geneve0 speed is unknown, defaulting to 1000
==================================================================
BUG: KASAN: slab-use-after-free in siw_query_port+0x37b/0x3e0 drivers/infiniband/sw/siw/siw_verbs.c:177
Read of size 4 at addr ffff8880365440e8 by task kworker/0:2/15614

CPU: 0 PID: 15614 Comm: kworker/0:2 Not tainted 6.4.0-syzkaller-12491-gc192ac735768 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
Workqueue: infiniband ib_cache_event_task
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106
 print_address_description.constprop.0+0x2c/0x3c0 mm/kasan/report.c:364
 print_report mm/kasan/report.c:475 [inline]
 kasan_report+0x11d/0x130 mm/kasan/report.c:588
 siw_query_port+0x37b/0x3e0 drivers/infiniband/sw/siw/siw_verbs.c:177
 iw_query_port drivers/infiniband/core/device.c:2049 [inline]
 ib_query_port drivers/infiniband/core/device.c:2090 [inline]
 ib_query_port+0x3c4/0x8f0 drivers/infiniband/core/device.c:2082
 ib_cache_update.part.0+0xcf/0x920 drivers/infiniband/core/cache.c:1487
 ib_cache_update drivers/infiniband/core/cache.c:1561 [inline]
 ib_cache_event_task+0x1b1/0x270 drivers/infiniband/core/cache.c:1561
 process_one_work+0xa34/0x16f0 kernel/workqueue.c:2597
 worker_thread+0x67d/0x10c0 kernel/workqueue.c:2748
 kthread+0x344/0x440 kernel/kthread.c:389
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>

Allocated by task 5068:
 kasan_save_stack+0x22/0x40 mm/kasan/common.c:45
 kasan_set_track+0x25/0x30 mm/kasan/common.c:52
 ____kasan_kmalloc mm/kasan/common.c:374 [inline]
 ____kasan_kmalloc mm/kasan/common.c:333 [inline]
 __kasan_kmalloc+0xa3/0xb0 mm/kasan/common.c:383
 kasan_kmalloc include/linux/kasan.h:196 [inline]
 __do_kmalloc_node mm/slab_common.c:985 [inline]
 __kmalloc_node+0x61/0x1a0 mm/slab_common.c:992
 kmalloc_node include/linux/slab.h:602 [inline]
 kvmalloc_node+0xa2/0x1a0 mm/util.c:604
 kvmalloc include/linux/slab.h:720 [inline]
 kvzalloc include/linux/slab.h:728 [inline]
 alloc_netdev_mqs+0x9b/0x1270 net/core/dev.c:10594
 rtnl_create_link+0xc17/0xf20 net/core/rtnetlink.c:3336
 rtnl_newlink_create net/core/rtnetlink.c:3462 [inline]
 __rtnl_newlink+0x1001/0x1860 net/core/rtnetlink.c:3689
 rtnl_newlink+0x68/0xa0 net/core/rtnetlink.c:3702
 rtnetlink_rcv_msg+0x43d/0xd50 net/core/rtnetlink.c:6424
 netlink_rcv_skb+0x165/0x440 net/netlink/af_netlink.c:2549
 netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]
 netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1365
 netlink_sendmsg+0x925/0xe30 net/netlink/af_netlink.c:1914
 sock_sendmsg_nosec net/socket.c:725 [inline]
 sock_sendmsg+0xde/0x190 net/socket.c:748
 __sys_sendto+0x254/0x350 net/socket.c:2134
 __do_sys_sendto net/socket.c:2146 [inline]
 __se_sys_sendto net/socket.c:2142 [inline]
 __x64_sys_sendto+0xe1/0x1b0 net/socket.c:2142
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Freed by task 17500:
 kasan_save_stack+0x22/0x40 mm/kasan/common.c:45
 kasan_set_track+0x25/0x30 mm/kasan/common.c:52
 kasan_save_free_info+0x28/0x40 mm/kasan/generic.c:522
 ____kasan_slab_free mm/kasan/common.c:236 [inline]
 ____kasan_slab_free+0x13b/0x1a0 mm/kasan/common.c:200
 kasan_slab_free include/linux/kasan.h:162 [inline]
 __cache_free mm/slab.c:3370 [inline]
 __do_kmem_cache_free mm/slab.c:3557 [inline]
 __kmem_cache_free+0xcd/0x2c0 mm/slab.c:3564
 kvfree+0x46/0x50 mm/util.c:650
 device_release+0xa3/0x240 drivers/base/core.c:2484
 kobject_cleanup lib/kobject.c:682 [inline]
 kobject_release lib/kobject.c:713 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x1c2/0x4d0 lib/kobject.c:730
 netdev_run_todo+0x762/0x1100 net/core/dev.c:10366
 default_device_exit_batch+0x456/0x5b0 net/core/dev.c:11360
 ops_exit_list+0x125/0x170 net/core/net_namespace.c:175
 cleanup_net+0x4ee/0xb10 net/core/net_namespace.c:614
 process_one_work+0xa34/0x16f0 kernel/workqueue.c:2597
 worker_thread+0x67d/0x10c0 kernel/workqueue.c:2748
 kthread+0x344/0x440 kernel/kthread.c:389
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308

The buggy address belongs to the object at ffff888036544000
 which belongs to the cache kmalloc-cg-4k of size 4096
The buggy address is located 232 bytes inside of
 freed 4096-byte region [ffff888036544000, ffff888036545000)

The buggy address belongs to the physical page:
page:ffffea0000d95100 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36544
head:ffffea0000d95100 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
page_type: 0x1()
raw: 00fff00000010200 ffff88801284da00 ffffea0000d93910 ffffea0000d95310
raw: 0000000000000000 ffff888036544000 0000000100000001 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 1, migratetype Unmovable, gfp_mask 0x2460c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP|__GFP_THISNODE), pid 5068, tgid 5068 (syz-executor.3), ts 270078571196, free_ts 0
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook+0x2db/0x350 mm/page_alloc.c:1570
 prep_new_page mm/page_alloc.c:1577 [inline]
 get_page_from_freelist+0xfed/0x2d30 mm/page_alloc.c:3221
 __alloc_pages+0x1cb/0x4a0 mm/page_alloc.c:4477
 __alloc_pages_node include/linux/gfp.h:237 [inline]
 kmem_getpages mm/slab.c:1356 [inline]
 cache_grow_begin+0x9b/0x3b0 mm/slab.c:2550
 cache_alloc_refill+0x289/0x3a0 mm/slab.c:2923
 ____cache_alloc mm/slab.c:2999 [inline]
 ____cache_alloc mm/slab.c:2982 [inline]
 __do_cache_alloc mm/slab.c:3182 [inline]
 slab_alloc_node mm/slab.c:3230 [inline]
 __kmem_cache_alloc_node+0x392/0x410 mm/slab.c:3521
 __do_kmalloc_node mm/slab_common.c:984 [inline]
 __kmalloc_node+0x51/0x1a0 mm/slab_common.c:992
 kmalloc_node include/linux/slab.h:602 [inline]
 kvmalloc_node+0xa2/0x1a0 mm/util.c:604
 kvmalloc include/linux/slab.h:720 [inline]
 kvzalloc include/linux/slab.h:728 [inline]
 alloc_netdev_mqs+0x9b/0x1270 net/core/dev.c:10594
 rtnl_create_link+0xc17/0xf20 net/core/rtnetlink.c:3336
 rtnl_newlink_create net/core/rtnetlink.c:3462 [inline]
 __rtnl_newlink+0x1001/0x1860 net/core/rtnetlink.c:3689
 rtnl_newlink+0x68/0xa0 net/core/rtnetlink.c:3702
 rtnetlink_rcv_msg+0x43d/0xd50 net/core/rtnetlink.c:6424
 netlink_rcv_skb+0x165/0x440 net/netlink/af_netlink.c:2549
 netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]
 netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1365
 netlink_sendmsg+0x925/0xe30 net/netlink/af_netlink.c:1914
page_owner free stack trace missing

Memory state around the buggy address:
 ffff888036543f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff888036544000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff888036544080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                                          ^
 ffff888036544100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888036544180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================