syzbot

 sign-in | mailing list | source | docs
🐞 Open [1407]
Subsystems
🐞 Fixed [6988]
🐞 Invalid [18220]
Missing Backports [223]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

inconsistent lock state in das16m1_interrupt

Status: upstream: reported on 2026/02/14 16:40
Subsystems: comedi
[Documentation on labels]
Reported-by: syzbot+cc9f7f4a7df09f53c4a4@syzkaller.appspotmail.com
First crash: 32d, last: 1d16h
✨ AI Jobs (1)
ID Workflow Result Correct Bug Created Started Finished Revision Error
3aa2ee16-3598-4bbf-b10e-0c931b69b667 repro inconsistent lock state in das16m1_interrupt 2026/03/07 23:16 2026/03/07 23:16 2026/03/07 23:26 31e9c887f7dc24e04b3ca70d0d54fc34141844b0
Duplicate bugs (1)
Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
inconsistent lock state in waveform_ao_cancel comedi 4 4 22d 26d 0/29 closed as dup on 2026/02/25 13:00
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] comedi: Reinit dev->spinlock between attachments to low-level drivers 1 (1) 2026/02/25 13:24
[syzbot] [comedi?] inconsistent lock state in das16m1_interrupt 1 (2) 2026/02/16 17:10

Sample crash report:
================================
WARNING: inconsistent lock state
syzkaller #0 Tainted: G             L     
--------------------------------
inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage.
kworker/u8:1/13 [HC1[1]:SC0[0]:HE0:SE1] takes:
ffff888033419068 (&dev->spinlock){?...}-{3:3}, at: spin_lock include/linux/spinlock.h:341 [inline]
ffff888033419068 (&dev->spinlock){?...}-{3:3}, at: das16m1_interrupt+0x68/0x120 drivers/comedi/drivers/das16m1.c:460
{HARDIRQ-ON-W} state was registered at:
  lock_acquire kernel/locking/lockdep.c:5868 [inline]
  lock_acquire+0x1cf/0x380 kernel/locking/lockdep.c:5825
  __raw_spin_lock_bh include/linux/spinlock_api_smp.h:150 [inline]
  _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178
  spin_lock_bh include/linux/spinlock.h:347 [inline]
  waveform_ao_cancel+0x96/0x150 drivers/comedi/drivers/comedi_test.c:628
  do_cancel+0xf4/0x180 drivers/comedi/comedi_fops.c:818
  comedi_close+0x2f6/0x470 drivers/comedi/comedi_fops.c:3036
  __fput+0x3ff/0xb40 fs/file_table.c:469
  task_work_run+0x150/0x240 kernel/task_work.c:233
  resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
  __exit_to_user_mode_loop kernel/entry/common.c:67 [inline]
  exit_to_user_mode_loop+0x100/0x4a0 kernel/entry/common.c:98
  __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
  syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
  syscall_exit_to_user_mode include/linux/entry-common.h:325 [inline]
  do_syscall_64+0x67c/0xf80 arch/x86/entry/syscall_64.c:100
  entry_SYSCALL_64_after_hwframe+0x77/0x7f
irq event stamp: 4582124
hardirqs last  enabled at (4582123): [<ffffffff81d60bf5>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1629 [inline]
hardirqs last  enabled at (4582123): [<ffffffff81d60bf5>] finish_lock_switch kernel/sched/core.c:5032 [inline]
hardirqs last  enabled at (4582123): [<ffffffff81d60bf5>] finish_task_switch.isra.0+0x205/0xb80 kernel/sched/core.c:5150
hardirqs last disabled at (4582124): [<ffffffff8b8e3dc9>] common_interrupt+0x19/0xe0 arch/x86/kernel/irq.c:326
softirqs last  enabled at (4582100): [<ffffffff873a49d7>] spin_unlock_bh include/linux/spinlock.h:395 [inline]
softirqs last  enabled at (4582100): [<ffffffff873a49d7>] nsim_dev_trap_report drivers/net/netdevsim/dev.c:891 [inline]
softirqs last  enabled at (4582100): [<ffffffff873a49d7>] nsim_dev_trap_report_work+0x8c7/0xd10 drivers/net/netdevsim/dev.c:922
softirqs last disabled at (4582098): [<ffffffff873a4946>] spin_lock_bh include/linux/spinlock.h:347 [inline]
softirqs last disabled at (4582098): [<ffffffff873a4946>] nsim_dev_trap_report drivers/net/netdevsim/dev.c:887 [inline]
softirqs last disabled at (4582098): [<ffffffff873a4946>] nsim_dev_trap_report_work+0x836/0xd10 drivers/net/netdevsim/dev.c:922

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&dev->spinlock);
  <Interrupt>
    lock(&dev->spinlock);

 *** DEADLOCK ***

no locks held by kworker/u8:1/13.

stack backtrace:
CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
Workqueue:  0x0 (events_unbound)
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
 print_usage_bug.part.0+0x257/0x340 kernel/locking/lockdep.c:4042
 print_usage_bug kernel/locking/lockdep.c:4010 [inline]
 valid_state kernel/locking/lockdep.c:4056 [inline]
 mark_lock_irq kernel/locking/lockdep.c:4267 [inline]
 mark_lock+0x74a/0xa20 kernel/locking/lockdep.c:4753
 mark_usage kernel/locking/lockdep.c:4639 [inline]
 __lock_acquire+0x10ff/0x2630 kernel/locking/lockdep.c:5191
 lock_acquire kernel/locking/lockdep.c:5868 [inline]
 lock_acquire+0x1cf/0x380 kernel/locking/lockdep.c:5825
 __raw_spin_lock include/linux/spinlock_api_smp.h:158 [inline]
 _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
 spin_lock include/linux/spinlock.h:341 [inline]
 das16m1_interrupt+0x68/0x120 drivers/comedi/drivers/das16m1.c:460
 __handle_irq_event_percpu+0x232/0x8e0 kernel/irq/handle.c:209
 handle_irq_event_percpu kernel/irq/handle.c:246 [inline]
 handle_irq_event+0xab/0x1e0 kernel/irq/handle.c:263
 handle_edge_irq+0x375/0x970 kernel/irq/chip.c:855
 generic_handle_irq_desc include/linux/irqdesc.h:186 [inline]
 handle_irq arch/x86/kernel/irq.c:262 [inline]
 call_irq_handler arch/x86/kernel/irq.c:318 [inline]
 __common_interrupt+0xd8/0x2f0 arch/x86/kernel/irq.c:333
 common_interrupt+0xb9/0xe0 arch/x86/kernel/irq.c:326
 </IRQ>
 <TASK>
 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:688
RIP: 0010:finish_task_switch.isra.0+0x20e/0xb80 kernel/sched/core.c:5152
Code: e3 03 0f 48 85 d2 0f 85 84 06 00 00 85 c0 0f 85 a7 01 00 00 48 89 df e8 20 e5 ff ff e8 3b 8b 3a 00 fb 49 8d bc 24 70 16 00 00 <48> b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 04 02 84
RSP: 0018:ffffc90000127bd0 EFLAGS: 00000206
RAX: 000000000045eaeb RBX: ffff8880b843b280 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8de80815 RDI: ffff88801e2e71f0
RBP: ffffc90000127c18 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: ffff88801e2e5b80
R13: ffff88802930bd00 R14: ffff88807ba88000 R15: ffff8880b843c0c0
 context_switch kernel/sched/core.c:5298 [inline]
 __schedule+0xff6/0x6120 kernel/sched/core.c:6908
 __schedule_loop kernel/sched/core.c:6990 [inline]
 schedule+0xdd/0x390 kernel/sched/core.c:7005
 worker_thread+0x526/0xe40 kernel/workqueue.c:3454
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x754/0xd80 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
comedi comedi3: fifo overflow
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	03 0f                	add    (%rdi),%ecx
   2:	48 85 d2             	test   %rdx,%rdx
   5:	0f 85 84 06 00 00    	jne    0x68f
   b:	85 c0                	test   %eax,%eax
   d:	0f 85 a7 01 00 00    	jne    0x1ba
  13:	48 89 df             	mov    %rbx,%rdi
  16:	e8 20 e5 ff ff       	call   0xffffe53b
  1b:	e8 3b 8b 3a 00       	call   0x3a8b5b
  20:	fb                   	sti
  21:	49 8d bc 24 70 16 00 	lea    0x1670(%r12),%rdi
  28:	00
* 29:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax <-- trapping instruction
  30:	fc ff df
  33:	48 89 fa             	mov    %rdi,%rdx
  36:	48 c1 ea 03          	shr    $0x3,%rdx
  3a:	0f b6 04 02          	movzbl (%rdx,%rax,1),%eax
  3e:	84                   	.byte 0x84

Crashes (10):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/03/13 15:30 upstream 0257f64bdac7 351cb5cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root inconsistent lock state in das16m1_interrupt
2026/03/12 20:01 linux-next 5c9e55fecf93 4efadf07 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root inconsistent lock state in das16m1_interrupt
2026/03/12 19:52 linux-next 5c9e55fecf93 4efadf07 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root inconsistent lock state in das16m1_interrupt
2026/03/12 10:48 linux-next f90aadf1c67c 4efadf07 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root inconsistent lock state in das16m1_interrupt
2026/02/23 11:03 linux-next d4906ae14a5f 305c0ec5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce inconsistent lock state in das16m1_interrupt
2026/02/22 16:29 linux-next d4906ae14a5f 6e7b5511 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce inconsistent lock state in das16m1_interrupt
2026/02/21 19:51 linux-next d4906ae14a5f 6e7b5511 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce inconsistent lock state in das16m1_interrupt
2026/02/17 14:13 linux-next 350adaf7fde9 e439b951 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce inconsistent lock state in das16m1_interrupt
2026/02/10 23:59 linux-next fd9678829d6d 441e25b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root inconsistent lock state in das16m1_interrupt
2026/02/10 16:34 linux-next 132737e360b4 91d776d3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce inconsistent lock state in das16m1_interrupt
* Struck through repros no longer work on HEAD.