bisecting fixing commit since 8ee0807eedf3bc60c8a47a7dd95387102bcfd063
building syzkaller on 6caa12e443d9f79aa2df67d44cdc6163eaa1e97f
testing commit 8ee0807eedf3bc60c8a47a7dd95387102bcfd063
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 19f91caef9e9d8e345f78dcd6873f7f11ebe77c4e31f006e4c7cd39874c21302
run #0: crashed: WARNING: ODEBUG bug in netdev_freemem
run #1: crashed: WARNING: ODEBUG bug in netdev_freemem
run #2: crashed: WARNING: ODEBUG bug in netdev_freemem
run #3: crashed: unregister_netdevice: waiting for DEV to become free
run #4: crashed: WARNING: ODEBUG bug in netdev_freemem
run #5: crashed: unregister_netdevice: waiting for DEV to become free
run #6: crashed: WARNING: ODEBUG bug in netdev_freemem
run #7: crashed: WARNING: ODEBUG bug in netdev_freemem
run #8: crashed: WARNING: ODEBUG bug in netdev_freemem
run #9: crashed: WARNING: ODEBUG bug in netdev_freemem
run #10: crashed: unregister_netdevice: waiting for DEV to become free
run #11: crashed: WARNING: ODEBUG bug in netdev_freemem
run #12: crashed: unregister_netdevice: waiting for DEV to become free
run #13: crashed: WARNING: ODEBUG bug in netdev_freemem
run #14: crashed: WARNING: ODEBUG bug in netdev_freemem
run #15: crashed: unregister_netdevice: waiting for DEV to become free
run #16: crashed: unregister_netdevice: waiting for DEV to become free
run #17: crashed: unregister_netdevice: waiting for DEV to become free
run #18: crashed: unregister_netdevice: waiting for DEV to become free
run #19: crashed: unregister_netdevice: waiting for DEV to become free
testing current HEAD 004bfaafc45ccc95366b37c9b9e7844cd5156368
testing commit 004bfaafc45ccc95366b37c9b9e7844cd5156368
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 7e16d1eb2e63a68d37890dcb7aab363faeaf19ae9a4ad900a65931771d639231
run #0: crashed: unregister_netdevice: waiting for DEV to become free
run #1: crashed: unregister_netdevice: waiting for DEV to become free
run #2: crashed: unregister_netdevice: waiting for DEV to become free
run #3: crashed: WARNING: ODEBUG bug in netdev_freemem
run #4: crashed: WARNING: ODEBUG bug in netdev_freemem
run #5: crashed: WARNING: ODEBUG bug in netdev_freemem
run #6: crashed: unregister_netdevice: waiting for DEV to become free
run #7: crashed: WARNING: ODEBUG bug in netdev_freemem
run #8: crashed: WARNING: ODEBUG bug in netdev_freemem
run #9: crashed: WARNING: ODEBUG bug in netdev_freemem
revisions tested: 2, total time: 30m36.3910438s (build: 23m26.547231611s, test: 6m39.51162597s)
the crash still happens on HEAD
commit msg: Linux 4.14.273
crash: WARNING: ODEBUG bug in netdev_freemem
ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90 kernel/workqueue.c:4866
------------[ cut here ]------------
WARNING: CPU: 1 PID: 8295 at lib/debugobjects.c:290 debug_print_object.cold.8+0xa7/0xdb lib/debugobjects.c:287
Kernel panic - not syncing: panic_on_warn set ...

CPU: 1 PID: 8295 Comm: syz-executor193 Not tainted 4.14.273-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x14b/0x1e7 lib/dump_stack.c:58
 panic+0x1b0/0x358 kernel/panic.c:183
 __warn.cold.7+0x25/0x25 kernel/panic.c:547
 report_bug+0x1a1/0x200 lib/bug.c:183
 fixup_bug arch/x86/kernel/traps.c:177 [inline]
 fixup_bug arch/x86/kernel/traps.c:172 [inline]
 do_error_trap+0x1bd/0x310 arch/x86/kernel/traps.c:295
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:314
 invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:964
RIP: 0010:debug_print_object.cold.8+0xa7/0xdb lib/debugobjects.c:287
RSP: 0018:ffff8880afae7128 EFLAGS: 00010082
RAX: 0000000000000061 RBX: 0000000000000003 RCX: 0000000000000000
RDX: 0000000000000061 RSI: ffffffff878b9920 RDI: ffffed1015f5ce1c
RBP: ffff8880afae7150 R08: 0000000000000000 R09: 0000000000000000
R10: fffffbfff15eeaf1 R11: dffffc0000000000 R12: ffffffff878b4ba0
R13: ffffffff813611b0 R14: 0000000000000000 R15: dffffc0000000000
 __debug_check_no_obj_freed lib/debugobjects.c:747 [inline]
 debug_check_no_obj_freed+0x4bc/0x890 lib/debugobjects.c:776
 kfree+0xbd/0x270 mm/slab.c:3814
 kvfree+0x2c/0x30 mm/util.c:416
 netdev_freemem+0x47/0x60 net/core/dev.c:8064
 netdev_release+0x6a/0x80 net/core/net-sysfs.c:1525
 device_release+0x134/0x170 drivers/base/core.c:848
 kobject_cleanup lib/kobject.c:646 [inline]
 kobject_release lib/kobject.c:675 [inline]
 kref_put include/linux/kref.h:70 [inline]
 kobject_put lib/kobject.c:692 [inline]
 kobject_put+0x14f/0x3d0 lib/kobject.c:685
 put_device+0x12/0x20 drivers/base/core.c:2030
 free_netdev+0x237/0x320 net/core/dev.c:8234
 rtnl_newlink+0x1050/0x1520 net/core/rtnetlink.c:2746
 rtnetlink_rcv_msg+0x34c/0x9e0 net/core/rtnetlink.c:4322
 netlink_rcv_skb+0x12f/0x3b0 net/netlink/af_netlink.c:2446
 rtnetlink_rcv+0x10/0x20 net/core/rtnetlink.c:4334
 netlink_unicast_kernel net/netlink/af_netlink.c:1294 [inline]
 netlink_unicast+0x40b/0x610 net/netlink/af_netlink.c:1320
 netlink_sendmsg+0x651/0xc10 net/netlink/af_netlink.c:1891
 sock_sendmsg_nosec net/socket.c:646 [inline]
 sock_sendmsg+0xac/0xf0 net/socket.c:656
 ___sys_sendmsg+0x625/0x920 net/socket.c:2062
 __sys_sendmsg+0xc1/0x140 net/socket.c:2096
 SYSC_sendmsg net/socket.c:2107 [inline]
 SyS_sendmsg+0xd/0x20 net/socket.c:2103
 do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7fa7fba6f399
RSP: 002b:00007ffcb641bf38 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa7fba6f399
RDX: 0000000004040000 RSI: 0000000020000080 RDI: 0000000000000004
RBP: 00007ffcb641bf40 R08: 65732f636f72702f R09: 65732f636f72702f
R10: 65732f636f72702f R11: 0000000000000246 R12: 00007fa7fba33280
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000

======================================================