==================================================================
BUG: KFENCE: use-after-free read in __ethtool_get_link_ksettings+0x74/0x190

Use-after-free read at 0xffff8881365c22e8 (in kfence-#224):
 __ethtool_get_link_ksettings+0x74/0x190
 ib_get_eth_speed+0x15e/0x7b0
 rxe_query_port+0x93/0x3b0
 ib_query_port+0x170/0x830
 smc_ib_port_event_work+0x15a/0x940
 process_scheduled_works+0xae1/0x17b0
 worker_thread+0x8a0/0xda0
 kthread+0x711/0x8a0
 ret_from_fork+0x3fc/0x770
 ret_from_fork_asm+0x1a/0x30

kfence-#224: 0xffff8881365c2000-0xffff8881365c2da7, size=3496, cache=kmalloc-cg-4k

allocated by task 5852 on cpu 0 at 66.804527s (82.386545s ago):
 __kvmalloc_node_noprof+0x547/0x5f0
 alloc_netdev_mqs+0xa3/0x1170
 rtnl_create_link+0x31f/0xd10
 rtnl_newlink_create+0x25c/0xb00
 rtnl_newlink+0x16d6/0x1c70
 rtnetlink_rcv_msg+0x7cf/0xb70
 netlink_rcv_skb+0x208/0x470
 netlink_unicast+0x82f/0x9e0
 netlink_sendmsg+0x805/0xb30
 __sock_sendmsg+0x21c/0x270
 __sys_sendto+0x3bd/0x520
 __x64_sys_sendto+0xde/0x100
 do_syscall_64+0xfa/0x3b0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

freed by task 12 on cpu 0 at 149.152988s (0.069036s ago):
 device_release+0x9c/0x1c0
 kobject_put+0x22b/0x480
 netdev_run_todo+0xd2e/0xea0
 default_device_exit_batch+0x81e/0x890
 ops_undo_list+0x525/0x990
 cleanup_net+0x4c5/0x800
 process_scheduled_works+0xae1/0x17b0
 worker_thread+0x8a0/0xda0
 kthread+0x711/0x8a0
 ret_from_fork+0x3fc/0x770
 ret_from_fork_asm+0x1a/0x30

CPU: 1 UID: 0 PID: 5896 Comm: kworker/1:5 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094 #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Workqueue: events smc_ib_port_event_work
RIP: 0010:__ethtool_get_link_ksettings+0x74/0x190
Code: 00 00 00 fc ff df 4d 8d be e8 02 00 00 4c 89 fd 48 c1 ed 03 42 80 7c 2d 00 00 74 08 4c 89 ff e8 42 02 80 f8 41 bc f0 01 00 00 <4d> 03 27 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 23
RSP: 0018:ffffc90003d2f7a8 EFLAGS: 00010246
RAX: ffffffff89a31262 RBX: ffffc90003d2f820 RCX: ffff8881080a8000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 1ffff11026cb845d R08: ffffffff8f537c67 R09: 1ffffffff1ea6f8c
R10: dffffc0000000000 R11: fffffbfff1ea6f8d R12: 00000000000001f0
R13: dffffc0000000000 R14: ffff8881365c2000 R15: ffff8881365c22e8
FS:  0000000000000000(0000) GS:ffff8881a3c1c000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8881365c22e8 CR3: 000000010e4be000 CR4: 00000000000006f0
Call Trace:
 <TASK>
 ib_get_eth_speed+0x15e/0x7b0
 rxe_query_port+0x93/0x3b0
 ib_query_port+0x170/0x830
 smc_ib_port_event_work+0x15a/0x940
 process_scheduled_works+0xae1/0x17b0
 worker_thread+0x8a0/0xda0
 kthread+0x711/0x8a0
 ret_from_fork+0x3fc/0x770
 ret_from_fork_asm+0x1a/0x30
 </TASK>
==================================================================
