------------[ cut here ]------------
ODEBUG: free active (active state 0) object: ffff8880464e4c90 object type: timer_list hint: rose_t0timer_expiry+0x0/0x350 net/rose/rose_link.c:-1
WARNING: lib/debugobjects.c:615 at debug_print_object lib/debugobjects.c:612 [inline], CPU#1: syz.1.24604/589
WARNING: lib/debugobjects.c:615 at __debug_check_no_obj_freed lib/debugobjects.c:1099 [inline], CPU#1: syz.1.24604/589
WARNING: lib/debugobjects.c:615 at debug_check_no_obj_freed+0x405/0x550 lib/debugobjects.c:1129, CPU#1: syz.1.24604/589
Modules linked in:
CPU: 1 UID: 0 PID: 589 Comm: syz.1.24604 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:debug_print_object lib/debugobjects.c:612 [inline]
RIP: 0010:__debug_check_no_obj_freed lib/debugobjects.c:1099 [inline]
RIP: 0010:debug_check_no_obj_freed+0x44a/0x550 lib/debugobjects.c:1129
Code: 89 44 24 20 e8 77 27 8f fd 48 8b 44 24 20 4c 8b 4d 00 4c 89 ef 48 c7 c6 20 8d c0 8b 48 c7 c2 40 92 c0 8b 8b 0c 24 4d 89 f8 50 <67> 48 0f b9 3a 48 83 c4 08 4c 8b 6c 24 18 48 b9 00 00 00 00 00 fc
RSP: 0018:ffffc90000a08b70 EFLAGS: 00010246
RAX: ffffffff8a4b15a0 RBX: ffffffff99ad6710 RCX: 0000000000000000
RDX: ffffffff8bc09240 RSI: ffffffff8bc08d20 RDI: ffffffff8f8c8f40
RBP: ffffffff8b6d2500 R08: ffff8880464e4c90 R09: ffffffff8b6d3660
R10: dffffc0000000000 R11: ffffffff81ae0b10 R12: ffff8880464e4e00
R13: ffffffff8f8c8f40 R14: ffff8880464e4000 R15: ffff8880464e4c90
FS: 00007f7f6afde6c0(0000) GS:ffff888125f1c000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7f6a3e7dac CR3: 00000000771ea000 CR4: 00000000003526f0
Call Trace:
slab_free_hook mm/slub.c:2471 [inline]
slab_free mm/slub.c:6670 [inline]
kfree+0x13b/0x660 mm/slub.c:6878
rose_neigh_put include/net/rose.h:166 [inline]
rose_timer_expiry+0x4cb/0x600 net/rose/rose_timer.c:183
call_timer_fn+0x16e/0x590 kernel/time/timer.c:1748
expire_timers kernel/time/timer.c:1799 [inline]
__run_timers kernel/time/timer.c:2373 [inline]
__run_timer_base+0x61a/0x860 kernel/time/timer.c:2385
run_timer_base kernel/time/timer.c:2394 [inline]
run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2404
handle_softirqs+0x22b/0x7c0 kernel/softirq.c:622
__do_softirq kernel/softirq.c:656 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0x60/0x150 kernel/softirq.c:723
irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:finish_task_switch+0x242/0x940 kernel/sched/core.c:5114
Code: 0f 84 c2 01 00 00 48 85 db 0f 85 e9 01 00 00 0f 1f 44 00 00 4c 8b 75 d0 4c 89 e7 e8 98 28 cb 09 e8 03 13 37 00 fb 4c 8b 65 c0 <49> 8d bc 24 48 16 00 00 48 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0
RSP: 0018:ffffc90016b27de8 EFLAGS: 00000202
RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000080000001
RDX: 0000000000000000 RSI: ffffffff8d793c19 RDI: ffffffff8bc086e0
RBP: ffffc90016b27e40 R08: ffffffff8f822d77 R09: 1ffffffff1f045ae
R10: dffffc0000000000 R11: fffffbfff1f045af R12: ffff88802dfc9e80
R13: dffffc0000000000 R14: ffff8880632f0000 R15: ffff8880b873b498
schedule_tail+0x11/0xc0 kernel/sched/core.c:5179
ret_from_fork+0x85/0xa50 arch/x86/kernel/process.c:154
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
----------------
Code disassembly (best guess):
0: 89 44 24 20 mov %eax,0x20(%rsp)
4: e8 77 27 8f fd call 0xfd8f2780
9: 48 8b 44 24 20 mov 0x20(%rsp),%rax
e: 4c 8b 4d 00 mov 0x0(%rbp),%r9
12: 4c 89 ef mov %r13,%rdi
15: 48 c7 c6 20 8d c0 8b mov $0xffffffff8bc08d20,%rsi
1c: 48 c7 c2 40 92 c0 8b mov $0xffffffff8bc09240,%rdx
23: 8b 0c 24 mov (%rsp),%ecx
26: 4d 89 f8 mov %r15,%r8
29: 50 push %rax
* 2a: 67 48 0f b9 3a ud1 (%edx),%rdi <-- trapping instruction
2f: 48 83 c4 08 add $0x8,%rsp
33: 4c 8b 6c 24 18 mov 0x18(%rsp),%r13
38: 48 rex.W
39: b9 00 00 00 00 mov $0x0,%ecx
3e: 00 fc add %bh,%ah