------------[ cut here ]------------
ODEBUG: free active (active state 0) object: ffff88802686cc90 object type: timer_list hint: rose_t0timer_expiry+0x0/0x350
WARNING: CPU: 0 PID: 27673 at lib/debugobjects.c:518 debug_print_object lib/debugobjects.c:515 [inline]
WARNING: CPU: 0 PID: 27673 at lib/debugobjects.c:518 __debug_check_no_obj_freed lib/debugobjects.c:990 [inline]
WARNING: CPU: 0 PID: 27673 at lib/debugobjects.c:518 debug_check_no_obj_freed+0x446/0x540 lib/debugobjects.c:1020
Modules linked in:
CPU: 0 PID: 27673 Comm: syz.9.4778 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:debug_print_object lib/debugobjects.c:515 [inline]
RIP: 0010:__debug_check_no_obj_freed lib/debugobjects.c:990 [inline]
RIP: 0010:debug_check_no_obj_freed+0x446/0x540 lib/debugobjects.c:1020
Code: 4c 8b 4d 00 48 c7 c7 c0 6d fc 8a 48 c7 c6 20 6a fc 8a 48 c7 c2 40 6f fc 8a 8b 0c 24 4d 89 f8 41 55 e8 5e 07 2a fd 48 83 c4 08 <0f> 0b 4c 8b 6c 24 18 48 b9 00 00 00 00 00 fc ff df ff 05 d3 b3 24
RSP: 0000:ffffc90000007a50 EFLAGS: 00010296
RAX: 86a266f5f4471700 RBX: ffffffff970d96c8 RCX: ffff88802b270000
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002
RBP: ffffffff8aac9f00 R08: ffffc90000007647 R09: 1ffff92000000ec8
R10: dffffc0000000000 R11: fffff52000000ec9 R12: ffff88802686ce00
R13: ffffffff89673230 R14: ffff88802686c000 R15: ffff88802686cc90
FS:  0000555555f9f500(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b3261dff8 CR3: 00000000680d9000 CR4: 00000000003506f0
Call Trace:
 <IRQ>
 slab_free_hook mm/slub.c:1786 [inline]
 slab_free_freelist_hook+0xd2/0x1b0 mm/slub.c:1837
 slab_free mm/slub.c:3830 [inline]
 __kmem_cache_free+0xba/0x1f0 mm/slub.c:3843
 rose_neigh_put include/net/rose.h:166 [inline]
 rose_timer_expiry+0x4c6/0x5f0 net/rose/rose_timer.c:183
 call_timer_fn+0x16e/0x530 kernel/time/timer.c:1700
 expire_timers kernel/time/timer.c:1751 [inline]
 __run_timers+0x52d/0x7d0 kernel/time/timer.c:2022
 run_timer_softirq+0x67/0xf0 kernel/time/timer.c:2035
 handle_softirqs+0x280/0x820 kernel/softirq.c:578
 __do_softirq kernel/softirq.c:612 [inline]
 invoke_softirq kernel/softirq.c:452 [inline]
 __irq_exit_rcu+0xc7/0x190 kernel/softirq.c:661
 irq_exit_rcu+0x9/0x20 kernel/softirq.c:673
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
 sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1088
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:raw_spin_rq_unlock_irq+0x13/0x90 kernel/sched/sched.h:1385
Code: 0f 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 32 aa 10 09 66 90 41 57 41 56 53 eb 11 e8 94 52 1a 09 e8 8f 2f 2e 00 fb 5b <41> 5e 41 5f c3 f3 0f 1e fa 49 be 00 00 00 00 00 fc ff df 49 89 ff
RSP: 0000:ffffc9000b55f3e8 EFLAGS: 00000282
RAX: 86a266f5f4471700 RBX: ffff8880b8e3cf48 RCX: 86a266f5f4471700
RDX: dffffc0000000000 RSI: ffffffff8aaabce0 RDI: ffffffff8afc6400
RBP: ffffc9000b55f5f0 R08: ffffffff90da752f R09: 1ffffffff21b4ea5
R10: dffffc0000000000 R11: fffffbfff21b4ea6 R12: dffffc0000000000
R13: ffff8880b8e3c200 R14: dffffc0000000000 R15: ffff8880b8e3cf48
 __schedule+0x171e/0x44d0 kernel/sched/core.c:6703
 preempt_schedule_irq+0xb5/0x140 kernel/sched/core.c:7009
 irqentry_exit+0x67/0x70 kernel/entry/common.c:438
 asm_sysvec_call_function_single+0x1a/0x20 arch/x86/include/asm/idtentry.h:694
RIP: 0010:put_cpu_partial+0x1b0/0x250 mm/slub.c:2742
Code: 3b 44 24 18 0f 85 b4 00 00 00 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 2c f3 91 08 f7 c5 00 02 00 00 74 c0 fb 4d 85 e4 <75> bf eb c8 e8 d7 10 3f 02 85 c0 0f 84 e9 fe ff ff 83 3d c8 41 6e
RSP: 0000:ffffc9000b55f760 EFLAGS: 00000246
RAX: 86a266f5f4471700 RBX: ffff888019a4cc80 RCX: 86a266f5f4471700
RDX: dffffc0000000000 RSI: ffffffff8aaabce0 RDI: ffffffff8afc6400
RBP: 0000000000000286 R08: ffffffff90da752f R09: 1ffffffff21b4ea5
R10: dffffc0000000000 R11: fffffbfff21b4ea6 R12: 0000000000000000
R13: 0000000000000000 R14: ffff88802b270000 R15: ffff8880b8e42aa0
 __slab_free+0x31d/0x410 mm/slub.c:3700
 qlink_free mm/kasan/quarantine.c:166 [inline]
 qlist_free_all+0x75/0xe0 mm/kasan/quarantine.c:185
 kasan_quarantine_reduce+0x143/0x160 mm/kasan/quarantine.c:292
 __kasan_slab_alloc+0x22/0x80 mm/kasan/common.c:305
 kasan_slab_alloc include/linux/kasan.h:188 [inline]
 slab_post_alloc_hook+0x6e/0x4d0 mm/slab.h:767
 slab_alloc_node mm/slub.c:3495 [inline]
 slab_alloc mm/slub.c:3503 [inline]
 __kmem_cache_alloc_lru mm/slub.c:3510 [inline]
 kmem_cache_alloc+0x11e/0x2e0 mm/slub.c:3519
 kmem_cache_zalloc include/linux/slab.h:711 [inline]
 jbd2_alloc_handle include/linux/jbd2.h:1602 [inline]
 new_handle fs/jbd2/transaction.c:461 [inline]
 jbd2__journal_start+0x140/0x5b0 fs/jbd2/transaction.c:488
 __ext4_journal_start_sb+0x203/0x570 fs/ext4/ext4_jbd2.c:112
 __ext4_journal_start fs/ext4/ext4_jbd2.h:326 [inline]
 ext4_dirty_inode+0x93/0x110 fs/ext4/inode.c:6103
 __mark_inode_dirty+0x2cc/0xca0 fs/fs-writeback.c:2455
 generic_update_time fs/inode.c:1981 [inline]
 inode_update_time fs/inode.c:1994 [inline]
 __file_update_time fs/inode.c:2180 [inline]
 file_update_time+0x197/0x1b0 fs/inode.c:2210
 ext4_page_mkwrite+0x1f3/0x1210 fs/ext4/inode.c:6224
 do_page_mkwrite+0x153/0x3e0 mm/memory.c:2950
 do_shared_fault mm/memory.c:4695 [inline]
 do_fault mm/memory.c:4757 [inline]
 do_pte_missing mm/memory.c:3688 [inline]
 handle_pte_fault mm/memory.c:5025 [inline]
 __handle_mm_fault mm/memory.c:5166 [inline]
 handle_mm_fault+0x19b8/0x4920 mm/memory.c:5331
 do_user_addr_fault+0x738/0x12e0 arch/x86/mm/fault.c:1373
 handle_page_fault arch/x86/mm/fault.c:1465 [inline]
 exc_page_fault+0x67/0x110 arch/x86/mm/fault.c:1521
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:608
RIP: 0033:0x7fc4c766f6a2
Code: 0f 1f 84 00 00 00 00 00 be 08 00 00 00 48 89 df e8 a3 75 fe ff 48 8b 53 38 48 8d 42 f8 48 89 43 38 8b 43 28 83 c0 08 89 43 28 <4c> 89 62 f8 41 8d 56 01 41 39 ee 0f 83 8d 00 00 00 41 89 d6 48 8b
RSP: 002b:00007fff7189b790 EFLAGS: 00010202
RAX: 0000000000006008 RBX: 00007fc4c8515720 RCX: 0000000000000000
RDX: 0000001b3261e000 RSI: 0000000000000008 RDI: 00007fc4c8515720
RBP: 00000000000001ee R08: 00007fc4c6dfd090 R09: 00007fc4c79d2000
R10: 00007fc4c6dfd008 R11: 000000000000000e R12: ffffffff81ee9ecb
R13: 00007fc4c79e6128 R14: 0000000000000147 R15: ffffffffffffa000
 </TASK>
----------------
Code disassembly (best guess):
   0:	0f 48 8d 65 d8 5b 41 	cmovs  0x415bd865(%rbp),%ecx
   7:	5c                   	pop    %rsp
   8:	41 5d                	pop    %r13
   a:	41 5e                	pop    %r14
   c:	41 5f                	pop    %r15
   e:	5d                   	pop    %rbp
   f:	c3                   	ret
  10:	e8 32 aa 10 09       	call   0x910aa47
  15:	66 90                	xchg   %ax,%ax
  17:	41 57                	push   %r15
  19:	41 56                	push   %r14
  1b:	53                   	push   %rbx
  1c:	eb 11                	jmp    0x2f
  1e:	e8 94 52 1a 09       	call   0x91a52b7
  23:	e8 8f 2f 2e 00       	call   0x2e2fb7
  28:	fb                   	sti
  29:	5b                   	pop    %rbx
* 2a:	41 5e                	pop    %r14 <-- trapping instruction
  2c:	41 5f                	pop    %r15
  2e:	c3                   	ret
  2f:	f3 0f 1e fa          	endbr64
  33:	49 be 00 00 00 00 00 	movabs $0xdffffc0000000000,%r14
  3a:	fc ff df
  3d:	49 89 ff             	mov    %rdi,%r15