WARNING in call_timer

Kernel	Title	Rank 🛈	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-6.6	WARNING in call_timer_fn	-1	syz		error	21	116d	273d	0/2	auto-obsoleted due to no activity on 2026/03/02 01:43
upstream	WARNING in call_timer_fn bluetooth	-1	C	unreliable		8363	1h05m	1217d	0/29	upstream: reported C repro on 2022/11/16 15:25
linux-5.15	WARNING in call_timer_fn (2)	-1				5	200d	301d	0/3	auto-obsoleted due to no activity on 2025/12/07 22:59
linux-6.1	WARNING in call_timer_fn origin:lts-only	-1	C		unreliable	201	28d	1105d	0/3	upstream: reported C repro on 2023/03/08 12:11
linux-5.15	WARNING in call_timer_fn origin:lts-only	-1	syz		unreliable	7	500d	756d	0/3	auto-obsoleted due to no activity on 2025/02/11 06:36

------------[ cut here ]------------ WARNING: CPU: 1 PID: 5770 at kernel/workqueue.c:1745 is_chained_work kernel/workqueue.c:1691 [inline] WARNING: CPU: 1 PID: 5770 at kernel/workqueue.c:1745 __queue_work+0xd49/0x1020 kernel/workqueue.c:1744 Modules linked in: CPU: 1 PID: 5770 Comm: syz-executor Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 RIP: 0010:__queue_work+0xd49/0x1020 kernel/workqueue.c:1744 Code: 4c 89 f7 48 89 de 89 e9 e8 c4 e6 00 00 48 8b 5c 24 10 e9 10 ff ff ff e8 a5 ab 2f 00 eb 0c e8 9e ab 2f 00 eb 05 e8 97 ab 2f 00 <0f> 0b 48 83 c4 78 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 81 ab 2f 00 RSP: 0018:ffffc900001f0b10 EFLAGS: 00010046 RAX: ffffffff815770bb RBX: 0000000000000100 RCX: ffff888018bd8000 RDX: 0000000000000100 RSI: 0000000000000100 RDI: 0000000000000000 RBP: ffff8880311215c0 R08: ffffffff8e8aeeef R09: 1ffffffff1d15ddd R10: dffffc0000000000 R11: fffffbfff1d15dde R12: 0000000000000008 R13: dffffc0000000000 R14: ffff88802fc8c9c0 R15: ffff888031121400 FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f2cff0aa000 CR3: 0000000077b74000 CR4: 00000000003506e0 Call Trace: <IRQ> call_timer_fn+0x189/0x540 kernel/time/timer.c:1701 expire_timers kernel/time/timer.c:1747 [inline] __run_timers+0x56d/0x800 kernel/time/timer.c:2023 run_timer_softirq+0x67/0xf0 kernel/time/timer.c:2036 handle_softirqs+0x280/0x820 kernel/softirq.c:578 __do_softirq kernel/softirq.c:612 [inline] invoke_softirq kernel/softirq.c:452 [inline] __irq_exit_rcu+0xd3/0x190 kernel/softirq.c:661 irq_exit_rcu+0x9/0x20 kernel/softirq.c:673 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline] sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1088 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687 RIP: 0010:finish_task_switch+0x26a/0x8f0 kernel/sched/core.c:5255 Code: 0f 84 33 01 00 00 48 85 db 0f 85 52 01 00 00 e9 de 04 00 00 4c 8b 75 d0 4c 89 e7 e8 00 54 31 09 e8 9b 23 30 00 fb 4c 8b 65 c0 <49> 8d bc 24 f8 15 00 00 48 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0 RSP: 0018:ffffc9000458f438 EFLAGS: 00000282 RAX: 661ab61198244d00 RBX: 0000000000000000 RCX: 661ab61198244d00 RDX: dffffc0000000000 RSI: ffffffff8acac960 RDI: ffffffff8b1c85a0 RBP: ffffc9000458f490 R08: ffffffff911c150f R09: 1ffffffff22382a1 R10: dffffc0000000000 R11: fffffbfff22382a2 R12: ffff888018bd8000 R13: dffffc0000000000 R14: ffff8880238dda00 R15: ffff8880b8f3cac8 context_switch kernel/sched/core.c:5384 [inline] __schedule+0x155b/0x45a0 kernel/sched/core.c:6700 preempt_schedule_common+0x82/0xc0 kernel/sched/core.c:6867 preempt_schedule+0xc0/0xd0 kernel/sched/core.c:6891 preempt_schedule_thunk+0x1a/0x30 arch/x86/entry/thunk_64.S:45 __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:160 [inline] _raw_spin_unlock_irq+0x40/0x50 kernel/locking/spinlock.c:202 flush_workqueue_prep_pwqs+0x298/0x480 kernel/workqueue.c:3168 __flush_workqueue+0x492/0x13d0 kernel/workqueue.c:3234 drain_workqueue+0xd3/0x380 kernel/workqueue.c:3373 hci_dev_close_sync+0x4b9/0xfa0 net/bluetooth/hci_sync.c:5271 hci_dev_do_close net/bluetooth/hci_core.c:523 [inline] hci_unregister_dev+0x21a/0x500 net/bluetooth/hci_core.c:2709 vhci_release+0x155/0x1a0 drivers/bluetooth/hci_vhci.c:691 __fput+0x234/0x970 fs/file_table.c:384 task_work_run+0x1d4/0x260 kernel/task_work.c:245 exit_task_work include/linux/task_work.h:43 [inline] do_exit+0x95a/0x2460 kernel/exit.c:883 do_group_exit+0x21b/0x2d0 kernel/exit.c:1024 __do_sys_exit_group kernel/exit.c:1035 [inline] __se_sys_exit_group kernel/exit.c:1033 [inline] __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1033 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7ff59e59c799 Code: Unable to access opcode bytes at 0x7ff59e59c76f. RSP: 002b:00007ffd2d472d58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 00007ff59e632002 RCX: 00007ff59e59c799 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 RBP: 0000000000000016 R08: 0000000000000000 R09: 00007ff59e631f90 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2d474010 R13: 00007ff59e631f90 R14: 0000555585d024e8 R15: 00007ffd2d4761d0 </TASK> ---------------- Code disassembly (best guess): 0: 0f 84 33 01 00 00 je 0x139 6: 48 85 db test %rbx,%rbx 9: 0f 85 52 01 00 00 jne 0x161 f: e9 de 04 00 00 jmp 0x4f2 14: 4c 8b 75 d0 mov -0x30(%rbp),%r14 18: 4c 89 e7 mov %r12,%rdi 1b: e8 00 54 31 09 call 0x9315420 20: e8 9b 23 30 00 call 0x3023c0 25: fb sti 26: 4c 8b 65 c0 mov -0x40(%rbp),%r12 * 2a: 49 8d bc 24 f8 15 00 lea 0x15f8(%r12),%rdi <-- trapping instruction 31: 00 32: 48 89 f8 mov %rdi,%rax 35: 48 c1 e8 03 shr $0x3,%rax 39: 42 0f b6 04 28 movzbl (%rax,%r13,1),%eax 3e: 84 c0 test %al,%al

Crashes (1):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2026/03/06 23:45	linux-6.6.y	4fc00fe35d46	41d8037d	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	WARNING in call_timer_fn

Crashes (1):

Assets (help?)