syzbot

 sign-in | mailing list | source | docs
🐞 Open [827]
🐞 Fixed [87]
🐞 Invalid [1181]
Missing Backports [135]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

WARNING: ODEBUG bug in snd_rawmidi_free

Status: upstream: reported C repro on 2025/11/01 23:04
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+0d3945394228cf36bcd6@syzkaller.appspotmail.com
First crash: 72d, last: 15d
Fix bisection: the issue occurs on the latest tested release (bisect log)
Crash: WARNING: ODEBUG bug in corrupted (log)
Repro: C syz .config
  
Bug presence (2)
Date Name Commit Repro Result
2025/11/03 linux-5.15.y (ToT) cc5ec8769306 C [report] WARNING: ODEBUG bug in snd_rawmidi_free
2025/11/03 upstream (ToT) 6146a0f1dfae C Didn't crash
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING: ODEBUG bug in snd_rawmidi_free sound usb -1 C error 1 254d 250d 29/29 fixed on 2025/07/08 00:33
Last patch testing requests (7)
Created Duration User Patch Repo Result
2026/01/12 18:53 13m retest repro linux-5.15.y report log
2026/01/12 18:53 10m retest repro linux-5.15.y report log
2025/12/28 22:31 10m retest repro linux-5.15.y report log
2025/12/28 22:31 10m retest repro linux-5.15.y report log
2025/12/28 22:31 10m retest repro linux-5.15.y report log
2025/12/28 22:31 12m retest repro linux-5.15.y report log
2025/12/28 22:31 9m retest repro linux-5.15.y report log
Fix bisection attempts (2)
Created Duration User Patch Repo Result
2025/12/05 23:16 2h07m fix candidate upstream OK (0) job log
2025/12/04 13:53 1h58m bisect fix linux-5.15.y OK (0) job log log

Sample crash report:
usb 3-1: selecting invalid altsetting 0
------------[ cut here ]------------
ODEBUG: free active (active state 0) object type: timer_list hint: snd_usbmidi_error_timer+0x0/0x660
WARNING: CPU: 1 PID: 3158 at lib/debugobjects.c:521 debug_print_object lib/debugobjects.c:518 [inline]
WARNING: CPU: 1 PID: 3158 at lib/debugobjects.c:521 __debug_check_no_obj_freed lib/debugobjects.c:973 [inline]
WARNING: CPU: 1 PID: 3158 at lib/debugobjects.c:521 debug_check_no_obj_freed+0x43c/0x530 lib/debugobjects.c:1003
Modules linked in:
CPU: 1 PID: 3158 Comm: kworker/1:2 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: usb_hub_wq hub_event
RIP: 0010:debug_print_object lib/debugobjects.c:518 [inline]
RIP: 0010:__debug_check_no_obj_freed lib/debugobjects.c:973 [inline]
RIP: 0010:debug_check_no_obj_freed+0x43c/0x530 lib/debugobjects.c:1003
Code: ef e8 c8 fd dc fd 4c 8b 45 00 48 c7 c7 20 f1 59 8a 48 c7 c6 e0 ed 59 8a 48 c7 c2 80 f2 59 8a 8b 0c 24 4d 89 e9 e8 e4 f0 b7 05 <0f> 0b 4c 8b 6c 24 18 48 b9 00 00 00 00 00 fc ff df ff 05 45 32 8a
RSP: 0018:ffffc9000cc5ea18 EFLAGS: 00010246
RAX: 3169d7639c632100 RBX: ffffffff96307758 RCX: ffff88802a6ebb80
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: ffffffff8a0c9cc0 R08: dffffc0000000000 R09: fffff5200198bca9
R10: fffff5200198bca9 R11: 1ffff9200198bca8 R12: ffff8880741c0c00
R13: ffffffff87bc58f0 R14: ffff8880741c0000 R15: ffff8880741c0840
FS:  0000000000000000(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555648e0ca8 CR3: 000000007a5aa000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 slab_free_hook mm/slub.c:1685 [inline]
 slab_free_freelist_hook+0x8b/0x170 mm/slub.c:1736
 slab_free mm/slub.c:3504 [inline]
 kfree+0xef/0x2a0 mm/slub.c:4564
 snd_rawmidi_free+0x3b7/0x3e0 sound/core/rawmidi.c:1844
 snd_rawmidi_dev_free+0x34/0x40 sound/core/rawmidi.c:1853
 __snd_device_free+0x1cd/0x2e0 sound/core/device.c:76
 snd_device_free_all+0xcb/0x180 sound/core/device.c:233
 snd_card_do_free sound/core/init.c:588 [inline]
 release_card_device+0x6d/0x1f0 sound/core/init.c:145
 device_release+0x92/0x1c0 drivers/base/core.c:-1
 kobject_cleanup lib/kobject.c:713 [inline]
 kobject_release lib/kobject.c:744 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x21d/0x460 lib/kobject.c:761
 snd_card_free_when_closed sound/core/init.c:620 [inline]
 snd_card_free+0x123/0x190 sound/core/init.c:653
 usb_audio_probe+0x187f/0x1d50 sound/usb/card.c:939
 usb_probe_interface+0x5a0/0xaf0 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x284/0xc80 drivers/base/dd.c:595
 __driver_probe_device+0x18c/0x330 drivers/base/dd.c:755
 driver_probe_device+0x4f/0x420 drivers/base/dd.c:785
 __device_attach_driver+0x2b0/0x500 drivers/base/dd.c:907
 bus_for_each_drv+0x175/0x200 drivers/base/bus.c:429
 __device_attach+0x29b/0x460 drivers/base/dd.c:979
 bus_probe_device+0xbc/0x1e0 drivers/base/bus.c:489
 device_add+0xa00/0xfb0 drivers/base/core.c:3412
 usb_set_configuration+0x1991/0x1fd0 drivers/usb/core/message.c:2165
 usb_generic_driver_probe+0x89/0x150 drivers/usb/core/generic.c:238
 usb_probe_device+0x139/0x270 drivers/usb/core/driver.c:293
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x284/0xc80 drivers/base/dd.c:595
 __driver_probe_device+0x18c/0x330 drivers/base/dd.c:755
 driver_probe_device+0x4f/0x420 drivers/base/dd.c:785
 __device_attach_driver+0x2b0/0x500 drivers/base/dd.c:907
 bus_for_each_drv+0x175/0x200 drivers/base/bus.c:429
 __device_attach+0x29b/0x460 drivers/base/dd.c:979
 bus_probe_device+0xbc/0x1e0 drivers/base/bus.c:489
 device_add+0xa00/0xfb0 drivers/base/core.c:3412
 usb_new_device+0xd53/0x1640 drivers/usb/core/hub.c:2632
 hub_port_connect drivers/usb/core/hub.c:5497 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5637 [inline]
 port_event drivers/usb/core/hub.c:5799 [inline]
 hub_event+0x2dd9/0x5560 drivers/usb/core/hub.c:5881
 process_one_work+0x863/0x1000 kernel/workqueue.c:2310

Crashes (8):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/12/13 10:30 linux-5.15.y 68efe5a6c16a d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan WARNING: ODEBUG bug in snd_rawmidi_free
2025/12/13 07:58 linux-5.15.y 68efe5a6c16a d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan WARNING: ODEBUG bug in snd_rawmidi_free
2025/12/13 00:44 linux-5.15.y 68efe5a6c16a d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan WARNING: ODEBUG bug in snd_rawmidi_free
2025/12/12 18:46 linux-5.15.y 68efe5a6c16a d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan WARNING: ODEBUG bug in snd_rawmidi_free
2025/12/12 15:08 linux-5.15.y 68efe5a6c16a d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan WARNING: ODEBUG bug in snd_rawmidi_free
2025/12/12 11:20 linux-5.15.y 68efe5a6c16a d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan WARNING: ODEBUG bug in snd_rawmidi_free
2025/12/12 08:40 linux-5.15.y 68efe5a6c16a d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan WARNING: ODEBUG bug in snd_rawmidi_free
2025/11/01 23:03 linux-5.15.y cc5ec8769306 2c50b6a9 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan WARNING: ODEBUG bug in snd_rawmidi_free
* Struck through repros no longer work on HEAD.