In the Linux kernel, the following vulnerability has been resolved: futex/requeue: Prevent NULL pointer dereference in removewaiter() on self-deadlock When FUTEXCMPREQUEUEPI requeues a non-top waiter that already owns the target PI futex, taskblocksonrtmutex() returns -EDEADLK before setting waiter->task. The subsequent removewaiter() in rtmutexstartproxylock() dereferences the NULL waiter->task, causing a kernel crash. Add a self-deadlock check for non-top waiters before calling rtmutexstartproxylock(), analogous to the top-waiter check in futexlockpiatomic().