From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from out-185.mta0.migadu.com (out-185.mta0.migadu.com [91.218.175.185]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0DDB82FE56A for ; Wed, 10 Jun 2026 03:48:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=91.218.175.185 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781063295; cv=none; b=FYbZhhfRYmaML4LZR6d3V1KYDkA8t9XqBJuCbAeiGLcX9JHVXvRCGeZ+dAhUQ1MCOaUdSc81R79sFNUtX1J0bPh0yPIzMlQSVRPj84jidIhODhUgqXwFt35sFf+GzYD1cYfz2KKjXrST9qCs/Wd5xBZcE87Vx1Z3PulwEhWT3/g= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781063295; c=relaxed/simple; bh=KM+kFiqFONaQl24Z42wIqIwtdVnDOSLmVKDdarSz88E=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=kurXbed/ACQSUtVGUHTfmKumBaN3LVP0tuRn6ZEgEcklPEtTDJgcLLZg6yGrM1dRN3HCdV0hdan6ML+YYEpYBM0bMZ9jZLbPZAAFmorRR8cDWS0Y05Xlb0+lVKAjxsNgAeRKtE7RfgdCwFJL/vvhchaOGJ42k7ErmtwkSrSO+n8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev; spf=pass smtp.mailfrom=linux.dev; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b=Jo42rdF1; arc=none smtp.client-ip=91.218.175.185 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="Jo42rdF1" X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1781063292; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=ghH360S1DOHU1MJDt45fetoU9upagvGVPD9W5HxkMRw=; b=Jo42rdF1War/FoFbGHBxLvV6fe4I7KYV8z8ZWN+ebn0lzo+56gN1NTeEPwgLmP/7mPmI1D CDuyyyft+OiOjnXErm9QUyZXJL+CLUxxu50C6aYJMkruhKj4nL050fYNR5eroH32hij0qD QZhQm9YgVnYjXqFmy+NIa6dN6hlASF0= From: Jiayuan Chen To: linux-kernel@vger.kernel.org Cc: Jiayuan Chen , Andrew Morton , Thomas Gleixner Subject: [PATCH] debugobjects: skip activate fixup when disabled by a concurrent OOM Date: Wed, 10 Jun 2026 11:47:25 +0800 Message-ID: <20260610034726.213910-1-jiayuan.chen@linux.dev> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Migadu-Flow: FLOW_OUT When a tracking object cannot be allocated, lookup_object_or_alloc() sets debug_objects_enabled = false and the caller runs debug_objects_oom(), which wipes the whole hash. The flag is cleared before the hash is wiped. debug_object_activate() only tests debug_objects_enabled once on entry. If another CPU hits OOM and wipes the hash after that test, the lookup here misses and the object is taken as ODEBUG_STATE_NOTAVAILABLE. fixup_activate() then "repairs" it; for timers that overwrites a live timer's callback with stub_timer, which later fires a bogus WARN. Re-check debug_objects_enabled while still holding the bucket lock, before the fixup. The flag is cleared before the hash is wiped, and both the wipe and the lookup are serialized by the bucket lock, so a wipe-induced miss is guaranteed to observe the cleared flag and the spurious fixup is skipped. Signed-off-by: Jiayuan Chen --- lib/debugobjects.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lib/debugobjects.c b/lib/debugobjects.c index b18a682fe3da..fcb7949cb2be 100644 --- a/lib/debugobjects.c +++ b/lib/debugobjects.c @@ -865,6 +865,16 @@ int debug_object_activate(void *addr, const struct debug_obj_descr *descr) } } + /* + * A concurrent OOM teardown may have disabled debugobjects and + * wiped the hash after the check at function entry. So we need + * check it again here. + */ + if (!debug_objects_enabled) { + raw_spin_unlock_irqrestore(&db->lock, flags); + return 0; + } + raw_spin_unlock_irqrestore(&db->lock, flags); debug_print_object(&o, "activate"); -- 2.43.0