program:
syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="120100002ec6601037210100352a010203010902120001000000000904"], 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x42801, 0x0) (fail_nth: 8)

[   76.037650][ T5299] Bluetooth: hci0: command tx timeout
[   76.313657][ T5298] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   76.376761][ T1313] ieee802154 phy0 wpan0: encryption failed: -22
[   76.380158][ T1313] ieee802154 phy1 wpan1: encryption failed: -22
[   76.463153][ T5298] usb 5-1: Using ep0 maxpacket: 16
[   76.471518][ T5298] usb 5-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35
[   76.477354][ T5298] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   76.481371][ T5298] usb 5-1: Product: syz
[   76.483747][ T5298] usb 5-1: Manufacturer: syz
[   76.486023][ T5298] usb 5-1: SerialNumber: syz
[   76.494393][ T5298] usb 5-1: config 0 descriptor??
[   76.505128][ T5298] as10x_usb: device has been detected
[   76.508486][ T5298] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led))
[   76.527053][ T5298] usb 5-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))...
[   76.547947][ T5298] as10x_usb: error during firmware upload part1
[   76.551136][ T5298] Registered device Sky IT Digital Key (green led)
[   76.701419][ T5314] random: crng reseeded on system resumption
[   76.709836][ T5314] FAULT_INJECTION: forcing a failure.
[   76.709836][ T5314] name failslab, interval 1, probability 0, space 0, times 1
[   76.716489][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Not tainted 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full) 
[   76.716504][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.716511][ T5314] Call Trace:
[   76.716516][ T5314]  <TASK>
[   76.716521][ T5314]  dump_stack_lvl+0x189/0x250
[   76.716645][ T5314]  ? __pfx____ratelimit+0x10/0x10
[   76.716702][ T5314]  ? __pfx_dump_stack_lvl+0x10/0x10
[   76.716717][ T5314]  ? __pfx__printk+0x10/0x10
[   76.716733][ T5314]  ? __lock_acquire+0xab9/0xd20
[   76.716747][ T5314]  should_fail_ex+0x414/0x560
[   76.716799][ T5314]  should_failslab+0xa8/0x100
[   76.716815][ T5314]  __kmalloc_cache_noprof+0x70/0x3d0
[   76.716829][ T5314]  ? async_schedule_node_domain+0x5b/0x120
[   76.716842][ T5314]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[   76.716857][ T5314]  async_schedule_node_domain+0x5b/0x120
[   76.716872][ T5314]  dev_cache_fw_image+0x364/0x3e0
[   76.716888][ T5314]  ? __pfx_dev_cache_fw_image+0x10/0x10
[   76.716905][ T5314]  ? __pfx_dev_cache_fw_image+0x10/0x10
[   76.716918][ T5314]  dpm_for_each_dev+0x56/0xb0
[   76.716933][ T5314]  fw_pm_notify+0x200/0x2a0
[   76.716945][ T5314]  ? __pfx_fw_pm_notify+0x10/0x10
[   76.716957][ T5314]  ? __pfx_autoremove_wake_function+0x10/0x10
[   76.716973][ T5314]  ? blocking_notifier_call_chain_robust+0x65/0x100
[   76.716994][ T5314]  notifier_call_chain+0x1b6/0x3e0
[   76.717013][ T5314]  blocking_notifier_call_chain_robust+0x85/0x100
[   76.717030][ T5314]  pm_notifier_call_chain_robust+0x2c/0x60
[   76.717043][ T5314]  snapshot_open+0x133/0x280
[   76.717056][ T5314]  ? __pfx_snapshot_open+0x10/0x10
[   76.717066][ T5314]  misc_open+0x2bc/0x330
[   76.717080][ T5314]  chrdev_open+0x4cc/0x5e0
[   76.717098][ T5314]  ? __pfx_chrdev_open+0x10/0x10
[   76.717115][ T5314]  ? __pfx_chrdev_open+0x10/0x10
[   76.717128][ T5314]  do_dentry_open+0xdf3/0x1970
[   76.717156][ T5314]  vfs_open+0x3b/0x340
[   76.717169][ T5314]  ? path_openat+0x2ecd/0x3830
[   76.717185][ T5314]  path_openat+0x2ee5/0x3830
[   76.717195][ T5314]  ? arch_stack_walk+0xfc/0x150
[   76.717232][ T5314]  ? __pfx_path_openat+0x10/0x10
[   76.717242][ T5314]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.717266][ T5314]  do_filp_open+0x1fa/0x410
[   76.717276][ T5314]  ? __lock_acquire+0xab9/0xd20
[   76.717288][ T5314]  ? __pfx_do_filp_open+0x10/0x10
[   76.717313][ T5314]  ? _raw_spin_unlock+0x28/0x50
[   76.717328][ T5314]  ? alloc_fd+0x64c/0x6c0
[   76.717351][ T5314]  do_sys_openat2+0x121/0x1c0
[   76.717369][ T5314]  ? __pfx_do_sys_openat2+0x10/0x10
[   76.717380][ T5314]  ? ksys_write+0x22a/0x250
[   76.717394][ T5314]  ? __pfx_ksys_write+0x10/0x10
[   76.717404][ T5314]  ? rcu_is_watching+0x15/0xb0
[   76.717420][ T5314]  __x64_sys_openat+0x138/0x170
[   76.717435][ T5314]  do_syscall_64+0xfa/0x3b0
[   76.717447][ T5314]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.717457][ T5314]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.717466][ T5314]  ? clear_bhb_loop+0x60/0xb0
[   76.717479][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.717488][ T5314] RIP: 0033:0x7fad6a38e969
[   76.717500][ T5314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.717508][ T5314] RSP: 002b:00007fad6b220038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   76.717520][ T5314] RAX: ffffffffffffffda RBX: 00007fad6a5b5fa0 RCX: 00007fad6a38e969
[   76.717527][ T5314] RDX: 0000000000042801 RSI: 00002000000002c0 RDI: ffffffffffffff9c
[   76.717534][ T5314] RBP: 00007fad6b220090 R08: 0000000000000000 R09: 0000000000000000
[   76.717540][ T5314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   76.717546][ T5314] R13: 0000000000000000 R14: 00007fad6a5b5fa0 R15: 00007ffebd849ff8
[   76.717562][ T5314]  </TASK>
[   76.720096][ T5314] 
[   76.868879][ T5314] ============================================
[   76.871458][ T5314] WARNING: possible recursive locking detected
[   76.873942][ T5314] 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 Not tainted
[   76.876765][ T5314] --------------------------------------------
[   76.879406][ T5314] syz.0.0/5314 is trying to acquire lock:
[   76.881766][ T5314] ffffffff8eb13828 (fw_lock){+.+.}-{4:4}, at: assign_fw+0x52/0x890
[   76.885090][ T5314] 
[   76.885090][ T5314] but task is already holding lock:
[   76.888180][ T5314] ffffffff8eb13828 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x1e8/0x2a0
[   76.891690][ T5314] 
[   76.891690][ T5314] other info that might help us debug this:
[   76.895088][ T5314]  Possible unsafe locking scenario:
[   76.895088][ T5314] 
[   76.898227][ T5314]        CPU0
[   76.899676][ T5314]        ----
[   76.901104][ T5314]   lock(fw_lock);
[   76.902766][ T5314]   lock(fw_lock);
[   76.904405][ T5314] 
[   76.904405][ T5314]  *** DEADLOCK ***
[   76.904405][ T5314] 
[   76.907928][ T5314]  May be due to missing lock nesting notation
[   76.907928][ T5314] 
[   76.911466][ T5314] 5 locks held by syz.0.0/5314:
[   76.913664][ T5314]  #0: ffffffff8e9c04c8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[   76.917313][ T5314]  #1: ffffffff8dfec508 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x4a/0x70
[   76.921442][ T5314]  #2: ffffffff8e010490 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0x65/0x100
[   76.926390][ T5314]  #3: ffffffff8eb13828 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x1e8/0x2a0
[   76.930023][ T5314]  #4: ffffffff8eb0e8a8 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x29/0xb0
[   76.933902][ T5314] 
[   76.933902][ T5314] stack backtrace:
[   76.936478][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Not tainted 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full) 
[   76.936491][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.936498][ T5314] Call Trace:
[   76.936505][ T5314]  <TASK>
[   76.936511][ T5314]  dump_stack_lvl+0x189/0x250
[   76.936530][ T5314]  ? __pfx_dump_stack_lvl+0x10/0x10
[   76.936539][ T5314]  ? __pfx__printk+0x10/0x10
[   76.936547][ T5314]  ? print_lock_name+0xde/0x100
[   76.936553][ T5314]  print_deadlock_bug+0x28b/0x2a0
[   76.936563][ T5314]  validate_chain+0x1a3f/0x2140
[   76.936571][ T5314]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   76.936581][ T5314]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.936590][ T5314]  __lock_acquire+0xab9/0xd20
[   76.936598][ T5314]  ? assign_fw+0x52/0x890
[   76.936605][ T5314]  lock_acquire+0x120/0x360
[   76.936611][ T5314]  ? assign_fw+0x52/0x890
[   76.936618][ T5314]  ? kasan_save_free_info+0x46/0x50
[   76.936628][ T5314]  ? kmem_cache_free+0x18f/0x400
[   76.936636][ T5314]  ? __async_dev_cache_fw_image+0x7f/0x280
[   76.936645][ T5314]  __mutex_lock+0x182/0xe80
[   76.936652][ T5314]  ? assign_fw+0x52/0x890
[   76.936658][ T5314]  ? path_openat+0x2ee5/0x3830
[   76.936664][ T5314]  ? do_filp_open+0x1fa/0x410
[   76.936670][ T5314]  ? __x64_sys_openat+0x138/0x170
[   76.936675][ T5314]  ? do_syscall_64+0xfa/0x3b0
[   76.936682][ T5314]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.936689][ T5314]  ? assign_fw+0x52/0x890
[   76.936696][ T5314]  ? __pfx___mutex_lock+0x10/0x10
[   76.936704][ T5314]  ? kasan_quarantine_put+0xdd/0x220
[   76.936710][ T5314]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.936716][ T5314]  assign_fw+0x52/0x890
[   76.936723][ T5314]  ? _request_firmware+0xe57/0x15b0
[   76.936729][ T5314]  ? kmem_cache_free+0x18f/0x400
[   76.936737][ T5314]  _request_firmware+0xeea/0x15b0
[   76.936744][ T5314]  ? __lock_acquire+0xab9/0xd20
[   76.936752][ T5314]  ? __pfx__request_firmware+0x10/0x10
[   76.936759][ T5314]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   76.936767][ T5314]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.936773][ T5314]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   76.936782][ T5314]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   76.936790][ T5314]  ? async_schedule_node_domain+0xa5/0x120
[   76.936798][ T5314]  __async_dev_cache_fw_image+0x7f/0x280
[   76.936806][ T5314]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[   76.936815][ T5314]  async_schedule_node_domain+0xe1/0x120
[   76.936826][ T5314]  dev_cache_fw_image+0x364/0x3e0
[   76.936839][ T5314]  ? __pfx_dev_cache_fw_image+0x10/0x10
[   76.936850][ T5314]  ? __pfx_dev_cache_fw_image+0x10/0x10
[   76.936861][ T5314]  dpm_for_each_dev+0x56/0xb0
[   76.936875][ T5314]  fw_pm_notify+0x200/0x2a0
[   76.936886][ T5314]  ? __pfx_fw_pm_notify+0x10/0x10
[   76.936893][ T5314]  ? __pfx_autoremove_wake_function+0x10/0x10
[   76.936902][ T5314]  ? blocking_notifier_call_chain_robust+0x65/0x100
[   76.936912][ T5314]  notifier_call_chain+0x1b6/0x3e0
[   76.936921][ T5314]  blocking_notifier_call_chain_robust+0x85/0x100
[   76.936930][ T5314]  pm_notifier_call_chain_robust+0x2c/0x60
[   76.936938][ T5314]  snapshot_open+0x133/0x280
[   76.936945][ T5314]  ? __pfx_snapshot_open+0x10/0x10
[   76.936951][ T5314]  misc_open+0x2bc/0x330
[   76.936960][ T5314]  chrdev_open+0x4cc/0x5e0
[   76.936969][ T5314]  ? __pfx_chrdev_open+0x10/0x10
[   76.936977][ T5314]  ? __pfx_chrdev_open+0x10/0x10
[   76.936984][ T5314]  do_dentry_open+0xdf3/0x1970
[   76.936995][ T5314]  vfs_open+0x3b/0x340
[   76.937003][ T5314]  ? path_openat+0x2ecd/0x3830
[   76.937010][ T5314]  path_openat+0x2ee5/0x3830
[   76.937016][ T5314]  ? arch_stack_walk+0xfc/0x150
[   76.937029][ T5314]  ? __pfx_path_openat+0x10/0x10
[   76.937035][ T5314]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.937043][ T5314]  do_filp_open+0x1fa/0x410
[   76.937050][ T5314]  ? __lock_acquire+0xab9/0xd20
[   76.937056][ T5314]  ? __pfx_do_filp_open+0x10/0x10
[   76.937065][ T5314]  ? _raw_spin_unlock+0x28/0x50
[   76.937073][ T5314]  ? alloc_fd+0x64c/0x6c0
[   76.937083][ T5314]  do_sys_openat2+0x121/0x1c0
[   76.937089][ T5314]  ? __pfx_do_sys_openat2+0x10/0x10
[   76.937094][ T5314]  ? ksys_write+0x22a/0x250
[   76.937103][ T5314]  ? __pfx_ksys_write+0x10/0x10
[   76.937112][ T5314]  ? rcu_is_watching+0x15/0xb0
[   76.937125][ T5314]  __x64_sys_openat+0x138/0x170
[   76.937136][ T5314]  do_syscall_64+0xfa/0x3b0
[   76.937146][ T5314]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.937154][ T5314]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.937163][ T5314]  ? clear_bhb_loop+0x60/0xb0
[   76.937175][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.937190][ T5314] RIP: 0033:0x7fad6a38e969
[   76.937211][ T5314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.937224][ T5314] RSP: 002b:00007fad6b220038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   76.937236][ T5314] RAX: ffffffffffffffda RBX: 00007fad6a5b5fa0 RCX: 00007fad6a38e969
[   76.937243][ T5314] RDX: 0000000000042801 RSI: 00002000000002c0 RDI: ffffffffffffff9c
[   76.937250][ T5314] RBP: 00007fad6b220090 R08: 0000000000000000 R09: 0000000000000000
[   76.937256][ T5314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   76.937261][ T5314] R13: 0000000000000000 R14: 00007fad6a5b5fa0 R15: 00007ffebd849ff8
[   76.937272][ T5314]  </TASK>
[   78.053217][ T5299] Bluetooth: hci0: command tx timeout
[   80.133561][ T5299] Bluetooth: hci0: command tx timeout
[   82.213199][ T5299] Bluetooth: hci0: command tx timeout