 0010:esttimer+0x6dc/0x9f0 net/core/genestimator.c:93 Call Trace: <TASK> calltimerfn+0x17e/0x5f0 kernel/time/timer.c:1747 expiretimers kernel/time/timer.c:1798 [inline] __run_timers kernel/time/timer.c:2372 [inline] __runtimerbase+0x648/0x970 kernel/time/timer.c:2384 runtimerbase kernel/time/timer.c:2393 [inline] runtimersoftirq+0xb7/0x180 kernel/time/timer.c:2403 handle_softirqs+0x22c/0x710 kernel/softirq.c:579 __dosoftirq kernel/softirq.c:613 [inline] runktimerd+0xcf/0x190 kernel/softirq.c:1043 smpbootthreadfn+0x53f/0xa60 kernel/smpboot.c:160 kthread+0x70e/0x8a0 kernel/kthread.c:463 retfromfork+0x3fc/0x770 arch/x86/kernel/process.c:148 retfromforkasm+0x1a/0x30 arch/x86/entry/entry64.S:245 </TASK>