==================================================================
BUG: KASAN: use-after-free in rose_timer_expiry+0x40c/0x470 net/rose/rose_timer.c:183
Read of size 2 at addr ffff0000e75bfc2a by task ksoftirqd/0/14

CPU: 0 PID: 14 Comm: ksoftirqd/0 Not tainted 5.15.181-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
Call trace:
 dump_backtrace+0x0/0x43c arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack+0x30/0x40 lib/dump_stack.c:88
 dump_stack_lvl+0xf8/0x160 lib/dump_stack.c:106
 print_address_description+0x78/0x30c mm/kasan/report.c:248
 __kasan_report mm/kasan/report.c:434 [inline]
 kasan_report+0xec/0x15c mm/kasan/report.c:451
 __asan_report_load2_noabort+0x44/0x50 mm/kasan/report_generic.c:307
 rose_timer_expiry+0x40c/0x470 net/rose/rose_timer.c:183
 call_timer_fn+0x19c/0x858 kernel/time/timer.c:1451
 expire_timers kernel/time/timer.c:1496 [inline]
 __run_timers+0x46c/0x6c4 kernel/time/timer.c:1767
 run_timer_softirq+0x7c/0x114 kernel/time/timer.c:1780
 handle_softirqs+0x344/0xbf0 kernel/softirq.c:558
 run_ksoftirqd+0x7c/0x2a0 kernel/softirq.c:925
 smpboot_thread_fn+0x4b0/0x920 kernel/smpboot.c:164
 kthread+0x374/0x454 kernel/kthread.c:334
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870

The buggy address belongs to the page:
page:000000004b4a8ebc refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1275bf
flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000000000 0000000000000000 fffffc00039d6fc8 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff0000e75bfb00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
 ffff0000e75bfb80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
>ffff0000e75bfc00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                  ^
 ffff0000e75bfc80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
 ffff0000e75bfd00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================