================================
WARNING: inconsistent lock state
syzkaller #0 Tainted: G             L     
--------------------------------
inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage.
kworker/u8:3/49 [HC1[1]:SC1[1]:HE0:SE0] takes:
ffff8880328b9868 (&dev->spinlock){?...}-{3:3}, at: spin_lock include/linux/spinlock.h:342 [inline]
ffff8880328b9868 (&dev->spinlock){?...}-{3:3}, at: das16m1_interrupt+0x5e/0x180 drivers/comedi/drivers/das16m1.c:460
{HARDIRQ-ON-W} state was registered at:
  lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
  __raw_spin_lock_bh include/linux/spinlock_api_smp.h:150 [inline]
  _raw_spin_lock_bh+0x36/0x50 kernel/locking/spinlock.c:178
  spin_lock_bh include/linux/spinlock.h:348 [inline]
  waveform_ao_cancel+0x8d/0x120 drivers/comedi/drivers/comedi_test.c:628
  do_cancel drivers/comedi/comedi_fops.c:818 [inline]
  comedi_close+0x27e/0x5e0 drivers/comedi/comedi_fops.c:3036
  __fput+0x44f/0xa70 fs/file_table.c:469
  task_work_run+0x1d9/0x270 kernel/task_work.c:233
  resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
  __exit_to_user_mode_loop kernel/entry/common.c:67 [inline]
  exit_to_user_mode_loop+0xed/0x480 kernel/entry/common.c:98
  __exit_to_user_mode_prepare include/linux/irq-entry-common.h:238 [inline]
  syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:269 [inline]
  syscall_exit_to_user_mode include/linux/entry-common.h:325 [inline]
  do_syscall_64+0x32d/0xf80 arch/x86/entry/syscall_64.c:100
  entry_SYSCALL_64_after_hwframe+0x77/0x7f
irq event stamp: 8193919
hardirqs last  enabled at (8193918): [<ffffffff8188db38>] handle_softirqs+0x158/0x870 kernel/softirq.c:610
hardirqs last disabled at (8193919): [<ffffffff8bb347d3>] common_interrupt+0x13/0xe0 arch/x86/kernel/irq.c:326
softirqs last  enabled at (8193890): [<ffffffff8b80c4ae>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last  enabled at (8193890): [<ffffffff8b80c4ae>] batadv_forw_packet_steal+0x14e/0x170 net/batman-adv/send.c:-1
softirqs last disabled at (8193917): [<ffffffff8188e53a>] __do_softirq kernel/softirq.c:660 [inline]
softirqs last disabled at (8193917): [<ffffffff8188e53a>] invoke_softirq kernel/softirq.c:496 [inline]
softirqs last disabled at (8193917): [<ffffffff8188e53a>] __irq_exit_rcu+0xca/0x220 kernel/softirq.c:739

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&dev->spinlock);
  <Interrupt>
    lock(&dev->spinlock);

 *** DEADLOCK ***

2 locks held by kworker/u8:3/49:
 #0: ffff88801c2cc148 ((wq_completion)pm){+.+.}-{0:0}, at: process_one_work+0x894/0x1780 kernel/workqueue.c:3261
 #1: ffffc90000b97c40 ((work_completion)(&dev->power.work)){+.+.}-{0:0}, at: process_one_work+0x8bb/0x1780 kernel/workqueue.c:3262

stack backtrace:
CPU: 0 UID: 0 PID: 49 Comm: kworker/u8:3 Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
Workqueue: pm pm_runtime_work
Call Trace:
 <IRQ>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 print_usage_bug+0x28b/0x2e0 kernel/locking/lockdep.c:4042
 valid_state kernel/locking/lockdep.c:4056 [inline]
 mark_lock_irq+0x410/0x420 kernel/locking/lockdep.c:-1
 mark_lock+0x115/0x190 kernel/locking/lockdep.c:4753
 mark_usage kernel/locking/lockdep.c:4639 [inline]
 __lock_acquire+0x661/0x2cf0 kernel/locking/lockdep.c:5191
 lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
 __raw_spin_lock include/linux/spinlock_api_smp.h:158 [inline]
 _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
 spin_lock include/linux/spinlock.h:342 [inline]
 das16m1_interrupt+0x5e/0x180 drivers/comedi/drivers/das16m1.c:460
 __handle_irq_event_percpu+0x227/0x9e0 kernel/irq/handle.c:209
 handle_irq_event_percpu kernel/irq/handle.c:246 [inline]
 handle_irq_event+0x8b/0x1e0 kernel/irq/handle.c:263
 handle_edge_irq+0x23b/0xa10 kernel/irq/chip.c:855
 generic_handle_irq_desc include/linux/irqdesc.h:186 [inline]
 handle_irq arch/x86/kernel/irq.c:262 [inline]
 call_irq_handler arch/x86/kernel/irq.c:-1 [inline]
 __common_interrupt+0x141/0x1f0 arch/x86/kernel/irq.c:333
 common_interrupt+0x5e/0xe0 arch/x86/kernel/irq.c:326
 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:688
RIP: 0010:variable_ffs arch/x86/include/asm/bitops.h:312 [inline]
RIP: 0010:handle_softirqs+0x160/0x870 kernel/softirq.c:614
Code: 89 6c 24 20 0f b7 db 48 c7 c7 a0 2e cb 8b e8 47 c4 2a 0a 65 66 c7 05 05 55 95 11 00 00 e8 b8 e3 45 00 fb 48 c7 c5 c0 c0 40 8e <b8> ff ff ff ff 0f bc c3 41 89 c6 41 ff c6 0f 84 30 04 00 00 89 5c
RSP: 0018:ffffc90000007f28 EFLAGS: 00000206
RAX: 00000000007d077e RBX: 0000000000000200 RCX: 0000000000000101
RDX: 0000000000000002 RSI: ffffffff8df14eff RDI: ffffffff8c285fe0
RBP: ffffffff8e40c0c0 R08: ffffffff901250f7 R09: 1ffffffff2024a1e
R10: dffffc0000000000 R11: fffffbfff2024a1f R12: 0000000000000000
R13: 0000000000000000 R14: ffff88801b7b5b80 R15: dffffc0000000000
 __do_softirq kernel/softirq.c:660 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0xca/0x220 kernel/softirq.c:739
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:756
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1061
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:179 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0x47/0x80 kernel/locking/spinlock.c:194
Code: f7 e8 5d 15 ed f5 f7 c3 00 02 00 00 74 05 e8 d0 9b 18 f6 9c 58 a9 00 02 00 00 75 27 f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> 54 ab de f5 65 8b 05 ed 0c 68 07 85 c0 74 18 5b 41 5e e9 91 48
RSP: 0018:ffffc90000b97890 EFLAGS: 00000206
RAX: 0000000000000006 RBX: 0000000000000246 RCX: 0000000080000001
RDX: 0000000000000006 RSI: ffffffff8df14eff RDI: 0000000000000001
RBP: 0000000000000000 R08: ffffffff901250f7 R09: 1ffffffff2024a1e
R10: dffffc0000000000 R11: fffffbfff2024a1f R12: ffffffff8f014120
R13: dffffc0000000000 R14: ffffffff9a5f2980 R15: 0000000000000003
 spin_unlock_irqrestore include/linux/spinlock.h:408 [inline]
 uart_port_unlock_irqrestore include/linux/serial_core.h:788 [inline]
 serial_port_runtime_resume+0x445/0x800 drivers/tty/serial/serial_port.c:49
 __rpm_callback+0x2d9/0x940 drivers/base/power/runtime.c:406
 rpm_callback drivers/base/power/runtime.c:460 [inline]
 rpm_resume+0xfe8/0x1680 drivers/base/power/runtime.c:939
 pm_runtime_work+0x103/0x1b0 drivers/base/power/runtime.c:1004
 process_one_work+0x9ab/0x1780 kernel/workqueue.c:3289
 process_scheduled_works kernel/workqueue.c:3380 [inline]
 worker_thread+0xb49/0x1140 kernel/workqueue.c:3461
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
comedi comedi3: fifo overflow
----------------
Code disassembly (best guess):
   0:	89 6c 24 20          	mov    %ebp,0x20(%rsp)
   4:	0f b7 db             	movzwl %bx,%ebx
   7:	48 c7 c7 a0 2e cb 8b 	mov    $0xffffffff8bcb2ea0,%rdi
   e:	e8 47 c4 2a 0a       	call   0xa2ac45a
  13:	65 66 c7 05 05 55 95 	movw   $0x0,%gs:0x11955505(%rip)        # 0x11955522
  1a:	11 00 00
  1d:	e8 b8 e3 45 00       	call   0x45e3da
  22:	fb                   	sti
  23:	48 c7 c5 c0 c0 40 8e 	mov    $0xffffffff8e40c0c0,%rbp
* 2a:	b8 ff ff ff ff       	mov    $0xffffffff,%eax <-- trapping instruction
  2f:	0f bc c3             	bsf    %ebx,%eax
  32:	41 89 c6             	mov    %eax,%r14d
  35:	41 ff c6             	inc    %r14d
  38:	0f 84 30 04 00 00    	je     0x46e
  3e:	89                   	.byte 0x89
  3f:	5c                   	pop    %rsp