------------[ cut here ]------------
ODEBUG: free active (active state 0) object: ffff888023332278 object type: timer_list hint: br_ip6_multicast_port_query_expired+0x0/0x20 net/bridge/br_private.h:1290
WARNING: lib/debugobjects.c:612 at debug_print_object+0x18e/0x2a0 lib/debugobjects.c:612, CPU#1: syz.0.2972/17174
Modules linked in:
CPU: 1 UID: 0 PID: 17174 Comm: syz.0.2972 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:debug_print_object+0x19b/0x2a0 lib/debugobjects.c:612
Code: b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 4f 48 8d 3d 32 4a dd 0b 41 56 48 8b 14 dd e0 c4 f2 8b 4c 89 e6 <67> 48 0f b9 3a 58 83 05 3c fc d3 0b 01 48 83 c4 18 5b 5d 41 5c 41
RSP: 0018:ffffc90000a08bb8 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: 0000000000000003 RCX: 0000000000000000
RDX: ffffffff8bf2c420 RSI: ffffffff8bf2c000 RDI: ffffffff90923260
RBP: 0000000000000001 R08: ffff888023332278 R09: ffffffff8b906bc0
R10: ffffffff9088b3d7 R11: ffff8880747b54b0 R12: ffffffff8bf2c000
R13: ffffffff8b906c00 R14: ffffffff8a4a8100 R15: ffffc90000a08cb8
FS:  0000555578603500(0000) GS:ffff8881249f5000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000002000 CR3: 000000001e6fe000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 __debug_check_no_obj_freed lib/debugobjects.c:1099 [inline]
 debug_check_no_obj_freed+0x4b7/0x600 lib/debugobjects.c:1129
 slab_free_hook mm/slub.c:2471 [inline]
 slab_free mm/slub.c:6668 [inline]
 kfree+0x2d1/0x6e0 mm/slub.c:6876
 kobject_cleanup lib/kobject.c:689 [inline]
 kobject_release lib/kobject.c:720 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x1ef/0x6f0 lib/kobject.c:737
 rcu_do_batch kernel/rcu/tree.c:2605 [inline]
 rcu_core+0x79c/0x15f0 kernel/rcu/tree.c:2857
 handle_softirqs+0x219/0x950 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x109/0x170 kernel/softirq.c:723
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1056
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:preempt_schedule_irq+0x4c/0x90 kernel/sched/core.c:7190
Code: df 55 65 48 8b 2d 0c 6a 39 08 53 48 89 eb 48 c1 eb 03 48 01 c3 bf 01 00 00 00 e8 8f 72 11 f6 e8 da c2 4d f6 fb bf 01 00 00 00 <e8> 3f 96 ff ff 9c 58 fa f6 c4 02 75 1e bf 01 00 00 00 e8 3d 04 11
RSP: 0018:ffffc9000d54fdf8 EFLAGS: 00000206
RAX: 0000000000006417 RBX: ffffed100e8f6930 RCX: ffffffff81c7080f
RDX: 0000000000000000 RSI: ffffffff8dacda6c RDI: 0000000000000001
RBP: ffff8880747b4980 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff9088b3d7 R11: ffff8880747b54b0 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 irqentry_exit+0x1d8/0x8c0 kernel/entry/common.c:216
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:__exit_to_user_mode_loop kernel/entry/common.c:31 [inline]
RIP: 0010:exit_to_user_mode_loop kernel/entry/common.c:75 [inline]
RIP: 0010:__exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
RIP: 0010:irqentry_exit_to_user_mode_prepare include/linux/irq-entry-common.h:270 [inline]
RIP: 0010:irqentry_exit_to_user_mode include/linux/irq-entry-common.h:339 [inline]
RIP: 0010:irqentry_exit+0x365/0x8c0 kernel/entry/common.c:196
Code: 58 fa f6 c4 02 0f 85 62 01 00 00 e8 d5 11 00 00 49 8b 2c 24 f7 c5 37 03 00 00 0f 84 88 00 00 00 e8 80 fb 4e f6 fb 40 f6 c5 30 <74> c0 e8 44 30 01 00 f7 c5 00 01 00 00 74 bb 48 89 df e8 a4 b6 7d
RSP: 0000:ffffc9000d54ff00 EFLAGS: 00000202
RAX: 00000000000063b3 RBX: ffffc9000d54ff48 RCX: ffffffff81c7080f
RDX: 0000000000000000 RSI: ffffffff8dacda6c RDI: ffffffff8bf2b380
RBP: 0000000000000010 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff9088b3d7 R11: 0000000000000000 R12: ffff8880747b4980
R13: ffff8880747b4980 R14: 0000000000000000 R15: 0000000000000000
 asm_sysvec_reschedule_ipi+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0033:0x7f0055a68326
Code: 77 f8 48 89 f8 48 89 eb eb 12 66 2e 0f 1f 84 00 00 00 00 00 48 8b 4b 08 48 83 c3 08 48 39 d1 72 f3 48 83 e8 08 48 39 f2 73 17 <66> 2e 0f 1f 84 00 00 00 00 00 48 8b 70 f8 48 83 e8 08 48 39 f2 72
RSP: 002b:00007ffc78c3e490 EFLAGS: 00000283
RAX: 00007f00554abf08 RBX: 00007f0055428380 RCX: ffffffff89430eb5
RDX: ffffffff894266ad RSI: ffffffff89430eb5 RDI: 00007f00554b8dd0
RBP: 00007f0055425bb8 R08: 00007f005546f4c0 R09: 00007f0055dd2000
R10: 00007f00551f5008 R11: 0000000000000007 R12: 00007f0055425bb0
R13: 000000000000001d R14: ffffffffffffffff R15: 00007f00551f5008
 </TASK>
----------------
Code disassembly (best guess):
   0:	b8 00 00 00 00       	mov    $0x0,%eax
   5:	00 fc                	add    %bh,%ah
   7:	ff                   	(bad)
   8:	df 48 89             	fisttps -0x77(%rax)
   b:	fa                   	cli
   c:	48 c1 ea 03          	shr    $0x3,%rdx
  10:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
  14:	75 4f                	jne    0x65
  16:	48 8d 3d 32 4a dd 0b 	lea    0xbdd4a32(%rip),%rdi        # 0xbdd4a4f
  1d:	41 56                	push   %r14
  1f:	48 8b 14 dd e0 c4 f2 	mov    -0x740d3b20(,%rbx,8),%rdx
  26:	8b
  27:	4c 89 e6             	mov    %r12,%rsi
* 2a:	67 48 0f b9 3a       	ud1    (%edx),%rdi <-- trapping instruction
  2f:	58                   	pop    %rax
  30:	83 05 3c fc d3 0b 01 	addl   $0x1,0xbd3fc3c(%rip)        # 0xbd3fc73
  37:	48 83 c4 18          	add    $0x18,%rsp
  3b:	5b                   	pop    %rbx
  3c:	5d                   	pop    %rbp
  3d:	41 5c                	pop    %r12
  3f:	41                   	rex.B