INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 1 PID: 1289 Comm: syz-executor.5 Not tainted 6.1.0-rc3-syzkaller-00058-gdd65a243a915 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 assign_lock_key kernel/locking/lockdep.c:981 [inline]
 register_lock_class+0xf1b/0x1120 kernel/locking/lockdep.c:1294
 __lock_acquire+0x109/0x56d0 kernel/locking/lockdep.c:4934
 lock_acquire kernel/locking/lockdep.c:5668 [inline]
 lock_acquire+0x1df/0x630 kernel/locking/lockdep.c:5633
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162
 skb_queue_tail+0x21/0x140 net/core/skbuff.c:3503
 ath9k_htc_txep+0x287/0x400 drivers/net/wireless/ath/ath9k/htc_drv_txrx.c:712
 ath9k_htc_txcompletion_cb+0x1cd/0x2e0 drivers/net/wireless/ath/ath9k/htc_hst.c:353
 hif_usb_regout_cb+0x115/0x1c0 drivers/net/wireless/ath/ath9k/hif_usb.c:90
 __usb_hcd_giveback_urb+0x2b0/0x5c0 drivers/usb/core/hcd.c:1671
 usb_hcd_giveback_urb+0x380/0x430 drivers/usb/core/hcd.c:1754
 dummy_timer+0x11ff/0x32c0 drivers/usb/gadget/udc/dummy_hcd.c:1988
 call_timer_fn+0x1da/0x7c0 kernel/time/timer.c:1474
 expire_timers kernel/time/timer.c:1519 [inline]
 __run_timers.part.0+0x6a2/0xaf0 kernel/time/timer.c:1790
 __run_timers kernel/time/timer.c:1768 [inline]
 run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1803
 __do_softirq+0x1e4/0xabb kernel/softirq.c:571
 invoke_softirq kernel/softirq.c:445 [inline]
 __irq_exit_rcu+0x113/0x170 kernel/softirq.c:650
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:662
 sysvec_apic_timer_interrupt+0x8e/0xc0 arch/x86/kernel/apic/apic.c:1107
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:649
RIP: 0010:core_kernel_text+0x7a/0x90 kernel/extable.c:75
Code: 2f 83 3d 1c 1a c1 07 01 76 07 44 89 e0 5b 41 5c c3 48 81 fb 00 50 a8 89 72 f0 48 81 fb 84 b9 b8 89 73 e7 41 bc 01 00 00 00 5b <44> 89 e0 41 5c c3 48 c7 c7 44 a2 de 88 e8 64 cc 5c 00 eb c3 66 90
RSP: 0018:ffffc90001717130 EFLAGS: 00000287
RAX: dffffc0000000000 RBX: ffffffff813593bc RCX: ffffc90001717210
RDX: 1ffff920002e2e39 RSI: ffffc90001717208 RDI: ffffffff813593bc
RBP: ffffffff813593bc R08: ffffffff892a1f2c R09: ffffc900017171b4
R10: fffff520002e2e3b R11: ffffc90001717210 R12: 0000000000000001
R13: 0000000000000000 R14: ffff8881149b1c40 R15: ffffea00046b3840
 kernel_text_address+0xd/0x60 kernel/extable.c:99
 __kernel_text_address+0x9/0x30 kernel/extable.c:79
 unwind_get_return_address arch/x86/kernel/unwind_orc.c:323 [inline]
 unwind_get_return_address+0x51/0x90 arch/x86/kernel/unwind_orc.c:318
 arch_stack_walk+0x93/0xe0 arch/x86/kernel/stacktrace.c:26
 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:122
 save_stack+0x151/0x1e0 mm/page_owner.c:127
 __set_page_owner+0x1b/0x60 mm/page_owner.c:190
 prep_new_page mm/page_alloc.c:2539 [inline]
 get_page_from_freelist+0x128b/0x2c70 mm/page_alloc.c:4288
 __alloc_pages+0x1c7/0x5a0 mm/page_alloc.c:5555
 alloc_pages+0x1a6/0x270 mm/mempolicy.c:2285
 __pte_alloc_one include/asm-generic/pgalloc.h:63 [inline]
 pte_alloc_one+0x16/0x230 arch/x86/mm/pgtable.c:33
 __pte_alloc+0x69/0x250 mm/memory.c:468
 copy_pte_range mm/memory.c:1036 [inline]
 copy_pmd_range mm/memory.c:1171 [inline]
 copy_pud_range mm/memory.c:1208 [inline]
 copy_p4d_range mm/memory.c:1232 [inline]
 copy_page_range+0x1860/0x5600 mm/memory.c:1330
 dup_mmap+0xa44/0xfc0 kernel/fork.c:691
 dup_mm+0x91/0x370 kernel/fork.c:1526
 copy_mm kernel/fork.c:1575 [inline]
 copy_process+0x3a9b/0x6f10 kernel/fork.c:2253
 kernel_clone+0xe7/0x980 kernel/fork.c:2671
 __do_sys_clone+0xba/0x100 kernel/fork.c:2812
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fbec000a33b
Code: ed 0f 85 60 01 00 00 64 4c 8b 0c 25 10 00 00 00 45 31 c0 4d 8d 91 d0 02 00 00 31 d2 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 89 00 00 00 41 89 c5 85 c0 0f 85 90 00 00
RSP: 002b:00007ffc582daff0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fbec000a33b
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000555555d0d400
R10: 0000555555d0d6d0 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffc582db0d0
 </TASK>
general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 1 PID: 1289 Comm: syz-executor.5 Not tainted 6.1.0-rc3-syzkaller-00058-gdd65a243a915 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
RIP: 0010:__skb_insert include/linux/skbuff.h:2167 [inline]
RIP: 0010:__skb_queue_before include/linux/skbuff.h:2273 [inline]
RIP: 0010:__skb_queue_tail include/linux/skbuff.h:2306 [inline]
RIP: 0010:skb_queue_tail+0x9e/0x140 net/core/skbuff.c:3504
Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 80 00 00 00 4c 89 e2 4c 89 65 08 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 48 89 6b 08 <80> 3c 02 00 75 4f 48 8d 7b 10 49 89 2c 24 48 b8 00 00 00 00 00 fc
RSP: 0018:ffffc900001789c0 EFLAGS: 00010046
RAX: dffffc0000000000 RBX: ffff88813cfdb8e8 RCX: ffffffff812afc70
RDX: 0000000000000000 RSI: 0000000000000012 RDI: ffff88810f68b3c8
RBP: ffff88810f68b3c0 R08: 0000000000000001 R09: 0000000000000003
R10: fffff5200002f126 R11: 3e4b5341542f3c20 R12: 0000000000000000
R13: ffff88813cfdb900 R14: 0000000100047412 R15: ffffffff83285600
FS:  0000555555d0d400(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fbec0c563be CR3: 0000000135343000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 ath9k_htc_txep+0x287/0x400 drivers/net/wireless/ath/ath9k/htc_drv_txrx.c:712
 ath9k_htc_txcompletion_cb+0x1cd/0x2e0 drivers/net/wireless/ath/ath9k/htc_hst.c:353
 hif_usb_regout_cb+0x115/0x1c0 drivers/net/wireless/ath/ath9k/hif_usb.c:90
 __usb_hcd_giveback_urb+0x2b0/0x5c0 drivers/usb/core/hcd.c:1671
 usb_hcd_giveback_urb+0x380/0x430 drivers/usb/core/hcd.c:1754
 dummy_timer+0x11ff/0x32c0 drivers/usb/gadget/udc/dummy_hcd.c:1988
 call_timer_fn+0x1da/0x7c0 kernel/time/timer.c:1474
 expire_timers kernel/time/timer.c:1519 [inline]
 __run_timers.part.0+0x6a2/0xaf0 kernel/time/timer.c:1790
 __run_timers kernel/time/timer.c:1768 [inline]
 run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1803
 __do_softirq+0x1e4/0xabb kernel/softirq.c:571
 invoke_softirq kernel/softirq.c:445 [inline]
 __irq_exit_rcu+0x113/0x170 kernel/softirq.c:650
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:662
 sysvec_apic_timer_interrupt+0x8e/0xc0 arch/x86/kernel/apic/apic.c:1107
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:649
RIP: 0010:core_kernel_text+0x7a/0x90 kernel/extable.c:75
Code: 2f 83 3d 1c 1a c1 07 01 76 07 44 89 e0 5b 41 5c c3 48 81 fb 00 50 a8 89 72 f0 48 81 fb 84 b9 b8 89 73 e7 41 bc 01 00 00 00 5b <44> 89 e0 41 5c c3 48 c7 c7 44 a2 de 88 e8 64 cc 5c 00 eb c3 66 90
RSP: 0018:ffffc90001717130 EFLAGS: 00000287
RAX: dffffc0000000000 RBX: ffffffff813593bc RCX: ffffc90001717210
RDX: 1ffff920002e2e39 RSI: ffffc90001717208 RDI: ffffffff813593bc
RBP: ffffffff813593bc R08: ffffffff892a1f2c R09: ffffc900017171b4
R10: fffff520002e2e3b R11: ffffc90001717210 R12: 0000000000000001
R13: 0000000000000000 R14: ffff8881149b1c40 R15: ffffea00046b3840
 kernel_text_address+0xd/0x60 kernel/extable.c:99
 __kernel_text_address+0x9/0x30 kernel/extable.c:79
 unwind_get_return_address arch/x86/kernel/unwind_orc.c:323 [inline]
 unwind_get_return_address+0x51/0x90 arch/x86/kernel/unwind_orc.c:318
 arch_stack_walk+0x93/0xe0 arch/x86/kernel/stacktrace.c:26
 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:122
 save_stack+0x151/0x1e0 mm/page_owner.c:127
 __set_page_owner+0x1b/0x60 mm/page_owner.c:190
 prep_new_page mm/page_alloc.c:2539 [inline]
 get_page_from_freelist+0x128b/0x2c70 mm/page_alloc.c:4288
 __alloc_pages+0x1c7/0x5a0 mm/page_alloc.c:5555
 alloc_pages+0x1a6/0x270 mm/mempolicy.c:2285
 __pte_alloc_one include/asm-generic/pgalloc.h:63 [inline]
 pte_alloc_one+0x16/0x230 arch/x86/mm/pgtable.c:33
 __pte_alloc+0x69/0x250 mm/memory.c:468
 copy_pte_range mm/memory.c:1036 [inline]
 copy_pmd_range mm/memory.c:1171 [inline]
 copy_pud_range mm/memory.c:1208 [inline]
 copy_p4d_range mm/memory.c:1232 [inline]
 copy_page_range+0x1860/0x5600 mm/memory.c:1330
 dup_mmap+0xa44/0xfc0 kernel/fork.c:691
 dup_mm+0x91/0x370 kernel/fork.c:1526
 copy_mm kernel/fork.c:1575 [inline]
 copy_process+0x3a9b/0x6f10 kernel/fork.c:2253
 kernel_clone+0xe7/0x980 kernel/fork.c:2671
 __do_sys_clone+0xba/0x100 kernel/fork.c:2812
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fbec000a33b
Code: ed 0f 85 60 01 00 00 64 4c 8b 0c 25 10 00 00 00 45 31 c0 4d 8d 91 d0 02 00 00 31 d2 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 89 00 00 00 41 89 c5 85 c0 0f 85 90 00 00
RSP: 002b:00007ffc582daff0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fbec000a33b
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000555555d0d400
R10: 0000555555d0d6d0 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffc582db0d0
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__skb_insert include/linux/skbuff.h:2167 [inline]
RIP: 0010:__skb_queue_before include/linux/skbuff.h:2273 [inline]
RIP: 0010:__skb_queue_tail include/linux/skbuff.h:2306 [inline]
RIP: 0010:skb_queue_tail+0x9e/0x140 net/core/skbuff.c:3504
Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 80 00 00 00 4c 89 e2 4c 89 65 08 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 48 89 6b 08 <80> 3c 02 00 75 4f 48 8d 7b 10 49 89 2c 24 48 b8 00 00 00 00 00 fc
RSP: 0018:ffffc900001789c0 EFLAGS: 00010046
RAX: dffffc0000000000 RBX: ffff88813cfdb8e8 RCX: ffffffff812afc70
RDX: 0000000000000000 RSI: 0000000000000012 RDI: ffff88810f68b3c8
RBP: ffff88810f68b3c0 R08: 0000000000000001 R09: 0000000000000003
R10: fffff5200002f126 R11: 3e4b5341542f3c20 R12: 0000000000000000
R13: ffff88813cfdb900 R14: 0000000100047412 R15: ffffffff83285600
FS:  0000555555d0d400(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fbec0c563be CR3: 0000000135343000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	83 3d 1c 1a c1 07 01 	cmpl   $0x1,0x7c11a1c(%rip)        # 0x7c11a23
   7:	76 07                	jbe    0x10
   9:	44 89 e0             	mov    %r12d,%eax
   c:	5b                   	pop    %rbx
   d:	41 5c                	pop    %r12
   f:	c3                   	retq
  10:	48 81 fb 00 50 a8 89 	cmp    $0xffffffff89a85000,%rbx
  17:	72 f0                	jb     0x9
  19:	48 81 fb 84 b9 b8 89 	cmp    $0xffffffff89b8b984,%rbx
  20:	73 e7                	jae    0x9
  22:	41 bc 01 00 00 00    	mov    $0x1,%r12d
  28:	5b                   	pop    %rbx
* 29:	44 89 e0             	mov    %r12d,%eax <-- trapping instruction
  2c:	41 5c                	pop    %r12
  2e:	c3                   	retq
  2f:	48 c7 c7 44 a2 de 88 	mov    $0xffffffff88dea244,%rdi
  36:	e8 64 cc 5c 00       	callq  0x5ccc9f
  3b:	eb c3                	jmp    0x0
  3d:	66 90                	xchg   %ax,%ax