program:
open(0x0, 0x14d27e, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="120100002ec6601037210100352a010203010902120001000000000904"], 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x42801, 0x0) (fail_nth: 8)
[ 76.252332][ T5311] Bluetooth: hci0: command tx timeout
[ 76.435839][ T1312] ieee802154 phy0 wpan0: encryption failed: -22
[ 76.439559][ T1312] ieee802154 phy1 wpan1: encryption failed: -22
[ 76.512301][ T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 76.662250][ T10] usb 5-1: Using ep0 maxpacket: 16
[ 76.669142][ T10] usb 5-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35
[ 76.673299][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 76.683048][ T10] usb 5-1: Product: syz
[ 76.686554][ T10] usb 5-1: Manufacturer: syz
[ 76.688551][ T10] usb 5-1: SerialNumber: syz
[ 76.703911][ T10] usb 5-1: config 0 descriptor??
[ 76.723100][ T10] as10x_usb: device has been detected
[ 76.729624][ T10] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led))
[ 76.773618][ T10] usb 5-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))...
[ 76.806456][ T10] as10x_usb: error during firmware upload part1
[ 76.809602][ T10] Registered device Sky IT Digital Key (green led)
[ 76.909426][ T5331] random: crng reseeded on system resumption
[ 76.918023][ T5331] FAULT_INJECTION: forcing a failure.
[ 76.918023][ T5331] name failslab, interval 1, probability 0, space 0, times 1
[ 76.924318][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 76.924333][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 76.924340][ T5331] Call Trace:
[ 76.924345][ T5331]
[ 76.924350][ T5331] dump_stack_lvl+0x189/0x250
[ 76.924473][ T5331] ? __pfx____ratelimit+0x10/0x10
[ 76.924518][ T5331] ? __pfx_dump_stack_lvl+0x10/0x10
[ 76.924531][ T5331] ? __pfx__printk+0x10/0x10
[ 76.924553][ T5331] should_fail_ex+0x414/0x560
[ 76.924595][ T5331] should_failslab+0xa8/0x100
[ 76.924610][ T5331] __kmalloc_cache_noprof+0x6f/0x6f0
[ 76.924622][ T5331] ? async_schedule_node_domain+0x5b/0x120
[ 76.924634][ T5331] ? __pfx___async_dev_cache_fw_image+0x10/0x10
[ 76.924651][ T5331] async_schedule_node_domain+0x5b/0x120
[ 76.924663][ T5331] dev_cache_fw_image+0x364/0x3e0
[ 76.924681][ T5331] ? __pfx_dev_cache_fw_image+0x10/0x10
[ 76.924698][ T5331] ? __pfx_dev_cache_fw_image+0x10/0x10
[ 76.924713][ T5331] dpm_for_each_dev+0x53/0xb0
[ 76.924729][ T5331] fw_pm_notify+0x200/0x2a0
[ 76.924743][ T5331] ? __pfx_fw_pm_notify+0x10/0x10
[ 76.924757][ T5331] ? __pfx_autoremove_wake_function+0x10/0x10
[ 76.924771][ T5331] ? blocking_notifier_call_chain_robust+0x65/0x100
[ 76.924788][ T5331] notifier_call_chain+0x1b6/0x3e0
[ 76.924803][ T5331] blocking_notifier_call_chain_robust+0x85/0x100
[ 76.924819][ T5331] pm_notifier_call_chain_robust+0x2c/0x60
[ 76.924837][ T5331] snapshot_open+0x133/0x280
[ 76.924849][ T5331] ? __pfx_snapshot_open+0x10/0x10
[ 76.924857][ T5331] misc_open+0x2d2/0x350
[ 76.924869][ T5331] chrdev_open+0x4cc/0x5e0
[ 76.924884][ T5331] ? __pfx_chrdev_open+0x10/0x10
[ 76.924900][ T5331] ? fsnotify_open_perm_and_set_mode+0x113/0x610
[ 76.924916][ T5331] ? __pfx_chrdev_open+0x10/0x10
[ 76.924926][ T5331] do_dentry_open+0x953/0x13f0
[ 76.924951][ T5331] vfs_open+0x3b/0x340
[ 76.924962][ T5331] ? path_openat+0x2ecd/0x3830
[ 76.924974][ T5331] path_openat+0x2ee5/0x3830
[ 76.925006][ T5331] ? __pfx_path_openat+0x10/0x10
[ 76.925031][ T5331] do_filp_open+0x1fa/0x410
[ 76.925039][ T5331] ? __lock_acquire+0xab9/0xd20
[ 76.925051][ T5331] ? __pfx_do_filp_open+0x10/0x10
[ 76.925078][ T5331] ? _raw_spin_unlock+0x28/0x50
[ 76.925091][ T5331] ? alloc_fd+0x64c/0x6c0
[ 76.925110][ T5331] do_sys_openat2+0x121/0x1c0
[ 76.925125][ T5331] ? __pfx_do_sys_openat2+0x10/0x10
[ 76.925140][ T5331] ? ksys_write+0x22a/0x250
[ 76.925153][ T5331] ? __pfx_ksys_write+0x10/0x10
[ 76.925163][ T5331] ? rcu_is_watching+0x15/0xb0
[ 76.925177][ T5331] __x64_sys_openat+0x138/0x170
[ 76.925195][ T5331] do_syscall_64+0xfa/0x3b0
[ 76.925204][ T5331] ? lockdep_hardirqs_on+0x9c/0x150
[ 76.925216][ T5331] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.925225][ T5331] ? clear_bhb_loop+0x60/0xb0
[ 76.925238][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.925248][ T5331] RIP: 0033:0x7fed5a58eec9
[ 76.925259][ T5331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 76.925267][ T5331] RSP: 002b:00007fed5b504038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 76.925279][ T5331] RAX: ffffffffffffffda RBX: 00007fed5a7e5fa0 RCX: 00007fed5a58eec9
[ 76.925285][ T5331] RDX: 0000000000042801 RSI: 00002000000002c0 RDI: ffffffffffffff9c
[ 76.925291][ T5331] RBP: 00007fed5b504090 R08: 0000000000000000 R09: 0000000000000000
[ 76.925297][ T5331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 76.925303][ T5331] R13: 00007fed5a7e6038 R14: 00007fed5a7e5fa0 R15: 00007ffd56c07148
[ 76.925322][ T5331]
[ 76.927606][ T5331]
[ 77.080412][ T5331] ============================================
[ 77.083189][ T5331] WARNING: possible recursive locking detected
[ 77.085978][ T5331] syzkaller #0 Not tainted
[ 77.087914][ T5331] --------------------------------------------
[ 77.090554][ T5331] syz.0.0/5331 is trying to acquire lock:
[ 77.093092][ T5331] ffffffff8e6b55c8 (fw_lock){+.+.}-{4:4}, at: assign_fw+0x52/0x890
[ 77.096472][ T5331]
[ 77.096472][ T5331] but task is already holding lock:
[ 77.099402][ T5331] ffffffff8e6b55c8 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x1e8/0x2a0
[ 77.102627][ T5331]
[ 77.102627][ T5331] other info that might help us debug this:
[ 77.106116][ T5331] Possible unsafe locking scenario:
[ 77.106116][ T5331]
[ 77.109306][ T5331] CPU0
[ 77.110787][ T5331] ----
[ 77.112280][ T5331] lock(fw_lock);
[ 77.113921][ T5331] lock(fw_lock);
[ 77.115581][ T5331]
[ 77.115581][ T5331] *** DEADLOCK ***
[ 77.115581][ T5331]
[ 77.119147][ T5331] May be due to missing lock nesting notation
[ 77.119147][ T5331]
[ 77.122616][ T5331] 5 locks held by syz.0.0/5331:
[ 77.124590][ T5331] #0: ffffffff8e55f028 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[ 77.128169][ T5331] #1: ffffffff8dbeafe8 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x4a/0x70
[ 77.132447][ T5331] #2: ffffffff8dc0e6f0 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0x65/0x100
[ 77.137358][ T5331] #3: ffffffff8e6b55c8 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x1e8/0x2a0
[ 77.140989][ T5331] #4: ffffffff8e6b0648 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x29/0xb0
[ 77.145005][ T5331]
[ 77.145005][ T5331] stack backtrace:
[ 77.147612][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 77.147664][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 77.147677][ T5331] Call Trace:
[ 77.147763][ T5331]
[ 77.147770][ T5331] dump_stack_lvl+0x189/0x250
[ 77.147787][ T5331] ? __pfx_dump_stack_lvl+0x10/0x10
[ 77.147799][ T5331] ? __pfx__printk+0x10/0x10
[ 77.147814][ T5331] ? print_lock_name+0xde/0x100
[ 77.147830][ T5331] print_deadlock_bug+0x28b/0x2a0
[ 77.147844][ T5331] validate_chain+0x1a3f/0x2140
[ 77.147857][ T5331] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 77.147878][ T5331] ? lockdep_hardirqs_on+0x9c/0x150
[ 77.147894][ T5331] __lock_acquire+0xab9/0xd20
[ 77.147906][ T5331] ? assign_fw+0x52/0x890
[ 77.147920][ T5331] lock_acquire+0x120/0x360
[ 77.147929][ T5331] ? assign_fw+0x52/0x890
[ 77.147943][ T5331] ? __kasan_save_free_info+0x46/0x50
[ 77.147951][ T5331] ? kmem_cache_free+0x19b/0x690
[ 77.147962][ T5331] ? __async_dev_cache_fw_image+0x7f/0x280
[ 77.147975][ T5331] __mutex_lock+0x187/0x1350
[ 77.148039][ T5331] ? assign_fw+0x52/0x890
[ 77.148054][ T5331] ? path_openat+0x2ee5/0x3830
[ 77.148063][ T5331] ? do_filp_open+0x1fa/0x410
[ 77.148074][ T5331] ? __x64_sys_openat+0x138/0x170
[ 77.148087][ T5331] ? do_syscall_64+0xfa/0x3b0
[ 77.148098][ T5331] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.148110][ T5331] ? assign_fw+0x52/0x890
[ 77.148123][ T5331] ? __pfx___mutex_lock+0x10/0x10
[ 77.148135][ T5331] ? lockdep_hardirqs_on+0x9c/0x150
[ 77.148150][ T5331] assign_fw+0x52/0x890
[ 77.148212][ T5331] ? _request_firmware+0xe57/0x15b0
[ 77.148227][ T5331] ? kmem_cache_free+0x19b/0x690
[ 77.148238][ T5331] _request_firmware+0xeea/0x15b0
[ 77.148251][ T5331] ? __lock_acquire+0xab9/0xd20
[ 77.148262][ T5331] ? __pfx__request_firmware+0x10/0x10
[ 77.148275][ T5331] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 77.148290][ T5331] ? lockdep_hardirqs_on+0x9c/0x150
[ 77.148303][ T5331] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 77.148315][ T5331] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 77.148329][ T5331] __async_dev_cache_fw_image+0x7f/0x280
[ 77.148345][ T5331] ? __pfx___async_dev_cache_fw_image+0x10/0x10
[ 77.148361][ T5331] async_schedule_node_domain+0xde/0x120
[ 77.148373][ T5331] dev_cache_fw_image+0x364/0x3e0
[ 77.148389][ T5331] ? __pfx_dev_cache_fw_image+0x10/0x10
[ 77.148405][ T5331] ? __pfx_dev_cache_fw_image+0x10/0x10
[ 77.148419][ T5331] dpm_for_each_dev+0x53/0xb0
[ 77.148434][ T5331] fw_pm_notify+0x200/0x2a0
[ 77.148449][ T5331] ? __pfx_fw_pm_notify+0x10/0x10
[ 77.148463][ T5331] ? __pfx_autoremove_wake_function+0x10/0x10
[ 77.148477][ T5331] ? blocking_notifier_call_chain_robust+0x65/0x100
[ 77.148493][ T5331] notifier_call_chain+0x1b6/0x3e0
[ 77.148507][ T5331] blocking_notifier_call_chain_robust+0x85/0x100
[ 77.148520][ T5331] pm_notifier_call_chain_robust+0x2c/0x60
[ 77.148530][ T5331] snapshot_open+0x133/0x280
[ 77.148541][ T5331] ? __pfx_snapshot_open+0x10/0x10
[ 77.148551][ T5331] misc_open+0x2d2/0x350
[ 77.148595][ T5331] chrdev_open+0x4cc/0x5e0
[ 77.148611][ T5331] ? __pfx_chrdev_open+0x10/0x10
[ 77.148624][ T5331] ? fsnotify_open_perm_and_set_mode+0x113/0x610
[ 77.148646][ T5331] ? __pfx_chrdev_open+0x10/0x10
[ 77.148657][ T5331] do_dentry_open+0x953/0x13f0
[ 77.148673][ T5331] vfs_open+0x3b/0x340
[ 77.148685][ T5331] ? path_openat+0x2ecd/0x3830
[ 77.148697][ T5331] path_openat+0x2ee5/0x3830
[ 77.148713][ T5331] ? __pfx_path_openat+0x10/0x10
[ 77.148726][ T5331] do_filp_open+0x1fa/0x410
[ 77.148735][ T5331] ? __lock_acquire+0xab9/0xd20
[ 77.148746][ T5331] ? __pfx_do_filp_open+0x10/0x10
[ 77.148759][ T5331] ? _raw_spin_unlock+0x28/0x50
[ 77.148773][ T5331] ? alloc_fd+0x64c/0x6c0
[ 77.148786][ T5331] do_sys_openat2+0x121/0x1c0
[ 77.148802][ T5331] ? __pfx_do_sys_openat2+0x10/0x10
[ 77.148815][ T5331] ? ksys_write+0x22a/0x250
[ 77.148825][ T5331] ? __pfx_ksys_write+0x10/0x10
[ 77.148835][ T5331] ? rcu_is_watching+0x15/0xb0
[ 77.148849][ T5331] __x64_sys_openat+0x138/0x170
[ 77.148870][ T5331] do_syscall_64+0xfa/0x3b0
[ 77.148880][ T5331] ? lockdep_hardirqs_on+0x9c/0x150
[ 77.148893][ T5331] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.148902][ T5331] ? clear_bhb_loop+0x60/0xb0
[ 77.148914][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.148923][ T5331] RIP: 0033:0x7fed5a58eec9
[ 77.148996][ T5331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 77.149006][ T5331] RSP: 002b:00007fed5b504038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 77.149019][ T5331] RAX: ffffffffffffffda RBX: 00007fed5a7e5fa0 RCX: 00007fed5a58eec9
[ 77.149026][ T5331] RDX: 0000000000042801 RSI: 00002000000002c0 RDI: ffffffffffffff9c
[ 77.149033][ T5331] RBP: 00007fed5b504090 R08: 0000000000000000 R09: 0000000000000000
[ 77.149038][ T5331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 77.149043][ T5331] R13: 00007fed5a7e6038 R14: 00007fed5a7e5fa0 R15: 00007ffd56c07148
[ 77.149056][ T5331]
[ 78.272370][ T5311] Bluetooth: hci0: command tx timeout
[ 80.352588][ T5311] Bluetooth: hci0: command tx timeout
[ 82.432237][ T5311] Bluetooth: hci0: command tx timeout