From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 067A544D031; Tue, 16 Jun 2026 15:44:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781624674; cv=none; b=nwV9BmrtGdXDa2npI4LLdeACn14vqUixvAdGTeeyyZ0VkqJXkRhm2zTpf+Sas+teztCgkidK9AIezMKq297xTCVumGe16HP5kuHMwc5ULp2uzAK+oV5tRkS/Px9p0YyOiNRnydk+M2HOImodBq92KZkyWvfux+5+2dm1ezl/zak= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781624674; c=relaxed/simple; bh=dxHNSep29E0UyRO/bwdsWFgBV7JMMrFE3HdG2t29WaU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=dtRDnZyj8LgFEINlP6T/HHIqsJ6WEG/oyVPaAB1n5csqfRGZoqIxBzp53P2cJh+KpoHo7C7gX5eTAAOZ00sDfkDb+A2QGiQ6/hPZRm2U7qgCabMnnVh9iFXB8eWWo/hv6efvNrIZUQt7V3fqcXFbefd5HaqcJ5PatlXGOzSFAvQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=v0fvS1Db; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="v0fvS1Db" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0EF0B1F000E9; Tue, 16 Jun 2026 15:44:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linuxfoundation.org; s=korg; t=1781624672; bh=OJiL+WcjaQjQT3nucjWwL5hYSPXd7gQoqI8YOll05/k=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=v0fvS1DbTUIfTnyLMVPCV8BC0rlcRJMTWRJ7aIwWLeFKFi7OTnyXM2SMIXtZZhzTB bvzWZDXcssQDiJUZtPyrecS5x8464dcXKLuwTb8daWaK1rDp/T6++iDR9JzTm7X2Gm moj2yk2D7U9mXzombOoNG5ioz/CYRmX8p9PNwed8= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, syzbot+b8ca586b9fc235f0c0df@syzkaller.appspotmail.com, Helen Koike , Thomas Gleixner Subject: [PATCH 7.0 372/378] debugobjects: Do not fill_pool() if pi_blocked_on Date: Tue, 16 Jun 2026 20:30:03 +0530 Message-ID: <20260616145129.689029944@linuxfoundation.org> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260616145109.744539446@linuxfoundation.org> References: <20260616145109.744539446@linuxfoundation.org> User-Agent: quilt/0.69 X-stable: review X-Patchwork-Hint: ignore Precedence: bulk X-Mailing-List: patches@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit 7.0-stable review patch. If anyone has any objections, please let me know. ------------------ From: Helen Koike commit 5f41161059fd0f1bbf18c90f3180e38cc45a14eb upstream. On RT enabled kernels, fill_pool() ends up calling rtlock_lock(), which asserts if current::pi_blocked_on is set, because a task can obviously only block on one lock as otherwise the priority inheritenace chain gets corrupted. Prevent this by expanding the conditional to take current::pi_blocked_on into account. Fixes: 4bedcc28469a ("debugobjects: Make them PREEMPT_RT aware") Reported-by: syzbot+b8ca586b9fc235f0c0df@syzkaller.appspotmail.com Signed-off-by: Helen Koike Signed-off-by: Thomas Gleixner Link: https://patch.msgid.link/20260511215359.3351259-1-koike@igalia.com Closes: https://syzkaller.appspot.com/bug?extid=b8ca586b9fc235f0c0df Signed-off-by: Greg Kroah-Hartman --- lib/debugobjects.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) --- a/lib/debugobjects.c +++ b/lib/debugobjects.c @@ -711,6 +711,15 @@ static struct debug_obj *lookup_object_o return NULL; } +static inline bool debug_objects_is_pi_blocked_on(void) +{ +#ifdef CONFIG_RT_MUTEXES + return current->pi_blocked_on != NULL; +#else + return false; +#endif +} + static void debug_objects_fill_pool(void) { if (!static_branch_likely(&obj_cache_enabled)) @@ -727,11 +736,12 @@ static void debug_objects_fill_pool(void /* * On RT enabled kernels the pool refill must happen in preemptible - * context -- for !RT kernels we rely on the fact that spinlock_t and - * raw_spinlock_t are basically the same type and this lock-type - * inversion works just fine. + * context and not enqueued on an rt_mutex -- for !RT kernels we rely + * on the fact that spinlock_t and raw_spinlock_t are basically the + * same type and this lock-type inversion works just fine. */ - if (!IS_ENABLED(CONFIG_PREEMPT_RT) || preemptible() || system_state < SYSTEM_SCHEDULING) { + if (!IS_ENABLED(CONFIG_PREEMPT_RT) || system_state < SYSTEM_SCHEDULING || + (preemptible() && !debug_objects_is_pi_blocked_on())) { /* * Annotate away the spinlock_t inside raw_spinlock_t warning * by temporarily raising the wait-type to LD_WAIT_CONFIG, matching