program:
syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="120100002ec6601037210100352a010203010902120001000000000904"], 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x42801, 0x0) (fail_nth: 8)

[   74.275101][ T5301] Bluetooth: hci0: command tx timeout
[   74.556828][ T5314] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   74.706806][ T5314] usb 5-1: Using ep0 maxpacket: 16
[   74.718569][ T5314] usb 5-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35
[   74.724052][ T5314] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   74.728649][ T5314] usb 5-1: Product: syz
[   74.730537][ T5314] usb 5-1: Manufacturer: syz
[   74.732774][ T5314] usb 5-1: SerialNumber: syz
[   74.739432][ T5314] usb 5-1: config 0 descriptor??
[   74.753995][ T5314] as10x_usb: device has been detected
[   74.758346][ T5314] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led))
[   74.783187][ T5314] usb 5-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))...
[   74.805228][ T5314] as10x_usb: error during firmware upload part1
[   74.809619][ T5314] Registered device Sky IT Digital Key (green led)
[   74.948274][ T5321] random: crng reseeded on system resumption
[   74.956488][ T5321] FAULT_INJECTION: forcing a failure.
[   74.956488][ T5321] name failslab, interval 1, probability 0, space 0, times 1
[   74.963527][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[   74.963543][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   74.963550][ T5321] Call Trace:
[   74.963555][ T5321]  <TASK>
[   74.963559][ T5321]  dump_stack_lvl+0x189/0x250
[   74.963666][ T5321]  ? __pfx____ratelimit+0x10/0x10
[   74.963711][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   74.963725][ T5321]  ? __pfx__printk+0x10/0x10
[   74.963741][ T5321]  ? __lock_acquire+0xab9/0xd20
[   74.963758][ T5321]  should_fail_ex+0x414/0x560
[   74.963805][ T5321]  should_failslab+0xa8/0x100
[   74.963819][ T5321]  __kmalloc_cache_noprof+0x70/0x3d0
[   74.963831][ T5321]  ? async_schedule_node_domain+0x5b/0x120
[   74.963846][ T5321]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[   74.963862][ T5321]  async_schedule_node_domain+0x5b/0x120
[   74.963880][ T5321]  dev_cache_fw_image+0x364/0x3e0
[   74.963897][ T5321]  ? __pfx_dev_cache_fw_image+0x10/0x10
[   74.963916][ T5321]  ? __pfx_dev_cache_fw_image+0x10/0x10
[   74.963930][ T5321]  dpm_for_each_dev+0x53/0xb0
[   74.963947][ T5321]  fw_pm_notify+0x200/0x2a0
[   74.963960][ T5321]  ? __pfx_fw_pm_notify+0x10/0x10
[   74.963973][ T5321]  ? __pfx_autoremove_wake_function+0x10/0x10
[   74.963989][ T5321]  ? blocking_notifier_call_chain_robust+0x65/0x100
[   74.964006][ T5321]  notifier_call_chain+0x1b3/0x3e0
[   74.964030][ T5321]  blocking_notifier_call_chain_robust+0x85/0x100
[   74.964044][ T5321]  pm_notifier_call_chain_robust+0x2c/0x60
[   74.964059][ T5321]  snapshot_open+0x133/0x280
[   74.964074][ T5321]  ? __pfx_snapshot_open+0x10/0x10
[   74.964087][ T5321]  misc_open+0x2bc/0x330
[   74.964102][ T5321]  chrdev_open+0x4c9/0x5e0
[   74.964117][ T5321]  ? __pfx_chrdev_open+0x10/0x10
[   74.964151][ T5321]  ? __pfx_chrdev_open+0x10/0x10
[   74.964162][ T5321]  do_dentry_open+0xdf0/0x1970
[   74.964187][ T5321]  vfs_open+0x3b/0x340
[   74.964198][ T5321]  ? path_openat+0x2ecd/0x3830
[   74.964214][ T5321]  path_openat+0x2ee5/0x3830
[   74.964226][ T5321]  ? arch_stack_walk+0xfc/0x150
[   74.964261][ T5321]  ? __pfx_path_openat+0x10/0x10
[   74.964273][ T5321]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.964299][ T5321]  do_filp_open+0x1fa/0x410
[   74.964311][ T5321]  ? __lock_acquire+0xab9/0xd20
[   74.964326][ T5321]  ? __pfx_do_filp_open+0x10/0x10
[   74.964361][ T5321]  ? _raw_spin_unlock+0x28/0x50
[   74.964374][ T5321]  ? alloc_fd+0x64c/0x6c0
[   74.964393][ T5321]  do_sys_openat2+0x121/0x1c0
[   74.964405][ T5321]  ? __pfx_do_sys_openat2+0x10/0x10
[   74.964413][ T5321]  ? ksys_write+0x22a/0x250
[   74.964420][ T5321]  ? __pfx_ksys_write+0x10/0x10
[   74.964425][ T5321]  ? rcu_is_watching+0x15/0xb0
[   74.964437][ T5321]  __x64_sys_openat+0x138/0x170
[   74.964448][ T5321]  do_syscall_64+0xfa/0x3b0
[   74.964458][ T5321]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.964464][ T5321]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   74.964470][ T5321]  ? clear_bhb_loop+0x60/0xb0
[   74.964482][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.964491][ T5321] RIP: 0033:0x7ff9a078e929
[   74.964503][ T5321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   74.964512][ T5321] RSP: 002b:00007ff9a1598038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   74.964525][ T5321] RAX: ffffffffffffffda RBX: 00007ff9a09b5fa0 RCX: 00007ff9a078e929
[   74.964532][ T5321] RDX: 0000000000042801 RSI: 00002000000002c0 RDI: ffffffffffffff9c
[   74.964538][ T5321] RBP: 00007ff9a1598090 R08: 0000000000000000 R09: 0000000000000000
[   74.964544][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   74.964550][ T5321] R13: 0000000000000000 R14: 00007ff9a09b5fa0 R15: 00007ffd2705fdd8
[   74.964568][ T5321]  </TASK>
[   75.140640][ T5321] 
[   75.141866][ T5321] ============================================
[   75.144736][ T5321] WARNING: possible recursive locking detected
[   75.147537][ T5321] 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 Not tainted
[   75.150800][ T5321] --------------------------------------------
[   75.153689][ T5321] syz.0.0/5321 is trying to acquire lock:
[   75.156373][ T5321] ffffffff8eb15468 (fw_lock){+.+.}-{4:4}, at: assign_fw+0x52/0x890
[   75.160040][ T5321] 
[   75.160040][ T5321] but task is already holding lock:
[   75.163265][ T5321] ffffffff8eb15468 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x1e8/0x2a0
[   75.166874][ T5321] 
[   75.166874][ T5321] other info that might help us debug this:
[   75.170614][ T5321]  Possible unsafe locking scenario:
[   75.170614][ T5321] 
[   75.174063][ T5321]        CPU0
[   75.175665][ T5321]        ----
[   75.177547][ T5321]   lock(fw_lock);
[   75.179945][ T5321]   lock(fw_lock);
[   75.182207][ T5321] 
[   75.182207][ T5321]  *** DEADLOCK ***
[   75.182207][ T5321] 
[   75.187198][ T5321]  May be due to missing lock nesting notation
[   75.187198][ T5321] 
[   75.192304][ T5321] 5 locks held by syz.0.0/5321:
[   75.194986][ T5321]  #0: ffffffff8e9c2108 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[   75.199751][ T5321]  #1: ffffffff8dfee1e8 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x4a/0x70
[   75.205327][ T5321]  #2: ffffffff8e0126d0 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0x65/0x100
[   75.210300][ T5321]  #3: ffffffff8eb15468 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x1e8/0x2a0
[   75.213926][ T5321]  #4: ffffffff8eb104e8 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x29/0xb0
[   75.217485][ T5321] 
[   75.217485][ T5321] stack backtrace:
[   75.219898][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[   75.219912][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.219918][ T5321] Call Trace:
[   75.219926][ T5321]  <TASK>
[   75.219931][ T5321]  dump_stack_lvl+0x189/0x250
[   75.219951][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.219965][ T5321]  ? __pfx__printk+0x10/0x10
[   75.219977][ T5321]  ? print_lock_name+0xde/0x100
[   75.219987][ T5321]  print_deadlock_bug+0x28b/0x2a0
[   75.219998][ T5321]  validate_chain+0x1a3f/0x2140
[   75.220009][ T5321]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   75.220022][ T5321]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.220033][ T5321]  __lock_acquire+0xab9/0xd20
[   75.220044][ T5321]  ? assign_fw+0x52/0x890
[   75.220052][ T5321]  lock_acquire+0x120/0x360
[   75.220060][ T5321]  ? assign_fw+0x52/0x890
[   75.220067][ T5321]  ? kasan_save_free_info+0x46/0x50
[   75.220079][ T5321]  ? kmem_cache_free+0x18f/0x400
[   75.220088][ T5321]  ? __async_dev_cache_fw_image+0x7f/0x280
[   75.220101][ T5321]  __mutex_lock+0x182/0xe80
[   75.220115][ T5321]  ? assign_fw+0x52/0x890
[   75.220126][ T5321]  ? path_openat+0x2ee5/0x3830
[   75.220138][ T5321]  ? do_filp_open+0x1fa/0x410
[   75.220150][ T5321]  ? __x64_sys_openat+0x138/0x170
[   75.220161][ T5321]  ? do_syscall_64+0xfa/0x3b0
[   75.220170][ T5321]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.220177][ T5321]  ? assign_fw+0x52/0x890
[   75.220184][ T5321]  ? __pfx___mutex_lock+0x10/0x10
[   75.220195][ T5321]  ? kasan_quarantine_put+0xdd/0x220
[   75.220203][ T5321]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.220211][ T5321]  assign_fw+0x52/0x890
[   75.220219][ T5321]  ? _request_firmware+0xe57/0x15b0
[   75.220227][ T5321]  ? kmem_cache_free+0x18f/0x400
[   75.220236][ T5321]  _request_firmware+0xeea/0x15b0
[   75.220247][ T5321]  ? __lock_acquire+0xab9/0xd20
[   75.220261][ T5321]  ? __pfx__request_firmware+0x10/0x10
[   75.220272][ T5321]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   75.220284][ T5321]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.220297][ T5321]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   75.220308][ T5321]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   75.220324][ T5321]  ? async_schedule_node_domain+0xa5/0x120
[   75.220335][ T5321]  __async_dev_cache_fw_image+0x7f/0x280
[   75.220344][ T5321]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[   75.220352][ T5321]  async_schedule_node_domain+0xe1/0x120
[   75.220361][ T5321]  dev_cache_fw_image+0x364/0x3e0
[   75.220371][ T5321]  ? __pfx_dev_cache_fw_image+0x10/0x10
[   75.220380][ T5321]  ? __pfx_dev_cache_fw_image+0x10/0x10
[   75.220388][ T5321]  dpm_for_each_dev+0x53/0xb0
[   75.220399][ T5321]  fw_pm_notify+0x200/0x2a0
[   75.220407][ T5321]  ? __pfx_fw_pm_notify+0x10/0x10
[   75.220418][ T5321]  ? __pfx_autoremove_wake_function+0x10/0x10
[   75.220434][ T5321]  ? blocking_notifier_call_chain_robust+0x65/0x100
[   75.220445][ T5321]  notifier_call_chain+0x1b3/0x3e0
[   75.220462][ T5321]  blocking_notifier_call_chain_robust+0x85/0x100
[   75.220473][ T5321]  pm_notifier_call_chain_robust+0x2c/0x60
[   75.220487][ T5321]  snapshot_open+0x133/0x280
[   75.220501][ T5321]  ? __pfx_snapshot_open+0x10/0x10
[   75.220513][ T5321]  misc_open+0x2bc/0x330
[   75.220523][ T5321]  chrdev_open+0x4c9/0x5e0
[   75.220531][ T5321]  ? __pfx_chrdev_open+0x10/0x10
[   75.220538][ T5321]  ? __pfx_chrdev_open+0x10/0x10
[   75.220544][ T5321]  do_dentry_open+0xdf0/0x1970
[   75.220554][ T5321]  vfs_open+0x3b/0x340
[   75.220561][ T5321]  ? path_openat+0x2ecd/0x3830
[   75.220571][ T5321]  path_openat+0x2ee5/0x3830
[   75.220579][ T5321]  ? arch_stack_walk+0xfc/0x150
[   75.220590][ T5321]  ? __pfx_path_openat+0x10/0x10
[   75.220598][ T5321]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.220607][ T5321]  do_filp_open+0x1fa/0x410
[   75.220618][ T5321]  ? __lock_acquire+0xab9/0xd20
[   75.220630][ T5321]  ? __pfx_do_filp_open+0x10/0x10
[   75.220645][ T5321]  ? _raw_spin_unlock+0x28/0x50
[   75.220656][ T5321]  ? alloc_fd+0x64c/0x6c0
[   75.220669][ T5321]  do_sys_openat2+0x121/0x1c0
[   75.220681][ T5321]  ? __pfx_do_sys_openat2+0x10/0x10
[   75.220693][ T5321]  ? ksys_write+0x22a/0x250
[   75.220702][ T5321]  ? __pfx_ksys_write+0x10/0x10
[   75.220708][ T5321]  ? rcu_is_watching+0x15/0xb0
[   75.220719][ T5321]  __x64_sys_openat+0x138/0x170
[   75.220727][ T5321]  do_syscall_64+0xfa/0x3b0
[   75.220737][ T5321]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.220742][ T5321]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   75.220749][ T5321]  ? clear_bhb_loop+0x60/0xb0
[   75.220756][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.220762][ T5321] RIP: 0033:0x7ff9a078e929
[   75.220769][ T5321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.220775][ T5321] RSP: 002b:00007ff9a1598038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   75.220783][ T5321] RAX: ffffffffffffffda RBX: 00007ff9a09b5fa0 RCX: 00007ff9a078e929
[   75.220787][ T5321] RDX: 0000000000042801 RSI: 00002000000002c0 RDI: ffffffffffffff9c
[   75.220792][ T5321] RBP: 00007ff9a1598090 R08: 0000000000000000 R09: 0000000000000000
[   75.220796][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   75.220800][ T5321] R13: 0000000000000000 R14: 00007ff9a09b5fa0 R15: 00007ffd2705fdd8
[   75.220806][ T5321]  </TASK>
[   76.337273][ T5301] Bluetooth: hci0: command tx timeout
[   76.499987][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[   76.502730][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[   78.417472][ T5301] Bluetooth: hci0: command tx timeout
[   80.497129][ T5301] Bluetooth: hci0: command tx timeout