wlan1 speed is unknown, defaulting to 1000
==================================================================
BUG: KASAN: use-after-free in siw_query_port+0x342/0x430 drivers/infiniband/sw/siw/siw_verbs.c:175
Read of size 4 at addr ffff88801e7780d8 by task kworker/1:5/3594

CPU: 1 PID: 3594 Comm: kworker/1:5 Not tainted 5.15.146-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Workqueue: infiniband ib_cache_event_task
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
 print_address_description+0x63/0x3b0 mm/kasan/report.c:248
 __kasan_report mm/kasan/report.c:434 [inline]
 kasan_report+0x16b/0x1c0 mm/kasan/report.c:451
 siw_query_port+0x342/0x430 drivers/infiniband/sw/siw/siw_verbs.c:175
 ib_cache_update+0x1a8/0xaf0 drivers/infiniband/core/cache.c:1481
 ib_cache_event_task+0xef/0x1e0 drivers/infiniband/core/cache.c:1555
 process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
 worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
 kthread+0x3f6/0x4f0 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
 </TASK>

The buggy address belongs to the page:
page:ffffea000079de00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1e778
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 ffffea0000f49f08 ffff8880b9a3fdb0 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as freed
page last allocated via order 2, migratetype Unmovable, gfp_mask 0x546dc0(GFP_USER|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP|__GFP_ZERO|__GFP_ACCOUNT), pid 13410, ts 895007605626, free_ts 1041734073720
 prep_new_page mm/page_alloc.c:2426 [inline]
 get_page_from_freelist+0x322a/0x33c0 mm/page_alloc.c:4159
 __alloc_pages+0x272/0x700 mm/page_alloc.c:5421
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_pages_node include/linux/gfp.h:584 [inline]
 kmalloc_large_node+0x7c/0x180 mm/slub.c:4421
 __kmalloc_node+0x22d/0x390 mm/slub.c:4437
 kmalloc_node include/linux/slab.h:614 [inline]
 kvmalloc_node+0x80/0x140 mm/util.c:619
 kvmalloc include/linux/mm.h:805 [inline]
 kvzalloc include/linux/mm.h:813 [inline]
 alloc_netdev_mqs+0x85/0xc10 net/core/dev.c:10840
 ieee80211_if_add+0x11fe/0x1e50 net/mac80211/iface.c:1934
 ieee80211_register_hw+0x2aa9/0x39d0 net/mac80211/main.c:1314
 mac80211_hwsim_new_radio+0x223d/0x4200 drivers/net/wireless/mac80211_hwsim.c:3374
 hwsim_new_radio_nl+0xbae/0x1090 drivers/net/wireless/mac80211_hwsim.c:3950
 genl_family_rcv_msg_doit net/netlink/genetlink.c:731 [inline]
 genl_family_rcv_msg net/netlink/genetlink.c:775 [inline]
 genl_rcv_msg+0xfbd/0x14a0 net/netlink/genetlink.c:792
 netlink_rcv_skb+0x1cf/0x410 net/netlink/af_netlink.c:2505
 genl_rcv+0x24/0x40 net/netlink/genetlink.c:803
 netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]
 netlink_unicast+0x7b6/0x980 net/netlink/af_netlink.c:1356
 netlink_sendmsg+0xa30/0xd60 net/netlink/af_netlink.c:1924
 sock_sendmsg_nosec net/socket.c:704 [inline]
 __sock_sendmsg net/socket.c:716 [inline]
 __sys_sendto+0x564/0x720 net/socket.c:2056
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1340 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0xc34/0xcf0 mm/page_alloc.c:3317
 free_unref_page+0x95/0x2d0 mm/page_alloc.c:3396
 free_nonslab_page+0xe4/0x150 mm/slub.c:3535
 kfree+0x1cf/0x270 mm/slub.c:4556
 device_release+0x91/0x1c0
 kobject_cleanup lib/kobject.c:713 [inline]
 kobject_release lib/kobject.c:744 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x224/0x460 lib/kobject.c:761
 netdev_run_todo+0xaaf/0xc40 net/core/dev.c:10658
 ieee80211_unregister_hw+0x5a/0x220 net/mac80211/main.c:1392
 mac80211_hwsim_del_radio+0x2bb/0x4a0 drivers/net/wireless/mac80211_hwsim.c:3473
 hwsim_exit_net+0x5b8/0x660 drivers/net/wireless/mac80211_hwsim.c:4243
 ops_exit_list net/core/net_namespace.c:169 [inline]
 cleanup_net+0x6ce/0xb60 net/core/net_namespace.c:596
 process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
 worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
 kthread+0x3f6/0x4f0 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298

Memory state around the buggy address:
 ffff88801e777f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff88801e778000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
>ffff88801e778080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                    ^
 ffff88801e778100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
 ffff88801e778180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================