program:
syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="120100002ec6601037210100352a010203010902120001000000000904"], 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x42801, 0x0) (fail_nth: 8)

[   75.731306][ T5302] Bluetooth: hci0: command tx timeout
[   76.070032][   T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   76.220446][   T10] usb 5-1: Using ep0 maxpacket: 16
[   76.227374][   T10] usb 5-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35
[   76.232017][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   76.235591][   T10] usb 5-1: Product: syz
[   76.237498][   T10] usb 5-1: Manufacturer: syz
[   76.239571][   T10] usb 5-1: SerialNumber: syz
[   76.248449][   T10] usb 5-1: config 0 descriptor??
[   76.264830][   T10] as10x_usb: device has been detected
[   76.267791][   T10] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led))
[   76.286458][   T10] usb 5-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))...
[   76.308165][   T10] as10x_usb: error during firmware upload part1
[   76.311776][   T10] Registered device Sky IT Digital Key (green led)
[   76.462530][ T5323] random: crng reseeded on system resumption
[   76.471637][ T5323] FAULT_INJECTION: forcing a failure.
[   76.471637][ T5323] name failslab, interval 1, probability 0, space 0, times 1
[   76.477065][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   76.477080][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.477086][ T5323] Call Trace:
[   76.477092][ T5323]  <TASK>
[   76.477097][ T5323]  dump_stack_lvl+0x189/0x250
[   76.477204][ T5323]  ? __pfx____ratelimit+0x10/0x10
[   76.477245][ T5323]  ? __pfx_dump_stack_lvl+0x10/0x10
[   76.477258][ T5323]  ? __pfx__printk+0x10/0x10
[   76.477278][ T5323]  should_fail_ex+0x414/0x560
[   76.477322][ T5323]  should_failslab+0xa8/0x100
[   76.477339][ T5323]  __kmalloc_cache_noprof+0x6f/0x6f0
[   76.477353][ T5323]  ? async_schedule_node_domain+0x5b/0x120
[   76.477365][ T5323]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[   76.477382][ T5323]  async_schedule_node_domain+0x5b/0x120
[   76.477395][ T5323]  dev_cache_fw_image+0x364/0x3e0
[   76.477414][ T5323]  ? __pfx_dev_cache_fw_image+0x10/0x10
[   76.477431][ T5323]  ? __pfx_dev_cache_fw_image+0x10/0x10
[   76.477447][ T5323]  dpm_for_each_dev+0x56/0xb0
[   76.477463][ T5323]  fw_pm_notify+0x200/0x2a0
[   76.477478][ T5323]  ? __pfx_fw_pm_notify+0x10/0x10
[   76.477491][ T5323]  ? __pfx_autoremove_wake_function+0x10/0x10
[   76.477506][ T5323]  ? blocking_notifier_call_chain_robust+0x65/0x100
[   76.477524][ T5323]  notifier_call_chain+0x1b6/0x3e0
[   76.477542][ T5323]  blocking_notifier_call_chain_robust+0x85/0x100
[   76.477557][ T5323]  pm_notifier_call_chain_robust+0x2c/0x60
[   76.477568][ T5323]  snapshot_open+0x133/0x280
[   76.477581][ T5323]  ? __pfx_snapshot_open+0x10/0x10
[   76.477589][ T5323]  misc_open+0x2d5/0x350
[   76.477603][ T5323]  chrdev_open+0x4cc/0x5e0
[   76.477620][ T5323]  ? __pfx_chrdev_open+0x10/0x10
[   76.477635][ T5323]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[   76.477654][ T5323]  ? __pfx_chrdev_open+0x10/0x10
[   76.477666][ T5323]  do_dentry_open+0x953/0x13f0
[   76.477687][ T5323]  vfs_open+0x3b/0x340
[   76.477694][ T5323]  ? path_openat+0x2ecd/0x3830
[   76.477708][ T5323]  path_openat+0x2ee5/0x3830
[   76.477741][ T5323]  ? __pfx_path_openat+0x10/0x10
[   76.477765][ T5323]  do_filp_open+0x1fa/0x410
[   76.477775][ T5323]  ? __lock_acquire+0xab9/0xd20
[   76.477786][ T5323]  ? __pfx_do_filp_open+0x10/0x10
[   76.477811][ T5323]  ? _raw_spin_unlock+0x28/0x50
[   76.477824][ T5323]  ? alloc_fd+0x64c/0x6c0
[   76.477844][ T5323]  do_sys_openat2+0x121/0x1c0
[   76.477856][ T5323]  ? __pfx_do_sys_openat2+0x10/0x10
[   76.477869][ T5323]  ? ksys_write+0x22a/0x250
[   76.477882][ T5323]  ? __pfx_ksys_write+0x10/0x10
[   76.477896][ T5323]  __x64_sys_openat+0x138/0x170
[   76.477910][ T5323]  do_syscall_64+0xfa/0xfa0
[   76.477922][ T5323]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.477935][ T5323]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.477945][ T5323]  ? clear_bhb_loop+0x60/0xb0
[   76.477957][ T5323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.477968][ T5323] RIP: 0033:0x7f7a4898f6c9
[   76.477979][ T5323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.477987][ T5323] RSP: 002b:00007f7a4984c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   76.478000][ T5323] RAX: ffffffffffffffda RBX: 00007f7a48be5fa0 RCX: 00007f7a4898f6c9
[   76.478006][ T5323] RDX: 0000000000042801 RSI: 00002000000002c0 RDI: ffffffffffffff9c
[   76.478011][ T5323] RBP: 00007f7a4984c090 R08: 0000000000000000 R09: 0000000000000000
[   76.478017][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   76.478022][ T5323] R13: 00007f7a48be6038 R14: 00007f7a48be5fa0 R15: 00007ffd38baa358
[   76.478041][ T5323]  </TASK>
[   76.635440][ T1313] ieee802154 phy0 wpan0: encryption failed: -22
[   76.638268][ T1313] ieee802154 phy1 wpan1: encryption failed: -22
[   76.662966][ T5323] 
[   76.664118][ T5323] ============================================
[   76.666837][ T5323] WARNING: possible recursive locking detected
[   76.669484][ T5323] syzkaller #0 Not tainted
[   76.671447][ T5323] --------------------------------------------
[   76.674158][ T5323] syz.0.0/5323 is trying to acquire lock:
[   76.676644][ T5323] ffffffff8e8ce128 (fw_lock){+.+.}-{4:4}, at: assign_fw+0x52/0x890
[   76.680017][ T5323] 
[   76.680017][ T5323] but task is already holding lock:
[   76.683134][ T5323] ffffffff8e8ce128 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x1e8/0x2a0
[   76.686661][ T5323] 
[   76.686661][ T5323] other info that might help us debug this:
[   76.690127][ T5323]  Possible unsafe locking scenario:
[   76.690127][ T5323] 
[   76.693285][ T5323]        CPU0
[   76.694753][ T5323]        ----
[   76.696269][ T5323]   lock(fw_lock);
[   76.697925][ T5323]   lock(fw_lock);
[   76.699674][ T5323] 
[   76.699674][ T5323]  *** DEADLOCK ***
[   76.699674][ T5323] 
[   76.703306][ T5323]  May be due to missing lock nesting notation
[   76.703306][ T5323] 
[   76.706945][ T5323] 5 locks held by syz.0.0/5323:
[   76.709111][ T5323]  #0: ffffffff8e7776a8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[   76.712829][ T5323]  #1: ffffffff8dded268 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x4a/0x70
[   76.717414][ T5323]  #2: ffffffff8de10970 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0x65/0x100
[   76.722639][ T5323]  #3: ffffffff8e8ce128 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x1e8/0x2a0
[   76.726365][ T5323]  #4: ffffffff8e8c91a8 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x29/0xb0
[   76.730393][ T5323] 
[   76.730393][ T5323] stack backtrace:
[   76.733911][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   76.733937][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.733949][ T5323] Call Trace:
[   76.733992][ T5323]  <TASK>
[   76.733998][ T5323]  dump_stack_lvl+0x189/0x250
[   76.734061][ T5323]  ? __pfx_dump_stack_lvl+0x10/0x10
[   76.734075][ T5323]  ? __pfx__printk+0x10/0x10
[   76.734087][ T5323]  ? print_lock_name+0xde/0x100
[   76.734098][ T5323]  print_deadlock_bug+0x28b/0x2a0
[   76.734113][ T5323]  validate_chain+0x1a3f/0x2140
[   76.734127][ T5323]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   76.734148][ T5323]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.734165][ T5323]  __lock_acquire+0xab9/0xd20
[   76.734177][ T5323]  ? assign_fw+0x52/0x890
[   76.734201][ T5323]  lock_acquire+0x120/0x360
[   76.734241][ T5323]  ? assign_fw+0x52/0x890
[   76.734256][ T5323]  ? __kasan_save_free_info+0x46/0x50
[   76.734269][ T5323]  ? kmem_cache_free+0x19b/0x690
[   76.734282][ T5323]  ? __async_dev_cache_fw_image+0x7f/0x280
[   76.734299][ T5323]  __mutex_lock+0x187/0x1350
[   76.734325][ T5323]  ? assign_fw+0x52/0x890
[   76.734337][ T5323]  ? path_openat+0x2ee5/0x3830
[   76.734348][ T5323]  ? do_filp_open+0x1fa/0x410
[   76.734359][ T5323]  ? __x64_sys_openat+0x138/0x170
[   76.734370][ T5323]  ? do_syscall_64+0xfa/0xfa0
[   76.734384][ T5323]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.734397][ T5323]  ? assign_fw+0x52/0x890
[   76.734410][ T5323]  ? __pfx___mutex_lock+0x10/0x10
[   76.734428][ T5323]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.734443][ T5323]  assign_fw+0x52/0x890
[   76.734466][ T5323]  ? _request_firmware+0xe57/0x15b0
[   76.734479][ T5323]  ? kmem_cache_free+0x19b/0x690
[   76.734493][ T5323]  _request_firmware+0xeea/0x15b0
[   76.734507][ T5323]  ? __lock_acquire+0xab9/0xd20
[   76.734521][ T5323]  ? __pfx__request_firmware+0x10/0x10
[   76.734534][ T5323]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   76.734548][ T5323]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.734561][ T5323]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   76.734574][ T5323]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   76.734588][ T5323]  __async_dev_cache_fw_image+0x7f/0x280
[   76.734604][ T5323]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[   76.734620][ T5323]  async_schedule_node_domain+0xe1/0x120
[   76.734633][ T5323]  dev_cache_fw_image+0x364/0x3e0
[   76.734649][ T5323]  ? __pfx_dev_cache_fw_image+0x10/0x10
[   76.734664][ T5323]  ? __pfx_dev_cache_fw_image+0x10/0x10
[   76.734676][ T5323]  dpm_for_each_dev+0x56/0xb0
[   76.734691][ T5323]  fw_pm_notify+0x200/0x2a0
[   76.734704][ T5323]  ? __pfx_fw_pm_notify+0x10/0x10
[   76.734717][ T5323]  ? __pfx_autoremove_wake_function+0x10/0x10
[   76.734732][ T5323]  ? blocking_notifier_call_chain_robust+0x65/0x100
[   76.734747][ T5323]  notifier_call_chain+0x1b6/0x3e0
[   76.734764][ T5323]  blocking_notifier_call_chain_robust+0x85/0x100
[   76.734776][ T5323]  pm_notifier_call_chain_robust+0x2c/0x60
[   76.734790][ T5323]  snapshot_open+0x133/0x280
[   76.734800][ T5323]  ? __pfx_snapshot_open+0x10/0x10
[   76.734807][ T5323]  misc_open+0x2d5/0x350
[   76.734833][ T5323]  chrdev_open+0x4cc/0x5e0
[   76.734845][ T5323]  ? __pfx_chrdev_open+0x10/0x10
[   76.734857][ T5323]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[   76.734871][ T5323]  ? __pfx_chrdev_open+0x10/0x10
[   76.734882][ T5323]  do_dentry_open+0x953/0x13f0
[   76.734893][ T5323]  vfs_open+0x3b/0x340
[   76.734901][ T5323]  ? path_openat+0x2ecd/0x3830
[   76.734913][ T5323]  path_openat+0x2ee5/0x3830
[   76.734932][ T5323]  ? __pfx_path_openat+0x10/0x10
[   76.734947][ T5323]  do_filp_open+0x1fa/0x410
[   76.734956][ T5323]  ? __lock_acquire+0xab9/0xd20
[   76.734970][ T5323]  ? __pfx_do_filp_open+0x10/0x10
[   76.734986][ T5323]  ? _raw_spin_unlock+0x28/0x50
[   76.734998][ T5323]  ? alloc_fd+0x64c/0x6c0
[   76.735014][ T5323]  do_sys_openat2+0x121/0x1c0
[   76.735025][ T5323]  ? __pfx_do_sys_openat2+0x10/0x10
[   76.735036][ T5323]  ? ksys_write+0x22a/0x250
[   76.735053][ T5323]  ? __pfx_ksys_write+0x10/0x10
[   76.735067][ T5323]  __x64_sys_openat+0x138/0x170
[   76.735079][ T5323]  do_syscall_64+0xfa/0xfa0
[   76.735093][ T5323]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.735107][ T5323]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.735117][ T5323]  ? clear_bhb_loop+0x60/0xb0
[   76.735134][ T5323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.735144][ T5323] RIP: 0033:0x7f7a4898f6c9
[   76.735271][ T5323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.735282][ T5323] RSP: 002b:00007f7a4984c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   76.735294][ T5323] RAX: ffffffffffffffda RBX: 00007f7a48be5fa0 RCX: 00007f7a4898f6c9
[   76.735302][ T5323] RDX: 0000000000042801 RSI: 00002000000002c0 RDI: ffffffffffffff9c
[   76.735309][ T5323] RBP: 00007f7a4984c090 R08: 0000000000000000 R09: 0000000000000000
[   76.735315][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   76.735321][ T5323] R13: 00007f7a48be6038 R14: 00007f7a48be5fa0 R15: 00007ffd38baa358
[   76.735333][ T5323]  </TASK>
[   77.782972][ T5302] Bluetooth: hci0: command tx timeout
[   79.860482][ T5302] Bluetooth: hci0: command tx timeout
[   81.940297][ T5302] Bluetooth: hci0: command tx timeout