CVE-2025-21805

A warning is triggered when repeatedly connecting and disconnecting the rnbd: listadd corruption. prev->next should be next (ffff88800b13e480), but was ffff88801ecd1338. (prev=ffff88801ecd1340). WARNING: CPU: 1 PID: 36562 at lib/listdebug.c:32 __listaddvalidorreport+0x7f/0xa0 Workqueue: ibcm cmworkhandler [ibcm] RIP: 0010:__listaddvalidorreport+0x7f/0xa0 ? __listaddvalid_orreport+0x7f/0xa0 ibregistereventhandler+0x65/0x93 [ibcore] rtrssrvibdevinit+0x29/0x30 [rtrsserver] rtrsibdevfindoradd+0x124/0x1d0 [rtrscore] __allocpath+0x46c/0x680 [rtrsserver] ? rtrs_rdmaconnect+0xa6/0x2d0 [rtrsserver] ? rcuiswatching+0xd/0x40 ? __mutexlock+0x312/0xcf0 ? getor_createsrv+0xad/0x310 [rtrsserver] ? rtrsrdmaconnect+0xa6/0x2d0 [rtrsserver] rtrsrdmaconnect+0x23c/0x2d0 [rtrsserver] ? __lockrelease+0x1b1/0x2d0 cmacmeventhandler+0x4a/0x1a0 [rdmacm] cmaibreqhandler+0x3a0/0x7e0 [rdmacm] cmprocesswork+0x28/0x1a0 [ibcm] ? rawspinunlockirq+0x2f/0x50 cmreqhandler+0x618/0xa60 [ibcm] cmworkhandler+0x71/0x520 [ibcm]

Commit 667db86bcbe8 ("RDMA/rtrs: Register ib event handler") introduced a new element .deinit but never used it at all. Fix it by invoking the deinit() to appropriately unregister the IB event handler.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21805.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

667db86bcbe82e789d82c2e8c8c40756ec2e1999

Fixed

5a79cc9bc961fafe90787f86e8f53ba6fad8d63b

Fixed

1af2c769032b6b334cd2a867d7d8c7cbbc527b2d

Fixed

81468c4058a62e84e475433b83b3edc613294f5e

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-21805.json"