program:
syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="120100002ec6601037210100352a010203010902120001000000000904"], 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x42801, 0x0) (fail_nth: 8)

[   74.997604][ T5302] Bluetooth: hci0: command tx timeout
[   75.282202][   T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   75.432743][   T10] usb 5-1: Using ep0 maxpacket: 16
[   75.440068][   T10] usb 5-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35
[   75.444385][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   75.447562][   T10] usb 5-1: Product: syz
[   75.449371][   T10] usb 5-1: Manufacturer: syz
[   75.451364][   T10] usb 5-1: SerialNumber: syz
[   75.459308][   T10] usb 5-1: config 0 descriptor??
[   75.469939][   T10] as10x_usb: device has been detected
[   75.473929][   T10] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led))
[   75.497926][   T10] usb 5-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))...
[   75.524874][   T10] as10x_usb: error during firmware upload part1
[   75.527810][   T10] Registered device Sky IT Digital Key (green led)
[   75.664695][ T5317] random: crng reseeded on system resumption
[   75.672945][ T5317] FAULT_INJECTION: forcing a failure.
[   75.672945][ T5317] name failslab, interval 1, probability 0, space 0, times 1
[   75.678141][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) 
[   75.678156][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.678161][ T5317] Call Trace:
[   75.678167][ T5317]  <TASK>
[   75.678173][ T5317]  dump_stack_lvl+0x189/0x250
[   75.678283][ T5317]  ? __pfx____ratelimit+0x10/0x10
[   75.678322][ T5317]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.678336][ T5317]  ? __pfx__printk+0x10/0x10
[   75.678351][ T5317]  ? __lock_acquire+0xab9/0xd20
[   75.678364][ T5317]  should_fail_ex+0x414/0x560
[   75.678408][ T5317]  should_failslab+0xa8/0x100
[   75.678423][ T5317]  __kmalloc_cache_noprof+0x70/0x3d0
[   75.678437][ T5317]  ? async_schedule_node_domain+0x5b/0x120
[   75.678448][ T5317]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[   75.678464][ T5317]  async_schedule_node_domain+0x5b/0x120
[   75.678477][ T5317]  dev_cache_fw_image+0x364/0x3e0
[   75.678494][ T5317]  ? __pfx_dev_cache_fw_image+0x10/0x10
[   75.678510][ T5317]  ? __pfx_dev_cache_fw_image+0x10/0x10
[   75.678529][ T5317]  dpm_for_each_dev+0x56/0xb0
[   75.678543][ T5317]  fw_pm_notify+0x200/0x2a0
[   75.678555][ T5317]  ? __pfx_fw_pm_notify+0x10/0x10
[   75.678567][ T5317]  ? __pfx_autoremove_wake_function+0x10/0x10
[   75.678582][ T5317]  ? blocking_notifier_call_chain_robust+0x65/0x100
[   75.678600][ T5317]  notifier_call_chain+0x1b6/0x3e0
[   75.678617][ T5317]  blocking_notifier_call_chain_robust+0x85/0x100
[   75.678633][ T5317]  pm_notifier_call_chain_robust+0x2c/0x60
[   75.678644][ T5317]  snapshot_open+0x133/0x280
[   75.678655][ T5317]  ? __pfx_snapshot_open+0x10/0x10
[   75.678664][ T5317]  misc_open+0x2bc/0x330
[   75.678679][ T5317]  chrdev_open+0x4cc/0x5e0
[   75.678690][ T5317]  ? __pfx_chrdev_open+0x10/0x10
[   75.678704][ T5317]  ? __pfx_chrdev_open+0x10/0x10
[   75.678712][ T5317]  do_dentry_open+0xdf0/0x1970
[   75.678733][ T5317]  vfs_open+0x3b/0x340
[   75.678741][ T5317]  ? path_openat+0x2ecd/0x3830
[   75.678754][ T5317]  path_openat+0x2ee5/0x3830
[   75.678764][ T5317]  ? arch_stack_walk+0xfc/0x150
[   75.678797][ T5317]  ? __pfx_path_openat+0x10/0x10
[   75.678806][ T5317]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.678834][ T5317]  do_filp_open+0x1fa/0x410
[   75.678845][ T5317]  ? __lock_acquire+0xab9/0xd20
[   75.678857][ T5317]  ? __pfx_do_filp_open+0x10/0x10
[   75.678882][ T5317]  ? _raw_spin_unlock+0x28/0x50
[   75.678892][ T5317]  ? alloc_fd+0x64c/0x6c0
[   75.678913][ T5317]  do_sys_openat2+0x121/0x1c0
[   75.678924][ T5317]  ? __pfx_do_sys_openat2+0x10/0x10
[   75.678934][ T5317]  ? ksys_write+0x22a/0x250
[   75.678948][ T5317]  ? __pfx_ksys_write+0x10/0x10
[   75.678958][ T5317]  ? rcu_is_watching+0x15/0xb0
[   75.678972][ T5317]  __x64_sys_openat+0x138/0x170
[   75.678986][ T5317]  do_syscall_64+0xfa/0x3b0
[   75.678996][ T5317]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.679007][ T5317]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.679015][ T5317]  ? clear_bhb_loop+0x60/0xb0
[   75.679027][ T5317]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.679036][ T5317] RIP: 0033:0x7fcedc78e969
[   75.679046][ T5317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.679054][ T5317] RSP: 002b:00007fcedd690038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   75.679065][ T5317] RAX: ffffffffffffffda RBX: 00007fcedc9b5fa0 RCX: 00007fcedc78e969
[   75.679071][ T5317] RDX: 0000000000042801 RSI: 00002000000002c0 RDI: ffffffffffffff9c
[   75.679077][ T5317] RBP: 00007fcedd690090 R08: 0000000000000000 R09: 0000000000000000
[   75.679082][ T5317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   75.679087][ T5317] R13: 0000000000000000 R14: 00007fcedc9b5fa0 R15: 00007ffcc772b5c8
[   75.679103][ T5317]  </TASK>
[   75.681457][ T5317] 
[   75.837798][ T5317] ============================================
[   75.840438][ T5317] WARNING: possible recursive locking detected
[   75.842983][ T5317] 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 Not tainted
[   75.845736][ T5317] --------------------------------------------
[   75.848324][ T5317] syz.0.0/5317 is trying to acquire lock:
[   75.850861][ T5317] ffffffff8eb149e8 (fw_lock){+.+.}-{4:4}, at: assign_fw+0x52/0x890
[   75.854070][ T5317] 
[   75.854070][ T5317] but task is already holding lock:
[   75.857162][ T5317] ffffffff8eb149e8 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x1e8/0x2a0
[   75.860665][ T5317] 
[   75.860665][ T5317] other info that might help us debug this:
[   75.864334][ T5317]  Possible unsafe locking scenario:
[   75.864334][ T5317] 
[   75.867556][ T5317]        CPU0
[   75.868972][ T5317]        ----
[   75.870400][ T5317]   lock(fw_lock);
[   75.871977][ T5317]   lock(fw_lock);
[   75.873791][ T5317] 
[   75.873791][ T5317]  *** DEADLOCK ***
[   75.873791][ T5317] 
[   75.877192][ T5317]  May be due to missing lock nesting notation
[   75.877192][ T5317] 
[   75.881014][ T5317] 5 locks held by syz.0.0/5317:
[   75.883188][ T5317]  #0: ffffffff8e9c1688 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[   75.886878][ T5317]  #1: ffffffff8dfec428 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x4a/0x70
[   75.891207][ T5317]  #2: ffffffff8e010850 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0x65/0x100
[   75.895836][ T5317]  #3: ffffffff8eb149e8 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x1e8/0x2a0
[   75.900126][ T5317]  #4: ffffffff8eb0fa68 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x29/0xb0
[   75.904327][ T5317] 
[   75.904327][ T5317] stack backtrace:
[   75.906867][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) 
[   75.906883][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.906889][ T5317] Call Trace:
[   75.906896][ T5317]  <TASK>
[   75.906901][ T5317]  dump_stack_lvl+0x189/0x250
[   75.906918][ T5317]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.906931][ T5317]  ? __pfx__printk+0x10/0x10
[   75.906943][ T5317]  ? print_lock_name+0xde/0x100
[   75.906953][ T5317]  print_deadlock_bug+0x28b/0x2a0
[   75.906967][ T5317]  validate_chain+0x1a3f/0x2140
[   75.906981][ T5317]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   75.906992][ T5317]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.907005][ T5317]  __lock_acquire+0xab9/0xd20
[   75.907016][ T5317]  ? assign_fw+0x52/0x890
[   75.907028][ T5317]  lock_acquire+0x120/0x360
[   75.907038][ T5317]  ? assign_fw+0x52/0x890
[   75.907051][ T5317]  ? kasan_save_free_info+0x46/0x50
[   75.907062][ T5317]  ? kmem_cache_free+0x18f/0x400
[   75.907074][ T5317]  ? __async_dev_cache_fw_image+0x7f/0x280
[   75.907087][ T5317]  __mutex_lock+0x182/0xe80
[   75.907099][ T5317]  ? assign_fw+0x52/0x890
[   75.907110][ T5317]  ? path_openat+0x2ee5/0x3830
[   75.907121][ T5317]  ? do_filp_open+0x1fa/0x410
[   75.907132][ T5317]  ? __x64_sys_openat+0x138/0x170
[   75.907143][ T5317]  ? do_syscall_64+0xfa/0x3b0
[   75.907153][ T5317]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.907163][ T5317]  ? assign_fw+0x52/0x890
[   75.907175][ T5317]  ? __pfx___mutex_lock+0x10/0x10
[   75.907188][ T5317]  ? kasan_quarantine_put+0xdd/0x220
[   75.907199][ T5317]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.907211][ T5317]  assign_fw+0x52/0x890
[   75.907223][ T5317]  ? _request_firmware+0xe57/0x15b0
[   75.907235][ T5317]  ? kmem_cache_free+0x18f/0x400
[   75.907248][ T5317]  _request_firmware+0xeea/0x15b0
[   75.907260][ T5317]  ? __lock_acquire+0xab9/0xd20
[   75.907274][ T5317]  ? __pfx__request_firmware+0x10/0x10
[   75.907285][ T5317]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   75.907295][ T5317]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.907306][ T5317]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   75.907316][ T5317]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   75.907326][ T5317]  ? async_schedule_node_domain+0xa5/0x120
[   75.907338][ T5317]  __async_dev_cache_fw_image+0x7f/0x280
[   75.907351][ T5317]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[   75.907360][ T5317]  async_schedule_node_domain+0xe1/0x120
[   75.907371][ T5317]  dev_cache_fw_image+0x364/0x3e0
[   75.907384][ T5317]  ? __pfx_dev_cache_fw_image+0x10/0x10
[   75.907397][ T5317]  ? __pfx_dev_cache_fw_image+0x10/0x10
[   75.907411][ T5317]  dpm_for_each_dev+0x56/0xb0
[   75.907425][ T5317]  fw_pm_notify+0x200/0x2a0
[   75.907437][ T5317]  ? __pfx_fw_pm_notify+0x10/0x10
[   75.907450][ T5317]  ? __pfx_autoremove_wake_function+0x10/0x10
[   75.907462][ T5317]  ? blocking_notifier_call_chain_robust+0x65/0x100
[   75.907472][ T5317]  notifier_call_chain+0x1b6/0x3e0
[   75.907482][ T5317]  blocking_notifier_call_chain_robust+0x85/0x100
[   75.907491][ T5317]  pm_notifier_call_chain_robust+0x2c/0x60
[   75.907499][ T5317]  snapshot_open+0x133/0x280
[   75.907506][ T5317]  ? __pfx_snapshot_open+0x10/0x10
[   75.907513][ T5317]  misc_open+0x2bc/0x330
[   75.907522][ T5317]  chrdev_open+0x4cc/0x5e0
[   75.907528][ T5317]  ? __pfx_chrdev_open+0x10/0x10
[   75.907536][ T5317]  ? __pfx_chrdev_open+0x10/0x10
[   75.907543][ T5317]  do_dentry_open+0xdf0/0x1970
[   75.907555][ T5317]  vfs_open+0x3b/0x340
[   75.907564][ T5317]  ? path_openat+0x2ecd/0x3830
[   75.907575][ T5317]  path_openat+0x2ee5/0x3830
[   75.907585][ T5317]  ? arch_stack_walk+0xfc/0x150
[   75.907605][ T5317]  ? __pfx_path_openat+0x10/0x10
[   75.907615][ T5317]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.907627][ T5317]  do_filp_open+0x1fa/0x410
[   75.907637][ T5317]  ? __lock_acquire+0xab9/0xd20
[   75.907647][ T5317]  ? __pfx_do_filp_open+0x10/0x10
[   75.907662][ T5317]  ? _raw_spin_unlock+0x28/0x50
[   75.907671][ T5317]  ? alloc_fd+0x64c/0x6c0
[   75.907687][ T5317]  do_sys_openat2+0x121/0x1c0
[   75.907698][ T5317]  ? __pfx_do_sys_openat2+0x10/0x10
[   75.907707][ T5317]  ? ksys_write+0x22a/0x250
[   75.907720][ T5317]  ? __pfx_ksys_write+0x10/0x10
[   75.907730][ T5317]  ? rcu_is_watching+0x15/0xb0
[   75.907744][ T5317]  __x64_sys_openat+0x138/0x170
[   75.907755][ T5317]  do_syscall_64+0xfa/0x3b0
[   75.907775][ T5317]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.907788][ T5317]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.907797][ T5317]  ? clear_bhb_loop+0x60/0xb0
[   75.907807][ T5317]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.907817][ T5317] RIP: 0033:0x7fcedc78e969
[   75.907829][ T5317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.907837][ T5317] RSP: 002b:00007fcedd690038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   75.907851][ T5317] RAX: ffffffffffffffda RBX: 00007fcedc9b5fa0 RCX: 00007fcedc78e969
[   75.907858][ T5317] RDX: 0000000000042801 RSI: 00002000000002c0 RDI: ffffffffffffff9c
[   75.907865][ T5317] RBP: 00007fcedd690090 R08: 0000000000000000 R09: 0000000000000000
[   75.907871][ T5317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   75.907877][ T5317] R13: 0000000000000000 R14: 00007fcedc9b5fa0 R15: 00007ffcc772b5c8
[   75.907887][ T5317]  </TASK>
[   76.373541][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[   76.376028][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[   77.012311][ T5302] Bluetooth: hci0: command tx timeout
[   79.092784][ T5302] Bluetooth: hci0: command tx timeout
[   81.172259][ T5302] Bluetooth: hci0: command tx timeout