program:
syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="120100002ec6601037210100352a010203010902120001000000000904"], 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) (fail_nth: 8)
[ 75.383822][ T4663] Bluetooth: hci0: command tx timeout
[ 75.662456][ T5316] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 75.811786][ T5316] usb 5-1: Using ep0 maxpacket: 16
[ 75.819878][ T5316] usb 5-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35
[ 75.825702][ T5316] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 75.829116][ T5316] usb 5-1: Product: syz
[ 75.831041][ T5316] usb 5-1: Manufacturer: syz
[ 75.834183][ T5316] usb 5-1: SerialNumber: syz
[ 75.846850][ T5316] usb 5-1: config 0 descriptor??
[ 75.860932][ T5316] as10x_usb: device has been detected
[ 75.869241][ T5316] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led))
[ 75.891169][ T5316] usb 5-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))...
[ 75.930838][ T5316] as10x_usb: error during firmware upload part1
[ 75.937777][ T5316] Registered device Sky IT Digital Key (green led)
[ 76.052240][ T5318] random: crng reseeded on system resumption
[ 76.059846][ T5318] FAULT_INJECTION: forcing a failure.
[ 76.059846][ T5318] name failslab, interval 1, probability 0, space 0, times 1
[ 76.066393][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full)
[ 76.066408][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 76.066414][ T5318] Call Trace:
[ 76.066419][ T5318]
[ 76.066424][ T5318] dump_stack_lvl+0x189/0x250
[ 76.066552][ T5318] ? __pfx_dump_stack_lvl+0x10/0x10
[ 76.066566][ T5318] ? __pfx__printk+0x10/0x10
[ 76.066586][ T5318] should_fail_ex+0x414/0x560
[ 76.066629][ T5318] should_failslab+0xa8/0x100
[ 76.066644][ T5318] __kmalloc_cache_noprof+0x70/0x3d0
[ 76.066658][ T5318] ? async_schedule_node_domain+0x5b/0x120
[ 76.066673][ T5318] ? __pfx___async_dev_cache_fw_image+0x10/0x10
[ 76.066691][ T5318] async_schedule_node_domain+0x5b/0x120
[ 76.066707][ T5318] dev_cache_fw_image+0x364/0x3e0
[ 76.066725][ T5318] ? __pfx_dev_cache_fw_image+0x10/0x10
[ 76.066742][ T5318] ? __pfx_dev_cache_fw_image+0x10/0x10
[ 76.066758][ T5318] dpm_for_each_dev+0x53/0xb0
[ 76.066781][ T5318] fw_pm_notify+0x200/0x2a0
[ 76.066794][ T5318] ? __pfx_fw_pm_notify+0x10/0x10
[ 76.066808][ T5318] ? __pfx_autoremove_wake_function+0x10/0x10
[ 76.066821][ T5318] ? blocking_notifier_call_chain_robust+0x65/0x100
[ 76.066838][ T5318] notifier_call_chain+0x1b3/0x3e0
[ 76.066853][ T5318] blocking_notifier_call_chain_robust+0x85/0x100
[ 76.066868][ T5318] pm_notifier_call_chain_robust+0x2c/0x60
[ 76.066883][ T5318] snapshot_open+0x133/0x280
[ 76.066897][ T5318] ? __pfx_snapshot_open+0x10/0x10
[ 76.066909][ T5318] misc_open+0x2b9/0x330
[ 76.066925][ T5318] chrdev_open+0x4c9/0x5e0
[ 76.066940][ T5318] ? __pfx_chrdev_open+0x10/0x10
[ 76.066959][ T5318] ? __pfx_chrdev_open+0x10/0x10
[ 76.066970][ T5318] do_dentry_open+0xdf0/0x1970
[ 76.066995][ T5318] vfs_open+0x3b/0x340
[ 76.067007][ T5318] ? path_openat+0x2ecd/0x3830
[ 76.067019][ T5318] path_openat+0x2ee5/0x3830
[ 76.067027][ T5318] ? arch_stack_walk+0xfc/0x150
[ 76.067063][ T5318] ? __pfx_path_openat+0x10/0x10
[ 76.067071][ T5318] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.067095][ T5318] do_filp_open+0x1fa/0x410
[ 76.067106][ T5318] ? __pfx_do_filp_open+0x10/0x10
[ 76.067131][ T5318] ? _raw_spin_unlock+0x28/0x50
[ 76.067173][ T5318] ? alloc_fd+0x64c/0x6c0
[ 76.067194][ T5318] do_sys_openat2+0x121/0x1c0
[ 76.067210][ T5318] ? __pfx_do_sys_openat2+0x10/0x10
[ 76.067227][ T5318] ? ksys_write+0x1f0/0x250
[ 76.067237][ T5318] ? rcu_is_watching+0x15/0xb0
[ 76.067257][ T5318] __x64_sys_openat+0x138/0x170
[ 76.067274][ T5318] do_syscall_64+0xf6/0x210
[ 76.067288][ T5318] ? clear_bhb_loop+0x45/0xa0
[ 76.067302][ T5318] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.067311][ T5318] RIP: 0033:0x7faafb18e969
[ 76.067322][ T5318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 76.067330][ T5318] RSP: 002b:00007faafc031038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 76.067342][ T5318] RAX: ffffffffffffffda RBX: 00007faafb3b5fa0 RCX: 00007faafb18e969
[ 76.067349][ T5318] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: ffffffffffffff9c
[ 76.067355][ T5318] RBP: 00007faafc031090 R08: 0000000000000000 R09: 0000000000000000
[ 76.067361][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 76.067367][ T5318] R13: 0000000000000000 R14: 00007faafb3b5fa0 R15: 00007ffcb0249128
[ 76.067385][ T5318]
[ 76.225415][ T5318]
[ 76.226618][ T5318] ============================================
[ 76.228713][ T5318] WARNING: possible recursive locking detected
[ 76.231126][ T5318] 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 Not tainted
[ 76.233853][ T5318] --------------------------------------------
[ 76.236303][ T5318] syz.0.0/5318 is trying to acquire lock:
[ 76.238642][ T5318] ffffffff8e8ff068 (fw_lock){+.+.}-{4:4}, at: assign_fw+0x52/0x890
[ 76.241849][ T5318]
[ 76.241849][ T5318] but task is already holding lock:
[ 76.244882][ T5318] ffffffff8e8ff068 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x1e8/0x2a0
[ 76.248052][ T5318]
[ 76.248052][ T5318] other info that might help us debug this:
[ 76.251291][ T5318] Possible unsafe locking scenario:
[ 76.251291][ T5318]
[ 76.254305][ T5318] CPU0
[ 76.255702][ T5318] ----
[ 76.257081][ T5318] lock(fw_lock);
[ 76.258762][ T5318] lock(fw_lock);
[ 76.260377][ T5318]
[ 76.260377][ T5318] *** DEADLOCK ***
[ 76.260377][ T5318]
[ 76.263801][ T5318] May be due to missing lock nesting notation
[ 76.263801][ T5318]
[ 76.267412][ T5318] 5 locks held by syz.0.0/5318:
[ 76.269572][ T5318] #0: ffffffff8e7ad4e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 76.273048][ T5318] #1: ffffffff8ddeb7e8 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x4a/0x70
[ 76.277790][ T5318] #2: ffffffff8de0f230 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0x65/0x100
[ 76.282513][ T5318] #3: ffffffff8e8ff068 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x1e8/0x2a0
[ 76.286090][ T5318] #4: ffffffff8e8fa348 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x29/0xb0
[ 76.289681][ T5318]
[ 76.289681][ T5318] stack backtrace:
[ 76.292220][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full)
[ 76.292234][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 76.292241][ T5318] Call Trace:
[ 76.292248][ T5318]
[ 76.292253][ T5318] dump_stack_lvl+0x189/0x250
[ 76.292271][ T5318] ? __pfx_dump_stack_lvl+0x10/0x10
[ 76.292284][ T5318] ? __pfx__printk+0x10/0x10
[ 76.292293][ T5318] ? print_lock_name+0xde/0x100
[ 76.292308][ T5318] print_deadlock_bug+0x28b/0x2a0
[ 76.292318][ T5318] validate_chain+0x1a3f/0x2140
[ 76.292327][ T5318] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 76.292337][ T5318] ? lockdep_hardirqs_on+0x9c/0x150
[ 76.292350][ T5318] __lock_acquire+0xaac/0xd20
[ 76.292363][ T5318] ? assign_fw+0x52/0x890
[ 76.292374][ T5318] lock_acquire+0x120/0x360
[ 76.292386][ T5318] ? assign_fw+0x52/0x890
[ 76.292397][ T5318] ? kasan_save_free_info+0x46/0x50
[ 76.292412][ T5318] ? kmem_cache_free+0x192/0x3f0
[ 76.292422][ T5318] ? __async_dev_cache_fw_image+0x7f/0x280
[ 76.292436][ T5318] __mutex_lock+0x182/0xe80
[ 76.292447][ T5318] ? assign_fw+0x52/0x890
[ 76.292457][ T5318] ? path_openat+0x2ee5/0x3830
[ 76.292465][ T5318] ? do_filp_open+0x1fa/0x410
[ 76.292473][ T5318] ? __x64_sys_openat+0x138/0x170
[ 76.292486][ T5318] ? do_syscall_64+0xf6/0x210
[ 76.292496][ T5318] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.292507][ T5318] ? assign_fw+0x52/0x890
[ 76.292519][ T5318] ? __pfx___mutex_lock+0x10/0x10
[ 76.292531][ T5318] ? kasan_quarantine_put+0xdd/0x220
[ 76.292540][ T5318] ? lockdep_hardirqs_on+0x9c/0x150
[ 76.292555][ T5318] assign_fw+0x52/0x890
[ 76.292566][ T5318] ? _request_firmware+0xe57/0x15b0
[ 76.292578][ T5318] ? kmem_cache_free+0x192/0x3f0
[ 76.292590][ T5318] _request_firmware+0xeea/0x15b0
[ 76.292607][ T5318] ? __pfx__request_firmware+0x10/0x10
[ 76.292619][ T5318] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 76.292628][ T5318] ? lockdep_hardirqs_on+0x9c/0x150
[ 76.292638][ T5318] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 76.292647][ T5318] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 76.292656][ T5318] ? async_schedule_node_domain+0xa5/0x120
[ 76.292671][ T5318] __async_dev_cache_fw_image+0x7f/0x280
[ 76.292684][ T5318] ? __pfx___async_dev_cache_fw_image+0x10/0x10
[ 76.292698][ T5318] async_schedule_node_domain+0xde/0x120
[ 76.292712][ T5318] dev_cache_fw_image+0x364/0x3e0
[ 76.292726][ T5318] ? __pfx_dev_cache_fw_image+0x10/0x10
[ 76.292739][ T5318] ? __pfx_dev_cache_fw_image+0x10/0x10
[ 76.292753][ T5318] dpm_for_each_dev+0x53/0xb0
[ 76.292768][ T5318] fw_pm_notify+0x200/0x2a0
[ 76.292780][ T5318] ? __pfx_fw_pm_notify+0x10/0x10
[ 76.292793][ T5318] ? __pfx_autoremove_wake_function+0x10/0x10
[ 76.292805][ T5318] ? blocking_notifier_call_chain_robust+0x65/0x100
[ 76.292816][ T5318] notifier_call_chain+0x1b3/0x3e0
[ 76.292827][ T5318] blocking_notifier_call_chain_robust+0x85/0x100
[ 76.292838][ T5318] pm_notifier_call_chain_robust+0x2c/0x60
[ 76.292850][ T5318] snapshot_open+0x133/0x280
[ 76.292862][ T5318] ? __pfx_snapshot_open+0x10/0x10
[ 76.292874][ T5318] misc_open+0x2b9/0x330
[ 76.292887][ T5318] chrdev_open+0x4c9/0x5e0
[ 76.292899][ T5318] ? __pfx_chrdev_open+0x10/0x10
[ 76.292911][ T5318] ? __pfx_chrdev_open+0x10/0x10
[ 76.292921][ T5318] do_dentry_open+0xdf0/0x1970
[ 76.292937][ T5318] vfs_open+0x3b/0x340
[ 76.292949][ T5318] ? path_openat+0x2ecd/0x3830
[ 76.292958][ T5318] path_openat+0x2ee5/0x3830
[ 76.292966][ T5318] ? arch_stack_walk+0xfc/0x150
[ 76.292985][ T5318] ? __pfx_path_openat+0x10/0x10
[ 76.292993][ T5318] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.293006][ T5318] do_filp_open+0x1fa/0x410
[ 76.293016][ T5318] ? __pfx_do_filp_open+0x10/0x10
[ 76.293027][ T5318] ? _raw_spin_unlock+0x28/0x50
[ 76.293035][ T5318] ? alloc_fd+0x64c/0x6c0
[ 76.293048][ T5318] do_sys_openat2+0x121/0x1c0
[ 76.293061][ T5318] ? __pfx_do_sys_openat2+0x10/0x10
[ 76.293075][ T5318] ? ksys_write+0x1f0/0x250
[ 76.293085][ T5318] ? rcu_is_watching+0x15/0xb0
[ 76.293101][ T5318] __x64_sys_openat+0x138/0x170
[ 76.293115][ T5318] do_syscall_64+0xf6/0x210
[ 76.293125][ T5318] ? clear_bhb_loop+0x45/0xa0
[ 76.293136][ T5318] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.293145][ T5318] RIP: 0033:0x7faafb18e969
[ 76.293154][ T5318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 76.293162][ T5318] RSP: 002b:00007faafc031038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 76.293174][ T5318] RAX: ffffffffffffffda RBX: 00007faafb3b5fa0 RCX: 00007faafb18e969
[ 76.293181][ T5318] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: ffffffffffffff9c
[ 76.293187][ T5318] RBP: 00007faafc031090 R08: 0000000000000000 R09: 0000000000000000
[ 76.293192][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 76.293198][ T5318] R13: 0000000000000000 R14: 00007faafb3b5fa0 R15: 00007ffcb0249128
[ 76.293207][ T5318]
[ 76.507322][ T1310] ieee802154 phy0 wpan0: encryption failed: -22
[ 76.509881][ T1310] ieee802154 phy1 wpan1: encryption failed: -22
[ 77.432086][ T4663] Bluetooth: hci0: command tx timeout
[ 79.512405][ T4663] Bluetooth: hci0: command tx timeout
[ 81.591986][ T4663] Bluetooth: hci0: command tx timeout