program:
syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="120100002ec6601037210100352a010203010902120001000000000904"], 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200), 0x80001, 0x0) (fail_nth: 8)

[   75.416467][ T5094] Bluetooth: hci0: command tx timeout
[   75.738932][ T1339] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   75.888928][ T1339] usb 5-1: Using ep0 maxpacket: 16
[   75.896305][ T1339] usb 5-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35
[   75.900852][ T1339] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   75.903929][ T1339] usb 5-1: Product: syz
[   75.905429][ T1339] usb 5-1: Manufacturer: syz
[   75.907118][ T1339] usb 5-1: SerialNumber: syz
[   75.914521][ T1339] usb 5-1: config 0 descriptor??
[   75.923893][ T1339] as10x_usb: device has been detected
[   75.926263][ T1339] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led))
[   75.939664][ T1339] usb 5-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))...
[   75.952891][ T1339] as10x_usb: error during firmware upload part1
[   75.955191][ T1339] Registered device Sky IT Digital Key (green led)
[   76.120525][ T5109] random: crng reseeded on system resumption
[   76.132812][ T5109] FAULT_INJECTION: forcing a failure.
[   76.132812][ T5109] name failslab, interval 1, probability 0, space 0, times 1
[   76.137989][ T5109] CPU: 0 UID: 0 PID: 5109 Comm: syz.0.0 Not tainted 6.11.0-syzkaller-11624-ge477dba5442c #0
[   76.141729][ T5109] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.145958][ T5109] Call Trace:
[   76.147244][ T5109]  <TASK>
[   76.148388][ T5109]  dump_stack_lvl+0x241/0x360
[   76.150240][ T5109]  ? __pfx_dump_stack_lvl+0x10/0x10
[   76.152263][ T5109]  ? __pfx__printk+0x10/0x10
[   76.154103][ T5109]  should_fail_ex+0x3b0/0x4e0
[   76.156032][ T5109]  should_failslab+0xac/0x100
[   76.157901][ T5109]  ? async_schedule_node_domain+0x5c/0x110
[   76.160239][ T5109]  __kmalloc_cache_noprof+0x6c/0x2c0
[   76.162314][ T5109]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[   76.164748][ T5109]  async_schedule_node_domain+0x5c/0x110
[   76.166958][ T5109]  dev_cache_fw_image+0x36d/0x3e0
[   76.168958][ T5109]  ? __pfx_dev_cache_fw_image+0x10/0x10
[   76.171161][ T5109]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   76.173471][ T5109]  ? blake2s_update+0x1a5/0x280
[   76.175363][ T5109]  ? __pfx_dev_cache_fw_image+0x10/0x10
[   76.177515][ T5109]  dpm_for_each_dev+0x58/0xc0
[   76.179331][ T5109]  fw_pm_notify+0x24a/0x2f0
[   76.181101][ T5109]  ? __pfx_fw_pm_notify+0x10/0x10
[   76.183003][ T5109]  ? __mutex_trylock_common+0x183/0x2e0
[   76.185124][ T5109]  ? __pfx_autoremove_wake_function+0x10/0x10
[   76.187447][ T5109]  ? rcu_is_watching+0x15/0xb0
[   76.189308][ T5109]  ? trace_contention_end+0x3c/0x120
[   76.191437][ T5109]  notifier_call_chain+0x19f/0x3e0
[   76.193478][ T5109]  blocking_notifier_call_chain_robust+0xe8/0x1e0
[   76.196037][ T5109]  ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10
[   76.198734][ T5109]  ? __pfx___mutex_lock+0x10/0x10
[   76.200719][ T5109]  pm_notifier_call_chain_robust+0x2c/0x60
[   76.202951][ T5109]  snapshot_open+0x132/0x280
[   76.204763][ T5109]  ? __pfx_snapshot_open+0x10/0x10
[   76.206762][ T5109]  misc_open+0x2cc/0x340
[   76.208461][ T5109]  chrdev_open+0x521/0x600
[   76.210232][ T5109]  ? __pfx_apparmor_file_open+0x10/0x10
[   76.212419][ T5109]  ? __pfx_chrdev_open+0x10/0x10
[   76.214375][ T5109]  ? security_file_open+0x513/0x990
[   76.216490][ T5109]  ? __pfx_chrdev_open+0x10/0x10
[   76.218447][ T5109]  do_dentry_open+0x978/0x1460
[   76.220386][ T5109]  vfs_open+0x3e/0x330
[   76.222011][ T5109]  path_openat+0x2c84/0x3590
[   76.223921][ T5109]  ? __pfx_path_openat+0x10/0x10
[   76.225868][ T5109]  do_filp_open+0x235/0x490
[   76.227666][ T5109]  ? __pfx_do_filp_open+0x10/0x10
[   76.229686][ T5109]  ? _raw_spin_unlock+0x28/0x50
[   76.231599][ T5109]  ? alloc_fd+0x5a1/0x640
[   76.233260][ T5109]  do_sys_openat2+0x13e/0x1d0
[   76.235109][ T5109]  ? __pfx_do_sys_openat2+0x10/0x10
[   76.237152][ T5109]  __x64_sys_openat+0x247/0x2a0
[   76.239078][ T5109]  ? __pfx___x64_sys_openat+0x10/0x10
[   76.241169][ T5109]  ? do_syscall_64+0x100/0x230
[   76.243042][ T5109]  ? do_syscall_64+0xb6/0x230
[   76.244901][ T5109]  do_syscall_64+0xf3/0x230
[   76.246688][ T5109]  ? clear_bhb_loop+0x35/0x90
[   76.248548][ T5109]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.250860][ T5109] RIP: 0033:0x7f7d3337dff9
[   76.252660][ T5109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.260152][ T5109] RSP: 002b:00007f7d340d3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   76.263385][ T5109] RAX: ffffffffffffffda RBX: 00007f7d33535f80 RCX: 00007f7d3337dff9
[   76.266421][ T5109] RDX: 0000000000080001 RSI: 0000000020000200 RDI: ffffffffffffff9c
[   76.269565][ T5109] RBP: 00007f7d340d3090 R08: 0000000000000000 R09: 0000000000000000
[   76.272628][ T5109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   76.275698][ T5109] R13: 0000000000000000 R14: 00007f7d33535f80 R15: 00007fff052cc038
[   76.278713][ T5109]  </TASK>
[   76.283805][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[   76.286415][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[   76.302747][ T5109] 
[   76.303772][ T5109] ============================================
[   76.306095][ T5109] WARNING: possible recursive locking detected
[   76.308459][ T5109] 6.11.0-syzkaller-11624-ge477dba5442c #0 Not tainted
[   76.311114][ T5109] --------------------------------------------
[   76.313506][ T5109] syz.0.0/5109 is trying to acquire lock:
[   76.315786][ T5109] ffffffff8f2dc508 (fw_lock){+.+.}-{3:3}, at: assign_fw+0x56/0x890
[   76.318926][ T5109] 
[   76.318926][ T5109] but task is already holding lock:
[   76.321845][ T5109] ffffffff8f2dc508 (fw_lock){+.+.}-{3:3}, at: fw_pm_notify+0x232/0x2f0
[   76.325119][ T5109] 
[   76.325119][ T5109] other info that might help us debug this:
[   76.328263][ T5109]  Possible unsafe locking scenario:
[   76.328263][ T5109] 
[   76.331202][ T5109]        CPU0
[   76.332535][ T5109]        ----
[   76.333919][ T5109]   lock(fw_lock);
[   76.335483][ T5109]   lock(fw_lock);
[   76.337047][ T5109] 
[   76.337047][ T5109]  *** DEADLOCK ***
[   76.337047][ T5109] 
[   76.340296][ T5109]  May be due to missing lock nesting notation
[   76.340296][ T5109] 
[   76.343524][ T5109] 5 locks held by syz.0.0/5109:
[   76.345447][ T5109]  #0: ffffffff8f18e268 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x54/0x340
[   76.348839][ T5109]  #1: ffffffff8e7eade8 (system_transition_mutex){+.+.}-{3:3}, at: lock_system_sleep+0x60/0xa0
[   76.352909][ T5109]  #2: ffffffff8e80b0f0 ((pm_chain_head).rwsem){++++}-{3:3}, at: blocking_notifier_call_chain_robust+0xac/0x1e0
[   76.357533][ T5109]  #3: ffffffff8f2dc508 (fw_lock){+.+.}-{3:3}, at: fw_pm_notify+0x232/0x2f0
[   76.360960][ T5109]  #4: ffffffff8f2d75a8 (dpm_list_mtx){+.+.}-{3:3}, at: dpm_for_each_dev+0x2b/0xc0
[   76.364545][ T5109] 
[   76.364545][ T5109] stack backtrace:
[   76.366876][ T5109] CPU: 0 UID: 0 PID: 5109 Comm: syz.0.0 Not tainted 6.11.0-syzkaller-11624-ge477dba5442c #0
[   76.370730][ T5109] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.374878][ T5109] Call Trace:
[   76.376240][ T5109]  <TASK>
[   76.377383][ T5109]  dump_stack_lvl+0x241/0x360
[   76.379316][ T5109]  ? __pfx_dump_stack_lvl+0x10/0x10
[   76.381375][ T5109]  ? __pfx__printk+0x10/0x10
[   76.383219][ T5109]  ? lockdep_unlock+0x16a/0x300
[   76.385078][ T5109]  print_deadlock_bug+0x483/0x620
[   76.387076][ T5109]  validate_chain+0x15e2/0x5920
[   76.388992][ T5109]  ? __lock_acquire+0x1384/0x2050
[   76.390967][ T5109]  ? mark_lock+0x9a/0x360
[   76.392669][ T5109]  ? __pfx_validate_chain+0x10/0x10
[   76.394713][ T5109]  ? __lock_acquire+0x1384/0x2050
[   76.396755][ T5109]  ? mark_lock+0x9a/0x360
[   76.398463][ T5109]  ? mark_lock+0x9a/0x360
[   76.400243][ T5109]  __lock_acquire+0x1384/0x2050
[   76.402185][ T5109]  lock_acquire+0x1ed/0x550
[   76.403985][ T5109]  ? assign_fw+0x56/0x890
[   76.405727][ T5109]  ? __pfx_lock_acquire+0x10/0x10
[   76.407739][ T5109]  ? __pfx___might_resched+0x10/0x10
[   76.409899][ T5109]  ? kmem_cache_free+0x1a2/0x420
[   76.411861][ T5109]  ? _request_firmware+0xd5a/0x13b0
[   76.413891][ T5109]  ? __async_dev_cache_fw_image+0xe7/0x320
[   76.416163][ T5109]  ? async_schedule_node_domain+0xdc/0x110
[   76.418383][ T5109]  ? dev_cache_fw_image+0x36d/0x3e0
[   76.420424][ T5109]  ? dpm_for_each_dev+0x58/0xc0
[   76.422298][ T5109]  ? fw_pm_notify+0x24a/0x2f0
[   76.424152][ T5109]  ? notifier_call_chain+0x19f/0x3e0
[   76.426190][ T5109]  ? blocking_notifier_call_chain_robust+0xe8/0x1e0
[   76.428758][ T5109]  ? snapshot_open+0x132/0x280
[   76.430614][ T5109]  ? misc_open+0x2cc/0x340
[   76.432354][ T5109]  ? chrdev_open+0x521/0x600
[   76.434140][ T5109]  ? vfs_open+0x3e/0x330
[   76.435770][ T5109]  __mutex_lock+0x136/0xd70
[   76.437460][ T5109]  ? assign_fw+0x56/0x890
[   76.439035][ T5109]  ? mark_lock+0x9a/0x360
[   76.440613][ T5109]  ? assign_fw+0x56/0x890
[   76.442183][ T5109]  ? __pfx___mutex_lock+0x10/0x10
[   76.444059][ T5109]  ? kasan_quarantine_put+0xdc/0x230
[   76.446105][ T5109]  ? lockdep_hardirqs_on+0x99/0x150
[   76.448151][ T5109]  assign_fw+0x56/0x890
[   76.449768][ T5109]  ? _request_firmware+0xd5a/0x13b0
[   76.451777][ T5109]  ? kmem_cache_free+0x1a2/0x420
[   76.453646][ T5109]  ? complete_all+0x2d/0x1e0
[   76.455506][ T5109]  ? _request_firmware+0xd5a/0x13b0
[   76.457531][ T5109]  _request_firmware+0xe16/0x13b0
[   76.459509][ T5109]  ? __pfx__request_firmware+0x10/0x10
[   76.461632][ T5109]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   76.463982][ T5109]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   76.466377][ T5109]  __async_dev_cache_fw_image+0xe7/0x320
[   76.468591][ T5109]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[   76.471010][ T5109]  ? async_schedule_node_domain+0xa3/0x110
[   76.473253][ T5109]  ? __kmalloc_cache_noprof+0x19c/0x2c0
[   76.475396][ T5109]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[   76.477809][ T5109]  async_schedule_node_domain+0xdc/0x110
[   76.479986][ T5109]  dev_cache_fw_image+0x36d/0x3e0
[   76.481953][ T5109]  ? __pfx_dev_cache_fw_image+0x10/0x10
[   76.484048][ T5109]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   76.486332][ T5109]  ? blake2s_update+0x1a5/0x280
[   76.488246][ T5109]  ? __pfx_dev_cache_fw_image+0x10/0x10
[   76.490402][ T5109]  dpm_for_each_dev+0x58/0xc0
[   76.492268][ T5109]  fw_pm_notify+0x24a/0x2f0
[   76.494048][ T5109]  ? __pfx_fw_pm_notify+0x10/0x10
[   76.496030][ T5109]  ? __mutex_trylock_common+0x183/0x2e0
[   76.498178][ T5109]  ? __pfx_autoremove_wake_function+0x10/0x10
[   76.500574][ T5109]  ? rcu_is_watching+0x15/0xb0
[   76.502430][ T5109]  ? trace_contention_end+0x3c/0x120
[   76.504490][ T5109]  notifier_call_chain+0x19f/0x3e0
[   76.506465][ T5109]  blocking_notifier_call_chain_robust+0xe8/0x1e0
[   76.508963][ T5109]  ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10
[   76.511712][ T5109]  ? __pfx___mutex_lock+0x10/0x10
[   76.513672][ T5109]  pm_notifier_call_chain_robust+0x2c/0x60
[   76.515986][ T5109]  snapshot_open+0x132/0x280
[   76.517816][ T5109]  ? __pfx_snapshot_open+0x10/0x10
[   76.519879][ T5109]  misc_open+0x2cc/0x340
[   76.521552][ T5109]  chrdev_open+0x521/0x600
[   76.523315][ T5109]  ? __pfx_apparmor_file_open+0x10/0x10
[   76.525488][ T5109]  ? __pfx_chrdev_open+0x10/0x10
[   76.527441][ T5109]  ? security_file_open+0x513/0x990
[   76.529447][ T5109]  ? __pfx_chrdev_open+0x10/0x10
[   76.531408][ T5109]  do_dentry_open+0x978/0x1460
[   76.533300][ T5109]  vfs_open+0x3e/0x330
[   76.534946][ T5109]  path_openat+0x2c84/0x3590
[   76.536781][ T5109]  ? __pfx_path_openat+0x10/0x10
[   76.538687][ T5109]  do_filp_open+0x235/0x490
[   76.540511][ T5109]  ? __pfx_do_filp_open+0x10/0x10
[   76.542403][ T5109]  ? _raw_spin_unlock+0x28/0x50
[   76.544305][ T5109]  ? alloc_fd+0x5a1/0x640
[   76.545926][ T5109]  do_sys_openat2+0x13e/0x1d0
[   76.547724][ T5109]  ? __pfx_do_sys_openat2+0x10/0x10
[   76.549744][ T5109]  __x64_sys_openat+0x247/0x2a0
[   76.551670][ T5109]  ? __pfx___x64_sys_openat+0x10/0x10
[   76.553672][ T5109]  ? do_syscall_64+0x100/0x230
[   76.555516][ T5109]  ? do_syscall_64+0xb6/0x230
[   76.557255][ T5109]  do_syscall_64+0xf3/0x230
[   76.559014][ T5109]  ? clear_bhb_loop+0x35/0x90
[   76.560891][ T5109]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.563173][ T5109] RIP: 0033:0x7f7d3337dff9
[   76.564914][ T5109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.572151][ T5109] RSP: 002b:00007f7d340d3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   76.575414][ T5109] RAX: ffffffffffffffda RBX: 00007f7d33535f80 RCX: 00007f7d3337dff9
[   76.578467][ T5109] RDX: 0000000000080001 RSI: 0000000020000200 RDI: ffffffffffffff9c
[   76.581403][ T5109] RBP: 00007f7d340d3090 R08: 0000000000000000 R09: 0000000000000000
[   76.584330][ T5109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   76.587317][ T5109] R13: 0000000000000000 R14: 00007f7d33535f80 R15: 00007fff052cc038
[   76.590331][ T5109]  </TASK>
[   77.488948][ T5094] Bluetooth: hci0: command tx timeout
[   79.569153][ T5094] Bluetooth: hci0: command tx timeout
[   81.648898][ T5094] Bluetooth: hci0: command tx timeout