------------[ cut here ]------------
ODEBUG: free active (active state 0) object: ffff88805547f490 object type: timer_list hint: rose_t0timer_expiry+0x0/0x350 net/rose/rose_link.c:-1
WARNING: lib/debugobjects.c:615 at 0x0, CPU#0: kworker/0:1/10
Modules linked in:
CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: wg-kex-wg1 wg_packet_handshake_receive_worker
RIP: 0010:debug_print_object lib/debugobjects.c:612 [inline]
RIP: 0010:__debug_check_no_obj_freed lib/debugobjects.c:1099 [inline]
RIP: 0010:debug_check_no_obj_freed+0x44a/0x550 lib/debugobjects.c:1129
Code: 89 44 24 20 e8 c7 de 92 fd 48 8b 44 24 20 4c 8b 4d 00 4c 89 ef 48 c7 c6 a0 cc bf 8b 48 c7 c2 c0 d1 bf 8b 8b 0c 24 4d 89 f8 50 <67> 48 0f b9 3a 48 83 c4 08 4c 8b 6c 24 18 48 b9 00 00 00 00 00 fc
RSP: 0018:ffffc90000007b10 EFLAGS: 00010246
RAX: ffffffff8a3bd800 RBX: ffffffff99ab7698 RCX: 0000000000000000
RDX: ffffffff8bbfd1c0 RSI: ffffffff8bbfcca0 RDI: ffffffff8f8aa470
RBP: ffffffff8b6d24a0 R08: ffff88805547f490 R09: ffffffff8b6d3600
R10: dffffc0000000000 R11: ffffffff81ae6210 R12: ffff88805547f600
R13: ffffffff8f8aa470 R14: ffff88805547f000 R15: ffff88805547f490
FS: 0000000000000000(0000) GS:ffff8881260b1000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8c003b36e0 CR3: 000000000dd3a000 CR4: 00000000003526f0
Call Trace:
slab_free_hook mm/slub.c:2471 [inline]
slab_free mm/slub.c:6663 [inline]
kfree+0x13b/0x660 mm/slub.c:6871
rose_neigh_put include/net/rose.h:166 [inline]
rose_timer_expiry+0x4cb/0x600 net/rose/rose_timer.c:183
call_timer_fn+0x16e/0x590 kernel/time/timer.c:1748
expire_timers kernel/time/timer.c:1799 [inline]
__run_timers kernel/time/timer.c:2373 [inline]
__run_timer_base+0x61a/0x860 kernel/time/timer.c:2385
run_timer_base kernel/time/timer.c:2394 [inline]
run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2404
handle_softirqs+0x27d/0x850 kernel/softirq.c:622
do_softirq+0xec/0x180 kernel/softirq.c:523
__local_bh_enable_ip+0x17d/0x1c0 kernel/softirq.c:450
local_bh_enable include/linux/bottom_half.h:33 [inline]
fpregs_unlock arch/x86/include/asm/fpu/api.h:77 [inline]
kernel_fpu_end+0xd2/0x120 arch/x86/kernel/fpu/core.c:480
blake2s_compress+0xe9/0x1b80 lib/crypto/x86/blake2s.h:42
blake2s_update+0x14b/0x450 lib/crypto/blake2s.c:125
hmac+0x288/0x330 drivers/net/wireguard/noise.c:332
kdf drivers/net/wireguard/noise.c:360 [inline]
message_ephemeral+0x1c0/0x280 drivers/net/wireguard/noise.c:493
wg_noise_handshake_create_response+0x24d/0x8f0 drivers/net/wireguard/noise.c:692
wg_packet_send_handshake_response+0xf6/0x2d0 drivers/net/wireguard/send.c:94
wg_receive_handshake_packet drivers/net/wireguard/receive.c:154 [inline]
wg_packet_handshake_receive_worker+0x623/0xfc0 drivers/net/wireguard/receive.c:213
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0xad1/0x1770 kernel/workqueue.c:3340
worker_thread+0x8a0/0xda0 kernel/workqueue.c:3421
kthread+0x711/0x8a0 kernel/kthread.c:463
ret_from_fork+0x599/0xb30 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
----------------
Code disassembly (best guess):
0: 89 44 24 20 mov %eax,0x20(%rsp)
4: e8 c7 de 92 fd call 0xfd92ded0
9: 48 8b 44 24 20 mov 0x20(%rsp),%rax
e: 4c 8b 4d 00 mov 0x0(%rbp),%r9
12: 4c 89 ef mov %r13,%rdi
15: 48 c7 c6 a0 cc bf 8b mov $0xffffffff8bbfcca0,%rsi
1c: 48 c7 c2 c0 d1 bf 8b mov $0xffffffff8bbfd1c0,%rdx
23: 8b 0c 24 mov (%rsp),%ecx
26: 4d 89 f8 mov %r15,%r8
29: 50 push %rax
* 2a: 67 48 0f b9 3a ud1 (%edx),%rdi <-- trapping instruction
2f: 48 83 c4 08 add $0x8,%rsp
33: 4c 8b 6c 24 18 mov 0x18(%rsp),%r13
38: 48 rex.W
39: b9 00 00 00 00 mov $0x0,%ecx
3e: 00 fc add %bh,%ah