program:
r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000080)={'das16m1\x00', [0x2f00, 0x5, 0xd09a, 0x2, 0x0, 0xfffffffe, 0x1, 0x6, 0xffe, 0x1, 0xc, 0x1, 0x4, 0x4, 0xffff, 0x6, 0xffffffa7, 0x40000009, 0x832, 0x30000, 0x3ff, 0x9, 0x800, 0xe2df, 0x2, 0x1, 0x9, 0x3, 0x4, 0x5, 0x70f]})
r1 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f0000000140)={'comedi_test\x00', [0x9e1, 0x2166, 0x0, 0x100000, 0x88d6, 0x8f, 0xfffffffd, 0x10, 0x2, 0xffffffff, 0x200, 0x8, 0x344, 0x1, 0x7, 0x1, 0x9, 0x3, 0x9, 0xe, 0x100, 0x3, 0x80, 0x7ff, 0x1, 0x1, 0xb0c4, 0x7df, 0x8, 0x7, 0x1]}) (fail_nth: 5)

[   69.488074][ T4685] Bluetooth: hci0: command tx timeout
[   69.561550][ T5337] FAULT_INJECTION: forcing a failure.
[   69.561550][ T5337] name failslab, interval 1, probability 0, space 0, times 1
[   69.566801][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[   69.566817][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.566825][ T5337] Call Trace:
[   69.566831][ T5337]  <TASK>
[   69.566837][ T5337]  dump_stack_lvl+0x189/0x250
[   69.566913][ T5337]  ? __pfx____ratelimit+0x10/0x10
[   69.566948][ T5337]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.566956][ T5337]  ? __pfx__printk+0x10/0x10
[   69.566968][ T5337]  ? __pfx___might_resched+0x10/0x10
[   69.566976][ T5337]  ? fs_reclaim_acquire+0x7d/0x100
[   69.567012][ T5337]  should_fail_ex+0x414/0x560
[   69.567029][ T5337]  should_failslab+0xa8/0x100
[   69.567045][ T5337]  __kmalloc_noprof+0xcb/0x4f0
[   69.567077][ T5337]  ? rcu_is_watching+0x15/0xb0
[   69.567089][ T5337]  ? comedi_alloc_subdevices+0x4a/0x240
[   69.567135][ T5337]  comedi_alloc_subdevices+0x4a/0x240
[   69.567154][ T5337]  waveform_common_attach+0x89/0x800
[   69.567175][ T5337]  comedi_device_attach+0x520/0x670
[   69.567191][ T5337]  comedi_unlocked_ioctl+0x686/0xf40
[   69.567210][ T5337]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   69.567245][ T5337]  ? __lock_acquire+0xab9/0xd20
[   69.567271][ T5337]  ? __fget_files+0x2a/0x420
[   69.567288][ T5337]  ? __fget_files+0x2a/0x420
[   69.567302][ T5337]  ? __fget_files+0x3a0/0x420
[   69.567315][ T5337]  ? __fget_files+0x2a/0x420
[   69.567331][ T5337]  ? bpf_lsm_file_ioctl+0x9/0x20
[   69.567343][ T5337]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   69.567357][ T5337]  __se_sys_ioctl+0xfc/0x170
[   69.567372][ T5337]  do_syscall_64+0xfa/0x3b0
[   69.567382][ T5337]  ? lockdep_hardirqs_on+0x9c/0x150
[   69.567398][ T5337]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.567409][ T5337]  ? clear_bhb_loop+0x60/0xb0
[   69.567423][ T5337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.567433][ T5337] RIP: 0033:0x7fba6278e929
[   69.567444][ T5337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.567453][ T5337] RSP: 002b:00007fba63689038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   69.567465][ T5337] RAX: ffffffffffffffda RBX: 00007fba629b5fa0 RCX: 00007fba6278e929
[   69.567473][ T5337] RDX: 0000200000000140 RSI: 0000000040946400 RDI: 0000000000000004
[   69.567480][ T5337] RBP: 00007fba63689090 R08: 0000000000000000 R09: 0000000000000000
[   69.567486][ T5337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   69.567492][ T5337] R13: 0000000000000000 R14: 00007fba629b5fa0 R15: 00007ffc965d4418
[   69.567507][ T5337]  </TASK>
[   69.690445][ T5337] INFO: trying to register non-static key.
[   69.693133][ T5337] The code is fine but needs lockdep annotation, or maybe
[   69.696069][ T5337] you didn't initialize this object before use?
[   69.698643][ T5337] turning off the locking correctness validator.
[   69.701319][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[   69.701335][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.701343][ T5337] Call Trace:
[   69.701349][ T5337]  <TASK>
[   69.701355][ T5337]  dump_stack_lvl+0x189/0x250
[   69.701373][ T5337]  ? rcu_is_watching+0x15/0xb0
[   69.701388][ T5337]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.701400][ T5337]  ? __pfx__printk+0x10/0x10
[   69.701415][ T5337]  ? __is_module_percpu_address+0x39b/0x3f0
[   69.701429][ T5337]  ? is_module_address+0x17/0xf0
[   69.701446][ T5337]  assign_lock_key+0x133/0x150
[   69.701460][ T5337]  register_lock_class+0x105/0x320
[   69.701473][ T5337]  __lock_acquire+0x99/0xd20
[   69.701485][ T5337]  ? __timer_delete_sync+0x106/0x2d0
[   69.701501][ T5337]  lock_acquire+0x120/0x360
[   69.701512][ T5337]  ? __timer_delete_sync+0x106/0x2d0
[   69.701529][ T5337]  ? __timer_delete_sync+0x106/0x2d0
[   69.701545][ T5337]  __timer_delete_sync+0x11f/0x2d0
[   69.701560][ T5337]  ? __timer_delete_sync+0x106/0x2d0
[   69.701576][ T5337]  ? __pfx___timer_delete_sync+0x10/0x10
[   69.701592][ T5337]  ? down_write+0x162/0x1f0
[   69.701604][ T5337]  ? __pfx_down_write+0x10/0x10
[   69.701617][ T5337]  waveform_detach+0x45/0x60
[   69.701632][ T5337]  comedi_device_detach+0x134/0x720
[   69.701648][ T5337]  ? waveform_common_attach+0x9d/0x800
[   69.701670][ T5337]  comedi_device_attach+0x568/0x670
[   69.701684][ T5337]  comedi_unlocked_ioctl+0x686/0xf40
[   69.701701][ T5337]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   69.701722][ T5337]  ? __lock_acquire+0xab9/0xd20
[   69.701738][ T5337]  ? __fget_files+0x2a/0x420
[   69.701753][ T5337]  ? __fget_files+0x2a/0x420
[   69.701766][ T5337]  ? __fget_files+0x3a0/0x420
[   69.701780][ T5337]  ? __fget_files+0x2a/0x420
[   69.701794][ T5337]  ? bpf_lsm_file_ioctl+0x9/0x20
[   69.701806][ T5337]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   69.701820][ T5337]  __se_sys_ioctl+0xfc/0x170
[   69.701832][ T5337]  do_syscall_64+0xfa/0x3b0
[   69.701844][ T5337]  ? lockdep_hardirqs_on+0x9c/0x150
[   69.701860][ T5337]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.701871][ T5337]  ? clear_bhb_loop+0x60/0xb0
[   69.701884][ T5337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.701896][ T5337] RIP: 0033:0x7fba6278e929
[   69.701908][ T5337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.701918][ T5337] RSP: 002b:00007fba63689038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   69.701932][ T5337] RAX: ffffffffffffffda RBX: 00007fba629b5fa0 RCX: 00007fba6278e929
[   69.701940][ T5337] RDX: 0000200000000140 RSI: 0000000040946400 RDI: 0000000000000004
[   69.701947][ T5337] RBP: 00007fba63689090 R08: 0000000000000000 R09: 0000000000000000
[   69.701954][ T5337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   69.701961][ T5337] R13: 0000000000000000 R14: 00007fba629b5fa0 R15: 00007ffc965d4418
[   69.701973][ T5337]  </TASK>
[   69.830961][ T5337] ------------[ cut here ]------------
[   69.833332][ T5337] ODEBUG: assert_init not available (active state 0) object: ffff888040210a00 object type: timer_list hint: 0x0
[   69.839452][ T5337] WARNING: CPU: 0 PID: 5337 at lib/debugobjects.c:615 debug_print_object+0x16b/0x1e0
[   69.843584][ T5337] Modules linked in:
[   69.845300][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[   69.850428][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.855167][ T5337] RIP: 0010:debug_print_object+0x16b/0x1e0
[   69.857784][ T5337] Code: 4c 89 ff e8 37 c8 5b fd 4d 8b 0f 48 c7 c7 60 a7 e2 8b 48 8b 34 24 4c 89 ea 89 e9 4d 89 f0 41 54 e8 3a 25 bc fc 48 83 c4 08 90 <0f> 0b 90 90 ff 05 27 40 da 0a 48 83 c4 08 5b 41 5c 41 5d 41 5e 41
[   69.865084][ T5337] RSP: 0018:ffffc9000f727858 EFLAGS: 00010282
[   69.867307][ T5337] RAX: 4eea25d928740600 RBX: dffffc0000000000 RCX: ffff888000fdc880
[   69.871146][ T5337] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[   69.874681][ T5337] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004
[   69.878158][ T5337] R10: dffffc0000000000 R11: fffffbfff1bfaa64 R12: 0000000000000000
[   69.881570][ T5337] R13: ffffffff8be2a920 R14: ffff888040210a00 R15: ffffffff8b8ce8e0
[   69.884950][ T5337] FS:  00007fba636896c0(0000) GS:ffff88808d21b000(0000) knlGS:0000000000000000
[   69.889320][ T5337] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   69.892494][ T5337] CR2: 00007fba634ed9b8 CR3: 000000004419b000 CR4: 0000000000352ef0
[   69.896044][ T5337] Call Trace:
[   69.897327][ T5337]  <TASK>
[   69.898718][ T5337]  debug_object_assert_init+0x2db/0x380
[   69.901051][ T5337]  __try_to_del_timer_sync+0x29/0x3a0
[   69.903507][ T5337]  __timer_delete_sync+0x1fe/0x2d0
[   69.905559][ T5337]  ? __pfx___timer_delete_sync+0x10/0x10
[   69.907909][ T5337]  ? down_write+0x162/0x1f0
[   69.909765][ T5337]  ? __pfx_down_write+0x10/0x10
[   69.911762][ T5337]  waveform_detach+0x45/0x60
[   69.913711][ T5337]  comedi_device_detach+0x134/0x720
[   69.915953][ T5337]  ? waveform_common_attach+0x9d/0x800
[   69.918394][ T5337]  comedi_device_attach+0x568/0x670
[   69.920766][ T5337]  comedi_unlocked_ioctl+0x686/0xf40
[   69.923059][ T5337]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   69.925446][ T5337]  ? __lock_acquire+0xab9/0xd20
[   69.927443][ T5337]  ? __fget_files+0x2a/0x420
[   69.929422][ T5337]  ? __fget_files+0x2a/0x420
[   69.931428][ T5337]  ? __fget_files+0x3a0/0x420
[   69.933251][ T5337]  ? __fget_files+0x2a/0x420
[   69.935051][ T5337]  ? bpf_lsm_file_ioctl+0x9/0x20
[   69.937271][ T5337]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   69.939837][ T5337]  __se_sys_ioctl+0xfc/0x170
[   69.941662][ T5337]  do_syscall_64+0xfa/0x3b0
[   69.943514][ T5337]  ? lockdep_hardirqs_on+0x9c/0x150
[   69.945676][ T5337]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.948519][ T5337]  ? clear_bhb_loop+0x60/0xb0
[   69.950587][ T5337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.952993][ T5337] RIP: 0033:0x7fba6278e929
[   69.954760][ T5337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.963403][ T5337] RSP: 002b:00007fba63689038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   69.967259][ T5337] RAX: ffffffffffffffda RBX: 00007fba629b5fa0 RCX: 00007fba6278e929
[   69.970824][ T5337] RDX: 0000200000000140 RSI: 0000000040946400 RDI: 0000000000000004
[   69.974153][ T5337] RBP: 00007fba63689090 R08: 0000000000000000 R09: 0000000000000000
[   69.977630][ T5337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   69.980911][ T5337] R13: 0000000000000000 R14: 00007fba629b5fa0 R15: 00007ffc965d4418
[   69.984346][ T5337]  </TASK>
[   69.985769][ T5337] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   69.989086][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[   69.994162][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.997885][ T5337] Call Trace:
[   69.999095][ T5337]  <TASK>
[   70.000162][ T5337]  dump_stack_lvl+0x99/0x250
[   70.001852][ T5337]  ? __asan_memcpy+0x40/0x70
[   70.003883][ T5337]  ? __pfx_dump_stack_lvl+0x10/0x10
[   70.006262][ T5337]  ? __pfx__printk+0x10/0x10
[   70.008265][ T5337]  panic+0x2db/0x790
[   70.009922][ T5337]  ? __pfx_panic+0x10/0x10
[   70.012000][ T5337]  __warn+0x31b/0x4b0
[   70.013790][ T5337]  ? debug_print_object+0x16b/0x1e0
[   70.016099][ T5337]  ? debug_print_object+0x16b/0x1e0
[   70.018389][ T5337]  report_bug+0x2be/0x4f0
[   70.020268][ T5337]  ? debug_print_object+0x16b/0x1e0
[   70.022642][ T5337]  ? debug_print_object+0x16b/0x1e0
[   70.024886][ T5337]  ? debug_print_object+0x16d/0x1e0
[   70.027139][ T5337]  handle_bug+0x84/0x160
[   70.028933][ T5337]  exc_invalid_op+0x1a/0x50
[   70.030746][ T5337]  asm_exc_invalid_op+0x1a/0x20
[   70.032836][ T5337] RIP: 0010:debug_print_object+0x16b/0x1e0
[   70.035506][ T5337] Code: 4c 89 ff e8 37 c8 5b fd 4d 8b 0f 48 c7 c7 60 a7 e2 8b 48 8b 34 24 4c 89 ea 89 e9 4d 89 f0 41 54 e8 3a 25 bc fc 48 83 c4 08 90 <0f> 0b 90 90 ff 05 27 40 da 0a 48 83 c4 08 5b 41 5c 41 5d 41 5e 41
[   70.043871][ T5337] RSP: 0018:ffffc9000f727858 EFLAGS: 00010282
[   70.046502][ T5337] RAX: 4eea25d928740600 RBX: dffffc0000000000 RCX: ffff888000fdc880
[   70.050095][ T5337] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[   70.053482][ T5337] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004
[   70.056881][ T5337] R10: dffffc0000000000 R11: fffffbfff1bfaa64 R12: 0000000000000000
[   70.060077][ T5337] R13: ffffffff8be2a920 R14: ffff888040210a00 R15: ffffffff8b8ce8e0
[   70.063355][ T5337]  debug_object_assert_init+0x2db/0x380
[   70.065545][ T5337]  __try_to_del_timer_sync+0x29/0x3a0
[   70.067697][ T5337]  __timer_delete_sync+0x1fe/0x2d0
[   70.069760][ T5337]  ? __pfx___timer_delete_sync+0x10/0x10
[   70.072064][ T5337]  ? down_write+0x162/0x1f0
[   70.074057][ T5337]  ? __pfx_down_write+0x10/0x10
[   70.076043][ T5337]  waveform_detach+0x45/0x60
[   70.078086][ T5337]  comedi_device_detach+0x134/0x720
[   70.080489][ T5337]  ? waveform_common_attach+0x9d/0x800
[   70.082856][ T5337]  comedi_device_attach+0x568/0x670
[   70.085257][ T5337]  comedi_unlocked_ioctl+0x686/0xf40
[   70.087776][ T5337]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   70.090317][ T5337]  ? __lock_acquire+0xab9/0xd20
[   70.092467][ T5337]  ? __fget_files+0x2a/0x420
[   70.094499][ T5337]  ? __fget_files+0x2a/0x420
[   70.096533][ T5337]  ? __fget_files+0x3a0/0x420
[   70.098533][ T5337]  ? __fget_files+0x2a/0x420
[   70.100527][ T5337]  ? bpf_lsm_file_ioctl+0x9/0x20
[   70.102827][ T5337]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   70.105328][ T5337]  __se_sys_ioctl+0xfc/0x170
[   70.107490][ T5337]  do_syscall_64+0xfa/0x3b0
[   70.109500][ T5337]  ? lockdep_hardirqs_on+0x9c/0x150
[   70.111767][ T5337]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.114243][ T5337]  ? clear_bhb_loop+0x60/0xb0
[   70.116162][ T5337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.118686][ T5337] RIP: 0033:0x7fba6278e929
[   70.120733][ T5337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.129194][ T5337] RSP: 002b:00007fba63689038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   70.132894][ T5337] RAX: ffffffffffffffda RBX: 00007fba629b5fa0 RCX: 00007fba6278e929
[   70.136338][ T5337] RDX: 0000200000000140 RSI: 0000000040946400 RDI: 0000000000000004
[   70.140696][ T5337] RBP: 00007fba63689090 R08: 0000000000000000 R09: 0000000000000000
[   70.143979][ T5337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   70.147106][ T5337] R13: 0000000000000000 R14: 00007fba629b5fa0 R15: 00007ffc965d4418
[   70.150696][ T5337]  </TASK>
[   70.152374][ T5337] Kernel Offset: disabled
[   70.154287][ T5337] Rebooting in 86400 seconds..