syzbot |
sign-in | mailing list | source | docs | 🏰 |
| ID | Workflow | Result | Correct | Bug | Created | Started | Finished | Revision | Error |
|---|---|---|---|---|---|---|---|---|---|
| 3aa2ee16-3598-4bbf-b10e-0c931b69b667 | repro | ❓ | inconsistent lock state in das16m1_interrupt | 2026/03/07 23:16 | 2026/03/07 23:16 | 2026/03/07 23:26 | 31e9c887f7dc24e04b3ca70d0d54fc34141844b0 |
| Title | Replies (including bot) | Last reply |
|---|---|---|
| [PATCH] comedi: Reinit dev->spinlock between attachments to low-level drivers | 1 (1) | 2026/02/25 13:24 |
| [syzbot] [comedi?] inconsistent lock state in das16m1_interrupt | 1 (2) | 2026/02/16 17:10 |
================================
WARNING: inconsistent lock state
syzkaller #0 Tainted: G L
--------------------------------
inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage.
syz.2.1847/12914 [HC1[1]:SC0[0]:HE0:SE1] takes:
ffff888032c07068 (&dev->spinlock){?...}-{3:3}, at: spin_lock include/linux/spinlock.h:341 [inline]
ffff888032c07068 (&dev->spinlock){?...}-{3:3}, at: das16m1_interrupt+0x68/0x120 drivers/comedi/drivers/das16m1.c:460
{HARDIRQ-ON-W} state was registered at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x1cf/0x380 kernel/locking/lockdep.c:5825
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:150 [inline]
_raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:347 [inline]
waveform_ao_cancel+0x96/0x150 drivers/comedi/drivers/comedi_test.c:628
do_cancel+0xf4/0x180 drivers/comedi/comedi_fops.c:818
comedi_close+0x2f6/0x470 drivers/comedi/comedi_fops.c:3036
__fput+0x3ff/0xb40 fs/file_table.c:469
task_work_run+0x150/0x240 kernel/task_work.c:233
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
__exit_to_user_mode_loop kernel/entry/common.c:67 [inline]
exit_to_user_mode_loop+0x100/0x4a0 kernel/entry/common.c:98
__exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:325 [inline]
do_syscall_64+0x67c/0xf80 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
irq event stamp: 2574
hardirqs last enabled at (2573): [<ffffffff8b93e153>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:187 [inline]
hardirqs last enabled at (2573): [<ffffffff8b93e153>] _raw_spin_unlock_irq+0x23/0x50 kernel/locking/spinlock.c:202
hardirqs last disabled at (2574): [<ffffffff8b90bdc9>] common_interrupt+0x19/0xe0 arch/x86/kernel/irq.c:326
softirqs last enabled at (2566): [<ffffffff81c9240f>] __do_softirq kernel/softirq.c:656 [inline]
softirqs last enabled at (2566): [<ffffffff81c9240f>] invoke_softirq kernel/softirq.c:496 [inline]
softirqs last enabled at (2566): [<ffffffff81c9240f>] __irq_exit_rcu+0xef/0x150 kernel/softirq.c:723
softirqs last disabled at (2557): [<ffffffff81c9240f>] __do_softirq kernel/softirq.c:656 [inline]
softirqs last disabled at (2557): [<ffffffff81c9240f>] invoke_softirq kernel/softirq.c:496 [inline]
softirqs last disabled at (2557): [<ffffffff81c9240f>] __irq_exit_rcu+0xef/0x150 kernel/softirq.c:723
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&dev->spinlock);
<Interrupt>
lock(&dev->spinlock);
*** DEADLOCK ***
3 locks held by syz.2.1847/12914:
#0: ffff888037695900 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:592 [inline]
#0: ffff888037695900 (&mm->mmap_lock){++++}-{4:4}, at: __mm_populate+0x229/0x3a0 mm/gup.c:1942
#1: ffffffff8e7e7920 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
#1: ffffffff8e7e7920 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline]
#1: ffffffff8e7e7920 (rcu_read_lock){....}-{1:3}, at: __pte_offset_map+0x2f/0x310 mm/pgtable-generic.c:288
#2: ffff888078312138 (ptlock_ptr(ptdesc)#2){+.+.}-{3:3}, at: spin_lock include/linux/spinlock.h:341 [inline]
#2: ffff888078312138 (ptlock_ptr(ptdesc)#2){+.+.}-{3:3}, at: pte_offset_map_lock+0x10f/0x320 mm/pgtable-generic.c:402
stack backtrace:
CPU: 1 UID: 0 PID: 12914 Comm: syz.2.1847 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
print_usage_bug.part.0+0x257/0x340 kernel/locking/lockdep.c:4042
print_usage_bug kernel/locking/lockdep.c:4010 [inline]
valid_state kernel/locking/lockdep.c:4056 [inline]
mark_lock_irq kernel/locking/lockdep.c:4267 [inline]
mark_lock+0x74a/0xa20 kernel/locking/lockdep.c:4753
mark_usage kernel/locking/lockdep.c:4639 [inline]
__lock_acquire+0x10ff/0x2630 kernel/locking/lockdep.c:5191
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x1cf/0x380 kernel/locking/lockdep.c:5825
__raw_spin_lock include/linux/spinlock_api_smp.h:158 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:341 [inline]
das16m1_interrupt+0x68/0x120 drivers/comedi/drivers/das16m1.c:460
__handle_irq_event_percpu+0x232/0x8e0 kernel/irq/handle.c:209
handle_irq_event_percpu kernel/irq/handle.c:246 [inline]
handle_irq_event+0xab/0x1e0 kernel/irq/handle.c:263
handle_edge_irq+0x375/0x970 kernel/irq/chip.c:855
generic_handle_irq_desc include/linux/irqdesc.h:186 [inline]
handle_irq arch/x86/kernel/irq.c:262 [inline]
call_irq_handler arch/x86/kernel/irq.c:318 [inline]
__common_interrupt+0xd8/0x2f0 arch/x86/kernel/irq.c:333
common_interrupt+0xb9/0xe0 arch/x86/kernel/irq.c:326
</IRQ>
<TASK>
asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:688
RIP: 0010:native_irq_disable arch/x86/include/asm/irqflags.h:37 [inline]
RIP: 0010:arch_local_irq_disable arch/x86/include/asm/irqflags.h:114 [inline]
RIP: 0010:arch_local_irq_save arch/x86/include/asm/irqflags.h:128 [inline]
RIP: 0010:lock_release kernel/locking/lockdep.c:5885 [inline]
RIP: 0010:lock_release+0x8d/0x320 kernel/locking/lockdep.c:5875
Code: 00 00 65 4c 8b 25 2b 40 29 12 41 8b bc 24 54 0b 00 00 85 ff 0f 85 21 01 00 00 48 81 3b 40 27 15 94 0f 84 14 01 00 00 9c 41 5e <fa> 48 c7 c7 07 bc f6 8d e8 f6 04 ac 09 65 ff 05 67 87 29 12 8b 35
RSP: 0018:ffffc9000da0f958 EFLAGS: 00000287
RAX: 0000000000000000 RBX: ffff888078312138 RCX: ffffc9000ea11000
RDX: 0000000000000000 RSI: ffffffff8c1b19a0 RDI: 0000000000000000
RBP: ffffffff825695e5 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: ffff88804655c980
R13: 0000000000000000 R14: 0000000000000287 R15: 1ffff92001b41f3d
__raw_spin_unlock include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock+0x16/0x50 kernel/locking/spinlock.c:186
spin_unlock include/linux/spinlock.h:389 [inline]
follow_page_pte+0x8b5/0x1400 mm/gup.c:889
follow_pmd_mask mm/gup.c:928 [inline]
follow_pud_mask mm/gup.c:967 [inline]
follow_p4d_mask mm/gup.c:984 [inline]
follow_page_mask mm/gup.c:1023 [inline]
__get_user_pages+0x745/0x34d0 mm/gup.c:1426
populate_vma_page_range+0x267/0x3f0 mm/gup.c:1860
__mm_populate+0x107/0x3a0 mm/gup.c:1963
mm_populate include/linux/mm.h:3894 [inline]
vm_mmap_pgoff+0x37f/0x470 mm/util.c:586
ksys_mmap_pgoff+0xe1/0x650 mm/mmap.c:605
__do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline]
__se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline]
__x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:82
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x106/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fe1d3f9c819
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fe1d4e7b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 00007fe1d4215fa0 RCX: 00007fe1d3f9c819
RDX: 0000000002000001 RSI: 0000000000600000 RDI: 00002000009fd000
RBP: 00007fe1d4032c91 R08: ffffffffffffffff R09: 0000000000002000
R10: 0000000000006031 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fe1d4216038 R14: 00007fe1d4215fa0 R15: 00007fff06dc2158
</TASK>
comedi comedi2: fifo overflow
----------------
Code disassembly (best guess):
0: 00 00 add %al,(%rax)
2: 65 4c 8b 25 2b 40 29 mov %gs:0x1229402b(%rip),%r12 # 0x12294035
9: 12
a: 41 8b bc 24 54 0b 00 mov 0xb54(%r12),%edi
11: 00
12: 85 ff test %edi,%edi
14: 0f 85 21 01 00 00 jne 0x13b
1a: 48 81 3b 40 27 15 94 cmpq $0xffffffff94152740,(%rbx)
21: 0f 84 14 01 00 00 je 0x13b
27: 9c pushf
28: 41 5e pop %r14
* 2a: fa cli <-- trapping instruction
2b: 48 c7 c7 07 bc f6 8d mov $0xffffffff8df6bc07,%rdi
32: e8 f6 04 ac 09 call 0x9ac052d
37: 65 ff 05 67 87 29 12 incl %gs:0x12298767(%rip) # 0x122987a5
3e: 8b .byte 0x8b
3f: 35 .byte 0x35
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2026/04/03 20:07 | upstream | d8a9a4b11a13 | 4440e7c2 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-selinux-root | inconsistent lock state in das16m1_interrupt | ||
| 2026/04/02 19:42 | upstream | 5619b098e2fb | 8b15d4ae | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-badwrites-root | inconsistent lock state in das16m1_interrupt | ||
| 2026/03/31 12:02 | upstream | d0c3bcd5b897 | d0af506e | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-selinux-root | inconsistent lock state in das16m1_interrupt | ||
| 2026/03/30 12:55 | upstream | 7aaa8047eafd | 458630d8 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | inconsistent lock state in das16m1_interrupt | ||
| 2026/03/28 23:19 | upstream | be762d8b6dd7 | 356bdfc9 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | inconsistent lock state in das16m1_interrupt | ||
| 2026/03/28 18:30 | upstream | be762d8b6dd7 | 356bdfc9 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-badwrites-root | inconsistent lock state in das16m1_interrupt | ||
| 2026/03/28 15:57 | upstream | 7df48e363130 | 356bdfc9 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-selinux-root | inconsistent lock state in das16m1_interrupt | ||
| 2026/03/27 15:32 | upstream | 46b513250491 | 74a13a23 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-badwrites-root | inconsistent lock state in das16m1_interrupt | ||
| 2026/03/27 15:31 | upstream | 46b513250491 | 74a13a23 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-badwrites-root | inconsistent lock state in das16m1_interrupt | ||
| 2026/03/27 15:30 | upstream | 46b513250491 | 74a13a23 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-badwrites-root | inconsistent lock state in das16m1_interrupt | ||
| 2026/03/26 06:56 | upstream | d2a43e7f89da | c6143aac | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-selinux-root | inconsistent lock state in das16m1_interrupt | ||
| 2026/03/13 15:30 | upstream | 0257f64bdac7 | 351cb5cf | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-badwrites-root | inconsistent lock state in das16m1_interrupt | ||
| 2026/04/03 06:54 | linux-next | cc13002a9f98 | 4440e7c2 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-rust-kasan-gce | inconsistent lock state in das16m1_interrupt | ||
| 2026/04/03 03:02 | linux-next | cc13002a9f98 | 4440e7c2 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | inconsistent lock state in das16m1_interrupt | ||
| 2026/03/26 18:21 | linux-next | e77a5a5cfe43 | fca8d360 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | inconsistent lock state in das16m1_interrupt | ||
| 2026/03/23 12:13 | linux-next | 785f0eb2f85d | 5e3db351 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | inconsistent lock state in das16m1_interrupt | ||
| 2026/03/23 12:13 | linux-next | 785f0eb2f85d | 5e3db351 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | inconsistent lock state in das16m1_interrupt | ||
| 2026/03/23 12:12 | linux-next | 785f0eb2f85d | 5e3db351 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | inconsistent lock state in das16m1_interrupt | ||
| 2026/03/20 08:58 | linux-next | b5d083a3ed1e | 2f245add | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | inconsistent lock state in das16m1_interrupt | ||
| 2026/03/20 08:56 | linux-next | b5d083a3ed1e | 2f245add | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | inconsistent lock state in das16m1_interrupt | ||
| 2026/03/12 20:01 | linux-next | 5c9e55fecf93 | 4efadf07 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | inconsistent lock state in das16m1_interrupt | ||
| 2026/03/12 19:52 | linux-next | 5c9e55fecf93 | 4efadf07 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | inconsistent lock state in das16m1_interrupt | ||
| 2026/03/12 10:48 | linux-next | f90aadf1c67c | 4efadf07 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | inconsistent lock state in das16m1_interrupt | ||
| 2026/02/23 11:03 | linux-next | d4906ae14a5f | 305c0ec5 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-rust-kasan-gce | inconsistent lock state in das16m1_interrupt | ||
| 2026/02/22 16:29 | linux-next | d4906ae14a5f | 6e7b5511 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-rust-kasan-gce | inconsistent lock state in das16m1_interrupt | ||
| 2026/02/21 19:51 | linux-next | d4906ae14a5f | 6e7b5511 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-rust-kasan-gce | inconsistent lock state in das16m1_interrupt | ||
| 2026/02/17 14:13 | linux-next | 350adaf7fde9 | e439b951 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-rust-kasan-gce | inconsistent lock state in das16m1_interrupt | ||
| 2026/02/10 23:59 | linux-next | fd9678829d6d | 441e25b7 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | inconsistent lock state in das16m1_interrupt | ||
| 2026/02/10 16:34 | linux-next | 132737e360b4 | 91d776d3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-rust-kasan-gce | inconsistent lock state in das16m1_interrupt |