program:
syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="120100002ec6601037210100352a010203010902120001000000000904"], 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x42801, 0x0) (fail_nth: 8)

[   85.291951][ T5338] Bluetooth: hci0: command tx timeout
[   85.570040][ T5337] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   85.720663][ T5337] usb 5-1: Using ep0 maxpacket: 16
[   85.727795][ T5337] usb 5-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35
[   85.731768][ T5337] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   85.734654][ T5337] usb 5-1: Product: syz
[   85.736511][ T5337] usb 5-1: Manufacturer: syz
[   85.738242][ T5337] usb 5-1: SerialNumber: syz
[   85.747407][ T5337] usb 5-1: config 0 descriptor??
[   85.757688][ T5337] as10x_usb: device has been detected
[   85.762174][ T5337] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led))
[   85.785698][ T5337] usb 5-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))...
[   85.807446][ T5337] as10x_usb: error during firmware upload part1
[   85.811584][ T5337] Registered device Sky IT Digital Key (green led)
[   85.953739][ T5363] random: crng reseeded on system resumption
[   85.962850][ T5363] FAULT_INJECTION: forcing a failure.
[   85.962850][ T5363] name failslab, interval 1, probability 0, space 0, times 1
[   85.968115][ T5363] CPU: 0 UID: 0 PID: 5363 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.968131][ T5363] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.968138][ T5363] Call Trace:
[   85.968143][ T5363]  <TASK>
[   85.968149][ T5363]  dump_stack_lvl+0x189/0x250
[   85.968224][ T5363]  ? __pfx____ratelimit+0x10/0x10
[   85.968265][ T5363]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.968276][ T5363]  ? __pfx__printk+0x10/0x10
[   85.968293][ T5363]  ? __lock_acquire+0xab9/0xd20
[   85.968335][ T5363]  should_fail_ex+0x414/0x560
[   85.968352][ T5363]  should_failslab+0xa8/0x100
[   85.968366][ T5363]  __kmalloc_cache_noprof+0x70/0x3d0
[   85.968377][ T5363]  ? async_schedule_node_domain+0x5b/0x120
[   85.968392][ T5363]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[   85.968436][ T5363]  async_schedule_node_domain+0x5b/0x120
[   85.968475][ T5363]  dev_cache_fw_image+0x364/0x3e0
[   85.968492][ T5363]  ? __pfx_dev_cache_fw_image+0x10/0x10
[   85.968508][ T5363]  ? __pfx_dev_cache_fw_image+0x10/0x10
[   85.968522][ T5363]  dpm_for_each_dev+0x56/0xb0
[   85.968537][ T5363]  fw_pm_notify+0x200/0x2a0
[   85.968555][ T5363]  ? __pfx_fw_pm_notify+0x10/0x10
[   85.968567][ T5363]  ? __pfx_autoremove_wake_function+0x10/0x10
[   85.968579][ T5363]  ? blocking_notifier_call_chain_robust+0x65/0x100
[   85.968596][ T5363]  notifier_call_chain+0x1b3/0x3e0
[   85.968611][ T5363]  blocking_notifier_call_chain_robust+0x85/0x100
[   85.968625][ T5363]  pm_notifier_call_chain_robust+0x2c/0x60
[   85.968640][ T5363]  snapshot_open+0x133/0x280
[   85.968654][ T5363]  ? __pfx_snapshot_open+0x10/0x10
[   85.968666][ T5363]  misc_open+0x2b9/0x330
[   85.968681][ T5363]  chrdev_open+0x4c9/0x5e0
[   85.968696][ T5363]  ? __pfx_chrdev_open+0x10/0x10
[   85.968710][ T5363]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[   85.968727][ T5363]  ? __pfx_chrdev_open+0x10/0x10
[   85.968738][ T5363]  do_dentry_open+0x950/0x13f0
[   85.968762][ T5363]  vfs_open+0x3b/0x340
[   85.968773][ T5363]  ? path_openat+0x2ecd/0x3830
[   85.968784][ T5363]  path_openat+0x2ee5/0x3830
[   85.968792][ T5363]  ? arch_stack_walk+0xfc/0x150
[   85.968816][ T5363]  ? stack_depot_save_flags+0x40/0x860
[   85.968837][ T5363]  ? __pfx_path_openat+0x10/0x10
[   85.968846][ T5363]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.968868][ T5363]  do_filp_open+0x1fa/0x410
[   85.968876][ T5363]  ? __lock_acquire+0xab9/0xd20
[   85.968890][ T5363]  ? __pfx_do_filp_open+0x10/0x10
[   85.968915][ T5363]  ? _raw_spin_unlock+0x28/0x50
[   85.968928][ T5363]  ? alloc_fd+0x64c/0x6c0
[   85.968947][ T5363]  do_sys_openat2+0x121/0x1c0
[   85.968962][ T5363]  ? __pfx_do_sys_openat2+0x10/0x10
[   85.968976][ T5363]  ? ksys_write+0x22a/0x250
[   85.968988][ T5363]  ? __pfx_ksys_write+0x10/0x10
[   85.968997][ T5363]  ? rcu_is_watching+0x15/0xb0
[   85.969010][ T5363]  __x64_sys_openat+0x138/0x170
[   85.969022][ T5363]  do_syscall_64+0xfa/0x3b0
[   85.969031][ T5363]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.969044][ T5363]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.969053][ T5363]  ? clear_bhb_loop+0x60/0xb0
[   85.969065][ T5363]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.969074][ T5363] RIP: 0033:0x7f93c6d8eba9
[   85.969085][ T5363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.969092][ T5363] RSP: 002b:00007f93c7ca7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   85.969104][ T5363] RAX: ffffffffffffffda RBX: 00007f93c6fd5fa0 RCX: 00007f93c6d8eba9
[   85.969111][ T5363] RDX: 0000000000042801 RSI: 00002000000002c0 RDI: ffffffffffffff9c
[   85.969117][ T5363] RBP: 00007f93c7ca7090 R08: 0000000000000000 R09: 0000000000000000
[   85.969123][ T5363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   85.969128][ T5363] R13: 00007f93c6fd6038 R14: 00007f93c6fd5fa0 R15: 00007ffedc36a378
[   85.969145][ T5363]  </TASK>
[   86.145924][ T5363] 
[   86.147014][ T5363] ============================================
[   86.149629][ T5363] WARNING: possible recursive locking detected
[   86.152471][ T5363] syzkaller #0 Not tainted
[   86.154504][ T5363] --------------------------------------------
[   86.157371][ T5363] syz.0.0/5363 is trying to acquire lock:
[   86.159975][ T5363] ffffffff8ed19cc8 (fw_lock){+.+.}-{4:4}, at: assign_fw+0x52/0x890
[   86.163578][ T5363] 
[   86.163578][ T5363] but task is already holding lock:
[   86.166824][ T5363] ffffffff8ed19cc8 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x1e8/0x2a0
[   86.170649][ T5363] 
[   86.170649][ T5363] other info that might help us debug this:
[   86.174340][ T5363]  Possible unsafe locking scenario:
[   86.174340][ T5363] 
[   86.177802][ T5363]        CPU0
[   86.179441][ T5363]        ----
[   86.181309][ T5363]   lock(fw_lock);
[   86.183385][ T5363]   lock(fw_lock);
[   86.185503][ T5363] 
[   86.185503][ T5363]  *** DEADLOCK ***
[   86.185503][ T5363] 
[   86.189441][ T5363]  May be due to missing lock nesting notation
[   86.189441][ T5363] 
[   86.193913][ T5363] 5 locks held by syz.0.0/5363:
[   86.196482][ T5363]  #0: ffffffff8ebc4388 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[   86.200866][ T5363]  #1: ffffffff8e1ea0a8 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x4a/0x70
[   86.206249][ T5363]  #2: ffffffff8e20d870 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0x65/0x100
[   86.211303][ T5363]  #3: ffffffff8ed19cc8 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x1e8/0x2a0
[   86.215196][ T5363]  #4: ffffffff8ed14d48 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x29/0xb0
[   86.219274][ T5363] 
[   86.219274][ T5363] stack backtrace:
[   86.221837][ T5363] CPU: 0 UID: 0 PID: 5363 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   86.221850][ T5363] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.221857][ T5363] Call Trace:
[   86.221864][ T5363]  <TASK>
[   86.221869][ T5363]  dump_stack_lvl+0x189/0x250
[   86.221886][ T5363]  ? __pfx_dump_stack_lvl+0x10/0x10
[   86.221897][ T5363]  ? __pfx__printk+0x10/0x10
[   86.221912][ T5363]  ? print_lock_name+0xde/0x100
[   86.221926][ T5363]  print_deadlock_bug+0x28b/0x2a0
[   86.221937][ T5363]  validate_chain+0x1a3f/0x2140
[   86.221950][ T5363]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   86.221965][ T5363]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.221982][ T5363]  __lock_acquire+0xab9/0xd20
[   86.221998][ T5363]  ? assign_fw+0x52/0x890
[   86.222010][ T5363]  lock_acquire+0x120/0x360
[   86.222022][ T5363]  ? assign_fw+0x52/0x890
[   86.222034][ T5363]  ? kasan_save_track+0x4f/0x80
[   86.222045][ T5363]  ? kasan_save_free_info+0x46/0x50
[   86.222060][ T5363]  __mutex_lock+0x187/0x1350
[   86.222069][ T5363]  ? assign_fw+0x52/0x890
[   86.222080][ T5363]  ? misc_open+0x2b9/0x330
[   86.222091][ T5363]  ? chrdev_open+0x4c9/0x5e0
[   86.222103][ T5363]  ? vfs_open+0x3b/0x340
[   86.222116][ T5363]  ? path_openat+0x2ee5/0x3830
[   86.222125][ T5363]  ? do_filp_open+0x1fa/0x410
[   86.222134][ T5363]  ? do_sys_openat2+0x121/0x1c0
[   86.222147][ T5363]  ? __x64_sys_openat+0x138/0x170
[   86.222155][ T5363]  ? do_syscall_64+0xfa/0x3b0
[   86.222164][ T5363]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.222174][ T5363]  ? assign_fw+0x52/0x890
[   86.222186][ T5363]  ? __pfx___mutex_lock+0x10/0x10
[   86.222198][ T5363]  ? kasan_quarantine_put+0xdd/0x220
[   86.222207][ T5363]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.222221][ T5363]  assign_fw+0x52/0x890
[   86.222233][ T5363]  ? _request_firmware+0xe57/0x15b0
[   86.222245][ T5363]  ? kmem_cache_free+0x18f/0x400
[   86.222257][ T5363]  _request_firmware+0xeea/0x15b0
[   86.222268][ T5363]  ? __lock_acquire+0xab9/0xd20
[   86.222286][ T5363]  ? __pfx__request_firmware+0x10/0x10
[   86.222297][ T5363]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   86.222310][ T5363]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.222324][ T5363]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   86.222337][ T5363]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   86.222351][ T5363]  ? async_schedule_node_domain+0xa5/0x120
[   86.222367][ T5363]  __async_dev_cache_fw_image+0x7f/0x280
[   86.222381][ T5363]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[   86.222395][ T5363]  async_schedule_node_domain+0xe1/0x120
[   86.222410][ T5363]  dev_cache_fw_image+0x364/0x3e0
[   86.222424][ T5363]  ? __pfx_dev_cache_fw_image+0x10/0x10
[   86.222439][ T5363]  ? __pfx_dev_cache_fw_image+0x10/0x10
[   86.222452][ T5363]  dpm_for_each_dev+0x56/0xb0
[   86.222466][ T5363]  fw_pm_notify+0x200/0x2a0
[   86.222479][ T5363]  ? __pfx_fw_pm_notify+0x10/0x10
[   86.222501][ T5363]  ? __pfx_autoremove_wake_function+0x10/0x10
[   86.222514][ T5363]  ? blocking_notifier_call_chain_robust+0x65/0x100
[   86.222527][ T5363]  notifier_call_chain+0x1b3/0x3e0
[   86.222539][ T5363]  blocking_notifier_call_chain_robust+0x85/0x100
[   86.222551][ T5363]  pm_notifier_call_chain_robust+0x2c/0x60
[   86.222565][ T5363]  snapshot_open+0x133/0x280
[   86.222580][ T5363]  ? __pfx_snapshot_open+0x10/0x10
[   86.222593][ T5363]  misc_open+0x2b9/0x330
[   86.222606][ T5363]  chrdev_open+0x4c9/0x5e0
[   86.222618][ T5363]  ? __pfx_chrdev_open+0x10/0x10
[   86.222631][ T5363]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[   86.222646][ T5363]  ? __pfx_chrdev_open+0x10/0x10
[   86.222658][ T5363]  do_dentry_open+0x950/0x13f0
[   86.222674][ T5363]  vfs_open+0x3b/0x340
[   86.222686][ T5363]  ? path_openat+0x2ecd/0x3830
[   86.222697][ T5363]  path_openat+0x2ee5/0x3830
[   86.222707][ T5363]  ? arch_stack_walk+0xfc/0x150
[   86.222723][ T5363]  ? stack_depot_save_flags+0x40/0x860
[   86.222738][ T5363]  ? __pfx_path_openat+0x10/0x10
[   86.222747][ T5363]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.222761][ T5363]  do_filp_open+0x1fa/0x410
[   86.222770][ T5363]  ? __lock_acquire+0xab9/0xd20
[   86.222783][ T5363]  ? __pfx_do_filp_open+0x10/0x10
[   86.222802][ T5363]  ? _raw_spin_unlock+0x28/0x50
[   86.222815][ T5363]  ? alloc_fd+0x64c/0x6c0
[   86.222829][ T5363]  do_sys_openat2+0x121/0x1c0
[   86.222843][ T5363]  ? __pfx_do_sys_openat2+0x10/0x10
[   86.222858][ T5363]  ? ksys_write+0x22a/0x250
[   86.222869][ T5363]  ? __pfx_ksys_write+0x10/0x10
[   86.222879][ T5363]  ? rcu_is_watching+0x15/0xb0
[   86.222890][ T5363]  __x64_sys_openat+0x138/0x170
[   86.222899][ T5363]  do_syscall_64+0xfa/0x3b0
[   86.222909][ T5363]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.222923][ T5363]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.222932][ T5363]  ? clear_bhb_loop+0x60/0xb0
[   86.222943][ T5363]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.222953][ T5363] RIP: 0033:0x7f93c6d8eba9
[   86.222963][ T5363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   86.222971][ T5363] RSP: 002b:00007f93c7ca7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   86.222982][ T5363] RAX: ffffffffffffffda RBX: 00007f93c6fd5fa0 RCX: 00007f93c6d8eba9
[   86.222990][ T5363] RDX: 0000000000042801 RSI: 00002000000002c0 RDI: ffffffffffffff9c
[   86.222996][ T5363] RBP: 00007f93c7ca7090 R08: 0000000000000000 R09: 0000000000000000
[   86.223003][ T5363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   86.223009][ T5363] R13: 00007f93c6fd6038 R14: 00007f93c6fd5fa0 R15: 00007ffedc36a378
[   86.223018][ T5363]  </TASK>
[   87.370378][ T5338] Bluetooth: hci0: command tx timeout
[   89.450517][ T5338] Bluetooth: hci0: command tx timeout
[   91.530106][ T5338] Bluetooth: hci0: command tx timeout