------------[ cut here ]------------
ODEBUG: free active (active state 0) object: ffff888057794a78 object type: timer_list hint: br_ip6_multicast_port_query_expired+0x0/0x380 net/bridge/br_multicast.c:-1
WARNING: lib/debugobjects.c:632 at debug_print_object lib/debugobjects.c:629 [inline], CPU#0: kworker/u8:7/30947
WARNING: lib/debugobjects.c:632 at __debug_check_no_obj_freed lib/debugobjects.c:1116 [inline], CPU#0: kworker/u8:7/30947
WARNING: lib/debugobjects.c:632 at debug_check_no_obj_freed+0x405/0x550 lib/debugobjects.c:1146, CPU#0: kworker/u8:7/30947
Modules linked in:
CPU: 0 UID: 0 PID: 30947 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
RIP: 0010:debug_print_object lib/debugobjects.c:629 [inline]
RIP: 0010:__debug_check_no_obj_freed lib/debugobjects.c:1116 [inline]
RIP: 0010:debug_check_no_obj_freed+0x44a/0x550 lib/debugobjects.c:1146
Code: 89 44 24 20 e8 f7 bf 74 fd 48 8b 44 24 20 4c 8b 4d 00 4c 89 ef 48 c7 c6 a0 a5 28 8c 48 c7 c2 20 ab 28 8c 8b 0c 24 4d 89 f8 50 <67> 48 0f b9 3a 48 83 c4 08 4c 8b 6c 24 18 48 b9 00 00 00 00 00 fc
RSP: 0018:ffffc90000007c90 EFLAGS: 00010246
RAX: ffffffff8a8565c0 RBX: ffffffff9a6ba838 RCX: 0000000000000000
RDX: ffffffff8c28ab20 RSI: ffffffff8c28a5a0 RDI: ffffffff903e6a40
RBP: ffffffff8bcf39a0 R08: ffff888057794a78 R09: ffffffff8bcf4d00
R10: dffffc0000000000 R11: ffffffff81b236d0 R12: ffff888057794c00
R13: ffffffff903e6a40 R14: ffff888057794000 R15: ffff888057794a78
FS:  0000000000000000(0000) GS:ffff888125213000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f79ac65cd58 CR3: 00000000757aa000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 slab_free_hook mm/slub.c:2620 [inline]
 slab_free mm/slub.c:6246 [inline]
 kfree+0x13e/0x640 mm/slub.c:6561
 kobject_cleanup lib/kobject.c:689 [inline]
 kobject_release lib/kobject.c:720 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x228/0x560 lib/kobject.c:737
 rcu_do_batch kernel/rcu/tree.c:2617 [inline]
 rcu_core+0x7cd/0x1070 kernel/rcu/tree.c:2869
 handle_softirqs+0x22a/0x840 kernel/softirq.c:622
 do_softirq+0x76/0xd0 kernel/softirq.c:523
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0xf8/0x130 kernel/softirq.c:450
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 batadv_forw_packet_steal+0x14e/0x170 net/batman-adv/send.c:-1
 batadv_iv_send_outstanding_bat_ogm_packet+0x6dd/0x7e0 net/batman-adv/bat_iv_ogm.c:1716
 process_one_work kernel/workqueue.c:3302 [inline]
 process_scheduled_works+0xb5d/0x1860 kernel/workqueue.c:3385
 worker_thread+0xa53/0xfc0 kernel/workqueue.c:3466
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
----------------
Code disassembly (best guess):
   0:	89 44 24 20          	mov    %eax,0x20(%rsp)
   4:	e8 f7 bf 74 fd       	call   0xfd74c000
   9:	48 8b 44 24 20       	mov    0x20(%rsp),%rax
   e:	4c 8b 4d 00          	mov    0x0(%rbp),%r9
  12:	4c 89 ef             	mov    %r13,%rdi
  15:	48 c7 c6 a0 a5 28 8c 	mov    $0xffffffff8c28a5a0,%rsi
  1c:	48 c7 c2 20 ab 28 8c 	mov    $0xffffffff8c28ab20,%rdx
  23:	8b 0c 24             	mov    (%rsp),%ecx
  26:	4d 89 f8             	mov    %r15,%r8
  29:	50                   	push   %rax
* 2a:	67 48 0f b9 3a       	ud1    (%edx),%rdi <-- trapping instruction
  2f:	48 83 c4 08          	add    $0x8,%rsp
  33:	4c 8b 6c 24 18       	mov    0x18(%rsp),%r13
  38:	48                   	rex.W
  39:	b9 00 00 00 00       	mov    $0x0,%ecx
  3e:	00 fc                	add    %bh,%ah