------------[ cut here ]------------ DEBUG_LOCKS_WARN_ON(lock->magic != lock) WARNING: kernel/locking/mutex.c:593 at __mutex_lock_common kernel/locking/mutex.c:593 [inline], CPU#0: syz.2.4167/25069 WARNING: kernel/locking/mutex.c:593 at __mutex_lock+0x10a4/0x1300 kernel/locking/mutex.c:776, CPU#0: syz.2.4167/25069 Modules linked in: CPU: 0 UID: 0 PID: 25069 Comm: syz.2.4167 Tainted: G L syzkaller #0 PREEMPT(full) Tainted: [L]=SOFTLOCKUP Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 RIP: 0010:__mutex_lock_common kernel/locking/mutex.c:593 [inline] RIP: 0010:__mutex_lock+0x10ab/0x1300 kernel/locking/mutex.c:776 Code: 11 90 48 c1 e8 03 42 0f b6 04 28 84 c0 0f 85 33 02 00 00 83 3d d9 64 61 04 00 75 13 48 8d 3d 1c 7a 64 04 48 c7 c6 c0 e0 cc 8b <67> 48 0f b9 3a 90 e9 ac f0 ff ff 90 0f 0b 90 e9 73 f4 ff ff 90 0f RSP: 0018:ffffc900060f7880 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 1ffff92000c1ef28 RCX: 0000000000080000 RDX: ffffc9000d6c3000 RSI: ffffffff8bcce0c0 RDI: ffffffff90150f10 RBP: ffffc900060f7a38 R08: ffffffff9011f9c3 R09: 1ffffffff2023f38 R10: dffffc0000000000 R11: fffffbfff2023f39 R12: ffff88803c1fcb60 R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff888125459000(0063) knlGS:00000000f5456b40 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 0000000030d1aff8 CR3: 000000003b606000 CR4: 00000000003526f0 Call Trace: as102_dvb_dmx_start_feed+0x70/0x290 drivers/media/usb/as102/as102_drv.c:139 dmx_section_feed_start_filtering+0x518/0x6c0 drivers/media/dvb-core/dvb_demux.c:977 dvb_dmxdev_filter_start+0xcf4/0x10e0 drivers/media/dvb-core/dmxdev.c:760 dvb_demux_do_ioctl+0x470/0x540 drivers/media/dvb-core/dmxdev.c:1083 dvb_usercopy+0x199/0x2e0 drivers/media/dvb-core/dvbdev.c:996 dvb_demux_ioctl+0x29/0x40 drivers/media/dvb-core/dmxdev.c:1201 __do_compat_sys_ioctl fs/ioctl.c:695 [inline] __se_compat_sys_ioctl fs/ioctl.c:638 [inline] __ia32_compat_sys_ioctl+0x5ea/0x950 fs/ioctl.c:638 do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline] __do_fast_syscall_32+0x20d/0x640 arch/x86/entry/syscall_32.c:307 do_fast_syscall_32+0x33/0x70 arch/x86/entry/syscall_32.c:332 entry_SYSENTER_compat_after_hwframe+0x84/0x8e RIP: 0023:0xf7f97f6c Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 RSP: 002b:00000000f545650c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000403c6f2b RDX: 0000000080000200 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 ---------------- Code disassembly (best guess): 0: 11 90 48 c1 e8 03 adc %edx,0x3e8c148(%rax) 6: 42 0f b6 04 28 movzbl (%rax,%r13,1),%eax b: 84 c0 test %al,%al d: 0f 85 33 02 00 00 jne 0x246 13: 83 3d d9 64 61 04 00 cmpl $0x0,0x46164d9(%rip) # 0x46164f3 1a: 75 13 jne 0x2f 1c: 48 8d 3d 1c 7a 64 04 lea 0x4647a1c(%rip),%rdi # 0x4647a3f 23: 48 c7 c6 c0 e0 cc 8b mov $0xffffffff8bcce0c0,%rsi * 2a: 67 48 0f b9 3a ud1 (%edx),%rdi <-- trapping instruction 2f: 90 nop 30: e9 ac f0 ff ff jmp 0xfffff0e1 35: 90 nop 36: 0f 0b ud2 38: 90 nop 39: e9 73 f4 ff ff jmp 0xfffff4b1 3e: 90 nop 3f: 0f .byte 0xf