debugobjects: Do not fill_pool() if pi_blocked_on

On RT enabled kernels, fill_pool() ends up calling rtlock_lock(), which
asserts if current::pi_blocked_on is set, because a task can obviously only
block on one lock as otherwise the priority inheritenace chain gets
corrupted.

Prevent this by expanding the conditional to take current::pi_blocked_on
into account.

Fixes: 4bedcc28469a ("debugobjects: Make them PREEMPT_RT aware")
Reported-by: syzbot+b8ca586b9fc235f0c0df@syzkaller.appspotmail.com
Signed-off-by: Helen Koike <koike@igalia.com>
Signed-off-by: Thomas Gleixner <tglx@kernel.org>
Link: https://patch.msgid.link/20260511215359.3351259-1-koike@igalia.com
Closes: https://syzkaller.appspot.com/bug?extid=b8ca586b9fc235f0c0df

diff --git a/lib/debugobjects.c b/lib/debugobjects.c
index 12e2e42e6a31aa8706e859aca41b81c03889cffe..772ddabcbe7d30b79b447a9073e539035a050c59 100644 (file)
--- a/lib/debugobjects.c
+++ b/lib/debugobjects.c
@@ -711,6 +711,15 @@ static struct debug_obj *lookup_object_or_alloc(void *addr, struct debug_bucket
        return NULL;
 }
 
+static inline bool debug_objects_is_pi_blocked_on(void)
+{
+#ifdef CONFIG_RT_MUTEXES
+       return current->pi_blocked_on != NULL;
+#else
+       return false;
+#endif
+}
+
 static void debug_objects_fill_pool(void)
 {
        if (!static_branch_likely(&obj_cache_enabled))
@@ -727,11 +736,12 @@ static void debug_objects_fill_pool(void)
 
        /*
         * On RT enabled kernels the pool refill must happen in preemptible
-        * context -- for !RT kernels we rely on the fact that spinlock_t and
-        * raw_spinlock_t are basically the same type and this lock-type
-        * inversion works just fine.
+        * context and not enqueued on an rt_mutex -- for !RT kernels we rely
+        * on the fact that spinlock_t and raw_spinlock_t are basically the
+        * same type and this lock-type inversion works just fine.
         */
-       if (!IS_ENABLED(CONFIG_PREEMPT_RT) || preemptible() || system_state < SYSTEM_SCHEDULING) {
+       if (!IS_ENABLED(CONFIG_PREEMPT_RT) || system_state < SYSTEM_SCHEDULING ||
+           (preemptible() && !debug_objects_is_pi_blocked_on())) {
                /*
                 * Annotate away the spinlock_t inside raw_spinlock_t warning
                 * by temporarily raising the wait-type to LD_WAIT_CONFIG, matching