program:
syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="120100002ec6601037210100352a010203010902120001000000000904"], 0x0)
syz_usb_ep_write$ath9k_ep1(0xffffffffffffffff, 0x82, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x42801, 0x0) (fail_nth: 8)
[ 84.902002][ T4665] Bluetooth: hci0: command tx timeout
[ 85.211256][ T5317] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 85.361233][ T5317] usb 5-1: Using ep0 maxpacket: 16
[ 85.369891][ T5317] usb 5-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35
[ 85.374586][ T5317] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 85.378617][ T5317] usb 5-1: Product: syz
[ 85.380565][ T5317] usb 5-1: Manufacturer: syz
[ 85.383658][ T5317] usb 5-1: SerialNumber: syz
[ 85.393680][ T5317] usb 5-1: config 0 descriptor??
[ 85.410517][ T5317] as10x_usb: device has been detected
[ 85.422042][ T5317] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led))
[ 85.446321][ T5317] usb 5-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))...
[ 85.470346][ T5317] as10x_usb: error during firmware upload part1
[ 85.474965][ T5317] Registered device Sky IT Digital Key (green led)
[ 85.612192][ T5319] random: crng reseeded on system resumption
[ 85.630653][ T5319] FAULT_INJECTION: forcing a failure.
[ 85.630653][ T5319] name failslab, interval 1, probability 0, space 0, times 1
[ 85.636919][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 85.636938][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 85.636946][ T5319] Call Trace:
[ 85.636951][ T5319]
[ 85.636956][ T5319] dump_stack_lvl+0xe8/0x150
[ 85.637054][ T5319] should_fail_ex+0x412/0x560
[ 85.637104][ T5319] should_failslab+0xa8/0x100
[ 85.637120][ T5319] __kmalloc_cache_noprof+0x88/0x660
[ 85.637140][ T5319] ? async_schedule_node_domain+0x5b/0x120
[ 85.637158][ T5319] ? __pfx___async_dev_cache_fw_image+0x10/0x10
[ 85.637179][ T5319] async_schedule_node_domain+0x5b/0x120
[ 85.637196][ T5319] dev_cache_fw_image+0x36c/0x3f0
[ 85.637216][ T5319] ? __pfx_dev_cache_fw_image+0x10/0x10
[ 85.637233][ T5319] ? lockdep_hardirqs_on+0x7a/0x110
[ 85.637279][ T5319] ? enable_work+0x1fd/0x230
[ 85.637291][ T5319] ? __pfx_dev_cache_fw_image+0x10/0x10
[ 85.637309][ T5319] dpm_for_each_dev+0x56/0xb0
[ 85.637329][ T5319] fw_pm_notify+0x20c/0x2d0
[ 85.637346][ T5319] ? __pfx_fw_pm_notify+0x10/0x10
[ 85.637363][ T5319] ? __pfx_autoremove_wake_function+0x10/0x10
[ 85.637387][ T5319] notifier_call_chain+0x1be/0x400
[ 85.637412][ T5319] blocking_notifier_call_chain_robust+0x85/0x100
[ 85.637428][ T5319] pm_notifier_call_chain_robust+0x2c/0x60
[ 85.637445][ T5319] snapshot_open+0x133/0x280
[ 85.637462][ T5319] ? __pfx_snapshot_open+0x10/0x10
[ 85.637476][ T5319] misc_open+0x2d5/0x350
[ 85.637494][ T5319] chrdev_open+0x4cd/0x5e0
[ 85.637509][ T5319] ? __pfx_chrdev_open+0x10/0x10
[ 85.637522][ T5319] ? fsnotify_open_perm_and_set_mode+0x135/0x6d0
[ 85.637547][ T5319] ? __pfx_chrdev_open+0x10/0x10
[ 85.637559][ T5319] do_dentry_open+0x785/0x14e0
[ 85.637584][ T5319] vfs_open+0x3b/0x340
[ 85.637597][ T5319] ? path_openat+0x2df0/0x3860
[ 85.637610][ T5319] path_openat+0x2e08/0x3860
[ 85.637633][ T5319] ? __pfx_stack_trace_save+0x10/0x10
[ 85.637649][ T5319] ? stack_depot_save_flags+0x33/0x810
[ 85.637671][ T5319] ? __pfx_path_openat+0x10/0x10
[ 85.637681][ T5319] ? __x64_sys_openat+0x138/0x170
[ 85.637700][ T5319] ? do_syscall_64+0x14d/0xf80
[ 85.637711][ T5319] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.637728][ T5319] ? __lock_acquire+0x6b5/0x2cf0
[ 85.637747][ T5319] do_file_open+0x23e/0x4a0
[ 85.637763][ T5319] ? __pfx_do_file_open+0x10/0x10
[ 85.637788][ T5319] ? _raw_spin_unlock+0x28/0x50
[ 85.637804][ T5319] ? alloc_fd+0x64b/0x6c0
[ 85.637825][ T5319] do_sys_openat2+0x113/0x200
[ 85.637841][ T5319] ? __pfx_do_sys_openat2+0x10/0x10
[ 85.637857][ T5319] ? ksys_write+0x242/0x270
[ 85.637869][ T5319] ? __pfx_ksys_write+0x10/0x10
[ 85.637890][ T5319] __x64_sys_openat+0x138/0x170
[ 85.637909][ T5319] do_syscall_64+0x14d/0xf80
[ 85.637920][ T5319] ? trace_irq_disable+0x3b/0x150
[ 85.637931][ T5319] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.637942][ T5319] ? clear_bhb_loop+0x40/0x90
[ 85.637957][ T5319] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.637969][ T5319] RIP: 0033:0x7fa8fad9c799
[ 85.637982][ T5319] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 85.637991][ T5319] RSP: 002b:00007fa8fbd2efe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 85.638005][ T5319] RAX: ffffffffffffffda RBX: 00007fa8fb015fa0 RCX: 00007fa8fad9c799
[ 85.638013][ T5319] RDX: 0000000000042801 RSI: 00002000000002c0 RDI: ffffffffffffff9c
[ 85.638021][ T5319] RBP: 00007fa8fbd2f050 R08: 0000000000000000 R09: 0000000000000000
[ 85.638028][ T5319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 85.638035][ T5319] R13: 00007fa8fb016038 R14: 00007fa8fb015fa0 R15: 00007ffd6f571838
[ 85.638056][ T5319]
[ 85.640566][ T5319]
[ 85.810543][ T5319] ============================================
[ 85.813369][ T5319] WARNING: possible recursive locking detected
[ 85.816012][ T5319] syzkaller #0 Not tainted
[ 85.817970][ T5319] --------------------------------------------
[ 85.820624][ T5319] syz.0.0/5319 is trying to acquire lock:
[ 85.823683][ T5319] ffffffff8f194f28 (fw_lock){+.+.}-{4:4}, at: assign_fw+0x52/0x8d0
[ 85.829003][ T5319]
[ 85.829003][ T5319] but task is already holding lock:
[ 85.832626][ T5319] ffffffff8f194f28 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x1f4/0x2d0
[ 85.836112][ T5319]
[ 85.836112][ T5319] other info that might help us debug this:
[ 85.839567][ T5319] Possible unsafe locking scenario:
[ 85.839567][ T5319]
[ 85.842698][ T5319] CPU0
[ 85.844047][ T5319] ----
[ 85.845510][ T5319] lock(fw_lock);
[ 85.847322][ T5319] lock(fw_lock);
[ 85.849030][ T5319]
[ 85.849030][ T5319] *** DEADLOCK ***
[ 85.849030][ T5319]
[ 85.853047][ T5319] May be due to missing lock nesting notation
[ 85.853047][ T5319]
[ 85.857176][ T5319] 5 locks held by syz.0.0/5319:
[ 85.859217][ T5319] #0: ffffffff8f01b388 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[ 85.862831][ T5319] #1: ffffffff8e607ee8 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x49/0x70
[ 85.867710][ T5319] #2: ffffffff8e62f550 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0x65/0x100
[ 85.873940][ T5319] #3: ffffffff8f194f28 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x1f4/0x2d0
[ 85.878070][ T5319] #4: ffffffff8f18fdc8 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x29/0xb0
[ 85.881820][ T5319]
[ 85.881820][ T5319] stack backtrace:
[ 85.884193][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 85.884210][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 85.884216][ T5319] Call Trace:
[ 85.884226][ T5319]
[ 85.884233][ T5319] dump_stack_lvl+0xe8/0x150
[ 85.884277][ T5319] print_deadlock_bug+0x279/0x290
[ 85.884295][ T5319] __lock_acquire+0x253f/0x2cf0
[ 85.884311][ T5319] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 85.884329][ T5319] ? lockdep_hardirqs_on+0x7a/0x110
[ 85.884342][ T5319] ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 85.884357][ T5319] ? stack_depot_save_flags+0x3f3/0x810
[ 85.884373][ T5319] lock_acquire+0xf0/0x2e0
[ 85.884386][ T5319] ? assign_fw+0x52/0x8d0
[ 85.884403][ T5319] __mutex_lock+0x19f/0x1300
[ 85.884415][ T5319] ? assign_fw+0x52/0x8d0
[ 85.884428][ T5319] ? path_openat+0x2e08/0x3860
[ 85.884438][ T5319] ? do_sys_openat2+0x113/0x200
[ 85.884451][ T5319] ? __x64_sys_openat+0x138/0x170
[ 85.884464][ T5319] ? do_syscall_64+0x14d/0xf80
[ 85.884475][ T5319] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.884487][ T5319] ? assign_fw+0x52/0x8d0
[ 85.884501][ T5319] ? __pfx___mutex_lock+0x10/0x10
[ 85.884515][ T5319] ? kasan_quarantine_put+0xbb/0x1f0
[ 85.884531][ T5319] ? lockdep_hardirqs_on+0x7a/0x110
[ 85.884542][ T5319] assign_fw+0x52/0x8d0
[ 85.884556][ T5319] ? kfree+0x1c1/0x630
[ 85.884570][ T5319] ? _request_firmware+0xf11/0x1780
[ 85.884584][ T5319] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 85.884600][ T5319] _request_firmware+0xfb6/0x1780
[ 85.884618][ T5319] ? __pfx__request_firmware+0x10/0x10
[ 85.884632][ T5319] ? do_raw_spin_lock+0x12b/0x2f0
[ 85.884644][ T5319] __async_dev_cache_fw_image+0x7f/0x2d0
[ 85.884661][ T5319] ? __pfx___async_dev_cache_fw_image+0x10/0x10
[ 85.884674][ T5319] async_schedule_node_domain+0xe1/0x120
[ 85.884691][ T5319] dev_cache_fw_image+0x36c/0x3f0
[ 85.884708][ T5319] ? __pfx_dev_cache_fw_image+0x10/0x10
[ 85.884722][ T5319] ? lockdep_hardirqs_on+0x7a/0x110
[ 85.884733][ T5319] ? enable_work+0x1fd/0x230
[ 85.884743][ T5319] ? __pfx_dev_cache_fw_image+0x10/0x10
[ 85.884759][ T5319] dpm_for_each_dev+0x56/0xb0
[ 85.884776][ T5319] fw_pm_notify+0x20c/0x2d0
[ 85.884791][ T5319] ? __pfx_fw_pm_notify+0x10/0x10
[ 85.884806][ T5319] ? __pfx_autoremove_wake_function+0x10/0x10
[ 85.884820][ T5319] notifier_call_chain+0x1be/0x400
[ 85.884840][ T5319] blocking_notifier_call_chain_robust+0x85/0x100
[ 85.884852][ T5319] pm_notifier_call_chain_robust+0x2c/0x60
[ 85.884864][ T5319] snapshot_open+0x133/0x280
[ 85.884879][ T5319] ? __pfx_snapshot_open+0x10/0x10
[ 85.884893][ T5319] misc_open+0x2d5/0x350
[ 85.884905][ T5319] chrdev_open+0x4cd/0x5e0
[ 85.884918][ T5319] ? __pfx_chrdev_open+0x10/0x10
[ 85.884928][ T5319] ? fsnotify_open_perm_and_set_mode+0x135/0x6d0
[ 85.884946][ T5319] ? __pfx_chrdev_open+0x10/0x10
[ 85.884955][ T5319] do_dentry_open+0x785/0x14e0
[ 85.884972][ T5319] vfs_open+0x3b/0x340
[ 85.884984][ T5319] ? path_openat+0x2df0/0x3860
[ 85.884993][ T5319] path_openat+0x2e08/0x3860
[ 85.885003][ T5319] ? __pfx_stack_trace_save+0x10/0x10
[ 85.885015][ T5319] ? stack_depot_save_flags+0x33/0x810
[ 85.885030][ T5319] ? __pfx_path_openat+0x10/0x10
[ 85.885041][ T5319] ? __x64_sys_openat+0x138/0x170
[ 85.885051][ T5319] ? do_syscall_64+0x14d/0xf80
[ 85.885061][ T5319] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.885073][ T5319] ? __lock_acquire+0x6b5/0x2cf0
[ 85.885088][ T5319] do_file_open+0x23e/0x4a0
[ 85.885098][ T5319] ? __pfx_do_file_open+0x10/0x10
[ 85.885119][ T5319] ? _raw_spin_unlock+0x28/0x50
[ 85.885135][ T5319] ? alloc_fd+0x64b/0x6c0
[ 85.885150][ T5319] do_sys_openat2+0x113/0x200
[ 85.885164][ T5319] ? __pfx_do_sys_openat2+0x10/0x10
[ 85.885178][ T5319] ? ksys_write+0x242/0x270
[ 85.885187][ T5319] ? __pfx_ksys_write+0x10/0x10
[ 85.885203][ T5319] __x64_sys_openat+0x138/0x170
[ 85.885217][ T5319] do_syscall_64+0x14d/0xf80
[ 85.885229][ T5319] ? trace_irq_disable+0x3b/0x150
[ 85.885237][ T5319] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.885247][ T5319] ? clear_bhb_loop+0x40/0x90
[ 85.885260][ T5319] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.885272][ T5319] RIP: 0033:0x7fa8fad9c799
[ 85.885284][ T5319] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 85.885293][ T5319] RSP: 002b:00007fa8fbd2efe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 85.885306][ T5319] RAX: ffffffffffffffda RBX: 00007fa8fb015fa0 RCX: 00007fa8fad9c799
[ 85.885315][ T5319] RDX: 0000000000042801 RSI: 00002000000002c0 RDI: ffffffffffffff9c
[ 85.885322][ T5319] RBP: 00007fa8fbd2f050 R08: 0000000000000000 R09: 0000000000000000
[ 85.885328][ T5319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 85.885334][ T5319] R13: 00007fa8fb016038 R14: 00007fa8fb015fa0 R15: 00007ffd6f571838
[ 85.885346][ T5319]
[ 86.951348][ T4665] Bluetooth: hci0: command tx timeout
[ 89.031684][ T4665] Bluetooth: hci0: command tx timeout
[ 91.112189][ T4665] Bluetooth: hci0: command tx timeout