program:
syz_open_procfs(0x0, 0x0)
r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000080)={'comedi_test\x00', [0x2f00, 0x5, 0xd09a, 0x2, 0x0, 0x1, 0x1, 0x6, 0xffe, 0x1, 0xc, 0x1, 0x4, 0x4, 0x8001, 0x6, 0xffffffa4, 0x40000009, 0x3, 0x30000, 0x3ff, 0x9, 0x800, 0xe2dd, 0x2, 0xffffffff, 0xa, 0x3, 0x4, 0x5, 0x70f]})
r1 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f0000000140)={'comedi_test\x00', [0x9e1, 0x2166, 0x0, 0x100000, 0x88d6, 0x8f, 0xfffffffd, 0x10, 0x2, 0xffffffff, 0x200, 0x8, 0x344, 0x1, 0x7, 0x1, 0x9, 0x3, 0x9, 0xe, 0x100, 0x3, 0x80, 0x7ff, 0x1, 0x1, 0xb0c4, 0x7df, 0x8, 0x7, 0x1]}) (fail_nth: 5)

[   76.245308][ T4686] Bluetooth: hci0: command tx timeout
[   76.304216][ T5339] comedi comedi1: comedi_test: 12032 microvolt, 5 microsecond waveform attached
[   76.317712][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[   76.320803][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[   76.374291][ T5339] FAULT_INJECTION: forcing a failure.
[   76.374291][ T5339] name failslab, interval 1, probability 0, space 0, times 1
[   76.380871][ T5339] CPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00205-gd786aba32000 #0 PREEMPT(full) 
[   76.380889][ T5339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.380895][ T5339] Call Trace:
[   76.380900][ T5339]  <TASK>
[   76.380905][ T5339]  dump_stack_lvl+0x189/0x250
[   76.381005][ T5339]  ? __pfx____ratelimit+0x10/0x10
[   76.381044][ T5339]  ? __pfx_dump_stack_lvl+0x10/0x10
[   76.381052][ T5339]  ? __pfx__printk+0x10/0x10
[   76.381068][ T5339]  ? __pfx___might_resched+0x10/0x10
[   76.381079][ T5339]  ? fs_reclaim_acquire+0x7d/0x100
[   76.381123][ T5339]  should_fail_ex+0x414/0x560
[   76.381142][ T5339]  should_failslab+0xa8/0x100
[   76.381162][ T5339]  __kmalloc_noprof+0xcb/0x4f0
[   76.381174][ T5339]  ? rcu_is_watching+0x15/0xb0
[   76.381186][ T5339]  ? comedi_alloc_subdevices+0x4a/0x240
[   76.381232][ T5339]  comedi_alloc_subdevices+0x4a/0x240
[   76.381251][ T5339]  waveform_common_attach+0x89/0x800
[   76.381271][ T5339]  comedi_device_attach+0x520/0x670
[   76.381287][ T5339]  comedi_unlocked_ioctl+0x686/0xf40
[   76.381305][ T5339]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   76.381337][ T5339]  ? __lock_acquire+0xab9/0xd20
[   76.381363][ T5339]  ? __fget_files+0x2a/0x420
[   76.381380][ T5339]  ? __fget_files+0x2a/0x420
[   76.381392][ T5339]  ? __fget_files+0x3a0/0x420
[   76.381403][ T5339]  ? __fget_files+0x2a/0x420
[   76.381417][ T5339]  ? bpf_lsm_file_ioctl+0x9/0x20
[   76.381429][ T5339]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   76.381441][ T5339]  __se_sys_ioctl+0xf9/0x170
[   76.381453][ T5339]  do_syscall_64+0xfa/0x3b0
[   76.381463][ T5339]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.381473][ T5339]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.381483][ T5339]  ? clear_bhb_loop+0x60/0xb0
[   76.381494][ T5339]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.381504][ T5339] RIP: 0033:0x7f0ee8f8e9a9
[   76.381514][ T5339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.381522][ T5339] RSP: 002b:00007f0ee9e02038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   76.381535][ T5339] RAX: ffffffffffffffda RBX: 00007f0ee91b5fa0 RCX: 00007f0ee8f8e9a9
[   76.381542][ T5339] RDX: 0000200000000140 RSI: 0000000040946400 RDI: 0000000000000004
[   76.381548][ T5339] RBP: 00007f0ee9e02090 R08: 0000000000000000 R09: 0000000000000000
[   76.381555][ T5339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   76.381561][ T5339] R13: 0000000000000000 R14: 00007f0ee91b5fa0 R15: 00007ffc5105a238
[   76.381576][ T5339]  </TASK>
[   76.381586][ T5339] INFO: trying to register non-static key.
[   76.496104][ T5339] The code is fine but needs lockdep annotation, or maybe
[   76.499259][ T5339] you didn't initialize this object before use?
[   76.501973][ T5339] turning off the locking correctness validator.
[   76.504718][ T5339] CPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00205-gd786aba32000 #0 PREEMPT(full) 
[   76.504733][ T5339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.504741][ T5339] Call Trace:
[   76.504749][ T5339]  <TASK>
[   76.504754][ T5339]  dump_stack_lvl+0x189/0x250
[   76.504772][ T5339]  ? rcu_is_watching+0x15/0xb0
[   76.504786][ T5339]  ? __pfx_dump_stack_lvl+0x10/0x10
[   76.504801][ T5339]  ? __pfx__printk+0x10/0x10
[   76.504816][ T5339]  ? __is_module_percpu_address+0x39b/0x3f0
[   76.504830][ T5339]  ? is_module_address+0x17/0xf0
[   76.504845][ T5339]  assign_lock_key+0x133/0x150
[   76.504858][ T5339]  register_lock_class+0x105/0x320
[   76.504869][ T5339]  __lock_acquire+0x99/0xd20
[   76.504882][ T5339]  ? __timer_delete_sync+0x106/0x2d0
[   76.504895][ T5339]  lock_acquire+0x120/0x360
[   76.504904][ T5339]  ? __timer_delete_sync+0x106/0x2d0
[   76.504918][ T5339]  ? __timer_delete_sync+0x106/0x2d0
[   76.504932][ T5339]  __timer_delete_sync+0x11f/0x2d0
[   76.504946][ T5339]  ? __timer_delete_sync+0x106/0x2d0
[   76.504961][ T5339]  ? __pfx___timer_delete_sync+0x10/0x10
[   76.504975][ T5339]  ? down_write+0x162/0x1f0
[   76.504989][ T5339]  ? __pfx_down_write+0x10/0x10
[   76.505003][ T5339]  waveform_detach+0x45/0x60
[   76.505017][ T5339]  comedi_device_detach+0x134/0x720
[   76.505032][ T5339]  ? waveform_common_attach+0x9d/0x800
[   76.505049][ T5339]  comedi_device_attach+0x568/0x670
[   76.505062][ T5339]  comedi_unlocked_ioctl+0x686/0xf40
[   76.505078][ T5339]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   76.505098][ T5339]  ? __lock_acquire+0xab9/0xd20
[   76.505114][ T5339]  ? __fget_files+0x2a/0x420
[   76.505129][ T5339]  ? __fget_files+0x2a/0x420
[   76.505142][ T5339]  ? __fget_files+0x3a0/0x420
[   76.505165][ T5339]  ? __fget_files+0x2a/0x420
[   76.505179][ T5339]  ? bpf_lsm_file_ioctl+0x9/0x20
[   76.505190][ T5339]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   76.505203][ T5339]  __se_sys_ioctl+0xf9/0x170
[   76.505216][ T5339]  do_syscall_64+0xfa/0x3b0
[   76.505227][ T5339]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.505238][ T5339]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.505249][ T5339]  ? clear_bhb_loop+0x60/0xb0
[   76.505261][ T5339]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.505272][ T5339] RIP: 0033:0x7f0ee8f8e9a9
[   76.505285][ T5339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.505294][ T5339] RSP: 002b:00007f0ee9e02038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   76.505307][ T5339] RAX: ffffffffffffffda RBX: 00007f0ee91b5fa0 RCX: 00007f0ee8f8e9a9
[   76.505316][ T5339] RDX: 0000200000000140 RSI: 0000000040946400 RDI: 0000000000000004
[   76.505323][ T5339] RBP: 00007f0ee9e02090 R08: 0000000000000000 R09: 0000000000000000
[   76.505331][ T5339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   76.505338][ T5339] R13: 0000000000000000 R14: 00007f0ee91b5fa0 R15: 00007ffc5105a238
[   76.505349][ T5339]  </TASK>
[   76.643622][ T5339] ------------[ cut here ]------------
[   76.646169][ T5339] ODEBUG: assert_init not available (active state 0) object: ffff888040041e00 object type: timer_list hint: 0x0
[   76.651869][ T5339] WARNING: CPU: 0 PID: 5339 at lib/debugobjects.c:615 debug_print_object+0x16b/0x1e0
[   76.657118][ T5339] Modules linked in:
[   76.658776][ T5339] CPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00205-gd786aba32000 #0 PREEMPT(full) 
[   76.663554][ T5339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.668221][ T5339] RIP: 0010:debug_print_object+0x16b/0x1e0
[   76.670844][ T5339] Code: 4c 89 ff e8 f7 b6 5b fd 4d 8b 0f 48 c7 c7 20 a7 e2 8b 48 8b 34 24 4c 89 ea 89 e9 4d 89 f0 41 54 e8 1a 1a bc fc 48 83 c4 08 90 <0f> 0b 90 90 ff 05 07 29 da 0a 48 83 c4 08 5b 41 5c 41 5d 41 5e 41
[   76.678901][ T5339] RSP: 0018:ffffc9000d58f858 EFLAGS: 00010282
[   76.681827][ T5339] RAX: abbf16e4b41d6c00 RBX: dffffc0000000000 RCX: ffff888000fa0000
[   76.686177][ T5339] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[   76.690386][ T5339] RBP: 0000000000000000 R08: ffff88801fc24293 R09: 1ffff11003f84852
[   76.693958][ T5339] R10: dffffc0000000000 R11: ffffed1003f84853 R12: 0000000000000000
[   76.697724][ T5339] R13: ffffffff8be2a8e0 R14: ffff888040041e00 R15: ffffffff8b8ce820
[   76.701383][ T5339] FS:  00007f0ee9e026c0(0000) GS:ffff88808d21a000(0000) knlGS:0000000000000000
[   76.705659][ T5339] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   76.708627][ T5339] CR2: 0000200000000040 CR3: 0000000043294000 CR4: 0000000000352ef0
[   76.712562][ T5339] Call Trace:
[   76.714549][ T5339]  <TASK>
[   76.716180][ T5339]  debug_object_assert_init+0x2db/0x380
[   76.718842][ T5339]  __try_to_del_timer_sync+0x29/0x3a0
[   76.721245][ T5339]  __timer_delete_sync+0x1fe/0x2d0
[   76.723625][ T5339]  ? __pfx___timer_delete_sync+0x10/0x10
[   76.726308][ T5339]  ? down_write+0x162/0x1f0
[   76.728362][ T5339]  ? __pfx_down_write+0x10/0x10
[   76.730535][ T5339]  waveform_detach+0x45/0x60
[   76.732679][ T5339]  comedi_device_detach+0x134/0x720
[   76.735396][ T5339]  ? waveform_common_attach+0x9d/0x800
[   76.737848][ T5339]  comedi_device_attach+0x568/0x670
[   76.740440][ T5339]  comedi_unlocked_ioctl+0x686/0xf40
[   76.743280][ T5339]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   76.746490][ T5339]  ? __lock_acquire+0xab9/0xd20
[   76.748586][ T5339]  ? __fget_files+0x2a/0x420
[   76.750636][ T5339]  ? __fget_files+0x2a/0x420
[   76.752720][ T5339]  ? __fget_files+0x3a0/0x420
[   76.754956][ T5339]  ? __fget_files+0x2a/0x420
[   76.756905][ T5339]  ? bpf_lsm_file_ioctl+0x9/0x20
[   76.759054][ T5339]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   76.761645][ T5339]  __se_sys_ioctl+0xf9/0x170
[   76.763717][ T5339]  do_syscall_64+0xfa/0x3b0
[   76.765899][ T5339]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.768190][ T5339]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.770724][ T5339]  ? clear_bhb_loop+0x60/0xb0
[   76.772759][ T5339]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.775456][ T5339] RIP: 0033:0x7f0ee8f8e9a9
[   76.777668][ T5339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.787030][ T5339] RSP: 002b:00007f0ee9e02038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   76.790555][ T5339] RAX: ffffffffffffffda RBX: 00007f0ee91b5fa0 RCX: 00007f0ee8f8e9a9
[   76.794504][ T5339] RDX: 0000200000000140 RSI: 0000000040946400 RDI: 0000000000000004
[   76.798657][ T5339] RBP: 00007f0ee9e02090 R08: 0000000000000000 R09: 0000000000000000
[   76.802225][ T5339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   76.805536][ T5339] R13: 0000000000000000 R14: 00007f0ee91b5fa0 R15: 00007ffc5105a238
[   76.809050][ T5339]  </TASK>
[   76.810697][ T5339] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   76.813708][ T5339] CPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00205-gd786aba32000 #0 PREEMPT(full) 
[   76.819127][ T5339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.824328][ T5339] Call Trace:
[   76.825847][ T5339]  <TASK>
[   76.827209][ T5339]  dump_stack_lvl+0x99/0x250
[   76.829217][ T5339]  ? __asan_memcpy+0x40/0x70
[   76.831298][ T5339]  ? __pfx_dump_stack_lvl+0x10/0x10
[   76.833540][ T5339]  ? __pfx__printk+0x10/0x10
[   76.835591][ T5339]  panic+0x2db/0x790
[   76.837318][ T5339]  ? __pfx_panic+0x10/0x10
[   76.839115][ T5339]  __warn+0x31b/0x4b0
[   76.840801][ T5339]  ? debug_print_object+0x16b/0x1e0
[   76.842966][ T5339]  ? debug_print_object+0x16b/0x1e0
[   76.845368][ T5339]  report_bug+0x2be/0x4f0
[   76.847446][ T5339]  ? debug_print_object+0x16b/0x1e0
[   76.849797][ T5339]  ? debug_print_object+0x16b/0x1e0
[   76.852325][ T5339]  ? debug_print_object+0x16d/0x1e0
[   76.854855][ T5339]  handle_bug+0x84/0x160
[   76.856934][ T5339]  exc_invalid_op+0x1a/0x50
[   76.859076][ T5339]  asm_exc_invalid_op+0x1a/0x20
[   76.861339][ T5339] RIP: 0010:debug_print_object+0x16b/0x1e0
[   76.863991][ T5339] Code: 4c 89 ff e8 f7 b6 5b fd 4d 8b 0f 48 c7 c7 20 a7 e2 8b 48 8b 34 24 4c 89 ea 89 e9 4d 89 f0 41 54 e8 1a 1a bc fc 48 83 c4 08 90 <0f> 0b 90 90 ff 05 07 29 da 0a 48 83 c4 08 5b 41 5c 41 5d 41 5e 41
[   76.872704][ T5339] RSP: 0018:ffffc9000d58f858 EFLAGS: 00010282
[   76.875448][ T5339] RAX: abbf16e4b41d6c00 RBX: dffffc0000000000 RCX: ffff888000fa0000
[   76.879008][ T5339] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[   76.882428][ T5339] RBP: 0000000000000000 R08: ffff88801fc24293 R09: 1ffff11003f84852
[   76.885868][ T5339] R10: dffffc0000000000 R11: ffffed1003f84853 R12: 0000000000000000
[   76.889365][ T5339] R13: ffffffff8be2a8e0 R14: ffff888040041e00 R15: ffffffff8b8ce820
[   76.892873][ T5339]  debug_object_assert_init+0x2db/0x380
[   76.895364][ T5339]  __try_to_del_timer_sync+0x29/0x3a0
[   76.898168][ T5339]  __timer_delete_sync+0x1fe/0x2d0
[   76.900890][ T5339]  ? __pfx___timer_delete_sync+0x10/0x10
[   76.903602][ T5339]  ? down_write+0x162/0x1f0
[   76.905620][ T5339]  ? __pfx_down_write+0x10/0x10
[   76.907760][ T5339]  waveform_detach+0x45/0x60
[   76.909763][ T5339]  comedi_device_detach+0x134/0x720
[   76.912115][ T5339]  ? waveform_common_attach+0x9d/0x800
[   76.914398][ T5339]  comedi_device_attach+0x568/0x670
[   76.916836][ T5339]  comedi_unlocked_ioctl+0x686/0xf40
[   76.919427][ T5339]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   76.922024][ T5339]  ? __lock_acquire+0xab9/0xd20
[   76.924389][ T5339]  ? __fget_files+0x2a/0x420
[   76.926590][ T5339]  ? __fget_files+0x2a/0x420
[   76.928696][ T5339]  ? __fget_files+0x3a0/0x420
[   76.930764][ T5339]  ? __fget_files+0x2a/0x420
[   76.932799][ T5339]  ? bpf_lsm_file_ioctl+0x9/0x20
[   76.935067][ T5339]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   76.937577][ T5339]  __se_sys_ioctl+0xf9/0x170
[   76.939490][ T5339]  do_syscall_64+0xfa/0x3b0
[   76.941491][ T5339]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.943717][ T5339]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.946353][ T5339]  ? clear_bhb_loop+0x60/0xb0
[   76.948399][ T5339]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.950996][ T5339] RIP: 0033:0x7f0ee8f8e9a9
[   76.953048][ T5339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.961304][ T5339] RSP: 002b:00007f0ee9e02038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   76.965718][ T5339] RAX: ffffffffffffffda RBX: 00007f0ee91b5fa0 RCX: 00007f0ee8f8e9a9
[   76.969515][ T5339] RDX: 0000200000000140 RSI: 0000000040946400 RDI: 0000000000000004
[   76.973080][ T5339] RBP: 00007f0ee9e02090 R08: 0000000000000000 R09: 0000000000000000
[   76.976599][ T5339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   76.980162][ T5339] R13: 0000000000000000 R14: 00007f0ee91b5fa0 R15: 00007ffc5105a238
[   76.983863][ T5339]  </TASK>
[   76.985725][ T5339] Kernel Offset: disabled
[   76.987548][ T5339] Rebooting in 86400 seconds..