program: r0 = socket(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r2 = syz_clone(0x0, 0x0, 0xfffffffffffffead, 0x0, 0x0, 0x0) ptrace(0x10, r2) ptrace(0x8, r2) r3 = syz_pidfd_open(r2, 0x0) process_mrelease(r3, 0x700000000000000) process_vm_writev(r2, &(0x7f0000000700)=[{&(0x7f00000004c0)=""/199, 0xc7}], 0x1, &(0x7f0000000c40)=[{&(0x7f0000000d80)=""/95, 0x5f}], 0x1, 0x0) r4 = socket$netlink(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000340)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000010000fddbdf25250000000e0001006e657464657673696d0000000f0002006e657401657673696d3000008bcc2523c53c965cb1b982cfb8d8963785cab281f52d1304f5a4955189b5947cbd034305914813601b39e9b90aefb58b7859f5a0d61cf3676d000000000000000030869092b06f5b834774107660a50730ad3420635f1216c29a0516f2200e36d7d03962479899f5de3b095b4badb96420785c45cd85dada3596e00c59b9976439d9fe7c8e698f906dc79b10acc7d761af53a5bbf142486399d5248ef522d48523976feedcdaaffee0b8d40063757684d006e2bfcf0e6ab9ad6e0b340000000000000000000000f06fa3118c7c3518edd4d1ef215cd0c373a8a0e5453875cfc3e071cc03aa27e81afd425ac9af45ac98644156c4263700cd05290841bd2a02d1c9"], 0x34}}, 0x6048800) r6 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f, 0x4}}, 0x20) syz_usb_connect(0x0, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="11010000733336088dee1edb2361000000010902"], 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r7, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r8, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0xfffc, @local}, @ib={0x1b, 0x0, 0x0, {}, 0xfffffffffffffffc, 0x1, 0x2}}}, 0x118) r9 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) syz_usb_connect(0x2, 0x2d, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000180)="9000000018001f2fb9409b52ffff65580200be04020c060560020b0243000f00ffffff9e00c8388827a685a168d0bf47d32345653602648dcaaf6c26c291214549935ade4a460c20b6ec0cff3959547f500f58ba86c902000f1d012e02000280160012000a000000000000000000000000080000000eceb6b362bb944cf2e70100aba4183b003e5fa424ac4d31c4f7a1", 0x90, 0x0, 0x0, 0xf) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000000)={@loopback, @dev={0xac, 0x14, 0x14, 0x28}, @multicast1}, 0xc) [ 74.418988][ T4657] Bluetooth: hci0: command tx timeout [ 74.538272][ T5325] lo speed is unknown, defaulting to 1000 [ 74.542107][ T5325] lo speed is unknown, defaulting to 1000 [ 74.548126][ T5325] lo speed is unknown, defaulting to 1000 [ 74.679431][ T5325] infiniband sz1: set active [ 74.681544][ T5325] infiniband sz1: added lo [ 74.691573][ T5305] lo speed is unknown, defaulting to 1000 [ 74.723113][ T5325] smbdirect: ib_dev[sz1]: added: IB_CA max_fast_reg_page_list_len=512 device_cap_flags=0x1c001223c76 kernel_cap_flags=0x14 page_size_cap=0xfffff000 [ 74.729888][ T5325] smbdirect: ib_dev[sz1]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=32 max_cqe=32767 max_qp_wr=1048576 max_send_sge=32 max_recv_sge=32 [ 74.736794][ T5325] smbdirect: ib_dev[sz1]PORT[1]: iwarp=0 ib=0 roce=1 v1=0 v2=1 core_cap_flags=0x803005 [ 74.760533][ T5325] RDS/IB: sz1: added [ 74.762599][ T5325] smc: adding ib device sz1 with port count 1 [ 74.765868][ T5325] smc: ib device sz1 port 1 has no pnetid [ 74.770318][ T5325] lo speed is unknown, defaulting to 1000 [ 74.899671][ T5323] lo speed is unknown, defaulting to 1000 [ 75.033935][ T5323] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 75.184625][ T5323] usb 5-1: Using ep0 maxpacket: 8 [ 75.193326][ T5323] usb 5-1: config 0 has no interfaces? [ 75.196062][ T5323] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 75.200377][ T5323] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.214882][ T5323] usb 5-1: config 0 descriptor?? [ 75.431168][ T5325] smc: removing ib device sz1 [ 75.447039][ T5325] smbdirect: ib_dev[sz1] removed [ 75.700769][ T5325] ------------[ cut here ]------------ [ 75.703071][ T5325] !xa_empty(&pool->xa) [ 75.703080][ T5325] WARNING: drivers/infiniband/sw/rxe/rxe_pool.c:116 at rxe_pool_cleanup+0x48/0x60, CPU#0: syz.0.0/5325 [ 75.709636][ T5325] Modules linked in: [ 75.711469][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.715527][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 75.720006][ T5325] RIP: 0010:rxe_pool_cleanup+0x48/0x60 [ 75.722366][ T5325] Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 60 89 6f f9 48 83 3b 00 75 0c e8 55 a5 02 f9 5b c3 cc cc cc cc cc e8 49 a5 02 f9 90 <0f> 0b 90 5b e9 0f 29 e9 02 cc 66 66 66 66 66 2e 0f 1f 84 00 00 00 [ 75.730599][ T5325] RSP: 0018:ffffc9000deaf038 EFLAGS: 00010246 [ 75.733033][ T5325] RAX: ffffffff88c320c7 RBX: ffff888012dcd418 RCX: 0000000000100000 [ 75.736698][ T5325] RDX: ffffc9000ef7a000 RSI: 00000000000fffff RDI: 0000000000100000 [ 75.740231][ T5325] RBP: ffff888012dcd0f8 R08: ffff888012dcc7ab R09: 1ffff110025b98f5 [ 75.744101][ T5325] R10: dffffc0000000000 R11: ffffffff88c154b0 R12: ffffffff8fb7a960 [ 75.747444][ T5325] R13: dffffc0000000000 R14: ffffffff88c154b0 R15: dffffc0000000000 [ 75.750818][ T5325] FS: 00007fc1589f56c0(0000) GS:ffff88808c891000(0000) knlGS:0000000000000000 [ 75.754508][ T5325] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.757321][ T5325] CR2: 00007ff0ef326ca2 CR3: 0000000000bbf000 CR4: 0000000000352ef0 [ 75.760663][ T5325] Call Trace: [ 75.762152][ T5325] [ 75.763384][ T5325] rxe_dealloc+0x27/0xc0 [ 75.765454][ T5325] ? __pfx_rxe_dealloc+0x10/0x10 [ 75.767761][ T5325] ib_dealloc_device+0x54/0x200 [ 75.770033][ T5325] __ib_unregister_device+0x393/0x3f0 [ 75.772413][ T5325] ib_unregister_device_and_put+0xb8/0xf0 [ 75.775039][ T5325] nldev_dellink+0x39e/0x430 [ 75.776947][ T5325] ? __pfx_nldev_dellink+0x10/0x10 [ 75.779730][ T5325] ? apparmor_capable+0x126/0x170 [ 75.781779][ T5325] ? bpf_lsm_capable+0x9/0x20 [ 75.783848][ T5325] ? security_capable+0x7e/0x2c0 [ 75.785853][ T5325] ? __pfx_nldev_dellink+0x10/0x10 [ 75.787971][ T5325] rdma_nl_rcv+0x6d1/0xa10 [ 75.789766][ T5325] ? __pfx_rdma_nl_rcv+0x10/0x10 [ 75.791808][ T5325] ? netlink_deliver_tap+0x2e/0x1b0 [ 75.794255][ T5325] ? netlink_deliver_tap+0x2e/0x1b0 [ 75.796492][ T5325] netlink_unicast+0x75c/0x8e0 [ 75.798514][ T5325] netlink_sendmsg+0x813/0xb40 [ 75.800577][ T5325] ? __pfx_netlink_sendmsg+0x10/0x10 [ 75.802921][ T5325] ? aa_sock_msg_perm+0xf1/0x1b0 [ 75.805100][ T5325] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 75.807562][ T5325] ____sys_sendmsg+0x972/0x9f0 [ 75.809709][ T5325] ? __might_fault+0xaf/0x130 [ 75.811801][ T5325] ? __pfx_____sys_sendmsg+0x10/0x10 [ 75.814220][ T5325] ? import_iovec+0x73/0xa0 [ 75.816229][ T5325] ___sys_sendmsg+0x2a5/0x360 [ 75.818279][ T5325] ? __lock_acquire+0x6b5/0x2cf0 [ 75.820610][ T5325] ? __pfx____sys_sendmsg+0x10/0x10 [ 75.822888][ T5325] ? futex_wake+0x4ac/0x580 [ 75.825404][ T5325] ? __fget_files+0x2a/0x420 [ 75.827454][ T5325] ? __fget_files+0x3a0/0x420 [ 75.829469][ T5325] __x64_sys_sendmsg+0x1bd/0x2a0 [ 75.831556][ T5325] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 75.833938][ T5325] ? rcu_is_watching+0x15/0xb0 [ 75.835908][ T5325] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.838384][ T5325] do_syscall_64+0x174/0x580 [ 75.840343][ T5325] ? trace_irq_disable+0x3b/0x140 [ 75.842564][ T5325] ? clear_bhb_loop+0x40/0x90 [ 75.844640][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.847040][ T5325] RIP: 0033:0x7fc15c59ce59 [ 75.849034][ T5325] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 75.856649][ T5325] RSP: 002b:00007fc1589f4fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 75.860249][ T5325] RAX: ffffffffffffffda RBX: 00007fc15c815fa0 RCX: 00007fc15c59ce59 [ 75.863677][ T5325] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000009 [ 75.867129][ T5325] RBP: 00007fc15c632d6f R08: 0000000000000000 R09: 0000000000000000 [ 75.870219][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.873220][ T5325] R13: 00007fc15c816038 R14: 00007fc15c815fa0 R15: 00007fff696c8be8 [ 75.876623][ T5325] [ 75.877993][ T5325] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 75.881065][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.884702][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 75.888944][ T5325] Call Trace: [ 75.890306][ T5325] [ 75.891517][ T5325] vpanic+0x56c/0xa60 [ 75.893163][ T5325] ? __pfx__printk+0x10/0x10 [ 75.894868][ T5325] ? __pfx_vpanic+0x10/0x10 [ 75.896677][ T5325] ? is_bpf_text_address+0x292/0x2b0 [ 75.898682][ T5325] ? is_bpf_text_address+0x26/0x2b0 [ 75.900561][ T5325] panic+0xc5/0xd0 [ 75.901972][ T5325] ? __pfx_panic+0x10/0x10 [ 75.903723][ T5325] __warn+0x315/0x4c0 [ 75.905408][ T5325] ? rxe_pool_cleanup+0x48/0x60 [ 75.907591][ T5325] ? rxe_pool_cleanup+0x48/0x60 [ 75.909762][ T5325] __report_bug+0x29a/0x540 [ 75.911844][ T5325] ? rxe_pool_cleanup+0x48/0x60 [ 75.913980][ T5325] ? __pfx___report_bug+0x10/0x10 [ 75.916286][ T5325] ? flush_workqueue_prep_pwqs+0x475/0x4f0 [ 75.918972][ T5325] ? __flush_workqueue+0x12d3/0x14f0 [ 75.921347][ T5325] ? rxe_pool_cleanup+0x48/0x60 [ 75.923622][ T5325] report_bug+0x16a/0x220 [ 75.925482][ T5325] ? rxe_pool_cleanup+0x48/0x60 [ 75.927534][ T5325] ? rxe_pool_cleanup+0x4a/0x60 [ 75.929607][ T5325] handle_bug+0x9c/0x200 [ 75.931411][ T5325] exc_invalid_op+0x1a/0x50 [ 75.933338][ T5325] asm_exc_invalid_op+0x1a/0x20 [ 75.935507][ T5325] RIP: 0010:rxe_pool_cleanup+0x48/0x60 [ 75.937909][ T5325] Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 60 89 6f f9 48 83 3b 00 75 0c e8 55 a5 02 f9 5b c3 cc cc cc cc cc e8 49 a5 02 f9 90 <0f> 0b 90 5b e9 0f 29 e9 02 cc 66 66 66 66 66 2e 0f 1f 84 00 00 00 [ 75.946308][ T5325] RSP: 0018:ffffc9000deaf038 EFLAGS: 00010246 [ 75.948860][ T5325] RAX: ffffffff88c320c7 RBX: ffff888012dcd418 RCX: 0000000000100000 [ 75.951803][ T5325] RDX: ffffc9000ef7a000 RSI: 00000000000fffff RDI: 0000000000100000 [ 75.954969][ T5325] RBP: ffff888012dcd0f8 R08: ffff888012dcc7ab R09: 1ffff110025b98f5 [ 75.958332][ T5325] R10: dffffc0000000000 R11: ffffffff88c154b0 R12: ffffffff8fb7a960 [ 75.961398][ T5325] R13: dffffc0000000000 R14: ffffffff88c154b0 R15: dffffc0000000000 [ 75.964259][ T5325] ? __pfx_rxe_dealloc+0x10/0x10 [ 75.966039][ T5325] ? __pfx_rxe_dealloc+0x10/0x10 [ 75.968074][ T5325] ? rxe_pool_cleanup+0x47/0x60 [ 75.970051][ T5325] ? rxe_pool_cleanup+0x47/0x60 [ 75.971920][ T5325] rxe_dealloc+0x27/0xc0 [ 75.973559][ T5325] ? __pfx_rxe_dealloc+0x10/0x10 [ 75.975604][ T5325] ib_dealloc_device+0x54/0x200 [ 75.977664][ T5325] __ib_unregister_device+0x393/0x3f0 [ 75.979744][ T5325] ib_unregister_device_and_put+0xb8/0xf0 [ 75.981953][ T5325] nldev_dellink+0x39e/0x430 [ 75.984016][ T5325] ? __pfx_nldev_dellink+0x10/0x10 [ 75.986372][ T5325] ? apparmor_capable+0x126/0x170 [ 75.988481][ T5325] ? bpf_lsm_capable+0x9/0x20 [ 75.990449][ T5325] ? security_capable+0x7e/0x2c0 [ 75.992492][ T5325] ? __pfx_nldev_dellink+0x10/0x10 [ 75.994586][ T5325] rdma_nl_rcv+0x6d1/0xa10 [ 75.996473][ T5325] ? __pfx_rdma_nl_rcv+0x10/0x10 [ 75.998732][ T5325] ? netlink_deliver_tap+0x2e/0x1b0 [ 76.000958][ T5325] ? netlink_deliver_tap+0x2e/0x1b0 [ 76.003195][ T5325] netlink_unicast+0x75c/0x8e0 [ 76.005313][ T5325] netlink_sendmsg+0x813/0xb40 [ 76.007319][ T5325] ? __pfx_netlink_sendmsg+0x10/0x10 [ 76.009515][ T5325] ? aa_sock_msg_perm+0xf1/0x1b0 [ 76.011596][ T5325] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 76.013763][ T5325] ____sys_sendmsg+0x972/0x9f0 [ 76.015859][ T5325] ? __might_fault+0xaf/0x130 [ 76.017636][ T5325] ? __pfx_____sys_sendmsg+0x10/0x10 [ 76.019988][ T5325] ? import_iovec+0x73/0xa0 [ 76.022073][ T5325] ___sys_sendmsg+0x2a5/0x360 [ 76.024222][ T5325] ? __lock_acquire+0x6b5/0x2cf0 [ 76.026346][ T5325] ? __pfx____sys_sendmsg+0x10/0x10 [ 76.028677][ T5325] ? futex_wake+0x4ac/0x580 [ 76.030782][ T5325] ? __fget_files+0x2a/0x420 [ 76.032841][ T5325] ? __fget_files+0x3a0/0x420 [ 76.034930][ T5325] __x64_sys_sendmsg+0x1bd/0x2a0 [ 76.036968][ T5325] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 76.039177][ T5325] ? rcu_is_watching+0x15/0xb0 [ 76.041179][ T5325] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.043651][ T5325] do_syscall_64+0x174/0x580 [ 76.045408][ T5325] ? trace_irq_disable+0x3b/0x140 [ 76.047743][ T5325] ? clear_bhb_loop+0x40/0x90 [ 76.050002][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.052907][ T5325] RIP: 0033:0x7fc15c59ce59 [ 76.055187][ T5325] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 76.064091][ T5325] RSP: 002b:00007fc1589f4fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 76.067645][ T5325] RAX: ffffffffffffffda RBX: 00007fc15c815fa0 RCX: 00007fc15c59ce59 [ 76.070986][ T5325] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000009 [ 76.074392][ T5325] RBP: 00007fc15c632d6f R08: 0000000000000000 R09: 0000000000000000 [ 76.077272][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.080609][ T5325] R13: 00007fc15c816038 R14: 00007fc15c815fa0 R15: 00007fff696c8be8 [ 76.083320][ T5325] [ 76.084721][ T5325] Kernel Offset: disabled [ 76.086341][ T5325] Rebooting in 86400 seconds..