syzbot

================================
WARNING: inconsistent lock state
syzkaller #0 Not tainted
--------------------------------
inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage.
syz.0.15721/11171 [HC1[1]:SC0[0]:HE0:SE1] takes:
ffff888031648868 (&dev->spinlock){?...}-{3:3}, at: spin_lock include/linux/spinlock.h:341 [inline]
ffff888031648868 (&dev->spinlock){?...}-{3:3}, at: das16m1_interrupt+0x5e/0x180 drivers/comedi/drivers/das16m1.c:460
{HARDIRQ-ON-W} state was registered at:
  lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
  __raw_spin_lock_bh include/linux/spinlock_api_smp.h:150 [inline]
  _raw_spin_lock_bh+0x36/0x50 kernel/locking/spinlock.c:178
  spin_lock_bh include/linux/spinlock.h:347 [inline]
  waveform_ao_cancel+0x8d/0x120 drivers/comedi/drivers/comedi_test.c:628
  do_cancel drivers/comedi/comedi_fops.c:818 [inline]
  comedi_close+0x27e/0x5e0 drivers/comedi/comedi_fops.c:3036
  __fput+0x44f/0xa70 fs/file_table.c:469
  task_work_run+0x1d9/0x270 kernel/task_work.c:233
  resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
  __exit_to_user_mode_loop kernel/entry/common.c:67 [inline]
  exit_to_user_mode_loop+0xed/0x480 kernel/entry/common.c:98
  __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
  syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
  syscall_exit_to_user_mode include/linux/entry-common.h:325 [inline]
  do_syscall_64+0x32d/0xf80 arch/x86/entry/syscall_64.c:100
  entry_SYSCALL_64_after_hwframe+0x77/0x7f
irq event stamp: 1472
hardirqs last  enabled at (1471): [<ffffffff8bad7f2e>] irqentry_exit+0x59e/0x620 kernel/entry/common.c:242
hardirqs last disabled at (1472): [<ffffffff8bad3763>] common_interrupt+0x13/0xe0 arch/x86/kernel/irq.c:326
softirqs last  enabled at (1404): [<ffffffff81880def>] __do_softirq kernel/softirq.c:660 [inline]
softirqs last  enabled at (1404): [<ffffffff81880def>] invoke_softirq kernel/softirq.c:496 [inline]
softirqs last  enabled at (1404): [<ffffffff81880def>] __irq_exit_rcu+0x5f/0x150 kernel/softirq.c:727
softirqs last disabled at (1275): [<ffffffff81880def>] __do_softirq kernel/softirq.c:660 [inline]
softirqs last disabled at (1275): [<ffffffff81880def>] invoke_softirq kernel/softirq.c:496 [inline]
softirqs last disabled at (1275): [<ffffffff81880def>] __irq_exit_rcu+0x5f/0x150 kernel/softirq.c:727

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&dev->spinlock);
  <Interrupt>
    lock(&dev->spinlock);

 *** DEADLOCK ***

2 locks held by syz.0.15721/11171:
 #0: ffff88805a5252e8 (&tty->termios_rwsem){++++}-{4:4}, at: class_rwsem_write_constructor include/linux/rwsem.h:270 [inline]
 #0: ffff88805a5252e8 (&tty->termios_rwsem){++++}-{4:4}, at: uart_ioctl+0x109/0x1af0 drivers/tty/serial/serial_core.c:1561
 #1: ffff888025e48e90 (&port->mutex){+.+.}-{4:4}, at: class_mutex_intr_constructor include/linux/mutex.h:255 [inline]
 #1: ffff888025e48e90 (&port->mutex){+.+.}-{4:4}, at: uart_do_autoconfig drivers/tty/serial/serial_core.c:1145 [inline]
 #1: ffff888025e48e90 (&port->mutex){+.+.}-{4:4}, at: uart_ioctl+0x133/0x1af0 drivers/tty/serial/serial_core.c:1562

stack backtrace:
CPU: 0 UID: 0 PID: 11171 Comm: syz.0.15721 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Call Trace:
 <IRQ>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 print_usage_bug+0x28b/0x2e0 kernel/locking/lockdep.c:4042
 valid_state kernel/locking/lockdep.c:4056 [inline]
 mark_lock_irq+0x410/0x420 kernel/locking/lockdep.c:-1
 mark_lock+0x115/0x190 kernel/locking/lockdep.c:4753
 mark_usage kernel/locking/lockdep.c:4639 [inline]
 __lock_acquire+0x661/0x2cf0 kernel/locking/lockdep.c:5191
 lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
 __raw_spin_lock include/linux/spinlock_api_smp.h:158 [inline]
 _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
 spin_lock include/linux/spinlock.h:341 [inline]
 das16m1_interrupt+0x5e/0x180 drivers/comedi/drivers/das16m1.c:460
 __handle_irq_event_percpu+0x227/0x9e0 kernel/irq/handle.c:209
 handle_irq_event_percpu kernel/irq/handle.c:246 [inline]
 handle_irq_event+0x8b/0x1e0 kernel/irq/handle.c:263
 handle_edge_irq+0x23b/0xa10 kernel/irq/chip.c:855
 generic_handle_irq_desc include/linux/irqdesc.h:186 [inline]
 handle_irq arch/x86/kernel/irq.c:262 [inline]
 call_irq_handler arch/x86/kernel/irq.c:-1 [inline]
 __common_interrupt+0x141/0x1f0 arch/x86/kernel/irq.c:333
 common_interrupt+0xb6/0xe0 arch/x86/kernel/irq.c:326
 </IRQ>
 <TASK>
 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:688
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:179 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0x47/0x80 kernel/locking/spinlock.c:194
Code: f7 e8 fd 21 f2 f5 f7 c3 00 02 00 00 74 05 e8 20 70 1d f6 9c 58 a9 00 02 00 00 75 27 f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> 74 e8 e3 f5 65 8b 05 bd bf 6b 07 85 c0 74 18 5b 41 5e c3 cc cc
RSP: 0018:ffffc9000cb2fa28 EFLAGS: 00000206
RAX: 0000000000000006 RBX: 0000000000000283 RCX: 0000000080000001
RDX: 0000000000000006 RSI: ffffffff8def2049 RDI: 0000000000000001
RBP: ffffc9000cb2fbe0 R08: ffffffff901182b7 R09: 1ffffffff2023056
R10: dffffc0000000000 R11: fffffbfff2023057 R12: 0000000000000100
R13: dffffc0000000000 R14: ffffffff9a5cc360 R15: ffffffff8f00a560
 spin_unlock_irqrestore include/linux/spinlock.h:407 [inline]
 uart_port_unlock_irqrestore include/linux/serial_core.h:788 [inline]
 autoconfig drivers/tty/serial/8250/8250_port.c:1199 [inline]
 serial8250_config_port+0x1467/0x5300 drivers/tty/serial/8250/8250_port.c:3083
 univ8250_config_port+0x3b9/0x980 drivers/tty/serial/8250/8250_rsa.c:72
 uart_do_autoconfig drivers/tty/serial/serial_core.c:1170 [inline]
 uart_ioctl+0x1570/0x1af0 drivers/tty/serial/serial_core.c:1562
 tty_ioctl+0x928/0xde0 drivers/tty/tty_io.c:2792
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f9b5e19bf79
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f9b5f00d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f9b5e415fa0 RCX: 00007f9b5e19bf79
RDX: 0000000000000000 RSI: 0000000000005453 RDI: 0000000000000003
RBP: 00007f9b5e2327e0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f9b5e416038 R14: 00007f9b5e415fa0 R15: 00007ffd933a2628
 </TASK>
comedi comedi3: fifo overflow
----------------
Code disassembly (best guess):
   0:	f7 e8                	imul   %eax
   2:	fd                   	std
   3:	21 f2                	and    %esi,%edx
   5:	f5                   	cmc
   6:	f7 c3 00 02 00 00    	test   $0x200,%ebx
   c:	74 05                	je     0x13
   e:	e8 20 70 1d f6       	call   0xf61d7033
  13:	9c                   	pushf
  14:	58                   	pop    %rax
  15:	a9 00 02 00 00       	test   $0x200,%eax
  1a:	75 27                	jne    0x43
  1c:	f7 c3 00 02 00 00    	test   $0x200,%ebx
  22:	74 01                	je     0x25
  24:	fb                   	sti
  25:	bf 01 00 00 00       	mov    $0x1,%edi
* 2a:	e8 74 e8 e3 f5       	call   0xf5e3e8a3 <-- trapping instruction
  2f:	65 8b 05 bd bf 6b 07 	mov    %gs:0x76bbfbd(%rip),%eax        # 0x76bbff3
  36:	85 c0                	test   %eax,%eax
  38:	74 18                	je     0x52
  3a:	5b                   	pop    %rbx
  3b:	41 5e                	pop    %r14
  3d:	c3                   	ret
  3e:	cc                   	int3
  3f:	cc                   	int3