================================ WARNING: inconsistent lock state syzkaller #0 Tainted: G L -------------------------------- inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage. udevd/6025 [HC1[1]:SC0[0]:HE0:SE1] takes: ffff888030e8e868 (&dev->spinlock){?...}-{3:3}, at: spin_lock include/linux/spinlock.h:341 [inline] ffff888030e8e868 (&dev->spinlock){?...}-{3:3}, at: das16m1_interrupt+0x5e/0x180 drivers/comedi/drivers/das16m1.c:460 {HARDIRQ-ON-W} state was registered at: lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:150 [inline] _raw_spin_lock_bh+0x36/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:347 [inline] waveform_ao_cancel+0x8d/0x120 drivers/comedi/drivers/comedi_test.c:628 do_cancel drivers/comedi/comedi_fops.c:818 [inline] comedi_close+0x27e/0x5e0 drivers/comedi/comedi_fops.c:3036 __fput+0x44f/0xa70 fs/file_table.c:469 task_work_run+0x1d9/0x270 kernel/task_work.c:233 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0x70f/0x23c0 kernel/exit.c:976 do_group_exit+0x21b/0x2d0 kernel/exit.c:1118 get_signal+0x1284/0x1330 kernel/signal.c:3034 arch_do_signal_or_restart+0xbc/0x830 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:64 [inline] exit_to_user_mode_loop+0x86/0x480 kernel/entry/common.c:98 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:325 [inline] do_syscall_64+0x32d/0xf80 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f irq event stamp: 29933414 hardirqs last enabled at (29933413): [] syscall_enter_from_user_mode include/linux/entry-common.h:186 [inline] hardirqs last enabled at (29933413): [] do_syscall_64+0xa3/0xf80 arch/x86/entry/syscall_64.c:90 hardirqs last disabled at (29933414): [] common_interrupt+0x13/0xe0 arch/x86/kernel/irq.c:326 softirqs last enabled at (29932462): [] __do_softirq kernel/softirq.c:656 [inline] softirqs last enabled at (29932462): [] invoke_softirq kernel/softirq.c:496 [inline] softirqs last enabled at (29932462): [] __irq_exit_rcu+0x5f/0x150 kernel/softirq.c:723 softirqs last disabled at (29932303): [] __do_softirq kernel/softirq.c:656 [inline] softirqs last disabled at (29932303): [] invoke_softirq kernel/softirq.c:496 [inline] softirqs last disabled at (29932303): [] __irq_exit_rcu+0x5f/0x150 kernel/softirq.c:723 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&dev->spinlock); lock(&dev->spinlock); *** DEADLOCK *** 1 lock held by udevd/6025: #0: ffff88813fe3ccc0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock_killable include/linux/mmap_lock.h:554 [inline] #0: ffff88813fe3ccc0 (&mm->mmap_lock){++++}-{4:4}, at: __vm_munmap+0x163/0x3d0 mm/vma.c:3251 stack backtrace: CPU: 0 UID: 0 PID: 6025 Comm: udevd Tainted: G L syzkaller #0 PREEMPT(full) Tainted: [L]=SOFTLOCKUP Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 Call Trace: dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120 print_usage_bug+0x28b/0x2e0 kernel/locking/lockdep.c:4042 valid_state kernel/locking/lockdep.c:4056 [inline] mark_lock_irq+0x410/0x420 kernel/locking/lockdep.c:-1 mark_lock+0x115/0x190 kernel/locking/lockdep.c:4753 mark_usage kernel/locking/lockdep.c:4639 [inline] __lock_acquire+0x661/0x2cf0 kernel/locking/lockdep.c:5191 lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868 __raw_spin_lock include/linux/spinlock_api_smp.h:158 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:341 [inline] das16m1_interrupt+0x5e/0x180 drivers/comedi/drivers/das16m1.c:460 __handle_irq_event_percpu+0x227/0x9e0 kernel/irq/handle.c:209 handle_irq_event_percpu kernel/irq/handle.c:246 [inline] handle_irq_event+0x8b/0x1e0 kernel/irq/handle.c:263 handle_edge_irq+0x23b/0xa10 kernel/irq/chip.c:855 generic_handle_irq_desc include/linux/irqdesc.h:186 [inline] handle_irq arch/x86/kernel/irq.c:262 [inline] call_irq_handler arch/x86/kernel/irq.c:-1 [inline] __common_interrupt+0x141/0x1f0 arch/x86/kernel/irq.c:333 common_interrupt+0xb6/0xe0 arch/x86/kernel/irq.c:326 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:688 RIP: 0010:lock_is_held_type+0x106/0x150 kernel/locking/lockdep.c:5945 Code: 18 00 00 b8 ff ff ff ff 65 0f c1 05 04 a0 6d 07 83 f8 01 75 25 9c 58 a9 00 02 00 00 75 39 41 f7 c4 00 02 00 00 74 01 fb 89 d8 <5b> 41 5c 41 5d 41 5e 41 5f 5d e9 36 0b 61 f5 cc 90 0f 0b 90 48 c7 RSP: 0018:ffffc90004687428 EFLAGS: 00000206 RAX: 0000000000000001 RBX: 0000000000000001 RCX: 0000000000000046 RDX: 0000000000000000 RSI: ffffffff8e16b1b3 RDI: ffffffff8c27d100 RBP: 00000000ffffffff R08: ffff888028e75b80 R09: 0000000000000004 R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000246 R13: ffff888028e75b80 R14: ffff88813fe3ccc0 R15: 0000000000000000 lock_is_held include/linux/lockdep.h:249 [inline] mt_locked lib/maple_tree.c:-1 [inline] mt_slot lib/maple_tree.c:736 [inline] mas_slot lib/maple_tree.c:769 [inline] mas_get_slot lib/maple_tree.c:6632 [inline] mas_validate_gaps lib/maple_tree.c:6900 [inline] mt_validate+0x2624/0x4320 lib/maple_tree.c:7176 validate_mm+0xd4/0x4c0 mm/vma.c:649 __split_vma+0x909/0xa40 mm/vma.c:567 vms_gather_munmap_vmas+0x32d/0x1370 mm/vma.c:1408 do_vmi_align_munmap+0x2b4/0x4b0 mm/vma.c:1576 do_vmi_munmap+0x252/0x2d0 mm/vma.c:1633 __vm_munmap+0x22c/0x3d0 mm/vma.c:3254 __do_sys_munmap mm/mmap.c:1078 [inline] __se_sys_munmap mm/mmap.c:1075 [inline] __x64_sys_munmap+0x60/0x70 mm/mmap.c:1075 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f74f5d1e097 Code: 73 01 c3 48 8b 0d 61 2d 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 0b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 31 2d 0d 00 f7 d8 64 89 01 48 RSP: 002b:00007ffe4c61a518 EFLAGS: 00000246 ORIG_RAX: 000000000000000b RAX: ffffffffffffffda RBX: 0000558a3aacc8d0 RCX: 00007f74f5d1e097 RDX: 0000558a3aadc1f8 RSI: 0000000000000200 RDI: 00007f74f637e000 RBP: 0000000000000003 R08: 0000000000000030 R09: 0000558a3aace080 R10: 0000000000000040 R11: 0000000000000246 R12: 0000558a3aabbad0 R13: 00007f74f652e39c R14: 0000000000001c00 R15: 0000000000000009 comedi comedi2: fifo overflow ---------------- Code disassembly (best guess): 0: 18 00 sbb %al,(%rax) 2: 00 b8 ff ff ff ff add %bh,-0x1(%rax) 8: 65 0f c1 05 04 a0 6d xadd %eax,%gs:0x76da004(%rip) # 0x76da014 f: 07 10: 83 f8 01 cmp $0x1,%eax 13: 75 25 jne 0x3a 15: 9c pushf 16: 58 pop %rax 17: a9 00 02 00 00 test $0x200,%eax 1c: 75 39 jne 0x57 1e: 41 f7 c4 00 02 00 00 test $0x200,%r12d 25: 74 01 je 0x28 27: fb sti 28: 89 d8 mov %ebx,%eax * 2a: 5b pop %rbx <-- trapping instruction 2b: 41 5c pop %r12 2d: 41 5d pop %r13 2f: 41 5e pop %r14 31: 41 5f pop %r15 33: 5d pop %rbp 34: e9 36 0b 61 f5 jmp 0xf5610b6f 39: cc int3 3a: 90 nop 3b: 0f 0b ud2 3d: 90 nop 3e: 48 rex.W 3f: c7 .byte 0xc7