WARNING: ODEBUG bug in handle

Kernel	Title	Rank 🛈	Repro	Cause bisect	Count	Last	Reported	Patched	Status
linux-6.6	WARNING: ODEBUG bug in handle_softirqs	-1			3	100d	129d	0/2	auto-obsoleted due to no activity on 2026/06/04 14:54
linux-6.1	WARNING: ODEBUG bug in handle_softirqs	-1			4	119d	120d	0/3	auto-obsoleted due to no activity on 2026/05/16 13:07
upstream	WARNING: ODEBUG bug in handle_softirqs hams prio:high	-1	C	error	4394	14d	281d	0/29	upstream: reported C repro on 2025/08/27 17:00

------------[ cut here ]------------ ODEBUG: free active (active state 0) object type: timer_list hint: br_ip6_multicast_port_query_expired+0x0/0x20 WARNING: CPU: 1 PID: 11895 at lib/debugobjects.c:518 debug_print_object lib/debugobjects.c:515 [inline] WARNING: CPU: 1 PID: 11895 at lib/debugobjects.c:518 __debug_check_no_obj_freed lib/debugobjects.c:979 [inline] WARNING: CPU: 1 PID: 11895 at lib/debugobjects.c:518 debug_check_no_obj_freed+0x43c/0x530 lib/debugobjects.c:1009 Modules linked in: CPU: 1 PID: 11895 Comm: syz.4.2377 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 RIP: 0010:debug_print_object lib/debugobjects.c:515 [inline] RIP: 0010:__debug_check_no_obj_freed lib/debugobjects.c:979 [inline] RIP: 0010:debug_check_no_obj_freed+0x43c/0x530 lib/debugobjects.c:1009 Code: ef e8 98 af bd fd 4c 8b 45 00 48 c7 c7 c0 24 df 8a 48 c7 c6 80 21 df 8a 48 c7 c2 20 26 df 8a 8b 0c 24 4d 89 e9 e8 b4 11 38 fd <0f> 0b 4c 8b 6c 24 18 48 b9 00 00 00 00 00 fc ff df ff 05 75 5d 0a RSP: 0018:ffffc900001e0a18 EFLAGS: 00010246 RAX: efd435b75458b800 RBX: ffffffff96ec2be8 RCX: ffff888024cc0000 RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002 RBP: ffffffff8a8df720 R08: ffffc900001e06a7 R09: 1ffff9200003c0d4 R10: dffffc0000000000 R11: fffff5200003c0d5 R12: ffff8880573c5400 R13: ffffffff8915c690 R14: ffff8880573c5000 R15: ffff8880573c5278 FS: 00007f16525306c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f90193456b8 CR3: 0000000073c4e000 CR4: 00000000003506e0 Call Trace: <IRQ> slab_free_hook mm/slub.c:1704 [inline] slab_free_freelist_hook+0xd2/0x1a0 mm/slub.c:1755 slab_free mm/slub.c:3687 [inline] __kmem_cache_free+0xb6/0x1f0 mm/slub.c:3700 kobject_cleanup lib/kobject.c:681 [inline] kobject_release lib/kobject.c:712 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x21d/0x460 lib/kobject.c:729 rcu_do_batch kernel/rcu/tree.c:2297 [inline] rcu_core+0xa99/0x1740 kernel/rcu/tree.c:2557 handle_softirqs+0x2a1/0x930 kernel/softirq.c:596 __do_softirq kernel/softirq.c:630 [inline] invoke_softirq kernel/softirq.c:470 [inline] __irq_exit_rcu+0x13b/0x230 kernel/softirq.c:679 irq_exit_rcu+0x5/0x20 kernel/softirq.c:691 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1118 [inline] sysvec_apic_timer_interrupt+0xa0/0xc0 arch/x86/kernel/apic/apic.c:1118 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:691 RIP: 0010:lockdep_unregister_key+0x4e8/0x550 kernel/locking/lockdep.c:6370 Code: d1 aa 90 48 c7 c6 70 f7 64 81 e8 73 a8 07 00 e8 de bb 07 00 e9 5c fc ff ff e8 d4 9e c9 08 41 f7 c4 00 02 00 00 74 d1 fb 84 db <75> d0 eb e1 0f 0b eb 88 0f 0b e9 f8 fe ff ff 0f 0b e9 45 ff ff ff RSP: 0018:ffffc9000432f820 EFLAGS: 00000202 RAX: dffffc0000000000 RBX: ffff888027179a01 RCX: efd435b75458b800 RDX: 0000000000000001 RSI: ffffffff8a8c2680 RDI: ffffffff8adf1b60 RBP: ffffc9000432f900 R08: ffffffff90aafa6f R09: 1ffffffff2155f4d R10: dffffc0000000000 R11: fffffbfff2155f4e R12: 0000000000000a06 R13: ffff888027179a99 R14: ffffffff90aad198 R15: 1ffff92000865f08 __qdisc_destroy+0x128/0x430 net/sched/sch_generic.c:1081 netdev_for_each_tx_queue include/linux/netdevice.h:2465 [inline] dev_shutdown+0x92/0x440 net/sched/sch_generic.c:1465 unregister_netdevice_many_notify+0xa76/0x19c0 net/core/dev.c:11014 unregister_netdevice_many net/core/dev.c:11077 [inline] unregister_netdevice_queue+0x328/0x370 net/core/dev.c:10960 br_del_bridge+0xb9/0xf0 net/bridge/br_if.c:496 br_ioctl_stub+0x6e0/0xcf0 net/bridge/br_ioctl.c:444 br_ioctl_call net/socket.c:1175 [inline] sock_ioctl+0x494/0x710 net/socket.c:1274 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f165159ce59 Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f1652530028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f1651815fa0 RCX: 00007f165159ce59 RDX: 0000200000000900 RSI: 00000000000089a1 RDI: 0000000000000007 RBP: 00007f1651632d6f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f1651816038 R14: 00007f1651815fa0 R15: 00007fff50466a08 </TASK> ---------------- Code disassembly (best guess): 0: d1 aa 90 48 c7 c6 shrl $1,-0x3938b770(%rdx) 6: 70 f7 jo 0xffffffff 8: 64 81 e8 73 a8 07 00 fs sub $0x7a873,%eax f: e8 de bb 07 00 call 0x7bbf2 14: e9 5c fc ff ff jmp 0xfffffc75 19: e8 d4 9e c9 08 call 0x8c99ef2 1e: 41 f7 c4 00 02 00 00 test $0x200,%r12d 25: 74 d1 je 0xfffffff8 27: fb sti 28: 84 db test %bl,%bl * 2a: 75 d0 jne 0xfffffffc <-- trapping instruction 2c: eb e1 jmp 0xf 2e: 0f 0b ud2 30: eb 88 jmp 0xffffffba 32: 0f 0b ud2 34: e9 f8 fe ff ff jmp 0xffffff31 39: 0f 0b ud2 3b: e9 45 ff ff ff jmp 0xffffff85

Crashes (1):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2026/05/29 14:59	linux-6.1.y	dcbcab9d7079	6b4a8443	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	WARNING: ODEBUG bug in handle_softirqs

Crashes (1):

Assets (help?)