program:
socket$nl_route(0x10, 0x3, 0x0)
r0 = userfaultfd(0x80801)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f0000000240)={{&(0x7f0000574000/0x1000)=nil, 0x1000}})
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000280)=ANY=[@ANYBLOB="380000000314230c2abd7000ff05df250900020073797a310000000008004100727865001400330073797a5f74756e"], 0x38}, 0x1, 0x0, 0x0, 0x48865}, 0x4010)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
syz_usb_connect(0x0, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="11010000733336088dee1edb2361000000010902"], 0x0)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000041401002dbd7000fedbdf25080001000000000019d07bac649b6da29ddc08127e2db19bc41fb21e278a510bb964f0325481199c3c78218dc5df2494e4d79ba30557943b802aaa7780be84f02c0f"], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)

[   85.138424][ T5291] Bluetooth: hci0: command tx timeout
[   85.354223][ T5332] infiniband syz1: set active
[   85.356354][ T5332] infiniband syz1: added syz_tun
[   85.394694][ T5332] smbdirect: ib_dev[syz1]: added: IB_CA max_fast_reg_page_list_len=512 device_cap_flags=0x1c001223c76 kernel_cap_flags=0x14 page_size_cap=0xfffff000
[   85.401242][ T5332] smbdirect: ib_dev[syz1]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=32 max_cqe=32767 max_qp_wr=1048576 max_send_sge=32 max_recv_sge=32
[   85.409135][ T5332] smbdirect: ib_dev[syz1]PORT[1]: iwarp=0 ib=0 roce=1 v1=0 v2=1 core_cap_flags=0x803005
[   85.439704][ T5332] RDS/IB: syz1: added
[   85.441763][ T5332] smc: adding ib device syz1 with port count 1
[   85.444350][ T5332] smc:    ib device syz1 port 1 has no pnetid
[   85.641576][ T5332] lo speed is unknown, defaulting to 1000
[   85.645128][ T5332] lo speed is unknown, defaulting to 1000
[   85.648287][ T5332] lo speed is unknown, defaulting to 1000
[   85.766100][ T5332] infiniband s
z1: set active
[   85.768310][ T5332] infiniband s
z1: added lo
[   85.773997][ T5329] lo speed is unknown, defaulting to 1000
[   85.798211][ T5332] smbdirect: ib_dev[s
z1]: added: IB_CA max_fast_reg_page_list_len=512 device_cap_flags=0x1c001223c76 kernel_cap_flags=0x14 page_size_cap=0xfffff000
[   85.804835][ T5332] smbdirect: ib_dev[s
z1]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=32 max_cqe=32767 max_qp_wr=1048576 max_send_sge=32 max_recv_sge=32
[   85.812074][ T5332] smbdirect: ib_dev[s
z1]PORT[1]: iwarp=0 ib=0 roce=1 v1=0 v2=1 core_cap_flags=0x803005
[   85.829107][ T5332] RDS/IB: s
z1: added
[   85.830885][ T5332] smc: adding ib device s
z1 with port count 1
[   85.833683][ T5332] smc:    ib device s
z1 port 1 has no pnetid
[   85.836758][ T5332] lo speed is unknown, defaulting to 1000
[   85.975926][   T10] lo speed is unknown, defaulting to 1000
[   86.287257][ T5329] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   86.437137][ T5329] usb 5-1: Using ep0 maxpacket: 8
[   86.443567][ T5329] usb 5-1: config 0 has no interfaces?
[   86.446253][ T5329] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[   86.450824][ T5329] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   86.460529][ T5329] usb 5-1: config 0 descriptor??
[   86.669091][ T5332] smc: removing ib device syz1
[   86.684716][ T5332] smbdirect: ib_dev[syz1] removed
[   86.947317][ T5332] ------------[ cut here ]------------
[   86.950393][ T5332] !xa_empty(&pool->xa)
[   86.950404][ T5332] WARNING: drivers/infiniband/sw/rxe/rxe_pool.c:116 at rxe_pool_cleanup+0x48/0x60, CPU#0: syz.0.0/5332
[   86.956925][ T5332] Modules linked in:
[   86.958876][ T5332] CPU: 0 UID: 0 PID: 5332 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   86.962752][ T5332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   86.967169][ T5332] RIP: 0010:rxe_pool_cleanup+0x48/0x60
[   86.969651][ T5332] Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 10 8d 6f f9 48 83 3b 00 75 0c e8 05 a9 02 f9 5b e9 4f 2d e9 02 cc e8 f9 a8 02 f9 90 <0f> 0b 90 5b e9 3f 2d e9 02 cc 66 66 66 66 66 2e 0f 1f 84 00 00 00
[   86.977955][ T5332] RSP: 0018:ffffc9000dc0f038 EFLAGS: 00010246
[   86.980728][ T5332] RAX: ffffffff88c31d17 RBX: ffff888032cd9418 RCX: 0000000000100000
[   86.984213][ T5332] RDX: ffffc9000efca000 RSI: 00000000000fffff RDI: 0000000000100000
[   86.987896][ T5332] RBP: ffff888032cd90f8 R08: ffff888032cd87ab R09: 1ffff1100659b0f5
[   86.991442][ T5332] R10: dffffc0000000000 R11: ffffffff88c15100 R12: ffffffff8fb7a820
[   86.994900][ T5332] R13: dffffc0000000000 R14: ffffffff88c15100 R15: dffffc0000000000
[   86.999043][ T5332] FS:  00007f4a5cffe6c0(0000) GS:ffff88808c891000(0000) knlGS:0000000000000000
[   87.002860][ T5332] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   87.005580][ T5332] CR2: 00007f4a5c3ed2e0 CR3: 0000000000a6b000 CR4: 0000000000352ef0
[   87.008914][ T5332] Call Trace:
[   87.010324][ T5332]  <TASK>
[   87.011547][ T5332]  rxe_dealloc+0x27/0xc0
[   87.013343][ T5332]  ? __pfx_rxe_dealloc+0x10/0x10
[   87.015471][ T5332]  ib_dealloc_device+0x54/0x200
[   87.017585][ T5332]  __ib_unregister_device+0x393/0x3f0
[   87.020074][ T5332]  ib_unregister_device_and_put+0xb8/0xf0
[   87.022661][ T5332]  nldev_dellink+0x39e/0x430
[   87.024730][ T5332]  ? __pfx_nldev_dellink+0x10/0x10
[   87.027172][ T5332]  ? apparmor_capable+0x126/0x170
[   87.029539][ T5332]  ? bpf_lsm_capable+0x9/0x20
[   87.031701][ T5332]  ? security_capable+0x7e/0x2c0
[   87.033971][ T5332]  ? __pfx_nldev_dellink+0x10/0x10
[   87.036256][ T5332]  rdma_nl_rcv+0x6d1/0xa10
[   87.038320][ T5332]  ? __pfx_rdma_nl_rcv+0x10/0x10
[   87.040513][ T5332]  ? netlink_deliver_tap+0x2e/0x1b0
[   87.042931][ T5332]  ? netlink_deliver_tap+0x2e/0x1b0
[   87.045220][ T5332]  netlink_unicast+0x75c/0x8e0
[   87.047401][ T5332]  netlink_sendmsg+0x813/0xb40
[   87.051318][ T5332]  ? __pfx_netlink_sendmsg+0x10/0x10
[   87.053768][ T5332]  ? aa_sock_msg_perm+0xf1/0x1b0
[   87.056100][ T5332]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   87.058616][ T5332]  ____sys_sendmsg+0x972/0x9f0
[   87.060816][ T5332]  ? __might_fault+0xaf/0x130
[   87.062975][ T5332]  ? __pfx_____sys_sendmsg+0x10/0x10
[   87.065394][ T5332]  ? import_iovec+0x73/0xa0
[   87.067543][ T5332]  ___sys_sendmsg+0x2a5/0x360
[   87.069704][ T5332]  ? __lock_acquire+0x6b5/0x2cf0
[   87.071961][ T5332]  ? __pfx____sys_sendmsg+0x10/0x10
[   87.074230][ T5332]  ? futex_wait+0x2a2/0x390
[   87.076297][ T5332]  ? __fget_files+0x2a/0x420
[   87.079946][ T5332]  ? __fget_files+0x3a0/0x420
[   87.082033][ T5332]  __x64_sys_sendmsg+0x1bd/0x2a0
[   87.084273][ T5332]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   87.086750][ T5332]  ? rcu_is_watching+0x15/0xb0
[   87.089065][ T5332]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.091731][ T5332]  do_syscall_64+0x174/0x580
[   87.093771][ T5332]  ? trace_irq_disable+0x3b/0x140
[   87.095937][ T5332]  ? clear_bhb_loop+0x40/0x90
[   87.098021][ T5332]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.100666][ T5332] RIP: 0033:0x7f4a5c19ce59
[   87.102676][ T5332] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   87.110961][ T5332] RSP: 002b:00007f4a5cffdfe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   87.114638][ T5332] RAX: ffffffffffffffda RBX: 00007f4a5c415fa0 RCX: 00007f4a5c19ce59
[   87.118038][ T5332] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000008
[   87.121486][ T5332] RBP: 00007f4a5c232d6f R08: 0000000000000000 R09: 0000000000000000
[   87.125012][ T5332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   87.128537][ T5332] R13: 00007f4a5c416038 R14: 00007f4a5c415fa0 R15: 00007ffe24614d38
[   87.131820][ T5332]  </TASK>
[   87.133268][ T5332] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   87.136526][ T5332] CPU: 0 UID: 0 PID: 5332 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   87.140377][ T5332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   87.144676][ T5332] Call Trace:
[   87.146107][ T5332]  <TASK>
[   87.147426][ T5332]  vpanic+0x56c/0xa60
[   87.149137][ T5332]  ? __pfx__printk+0x10/0x10
[   87.151167][ T5332]  ? __pfx_vpanic+0x10/0x10
[   87.153114][ T5332]  ? is_bpf_text_address+0x292/0x2b0
[   87.155516][ T5332]  ? is_bpf_text_address+0x26/0x2b0
[   87.157795][ T5332]  panic+0xc5/0xd0
[   87.159532][ T5332]  ? __pfx_panic+0x10/0x10
[   87.161790][ T5332]  __warn+0x315/0x4c0
[   87.164013][ T5332]  ? rxe_pool_cleanup+0x48/0x60
[   87.166541][ T5332]  ? rxe_pool_cleanup+0x48/0x60
[   87.168641][ T5332]  __report_bug+0x29a/0x540
[   87.170811][ T5332]  ? rxe_pool_cleanup+0x48/0x60
[   87.173044][ T5332]  ? __pfx___report_bug+0x10/0x10
[   87.175284][ T5332]  ? flush_workqueue_prep_pwqs+0x475/0x4f0
[   87.177744][ T5332]  ? __flush_workqueue+0x12d3/0x14f0
[   87.180019][ T5332]  ? rxe_pool_cleanup+0x48/0x60
[   87.182183][ T5332]  report_bug+0x16a/0x220
[   87.184145][ T5332]  ? rxe_pool_cleanup+0x48/0x60
[   87.186316][ T5332]  ? rxe_pool_cleanup+0x4a/0x60
[   87.188578][ T5332]  handle_bug+0x9c/0x200
[   87.190479][ T5332]  exc_invalid_op+0x1a/0x50
[   87.192541][ T5332]  asm_exc_invalid_op+0x1a/0x20
[   87.194727][ T5332] RIP: 0010:rxe_pool_cleanup+0x48/0x60
[   87.197120][ T5332] Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 10 8d 6f f9 48 83 3b 00 75 0c e8 05 a9 02 f9 5b e9 4f 2d e9 02 cc e8 f9 a8 02 f9 90 <0f> 0b 90 5b e9 3f 2d e9 02 cc 66 66 66 66 66 2e 0f 1f 84 00 00 00
[   87.205195][ T5332] RSP: 0018:ffffc9000dc0f038 EFLAGS: 00010246
[   87.207635][ T5332] RAX: ffffffff88c31d17 RBX: ffff888032cd9418 RCX: 0000000000100000
[   87.210894][ T5332] RDX: ffffc9000efca000 RSI: 00000000000fffff RDI: 0000000000100000
[   87.214590][ T5332] RBP: ffff888032cd90f8 R08: ffff888032cd87ab R09: 1ffff1100659b0f5
[   87.218219][ T5332] R10: dffffc0000000000 R11: ffffffff88c15100 R12: ffffffff8fb7a820
[   87.221714][ T5332] R13: dffffc0000000000 R14: ffffffff88c15100 R15: dffffc0000000000
[   87.225332][ T5332]  ? __pfx_rxe_dealloc+0x10/0x10
[   87.227510][ T5332]  ? __pfx_rxe_dealloc+0x10/0x10
[   87.229670][ T5332]  ? rxe_pool_cleanup+0x47/0x60
[   87.231769][ T5332]  ? rxe_pool_cleanup+0x47/0x60
[   87.233946][ T5332]  rxe_dealloc+0x27/0xc0
[   87.236197][ T5332]  ? __pfx_rxe_dealloc+0x10/0x10
[   87.238506][ T5332]  ib_dealloc_device+0x54/0x200
[   87.240668][ T5332]  __ib_unregister_device+0x393/0x3f0
[   87.243025][ T5332]  ib_unregister_device_and_put+0xb8/0xf0
[   87.245525][ T5332]  nldev_dellink+0x39e/0x430
[   87.247595][ T5332]  ? __pfx_nldev_dellink+0x10/0x10
[   87.249917][ T5332]  ? apparmor_capable+0x126/0x170
[   87.252130][ T5332]  ? bpf_lsm_capable+0x9/0x20
[   87.254363][ T5332]  ? security_capable+0x7e/0x2c0
[   87.256577][ T5332]  ? __pfx_nldev_dellink+0x10/0x10
[   87.258869][ T5332]  rdma_nl_rcv+0x6d1/0xa10
[   87.260839][ T5332]  ? __pfx_rdma_nl_rcv+0x10/0x10
[   87.263209][ T5332]  ? netlink_deliver_tap+0x2e/0x1b0
[   87.265325][ T5332]  ? netlink_deliver_tap+0x2e/0x1b0
[   87.267620][ T5332]  netlink_unicast+0x75c/0x8e0
[   87.269915][ T5332]  netlink_sendmsg+0x813/0xb40
[   87.271965][ T5332]  ? __pfx_netlink_sendmsg+0x10/0x10
[   87.274262][ T5332]  ? aa_sock_msg_perm+0xf1/0x1b0
[   87.276440][ T5332]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   87.278796][ T5332]  ____sys_sendmsg+0x972/0x9f0
[   87.280933][ T5332]  ? __might_fault+0xaf/0x130
[   87.283238][ T5332]  ? __pfx_____sys_sendmsg+0x10/0x10
[   87.285663][ T5332]  ? import_iovec+0x73/0xa0
[   87.287766][ T5332]  ___sys_sendmsg+0x2a5/0x360
[   87.289854][ T5332]  ? __lock_acquire+0x6b5/0x2cf0
[   87.291996][ T5332]  ? __pfx____sys_sendmsg+0x10/0x10
[   87.294269][ T5332]  ? futex_wait+0x2a2/0x390
[   87.296364][ T5332]  ? __fget_files+0x2a/0x420
[   87.298529][ T5332]  ? __fget_files+0x3a0/0x420
[   87.300771][ T5332]  __x64_sys_sendmsg+0x1bd/0x2a0
[   87.302961][ T5332]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   87.305325][ T5332]  ? rcu_is_watching+0x15/0xb0
[   87.307410][ T5332]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.310038][ T5332]  do_syscall_64+0x174/0x580
[   87.312130][ T5332]  ? trace_irq_disable+0x3b/0x140
[   87.314470][ T5332]  ? clear_bhb_loop+0x40/0x90
[   87.316522][ T5332]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.318979][ T5332] RIP: 0033:0x7f4a5c19ce59
[   87.320942][ T5332] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   87.329111][ T5332] RSP: 002b:00007f4a5cffdfe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   87.332767][ T5332] RAX: ffffffffffffffda RBX: 00007f4a5c415fa0 RCX: 00007f4a5c19ce59
[   87.336202][ T5332] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000008
[   87.339482][ T5332] RBP: 00007f4a5c232d6f R08: 0000000000000000 R09: 0000000000000000
[   87.342817][ T5332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   87.346146][ T5332] R13: 00007f4a5c416038 R14: 00007f4a5c415fa0 R15: 00007ffe24614d38
[   87.349575][ T5332]  </TASK>
[   87.351262][ T5332] Kernel Offset: disabled
[   87.353151][ T5332] Rebooting in 86400 seconds..