inconsistent lock state in das16m1

ID	Workflow	Result	Correct	Bug	Created	Started	Finished	Revision	Error
3aa2ee16-3598-4bbf-b10e-0c931b69b667	repro		❓	inconsistent lock state in das16m1_interrupt	2026/03/07 23:16	2026/03/07 23:16	2026/03/07 23:26	31e9c887f7dc24e04b3ca70d0d54fc34141844b0

Title	Rank 🛈	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
inconsistent lock state in waveform_ao_cancel comedi	4				4	20d	23d	0/29	closed as dup on 2026/02/25 13:00

Title

Rank 🛈

inconsistent lock state in waveform_ao_cancel comedi

20d

23d

0/29

closed as dup on 2026/02/25 13:00

Title	Replies (including bot)	Last reply
[PATCH] comedi: Reinit dev->spinlock between attachments to low-level drivers	1 (1)	2026/02/25 13:24
[syzbot] [comedi?] inconsistent lock state in das16m1_interrupt	1 (2)	2026/02/16 17:10

Title

Replies (including bot)

Last reply

[PATCH] comedi: Reinit dev->spinlock between attachments to low-level drivers

1 (1)

2026/02/25 13:24

[syzbot] [comedi?] inconsistent lock state in das16m1_interrupt

1 (2)

2026/02/16 17:10

================================ WARNING: inconsistent lock state syzkaller #0 Tainted: G L -------------------------------- inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage. syz.8.9459/432 [HC1[1]:SC0[0]:HE0:SE1] takes: ffff888032197068 (&dev->spinlock){?...}-{3:3}, at: spin_lock include/linux/spinlock.h:342 [inline] ffff888032197068 (&dev->spinlock){?...}-{3:3}, at: das16m1_interrupt+0x5e/0x180 drivers/comedi/drivers/das16m1.c:460 {HARDIRQ-ON-W} state was registered at: lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:150 [inline] _raw_spin_lock_bh+0x36/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:348 [inline] waveform_ao_cancel+0x8d/0x120 drivers/comedi/drivers/comedi_test.c:628 do_cancel drivers/comedi/comedi_fops.c:818 [inline] comedi_close+0x27e/0x5e0 drivers/comedi/comedi_fops.c:3036 __fput+0x44f/0xa70 fs/file_table.c:469 task_work_run+0x1d9/0x270 kernel/task_work.c:233 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] __exit_to_user_mode_loop kernel/entry/common.c:67 [inline] exit_to_user_mode_loop+0xed/0x480 kernel/entry/common.c:98 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:238 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:269 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:325 [inline] do_syscall_64+0x32d/0xf80 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f irq event stamp: 25512 hardirqs last enabled at (25511): [<ffffffff8222f069>] seqcount_lockdep_reader_access+0x89/0xc0 include/linux/seqlock.h:75 hardirqs last disabled at (25512): [<ffffffff8bb2f7d3>] common_interrupt+0x13/0xe0 arch/x86/kernel/irq.c:326 softirqs last enabled at (25468): [<ffffffff8188e5ba>] __do_softirq kernel/softirq.c:660 [inline] softirqs last enabled at (25468): [<ffffffff8188e5ba>] invoke_softirq kernel/softirq.c:496 [inline] softirqs last enabled at (25468): [<ffffffff8188e5ba>] __irq_exit_rcu+0xca/0x220 kernel/softirq.c:739 softirqs last disabled at (25439): [<ffffffff8188e5ba>] __do_softirq kernel/softirq.c:660 [inline] softirqs last disabled at (25439): [<ffffffff8188e5ba>] invoke_softirq kernel/softirq.c:496 [inline] softirqs last disabled at (25439): [<ffffffff8188e5ba>] __irq_exit_rcu+0xca/0x220 kernel/softirq.c:739 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&dev->spinlock); <Interrupt> lock(&dev->spinlock); *** DEADLOCK *** 2 locks held by syz.8.9459/432: #0: ffff88801c2d2420 (sb_writers#5){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:2710 [inline] #0: ffff88801c2d2420 (sb_writers#5){.+.+}-{0:0}, at: vfs_write+0x227/0xb90 fs/read_write.c:684 #1: ffff888076a66c40 (&sb->s_type->i_mutex_key#15){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #1: ffff888076a66c40 (&sb->s_type->i_mutex_key#15){+.+.}-{4:4}, at: shmem_file_write_iter+0x7f/0x120 mm/shmem.c:3456 stack backtrace: CPU: 0 UID: 0 PID: 432 Comm: syz.8.9459 Tainted: G L syzkaller #0 PREEMPT(full) Tainted: [L]=SOFTLOCKUP Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 Call Trace: <IRQ> dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120 print_usage_bug+0x28b/0x2e0 kernel/locking/lockdep.c:4042 valid_state kernel/locking/lockdep.c:4056 [inline] mark_lock_irq+0x410/0x420 kernel/locking/lockdep.c:-1 mark_lock+0x115/0x190 kernel/locking/lockdep.c:4753 mark_usage kernel/locking/lockdep.c:4639 [inline] __lock_acquire+0x661/0x2cf0 kernel/locking/lockdep.c:5191 lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868 __raw_spin_lock include/linux/spinlock_api_smp.h:158 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:342 [inline] das16m1_interrupt+0x5e/0x180 drivers/comedi/drivers/das16m1.c:460 __handle_irq_event_percpu+0x227/0x9e0 kernel/irq/handle.c:209 handle_irq_event_percpu kernel/irq/handle.c:246 [inline] handle_irq_event+0x8b/0x1e0 kernel/irq/handle.c:263 handle_edge_irq+0x23b/0xa10 kernel/irq/chip.c:855 generic_handle_irq_desc include/linux/irqdesc.h:186 [inline] handle_irq arch/x86/kernel/irq.c:262 [inline] call_irq_handler arch/x86/kernel/irq.c:-1 [inline] __common_interrupt+0x141/0x1f0 arch/x86/kernel/irq.c:333 common_interrupt+0xb6/0xe0 arch/x86/kernel/irq.c:326 </IRQ> <TASK> asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:688 RIP: 0010:stack_trace_consume_entry+0x20/0x280 kernel/stacktrace.c:86 Code: 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 41 57 41 56 41 55 41 54 53 48 83 ec 18 48 ba 00 00 00 00 00 fc ff df 4c 8d 47 10 <4c> 89 c5 48 c1 ed 03 0f b6 44 15 00 84 c0 0f 85 09 01 00 00 44 8b RSP: 0018:ffffc90005917158 EFLAGS: 00000292 RAX: ffffffff824142a0 RBX: ffffc90005917260 RCX: 0000000000000000 RDX: dffffc0000000000 RSI: ffffffff824142a0 RDI: ffffc90005917260 RBP: ffffc90005917230 R08: ffffc90005917270 R09: 0000000000000000 R10: ffffc900059171f8 R11: ffffffff81b1cb00 R12: ffff88803318bd00 R13: 1ffff1100663185e R14: ffffffff81b1cb00 R15: ffffc900059171a8 arch_stack_walk+0x10f/0x150 arch/x86/kernel/stacktrace.c:27 stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122 save_stack+0x122/0x230 mm/page_owner.c:165 __set_page_owner+0x8d/0x4c0 mm/page_owner.c:341 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x231/0x280 mm/page_alloc.c:1857 prep_new_page mm/page_alloc.c:1865 [inline] get_page_from_freelist+0x2418/0x24b0 mm/page_alloc.c:3924 __alloc_frozen_pages_noprof+0x18d/0x380 mm/page_alloc.c:5211 alloc_pages_mpol+0x232/0x4a0 mm/mempolicy.c:2484 folio_alloc_mpol_noprof+0x39/0x160 mm/mempolicy.c:2503 shmem_alloc_folio mm/shmem.c:1933 [inline] shmem_alloc_and_add_folio+0x442/0xf80 mm/shmem.c:1975 shmem_get_folio_gfp+0x4d4/0x1420 mm/shmem.c:2552 shmem_get_folio mm/shmem.c:2658 [inline] shmem_write_begin+0x16c/0x330 mm/shmem.c:3291 generic_perform_write+0x2e2/0x8f0 mm/filemap.c:4320 shmem_file_write_iter+0xf8/0x120 mm/shmem.c:3466 new_sync_write fs/read_write.c:595 [inline] vfs_write+0x61d/0xb90 fs/read_write.c:688 ksys_write+0x150/0x270 fs/read_write.c:740 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f9ca1b5cfce Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 RSP: 002b:00007f9ca2ad9da8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007f9ca2ada6c0 RCX: 00007f9ca1b5cfce RDX: 0000000001000000 RSI: 00007f9c97800000 RDI: 0000000000000003 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 R13: 00007f9ca2ad9ee0 R14: 00007f9ca2ad9ea0 R15: 00007f9c97800000 </TASK> comedi comedi3: fifo overflow ---------------- Code disassembly (best guess): 0: 90 nop 1: 90 nop 2: 90 nop 3: 90 nop 4: 90 nop 5: 90 nop 6: 90 nop 7: 90 nop 8: 90 nop 9: 90 nop a: f3 0f 1e fa endbr64 e: 55 push %rbp f: 41 57 push %r15 11: 41 56 push %r14 13: 41 55 push %r13 15: 41 54 push %r12 17: 53 push %rbx 18: 48 83 ec 18 sub $0x18,%rsp 1c: 48 ba 00 00 00 00 00 movabs $0xdffffc0000000000,%rdx 23: fc ff df 26: 4c 8d 47 10 lea 0x10(%rdi),%r8 * 2a: 4c 89 c5 mov %r8,%rbp <-- trapping instruction 2d: 48 c1 ed 03 shr $0x3,%rbp 31: 0f b6 44 15 00 movzbl 0x0(%rbp,%rdx,1),%eax 36: 84 c0 test %al,%al 38: 0f 85 09 01 00 00 jne 0x147 3e: 44 rex.R 3f: 8b .byte 0x8b

Crashes (7):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Assets (help?)	Manager	Title
2026/03/12 10:48	linux-next	f90aadf1c67c	4efadf07	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	inconsistent lock state in das16m1_interrupt
2026/02/23 11:03	linux-next	d4906ae14a5f	305c0ec5	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-rust-kasan-gce	inconsistent lock state in das16m1_interrupt
2026/02/22 16:29	linux-next	d4906ae14a5f	6e7b5511	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-rust-kasan-gce	inconsistent lock state in das16m1_interrupt
2026/02/21 19:51	linux-next	d4906ae14a5f	6e7b5511	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-rust-kasan-gce	inconsistent lock state in das16m1_interrupt
2026/02/17 14:13	linux-next	350adaf7fde9	e439b951	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-rust-kasan-gce	inconsistent lock state in das16m1_interrupt
2026/02/10 23:59	linux-next	fd9678829d6d	441e25b7	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	inconsistent lock state in das16m1_interrupt
2026/02/10 16:34	linux-next	132737e360b4	91d776d3	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-rust-kasan-gce	inconsistent lock state in das16m1_interrupt

Crashes (7):

Assets (help?)