program: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) ioprio_set$pid(0x1, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000080)=@raw={'raw\x00', 0xc01, 0x3, 0x1e0, 0x0, 0x5002004a, 0x0, 0x128, 0x0, 0x1f8, 0x3c8, 0x3c8, 0x1f8, 0x3c8, 0x3, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'veth0_virt_wifi\x00', 'ip6tnl0\x00'}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x20000}}}, {{@uncond, 0x0, 0x70, 0x90}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x240) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="380000000314230c2abd70000705df250900020073797a310000000008004100727865001400330073797a5f74756e"], 0x38}, 0x1, 0x0, 0x0, 0x8845}, 0x4000) syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000640)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e7d, 0x2d50, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x70, 0x1}}]}}, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000700), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000100)={0xffffffffffffffff}, 0x111, 0xa}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f0000000180)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e25, 0x10001, @local, 0xb}, r2}}, 0x30) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_DELLINK(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) r4 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) r5 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000540)=ANY=[@ANYBLOB="5000fc00080211000001080211000000505050505050000000000000000000006400010000060202020202020102dd379eb9c16f52ca823be29f513076a4583fc5b27fe74fd27963d34b8ee6a4b7dcfd5281270d217dcee0aeb23663d915e18d787ccde33e4249ddda974eeae371f9e9f9ed3b4e54366eed3b1b91368b1edaf604833e758e0379e77c08d8314cf9602c4820616eb6a320f8ea245fabdc96334b5c8181505798dd94417ae8d1b58dafd3e3d154d6a6f2e2f4565d60a1bb39103f603432fa8f3c3328aa8b65d6a6dd74f3b20151173611ab8e861ea00bb7d5eba8c1b9755773e253583c67be6dd28ca20518d5c83b9d51de7bb8f7a2ad0b531f8ab267fb35fff709845dbcb99705003a5422de5db58dac030119bf39119f43d10be1df30ba387fa99c047f14f61c455fa21f8aba2a8e4828d510c59a8ef257e641c61859a2ddb0645809aa4ef08876a6b8edbde4e912c1fd3b3a6d17937d61040ac41d36efa570c73cf98f0bff53cb0e0f629b6b0f7b5ae88c0630db4d1b91729ff4f4bfc80925ae88d874984a1c9884a36e4c37a995a8592c77eca746d20faba9d3e4d9dc40b07c99c334401f5f67deb03bb2b7d8b9f9cf8d029f0ac3a6bd86c3d55b"], 0x2c9) write(r5, &(0x7f0000000000)="240000001a005f0214f9f407000904001f00000000000000000000000800040001000000", 0x24) bind$alg(r5, &(0x7f00000002c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha1\x00'}, 0x58) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000100000022bf000000000000", @ANYRES32, @ANYBLOB="000000000000deff0000000000000000000000002024", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) io_uring_enter(r4, 0x2219, 0x7721, 0x16, 0x0, 0x0) [ 109.008909][ T4668] Bluetooth: hci0: command tx timeout [ 109.298567][ T5326] infiniband syz1: set active [ 109.300863][ T5326] infiniband syz1: added syz_tun [ 109.358451][ T5326] RDS/IB: syz1: added [ 109.361109][ T5326] smc: adding ib device syz1 with port count 1 [ 109.364426][ T5326] smc: ib device syz1 port 1 has no pnetid [ 109.816748][ T10] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 109.970094][ T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 109.974600][ T10] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 109.979106][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 109.994653][ T10] usb 5-1: config 0 descriptor?? [ 110.011503][ T10] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 110.204861][ T5326] smc: removing ib device syz1 [ 110.465615][ T5326] ------------[ cut here ]------------ [ 110.469586][ T5326] !xa_empty(&pool->xa) [ 110.469608][ T5326] WARNING: drivers/infiniband/sw/rxe/rxe_pool.c:116 at rxe_pool_cleanup+0x48/0x60, CPU#0: syz.0.0/5326 [ 110.477204][ T5326] Modules linked in: [ 110.479297][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 110.483915][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 110.489667][ T5326] RIP: 0010:rxe_pool_cleanup+0x48/0x60 [ 110.492966][ T5326] Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 40 e0 6c f9 48 83 3b 00 75 0c e8 65 0a 01 f9 5b c3 cc cc cc cc cc e8 59 0a 01 f9 90 <0f> 0b 90 5b c3 cc cc cc cc cc 66 66 66 66 66 2e 0f 1f 84 00 00 00 [ 110.503280][ T5326] RSP: 0018:ffffc90005957038 EFLAGS: 00010246 [ 110.506025][ T5326] RAX: ffffffff88c4a2f7 RBX: ffff888041f493f0 RCX: 0000000000100000 [ 110.509888][ T5326] RDX: ffffc9000f5a2000 RSI: 00000000000fffff RDI: 0000000000100000 [ 110.513372][ T5326] RBP: ffff888041f490d0 R08: ffff888041f487cb R09: 1ffff110083e90f9 [ 110.517195][ T5326] R10: dffffc0000000000 R11: ffffffff88c2dcd0 R12: ffff888041f48000 [ 110.520848][ T5326] R13: dffffc0000000000 R14: ffffffff88c2dcd0 R15: dffffc0000000000 [ 110.525512][ T5326] FS: 00007ff7dfa1f6c0(0000) GS:ffff88808ca57000(0000) knlGS:0000000000000000 [ 110.529843][ T5326] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 110.532886][ T5326] CR2: 00007f66f59f50f5 CR3: 000000001fc59000 CR4: 0000000000352ef0 [ 110.537284][ T5326] Call Trace: [ 110.539341][ T5326] [ 110.541155][ T5326] rxe_dealloc+0x27/0xc0 [ 110.543387][ T5326] ? __pfx_rxe_dealloc+0x10/0x10 [ 110.545654][ T5326] ib_dealloc_device+0x54/0x200 [ 110.549107][ T5326] __ib_unregister_device+0x393/0x3f0 [ 110.551733][ T5326] ? __pfx_ib_device_get_by_index+0x10/0x10 [ 110.554496][ T5326] ib_unregister_device_and_put+0xb8/0xf0 [ 110.557429][ T5326] nldev_dellink+0x288/0x320 [ 110.560462][ T5326] ? __lock_acquire+0x6b5/0x2cf0 [ 110.563330][ T5326] ? __pfx_nldev_dellink+0x10/0x10 [ 110.565749][ T5326] ? apparmor_capable+0x126/0x170 [ 110.568431][ T5326] ? bpf_lsm_capable+0x9/0x20 [ 110.570579][ T5326] ? security_capable+0x7e/0x2c0 [ 110.572723][ T5326] ? __pfx_nldev_dellink+0x10/0x10 [ 110.574795][ T5326] rdma_nl_rcv+0x6d7/0xa10 [ 110.576983][ T5326] ? __pfx_rdma_nl_rcv+0x10/0x10 [ 110.579227][ T5326] ? __netlink_lookup+0x7e4/0x8b0 [ 110.582187][ T5326] ? netlink_deliver_tap+0x2e/0x1b0 [ 110.585018][ T5326] netlink_unicast+0x80f/0x9b0 [ 110.587356][ T5326] ? __pfx_netlink_unicast+0x10/0x10 [ 110.590104][ T5326] ? netlink_sendmsg+0x650/0xb40 [ 110.592619][ T5326] ? skb_put+0x11b/0x210 [ 110.594903][ T5326] netlink_sendmsg+0x813/0xb40 [ 110.597291][ T5326] ? __pfx_netlink_sendmsg+0x10/0x10 [ 110.600288][ T5326] ? aa_sock_msg_perm+0xf1/0x1b0 [ 110.603110][ T5326] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 110.606037][ T5326] ____sys_sendmsg+0x972/0x9f0 [ 110.608324][ T5326] ? futex_unqueue+0x211/0x240 [ 110.610543][ T5326] ? __pfx_____sys_sendmsg+0x10/0x10 [ 110.613068][ T5326] ? import_iovec+0x73/0xa0 [ 110.615160][ T5326] ___sys_sendmsg+0x2a5/0x360 [ 110.617444][ T5326] ? __pfx____sys_sendmsg+0x10/0x10 [ 110.619778][ T5326] ? futex_wait+0x29a/0x380 [ 110.622253][ T5326] ? __fget_files+0x2a/0x420 [ 110.624625][ T5326] ? __fget_files+0x3a0/0x420 [ 110.627134][ T5326] __x64_sys_sendmsg+0x1bd/0x2a0 [ 110.629663][ T5326] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 110.632089][ T5326] ? rcu_is_watching+0x15/0xb0 [ 110.634558][ T5326] do_syscall_64+0x14d/0xf80 [ 110.637320][ T5326] ? trace_irq_disable+0x3b/0x150 [ 110.639768][ T5326] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.642816][ T5326] ? clear_bhb_loop+0x40/0x90 [ 110.645074][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.647818][ T5326] RIP: 0033:0x7ff7deb9c799 [ 110.649897][ T5326] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 110.660807][ T5326] RSP: 002b:00007ff7dfa1efe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 110.664456][ T5326] RAX: ffffffffffffffda RBX: 00007ff7dee15fa0 RCX: 00007ff7deb9c799 [ 110.667984][ T5326] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000006 [ 110.672159][ T5326] RBP: 00007ff7dec32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 110.677391][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 110.681364][ T5326] R13: 00007ff7dee16038 R14: 00007ff7dee15fa0 R15: 00007ffe71b13f78 [ 110.684894][ T5326] [ 110.686442][ T5326] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 110.689797][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 110.693996][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 110.698581][ T5326] Call Trace: [ 110.700266][ T5326] [ 110.701777][ T5326] vpanic+0x56c/0xa60 [ 110.703638][ T5326] ? __pfx__printk+0x10/0x10 [ 110.705764][ T5326] ? __pfx_vpanic+0x10/0x10 [ 110.708434][ T5326] ? is_bpf_text_address+0x292/0x2b0 [ 110.711822][ T5326] ? is_bpf_text_address+0x26/0x2b0 [ 110.714622][ T5326] panic+0xc5/0xd0 [ 110.716415][ T5326] ? __pfx_panic+0x10/0x10 [ 110.718765][ T5326] __warn+0x315/0x4f0 [ 110.720634][ T5326] ? rxe_pool_cleanup+0x48/0x60 [ 110.722830][ T5326] ? rxe_pool_cleanup+0x48/0x60 [ 110.725136][ T5326] __report_bug+0x29a/0x540 [ 110.727663][ T5326] ? rxe_pool_cleanup+0x48/0x60 [ 110.730239][ T5326] ? __pfx___report_bug+0x10/0x10 [ 110.733300][ T5326] ? flush_workqueue_prep_pwqs+0x475/0x4f0 [ 110.736224][ T5326] ? __flush_workqueue+0x12d3/0x14f0 [ 110.738656][ T5326] ? rxe_pool_cleanup+0x48/0x60 [ 110.741111][ T5326] report_bug+0x16a/0x220 [ 110.743077][ T5326] ? rxe_pool_cleanup+0x48/0x60 [ 110.745850][ T5326] ? rxe_pool_cleanup+0x4a/0x60 [ 110.748848][ T5326] handle_bug+0x9c/0x200 [ 110.751280][ T5326] exc_invalid_op+0x1a/0x50 [ 110.753481][ T5326] asm_exc_invalid_op+0x1a/0x20 [ 110.755660][ T5326] RIP: 0010:rxe_pool_cleanup+0x48/0x60 [ 110.758052][ T5326] Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 40 e0 6c f9 48 83 3b 00 75 0c e8 65 0a 01 f9 5b c3 cc cc cc cc cc e8 59 0a 01 f9 90 <0f> 0b 90 5b c3 cc cc cc cc cc 66 66 66 66 66 2e 0f 1f 84 00 00 00 [ 110.766655][ T5326] RSP: 0018:ffffc90005957038 EFLAGS: 00010246 [ 110.770215][ T5326] RAX: ffffffff88c4a2f7 RBX: ffff888041f493f0 RCX: 0000000000100000 [ 110.774557][ T5326] RDX: ffffc9000f5a2000 RSI: 00000000000fffff RDI: 0000000000100000 [ 110.779101][ T5326] RBP: ffff888041f490d0 R08: ffff888041f487cb R09: 1ffff110083e90f9 [ 110.783624][ T5326] R10: dffffc0000000000 R11: ffffffff88c2dcd0 R12: ffff888041f48000 [ 110.788880][ T5326] R13: dffffc0000000000 R14: ffffffff88c2dcd0 R15: dffffc0000000000 [ 110.792934][ T5326] ? __pfx_rxe_dealloc+0x10/0x10 [ 110.795284][ T5326] ? __pfx_rxe_dealloc+0x10/0x10 [ 110.797711][ T5326] ? rxe_pool_cleanup+0x47/0x60 [ 110.799935][ T5326] ? rxe_pool_cleanup+0x47/0x60 [ 110.802747][ T5326] rxe_dealloc+0x27/0xc0 [ 110.805276][ T5326] ? __pfx_rxe_dealloc+0x10/0x10 [ 110.807490][ T5326] ib_dealloc_device+0x54/0x200 [ 110.809785][ T5326] __ib_unregister_device+0x393/0x3f0 [ 110.812234][ T5326] ? __pfx_ib_device_get_by_index+0x10/0x10 [ 110.815456][ T5326] ib_unregister_device_and_put+0xb8/0xf0 [ 110.818485][ T5326] nldev_dellink+0x288/0x320 [ 110.820854][ T5326] ? __lock_acquire+0x6b5/0x2cf0 [ 110.822965][ T5326] ? __pfx_nldev_dellink+0x10/0x10 [ 110.825343][ T5326] ? apparmor_capable+0x126/0x170 [ 110.827609][ T5326] ? bpf_lsm_capable+0x9/0x20 [ 110.829830][ T5326] ? security_capable+0x7e/0x2c0 [ 110.832089][ T5326] ? __pfx_nldev_dellink+0x10/0x10 [ 110.834928][ T5326] rdma_nl_rcv+0x6d7/0xa10 [ 110.837588][ T5326] ? __pfx_rdma_nl_rcv+0x10/0x10 [ 110.839935][ T5326] ? __netlink_lookup+0x7e4/0x8b0 [ 110.842365][ T5326] ? netlink_deliver_tap+0x2e/0x1b0 [ 110.844734][ T5326] netlink_unicast+0x80f/0x9b0 [ 110.846961][ T5326] ? __pfx_netlink_unicast+0x10/0x10 [ 110.849543][ T5326] ? netlink_sendmsg+0x650/0xb40 [ 110.852967][ T5326] ? skb_put+0x11b/0x210 [ 110.855222][ T5326] netlink_sendmsg+0x813/0xb40 [ 110.857488][ T5326] ? __pfx_netlink_sendmsg+0x10/0x10 [ 110.860111][ T5326] ? aa_sock_msg_perm+0xf1/0x1b0 [ 110.862898][ T5326] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 110.865694][ T5326] ____sys_sendmsg+0x972/0x9f0 [ 110.868274][ T5326] ? futex_unqueue+0x211/0x240 [ 110.870689][ T5326] ? __pfx_____sys_sendmsg+0x10/0x10 [ 110.873422][ T5326] ? import_iovec+0x73/0xa0 [ 110.875680][ T5326] ___sys_sendmsg+0x2a5/0x360 [ 110.878157][ T5326] ? __pfx____sys_sendmsg+0x10/0x10 [ 110.880977][ T5326] ? futex_wait+0x29a/0x380 [ 110.883895][ T5326] ? __fget_files+0x2a/0x420 [ 110.887293][ T5326] ? __fget_files+0x3a0/0x420 [ 110.890104][ T5326] __x64_sys_sendmsg+0x1bd/0x2a0 [ 110.892460][ T5326] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 110.894900][ T5326] ? rcu_is_watching+0x15/0xb0 [ 110.897872][ T5326] do_syscall_64+0x14d/0xf80 [ 110.901049][ T5326] ? trace_irq_disable+0x3b/0x150 [ 110.904586][ T5326] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.908355][ T5326] ? clear_bhb_loop+0x40/0x90 [ 110.911091][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.914790][ T5326] RIP: 0033:0x7ff7deb9c799 [ 110.917217][ T5326] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 110.927011][ T5326] RSP: 002b:00007ff7dfa1efe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 110.931057][ T5326] RAX: ffffffffffffffda RBX: 00007ff7dee15fa0 RCX: 00007ff7deb9c799 [ 110.934762][ T5326] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000006 [ 110.938781][ T5326] RBP: 00007ff7dec32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 110.942246][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 110.946825][ T5326] R13: 00007ff7dee16038 R14: 00007ff7dee15fa0 R15: 00007ffe71b13f78 [ 110.950498][ T5326] [ 110.952354][ T5326] Kernel Offset: disabled [ 110.955149][ T5326] Rebooting in 86400 seconds..