bisecting cause commit starting from 43598c571e7ed29e4c81e35b4a870fe6b9f8d58e
building syzkaller on 598ca6c8b8766304c3b2865e38f5f301c39bd299
testing commit 43598c571e7ed29e4c81e35b4a870fe6b9f8d58e with gcc (GCC) 8.1.0
kernel signature: 37ea197acaf3f61f71f7fd9432e0fc489268a8f1
all runs: crashed: KASAN: use-after-free Read in slip_open
testing release v4.14.155
testing commit f56f3d0e65adb447b8b583c8ed4fbbe544c9bfde with gcc (GCC) 8.1.0
kernel signature: cf31dd7005b199e8fe28db317aab2e13cc6f4b41
all runs: crashed: KASAN: use-after-free Read in slip_open
testing release v4.14.154
testing commit 775d01b65b5daa002a9ba60f2d2bb3b1a6ce12fb with gcc (GCC) 8.1.0
kernel signature: 12b290b28fc380e28c30a0ac5e6a82024e82a369
all runs: OK
# git bisect start f56f3d0e65adb447b8b583c8ed4fbbe544c9bfde 775d01b65b5daa002a9ba60f2d2bb3b1a6ce12fb
Bisecting: 119 revisions left to test after this (roughly 7 steps)
[46af2022de198ebbf47141b7b33522e28733045d] arm64: dts: meson: Fix erroneous SPI bus warnings
testing commit 46af2022de198ebbf47141b7b33522e28733045d with gcc (GCC) 8.1.0
kernel signature: d7b5311392ce889871f176aade7e02cdcfa3aa0b
all runs: crashed: KASAN: use-after-free Read in slip_open
# git bisect bad 46af2022de198ebbf47141b7b33522e28733045d
Bisecting: 59 revisions left to test after this (roughly 6 steps)
[830a50a3c429ea266758debf02d9d4d39bdd58b4] soc: imx: gpc: fix PDN delay
testing commit 830a50a3c429ea266758debf02d9d4d39bdd58b4 with gcc (GCC) 8.1.0
kernel signature: 3481f9b15c6d605dea4f1e696a2a3946fda37d07
all runs: crashed: KASAN: use-after-free Read in slip_open
# git bisect bad 830a50a3c429ea266758debf02d9d4d39bdd58b4
Bisecting: 29 revisions left to test after this (roughly 5 steps)
[502e825baa9c738e5bbd3df6f98968bf4d475f67] ath10k: fix kernel panic by moving pci flush after napi_disable
testing commit 502e825baa9c738e5bbd3df6f98968bf4d475f67 with gcc (GCC) 8.1.0
kernel signature: dbc47ce3f72f7fb0d3cb263b8538f66455caa688
all runs: crashed: KASAN: use-after-free Read in slip_open
# git bisect bad 502e825baa9c738e5bbd3df6f98968bf4d475f67
Bisecting: 14 revisions left to test after this (roughly 4 steps)
[f74f050cfc30876d1a70021a959d561863b2248f] Input: synaptics-rmi4 - fix video buffer size
testing commit f74f050cfc30876d1a70021a959d561863b2248f with gcc (GCC) 8.1.0
kernel signature: 3b0f9564eea3e79fe46b77ddc29d130af53ca148
all runs: crashed: KASAN: use-after-free Read in slip_open
# git bisect bad f74f050cfc30876d1a70021a959d561863b2248f
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[eda6c45adcf79f6a82a150e9a094f254689ef368] powerpc/perf: Fix kfree memory allocated for nest pmus
testing commit eda6c45adcf79f6a82a150e9a094f254689ef368 with gcc (GCC) 8.1.0
kernel signature: 1152f7562f7aa954b8d02c2268fd9a2471079410
all runs: OK
# git bisect good eda6c45adcf79f6a82a150e9a094f254689ef368
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[82ea5a1742e22638db3e3bb812e2e2b1eaf6b661] slip: Fix memory leak in slip_open error path
testing commit 82ea5a1742e22638db3e3bb812e2e2b1eaf6b661 with gcc (GCC) 8.1.0
kernel signature: 0dcf0a0a835121e9abce4edb885c0500c470905c
all runs: crashed: KASAN: use-after-free Read in slip_open
# git bisect bad 82ea5a1742e22638db3e3bb812e2e2b1eaf6b661
Bisecting: 0 revisions left to test after this (roughly 1 step)
[021ede687dcccba48a2cae8c98795e9eedc857e1] net: usb: qmi_wwan: add support for Foxconn T77W968 LTE modules
testing commit 021ede687dcccba48a2cae8c98795e9eedc857e1 with gcc (GCC) 8.1.0
kernel signature: d9031771554469ea529a2dccc1e77a4f007e4e93
run #0: crashed: WARNING: ODEBUG bug in netdev_freemem
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 021ede687dcccba48a2cae8c98795e9eedc857e1
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[63a44739bc53dbd44529b7e9ca641d88f151c7cb] ax88172a: fix information leak on short answers
testing commit 63a44739bc53dbd44529b7e9ca641d88f151c7cb with gcc (GCC) 8.1.0
kernel signature: b2eaa86ef1158f7bb7e7e835e924f310ea994d3d
all runs: OK
# git bisect good 63a44739bc53dbd44529b7e9ca641d88f151c7cb
021ede687dcccba48a2cae8c98795e9eedc857e1 is the first bad commit
commit 021ede687dcccba48a2cae8c98795e9eedc857e1
Author: Aleksander Morgado <aleksander@aleksander.es>
Date:   Wed Nov 13 11:11:10 2019 +0100

    net: usb: qmi_wwan: add support for Foxconn T77W968 LTE modules
    
    [ Upstream commit 802753cb0b141cf5170ab97fe7e79f5ca10d06b0 ]
    
    These are the Foxconn-branded variants of the Dell DW5821e modules,
    same USB layout as those.
    
    The QMI interface is exposed in USB configuration #1:
    
    P:  Vendor=0489 ProdID=e0b4 Rev=03.18
    S:  Manufacturer=FII
    S:  Product=T77W968 LTE
    S:  SerialNumber=0123456789ABCDEF
    C:  #Ifs= 6 Cfg#= 1 Atr=a0 MxPwr=500mA
    I:  If#=0x0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
    I:  If#=0x1 Alt= 0 #EPs= 1 Cls=03(HID  ) Sub=00 Prot=00 Driver=usbhid
    I:  If#=0x2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
    I:  If#=0x3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
    I:  If#=0x4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
    I:  If#=0x5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
    
    Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
    Acked-by: Bjørn Mork <bjorn@mork.no>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 drivers/net/usb/qmi_wwan.c | 2 ++
 1 file changed, 2 insertions(+)
kernel signature:   d9031771554469ea529a2dccc1e77a4f007e4e93
previous signature: b2eaa86ef1158f7bb7e7e835e924f310ea994d3d
revisions tested: 11, total time: 2h39m45.93381366s (build: 1h29m0.225053039s, test: 1h7m17.735113182s)
first bad commit: 021ede687dcccba48a2cae8c98795e9eedc857e1 net: usb: qmi_wwan: add support for Foxconn T77W968 LTE modules
cc: ["aleksander@aleksander.es" "bjorn@mork.no" "davem@davemloft.net" "gregkh@linuxfoundation.org"]
crash: WARNING: ODEBUG bug in netdev_freemem
RBP: 00000000004bfab0 R08: 00000000000000e7 R09: ffffffffffffffd0
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6894 at lib/debugobjects.c:290 debug_print_object.cold.13+0xa7/0xdb lib/debugobjects.c:287
Kernel panic - not syncing: panic_on_warn set ...

CPU: 1 PID: 6894 Comm: kworker/u4:5 Not tainted 4.14.154-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xf7/0x13b lib/dump_stack.c:58
 panic+0x1b0/0x358 kernel/panic.c:183
 __warn.cold.8+0x25/0x2c kernel/panic.c:547
 report_bug+0x1a4/0x1f3 lib/bug.c:186
 fixup_bug arch/x86/kernel/traps.c:177 [inline]
 do_error_trap+0x1bd/0x310 arch/x86/kernel/traps.c:295
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:314
 invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:963
RIP: 0010:debug_print_object.cold.13+0xa7/0xdb lib/debugobjects.c:287
RSP: 0018:ffff88807e6ef7b8 EFLAGS: 00010086
RAX: 0000000000000061 RBX: 0000000000000003 RCX: 0000000000000000
RDX: 0000000000000061 RSI: 0000000000000001 RDI: ffffed100fcddeee
RBP: ffff88807e6ef7e0 R08: 0000000000000000 R09: 0000000000000000
R10: ffff88807e6ef298 R11: dffffc0000000000 R12: ffffffff868ca220
R13: ffffffff813c3d80 R14: 0000000000000000 R15: ffff8880a9115400
 __debug_check_no_obj_freed lib/debugobjects.c:747 [inline]
 debug_check_no_obj_freed+0x506/0x930 lib/debugobjects.c:776
 kfree+0xbd/0x270 mm/slab.c:3814
 kvfree+0x2c/0x30 mm/util.c:416
 netdev_freemem+0x47/0x60 net/core/dev.c:8038
 netdev_release+0x6a/0x80 net/core/net-sysfs.c:1497
 device_release+0x134/0x170 drivers/base/core.c:825
 kobject_cleanup lib/kobject.c:646 [inline]
 kobject_release lib/kobject.c:675 [inline]
 kref_put include/linux/kref.h:70 [inline]
 kobject_put.cold.11+0x22a/0x2aa lib/kobject.c:692
 netdev_run_todo+0x49e/0x6d0 net/core/dev.c:7943
 rtnl_unlock+0x9/0x10 net/core/rtnetlink.c:106
 default_device_exit_batch+0x2e1/0x3b0 net/core/dev.c:8729
 ops_exit_list.isra.7+0xd3/0x120 net/core/net_namespace.c:145
 cleanup_net+0x39d/0x800 net/core/net_namespace.c:484
 process_one_work+0x79e/0x16c0 kernel/workqueue.c:2114
 worker_thread+0xcc/0xee0 kernel/workqueue.c:2248
 kthread+0x338/0x400 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404

======================================================