Re: [syzbot] [kernel?] WARNING in stub_timer (2)

[Thomas Gleixner <tglx@kernel.org>]

On Mon, Jun 15 2026 at 00:39, syzbot wrote:
> WARNING: kernel/time/hrtimer.c:443 at stub_timer+0xa/0x20 kernel/time/timer.c:716, CPU#0: udevd/4706

So this puzzled me a bit as the stub_timer callback is only installed
when the hrtimer object is not initialized according to the debug
objects tracking. But that would cause a debug objects warning splat,
which is not there.

Then I discovered this in the console log a few seconds before the warning:

     ODEBUG: Out of memory. ODEBUG disabled

So that made me dig into debug_object_assert_init() and I discovered the
following issue:

debug_assert_init()                             
        if (!enabled)
        	return;                         obj = alloc();
                				if (!obj)
                                                	enabled = false;
                                                        free_objects();
        obj = lookup_or_alloc();

        // Lookup failed because the other side
        // removed the objects, but it returns
        // an error code as the object in question
        // is not statically initialized

	if (!IS_ERR_OR_NULL(obj))
        	return;
        if (!obj) {
        	debug_oom();
                return;
        }

        print(...)
           if (!enabled)
                return;

        fixup(...)

So invoking the fixup callback in that case without checking again
whether debug_objects is still enabled causes the above problem.

Fix below.

Thanks,

        tglx
---
diff --git a/lib/debugobjects.c b/lib/debugobjects.c
index 6fb00e08a4e2..d7a02a943ac9 100644
--- a/lib/debugobjects.c
+++ b/lib/debugobjects.c
@@ -894,6 +894,14 @@ int debug_object_activate(void *addr, const struct debug_obj_descr *descr)
 	}
 
 	raw_spin_unlock_irqrestore(&db->lock, flags);
+
+	/*
+	 * lookup_object_or_alloc() might have raced with a concurrent
+	 * allocation failure which disabled debug objects.
+	 */
+	if (!debug_objects_enabled)
+		return 0;
+
 	debug_print_object(&o, "activate");
 
 	switch (o.state) {
@@ -1071,6 +1079,15 @@ void debug_object_assert_init(void *addr, const struct debug_obj_descr *descr)
 		return;
 	}
 
+	/*
+	 * lookup_object_or_alloc() might have raced with a concurrent
+	 * allocation failure which disabled debug objects. Don't run the fixup
+	 * as it might turn a valid object useless. See for example
+	 * hrtimer_fixup_assert_init().
+	 */
+	if (!debug_objects_enabled)
+		return;
+
 	/* Object is neither tracked nor static. It's not initialized. */
 	debug_print_object(&o, "assert_init");
 	debug_object_fixup(descr->fixup_assert_init, addr, ODEBUG_STATE_NOTAVAILABLE);