bisecting fixing commit since 8ee0807eedf3bc60c8a47a7dd95387102bcfd063
building syzkaller on 6caa12e443d9f79aa2df67d44cdc6163eaa1e97f
testing commit 8ee0807eedf3bc60c8a47a7dd95387102bcfd063
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 09429db5e56f70f8b763dbfbe4adf3b4d46eb6394028711a4db3eb6820d61875
run #0: crashed: unregister_netdevice: waiting for DEV to become free
run #1: crashed: unregister_netdevice: waiting for DEV to become free
run #2: crashed: WARNING: ODEBUG bug in netdev_freemem
run #3: crashed: WARNING: ODEBUG bug in netdev_freemem
run #4: crashed: WARNING: ODEBUG bug in netdev_freemem
run #5: crashed: WARNING: ODEBUG bug in netdev_freemem
run #6: crashed: WARNING: ODEBUG bug in netdev_freemem
run #7: crashed: unregister_netdevice: waiting for DEV to become free
run #8: crashed: WARNING: ODEBUG bug in netdev_freemem
run #9: crashed: WARNING: ODEBUG bug in netdev_freemem
run #10: crashed: WARNING: ODEBUG bug in netdev_freemem
run #11: crashed: WARNING: ODEBUG bug in netdev_freemem
run #12: crashed: unregister_netdevice: waiting for DEV to become free
run #13: crashed: WARNING: ODEBUG bug in netdev_freemem
run #14: crashed: WARNING: ODEBUG bug in netdev_freemem
run #15: crashed: unregister_netdevice: waiting for DEV to become free
run #16: crashed: unregister_netdevice: waiting for DEV to become free
run #17: crashed: unregister_netdevice: waiting for DEV to become free
run #18: crashed: unregister_netdevice: waiting for DEV to become free
run #19: crashed: unregister_netdevice: waiting for DEV to become free
testing current HEAD a35d65bedfbc38cffe2701798cd6810bbdf07892
testing commit a35d65bedfbc38cffe2701798cd6810bbdf07892
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 8919c891e5aff9cfe20b511117382fc5e56a4812821f978101b21a1f89fe6c4c
run #0: crashed: WARNING: ODEBUG bug in netdev_freemem
run #1: crashed: unregister_netdevice: waiting for DEV to become free
run #2: crashed: unregister_netdevice: waiting for DEV to become free
run #3: crashed: unregister_netdevice: waiting for DEV to become free
run #4: crashed: unregister_netdevice: waiting for DEV to become free
run #5: crashed: unregister_netdevice: waiting for DEV to become free
run #6: crashed: WARNING: ODEBUG bug in netdev_freemem
run #7: crashed: WARNING: ODEBUG bug in netdev_freemem
run #8: crashed: unregister_netdevice: waiting for DEV to become free
run #9: crashed: unregister_netdevice: waiting for DEV to become free
revisions tested: 2, total time: 26m0.229816738s (build: 18m42.497215968s, test: 6m44.503438302s)
the crash still happens on HEAD
commit msg: Linux 4.14.267
crash: unregister_netdevice: waiting for DEV to become free
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
can: request_module (can-proto-0) failed.
can: request_module (can-proto-0) failed.
can: request_module (can-proto-0) failed.
unregister_netdevice: waiting for ip6gre0 to become free. Usage count = -1
ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90 kernel/workqueue.c:4866
------------[ cut here ]------------
WARNING: CPU: 1 PID: 8307 at lib/debugobjects.c:290 debug_print_object.cold.8+0xa7/0xdb lib/debugobjects.c:287
Kernel panic - not syncing: panic_on_warn set ...

CPU: 1 PID: 8307 Comm: syz-executor635 Not tainted 4.14.267-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x14b/0x1e7 lib/dump_stack.c:58
 panic+0x1b0/0x358 kernel/panic.c:183
 __warn.cold.7+0x25/0x25 kernel/panic.c:547
 report_bug+0x1a1/0x200 lib/bug.c:183
 fixup_bug arch/x86/kernel/traps.c:177 [inline]
 fixup_bug arch/x86/kernel/traps.c:172 [inline]
 do_error_trap+0x1bd/0x310 arch/x86/kernel/traps.c:295
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:314
 invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:964
RIP: 0010:debug_print_object.cold.8+0xa7/0xdb lib/debugobjects.c:287
RSP: 0018:ffff88809a8d7128 EFLAGS: 00010082
RAX: 0000000000000061 RBX: 0000000000000003 RCX: 0000000000000000
RDX: 0000000000000061 RSI: ffffffff878b92a0 RDI: ffffed101351ae1c
RBP: ffff88809a8d7150 R08: 0000000000000000 R09: 0000000000000000
R10: fffffbfff15eeaf1 R11: dffffc0000000000 R12: ffffffff878b4520
R13: ffffffff81361180 R14: 0000000000000000 R15: dffffc0000000000
 __debug_check_no_obj_freed lib/debugobjects.c:747 [inline]
 debug_check_no_obj_freed+0x4bc/0x890 lib/debugobjects.c:776
 kfree+0xbd/0x270 mm/slab.c:3814
 kvfree+0x2c/0x30 mm/util.c:416
 netdev_freemem+0x47/0x60 net/core/dev.c:8064
 netdev_release+0x6a/0x80 net/core/net-sysfs.c:1525
 device_release+0x134/0x170 drivers/base/core.c:848
 kobject_cleanup lib/kobject.c:646 [inline]
 kobject_release lib/kobject.c:675 [inline]
 kref_put include/linux/kref.h:70 [inline]
 kobject_put lib/kobject.c:692 [inline]
 kobject_put+0x14f/0x3d0 lib/kobject.c:685
 put_device+0x12/0x20 drivers/base/core.c:2030
 free_netdev+0x237/0x320 net/core/dev.c:8234
 rtnl_newlink+0x1050/0x1520 net/core/rtnetlink.c:2746
 rtnetlink_rcv_msg+0x34c/0x9e0 net/core/rtnetlink.c:4322
 netlink_rcv_skb+0x12f/0x3b0 net/netlink/af_netlink.c:2446
 rtnetlink_rcv+0x10/0x20 net/core/rtnetlink.c:4334
 netlink_unicast_kernel net/netlink/af_netlink.c:1294 [inline]
 netlink_unicast+0x40b/0x610 net/netlink/af_netlink.c:1320
 netlink_sendmsg+0x651/0xc10 net/netlink/af_netlink.c:1891
 sock_sendmsg_nosec net/socket.c:646 [inline]
 sock_sendmsg+0xac/0xf0 net/socket.c:656
 ___sys_sendmsg+0x625/0x920 net/socket.c:2062
 __sys_sendmsg+0xc1/0x140 net/socket.c:2096
 SYSC_sendmsg net/socket.c:2107 [inline]
 SyS_sendmsg+0xd/0x20 net/socket.c:2103
 do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f588f447399
RSP: 002b:00007fffb0c67d38 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f588f447399
RDX: 0000000004040000 RSI: 0000000020000080 RDI: 0000000000000004
RBP: 00007fffb0c67d40 R08: 65732f636f72702f R09: 65732f636f72702f
R10: 65732f636f72702f R11: 0000000000000246 R12: 00007f588f40b280
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000

======================================================