================================
WARNING: inconsistent lock state
syzkaller #0 Tainted: G             L     
--------------------------------
inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage.
kworker/u8:1/13 [HC1[1]:SC0[0]:HE0:SE1] takes:
ffff888033419068 (&dev->spinlock){?...}-{3:3}, at: spin_lock include/linux/spinlock.h:341 [inline]
ffff888033419068 (&dev->spinlock){?...}-{3:3}, at: das16m1_interrupt+0x68/0x120 drivers/comedi/drivers/das16m1.c:460
{HARDIRQ-ON-W} state was registered at:
  lock_acquire kernel/locking/lockdep.c:5868 [inline]
  lock_acquire+0x1cf/0x380 kernel/locking/lockdep.c:5825
  __raw_spin_lock_bh include/linux/spinlock_api_smp.h:150 [inline]
  _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178
  spin_lock_bh include/linux/spinlock.h:347 [inline]
  waveform_ao_cancel+0x96/0x150 drivers/comedi/drivers/comedi_test.c:628
  do_cancel+0xf4/0x180 drivers/comedi/comedi_fops.c:818
  comedi_close+0x2f6/0x470 drivers/comedi/comedi_fops.c:3036
  __fput+0x3ff/0xb40 fs/file_table.c:469
  task_work_run+0x150/0x240 kernel/task_work.c:233
  resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
  __exit_to_user_mode_loop kernel/entry/common.c:67 [inline]
  exit_to_user_mode_loop+0x100/0x4a0 kernel/entry/common.c:98
  __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
  syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
  syscall_exit_to_user_mode include/linux/entry-common.h:325 [inline]
  do_syscall_64+0x67c/0xf80 arch/x86/entry/syscall_64.c:100
  entry_SYSCALL_64_after_hwframe+0x77/0x7f
irq event stamp: 4582124
hardirqs last  enabled at (4582123): [<ffffffff81d60bf5>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1629 [inline]
hardirqs last  enabled at (4582123): [<ffffffff81d60bf5>] finish_lock_switch kernel/sched/core.c:5032 [inline]
hardirqs last  enabled at (4582123): [<ffffffff81d60bf5>] finish_task_switch.isra.0+0x205/0xb80 kernel/sched/core.c:5150
hardirqs last disabled at (4582124): [<ffffffff8b8e3dc9>] common_interrupt+0x19/0xe0 arch/x86/kernel/irq.c:326
softirqs last  enabled at (4582100): [<ffffffff873a49d7>] spin_unlock_bh include/linux/spinlock.h:395 [inline]
softirqs last  enabled at (4582100): [<ffffffff873a49d7>] nsim_dev_trap_report drivers/net/netdevsim/dev.c:891 [inline]
softirqs last  enabled at (4582100): [<ffffffff873a49d7>] nsim_dev_trap_report_work+0x8c7/0xd10 drivers/net/netdevsim/dev.c:922
softirqs last disabled at (4582098): [<ffffffff873a4946>] spin_lock_bh include/linux/spinlock.h:347 [inline]
softirqs last disabled at (4582098): [<ffffffff873a4946>] nsim_dev_trap_report drivers/net/netdevsim/dev.c:887 [inline]
softirqs last disabled at (4582098): [<ffffffff873a4946>] nsim_dev_trap_report_work+0x836/0xd10 drivers/net/netdevsim/dev.c:922

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&dev->spinlock);
  <Interrupt>
    lock(&dev->spinlock);

 *** DEADLOCK ***

no locks held by kworker/u8:1/13.

stack backtrace:
CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
Workqueue:  0x0 (events_unbound)
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
 print_usage_bug.part.0+0x257/0x340 kernel/locking/lockdep.c:4042
 print_usage_bug kernel/locking/lockdep.c:4010 [inline]
 valid_state kernel/locking/lockdep.c:4056 [inline]
 mark_lock_irq kernel/locking/lockdep.c:4267 [inline]
 mark_lock+0x74a/0xa20 kernel/locking/lockdep.c:4753
 mark_usage kernel/locking/lockdep.c:4639 [inline]
 __lock_acquire+0x10ff/0x2630 kernel/locking/lockdep.c:5191
 lock_acquire kernel/locking/lockdep.c:5868 [inline]
 lock_acquire+0x1cf/0x380 kernel/locking/lockdep.c:5825
 __raw_spin_lock include/linux/spinlock_api_smp.h:158 [inline]
 _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
 spin_lock include/linux/spinlock.h:341 [inline]
 das16m1_interrupt+0x68/0x120 drivers/comedi/drivers/das16m1.c:460
 __handle_irq_event_percpu+0x232/0x8e0 kernel/irq/handle.c:209
 handle_irq_event_percpu kernel/irq/handle.c:246 [inline]
 handle_irq_event+0xab/0x1e0 kernel/irq/handle.c:263
 handle_edge_irq+0x375/0x970 kernel/irq/chip.c:855
 generic_handle_irq_desc include/linux/irqdesc.h:186 [inline]
 handle_irq arch/x86/kernel/irq.c:262 [inline]
 call_irq_handler arch/x86/kernel/irq.c:318 [inline]
 __common_interrupt+0xd8/0x2f0 arch/x86/kernel/irq.c:333
 common_interrupt+0xb9/0xe0 arch/x86/kernel/irq.c:326
 </IRQ>
 <TASK>
 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:688
RIP: 0010:finish_task_switch.isra.0+0x20e/0xb80 kernel/sched/core.c:5152
Code: e3 03 0f 48 85 d2 0f 85 84 06 00 00 85 c0 0f 85 a7 01 00 00 48 89 df e8 20 e5 ff ff e8 3b 8b 3a 00 fb 49 8d bc 24 70 16 00 00 <48> b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 04 02 84
RSP: 0018:ffffc90000127bd0 EFLAGS: 00000206
RAX: 000000000045eaeb RBX: ffff8880b843b280 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8de80815 RDI: ffff88801e2e71f0
RBP: ffffc90000127c18 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: ffff88801e2e5b80
R13: ffff88802930bd00 R14: ffff88807ba88000 R15: ffff8880b843c0c0
 context_switch kernel/sched/core.c:5298 [inline]
 __schedule+0xff6/0x6120 kernel/sched/core.c:6908
 __schedule_loop kernel/sched/core.c:6990 [inline]
 schedule+0xdd/0x390 kernel/sched/core.c:7005
 worker_thread+0x526/0xe40 kernel/workqueue.c:3454
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x754/0xd80 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
comedi comedi3: fifo overflow
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	03 0f                	add    (%rdi),%ecx
   2:	48 85 d2             	test   %rdx,%rdx
   5:	0f 85 84 06 00 00    	jne    0x68f
   b:	85 c0                	test   %eax,%eax
   d:	0f 85 a7 01 00 00    	jne    0x1ba
  13:	48 89 df             	mov    %rbx,%rdi
  16:	e8 20 e5 ff ff       	call   0xffffe53b
  1b:	e8 3b 8b 3a 00       	call   0x3a8b5b
  20:	fb                   	sti
  21:	49 8d bc 24 70 16 00 	lea    0x1670(%r12),%rdi
  28:	00
* 29:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax <-- trapping instruction
  30:	fc ff df
  33:	48 89 fa             	mov    %rdi,%rdx
  36:	48 c1 ea 03          	shr    $0x3,%rdx
  3a:	0f b6 04 02          	movzbl (%rdx,%rax,1),%eax
  3e:	84                   	.byte 0x84