bisecting fixing commit since 4d552acf337038028f7e2f63a927afb7adf65fc1
building syzkaller on 505ab413c77ce8c6bd4658ea5e68ea2534d47b39
testing commit 4d552acf337038028f7e2f63a927afb7adf65fc1 with gcc (GCC) 8.1.0
kernel signature: 45e7f6f3e17dd3935b1050695baf27e13613a768
run #0: crashed: WARNING in xfrm6_tunnel_net_exit
run #1: crashed: WARNING in xfrm6_tunnel_net_exit
run #2: crashed: WARNING in xfrm6_tunnel_net_exit
run #3: crashed: WARNING in xfrm6_tunnel_net_exit
run #4: crashed: WARNING in xfrm6_tunnel_net_exit
run #5: crashed: WARNING in xfrm6_tunnel_net_exit
run #6: crashed: WARNING in xfrm6_tunnel_net_exit
run #7: crashed: WARNING in xfrm6_tunnel_net_exit
run #8: crashed: WARNING in xfrm6_tunnel_net_exit
run #9: OK
testing current HEAD 312017a460d5ea31d646e7148e400e13db799ddc
testing commit 312017a460d5ea31d646e7148e400e13db799ddc with gcc (GCC) 8.1.0
kernel signature: 3a38cb0088e803693d0282bfc6c439c597ce9300
run #0: crashed: WARNING: ODEBUG bug in netdev_freemem
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
revisions tested: 2, total time: 37m16.175417158s (build: 17m1.683217955s, test: 19m40.862178948s)
the crash still happens on HEAD
commit msg: Linux 4.19.89
crash: WARNING: ODEBUG bug in netdev_freemem
IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
------------[ cut here ]------------
IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90 kernel/workqueue.c:4919
IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
WARNING: CPU: 1 PID: 32 at lib/debugobjects.c:328 debug_print_object+0x16a/0x210 lib/debugobjects.c:325
Kernel panic - not syncing: panic_on_warn set ...

CPU: 1 PID: 32 Comm: kworker/u4:2 Not tainted 4.19.89-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x123/0x177 lib/dump_stack.c:118
 panic+0x1cd/0x387 kernel/panic.c:186
 __warn.cold.8+0x1b/0x3c kernel/panic.c:541
 report_bug+0x1a4/0x200 lib/bug.c:186
 fixup_bug arch/x86/kernel/traps.c:178 [inline]
 do_error_trap+0x200/0x350 arch/x86/kernel/traps.c:296
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316
 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1037
RIP: 0010:debug_print_object+0x16a/0x210 lib/debugobjects.c:325
Code: fe 86 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 92 00 00 00 48 8b 14 dd 00 2f fe 86 4c 89 fe 48 c7 c7 40 24 fe 86 e8 19 2e 46 fe <0f> 0b 83 05 09 42 bf 05 01 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f
RSP: 0018:ffff8880a996f840 EFLAGS: 00010082
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
RDX: 0000000000000004 RSI: 0000000000000000 RDI: ffffffff89a816a0
RBP: ffff8880a996f880 R08: 0000000000000000 R09: fffffbfff0ff1ff0
R10: fffffbfff0ff1ff0 R11: ffffffff87f8ff83 R12: 0000000000000001
R13: ffffffff87fa7140 R14: ffffffff8153fdf0 R15: ffffffff86fe2b20
 __debug_check_no_obj_freed lib/debugobjects.c:785 [inline]
 debug_check_no_obj_freed+0x264/0x472 lib/debugobjects.c:817
 kfree+0xbd/0x230 mm/slab.c:3821
 kvfree+0x2c/0x30 mm/util.c:452
 netdev_freemem+0x47/0x60 net/core/dev.c:8913
 netdev_release+0x6c/0x90 net/core/net-sysfs.c:1645
 device_release+0x74/0x1d0 drivers/base/core.c:892
 kobject_cleanup lib/kobject.c:662 [inline]
 kobject_release lib/kobject.c:691 [inline]
 kref_put include/linux/kref.h:70 [inline]
 kobject_put.cold.10+0x22e/0x281 lib/kobject.c:708
 netdev_run_todo+0x45c/0x6a0 net/core/dev.c:8818
 rtnl_unlock+0x9/0x10 net/core/rtnetlink.c:117
 default_device_exit_batch+0x2ec/0x3d0 net/core/dev.c:9601
 ops_exit_list.isra.5+0xd9/0x130 net/core/net_namespace.c:156
 cleanup_net+0x368/0x850 net/core/net_namespace.c:553
 process_one_work+0x835/0x1670 kernel/workqueue.c:2153
 worker_thread+0x85/0xb60 kernel/workqueue.c:2296
 kthread+0x327/0x3f0 kernel/kthread.c:246
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:415

======================================================