program:
syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="120100002ec6601037210100352a010203010902120001000000000904"], 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x42801, 0x0) (fail_nth: 8)
[ 85.388225][ T5302] Bluetooth: hci0: command tx timeout
[ 85.678059][ T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 85.828667][ T9] usb 5-1: Using ep0 maxpacket: 16
[ 85.836920][ T9] usb 5-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35
[ 85.841558][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 85.845013][ T9] usb 5-1: Product: syz
[ 85.846743][ T9] usb 5-1: Manufacturer: syz
[ 85.849092][ T9] usb 5-1: SerialNumber: syz
[ 85.858573][ T9] usb 5-1: config 0 descriptor??
[ 85.874804][ T9] as10x_usb: device has been detected
[ 85.883179][ T9] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led))
[ 85.918904][ T9] usb 5-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))...
[ 85.950764][ T9] as10x_usb: error during firmware upload part1
[ 85.954959][ T9] Registered device Sky IT Digital Key (green led)
[ 86.064603][ T5326] random: crng reseeded on system resumption
[ 86.072999][ T5326] FAULT_INJECTION: forcing a failure.
[ 86.072999][ T5326] name failslab, interval 1, probability 0, space 0, times 1
[ 86.079532][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 86.079547][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 86.079553][ T5326] Call Trace:
[ 86.079557][ T5326]
[ 86.079562][ T5326] dump_stack_lvl+0x189/0x250
[ 86.079680][ T5326] ? __pfx____ratelimit+0x10/0x10
[ 86.079721][ T5326] ? __pfx_dump_stack_lvl+0x10/0x10
[ 86.079732][ T5326] ? __pfx__printk+0x10/0x10
[ 86.079753][ T5326] should_fail_ex+0x414/0x560
[ 86.079797][ T5326] should_failslab+0xa8/0x100
[ 86.079813][ T5326] __kmalloc_cache_noprof+0x6f/0x6f0
[ 86.079826][ T5326] ? async_schedule_node_domain+0x5b/0x120
[ 86.079837][ T5326] ? __pfx___async_dev_cache_fw_image+0x10/0x10
[ 86.082059][ T5326] async_schedule_node_domain+0x5b/0x120
[ 86.082071][ T5326] dev_cache_fw_image+0x364/0x3e0
[ 86.082087][ T5326] ? __pfx_dev_cache_fw_image+0x10/0x10
[ 86.082102][ T5326] ? __pfx_dev_cache_fw_image+0x10/0x10
[ 86.082115][ T5326] dpm_for_each_dev+0x56/0xb0
[ 86.082128][ T5326] fw_pm_notify+0x200/0x2a0
[ 86.082138][ T5326] ? __pfx_fw_pm_notify+0x10/0x10
[ 86.082145][ T5326] ? __pfx_autoremove_wake_function+0x10/0x10
[ 86.082155][ T5326] ? blocking_notifier_call_chain_robust+0x65/0x100
[ 86.082167][ T5326] notifier_call_chain+0x1b6/0x3e0
[ 86.082178][ T5326] blocking_notifier_call_chain_robust+0x85/0x100
[ 86.082188][ T5326] pm_notifier_call_chain_robust+0x2c/0x60
[ 86.082197][ T5326] snapshot_open+0x133/0x280
[ 86.082208][ T5326] ? __pfx_snapshot_open+0x10/0x10
[ 86.082216][ T5326] misc_open+0x2d5/0x350
[ 86.082231][ T5326] chrdev_open+0x4cc/0x5e0
[ 86.082245][ T5326] ? __pfx_chrdev_open+0x10/0x10
[ 86.082260][ T5326] ? fsnotify_open_perm_and_set_mode+0x113/0x610
[ 86.082285][ T5326] ? __pfx_chrdev_open+0x10/0x10
[ 86.082297][ T5326] do_dentry_open+0x953/0x13f0
[ 86.082320][ T5326] vfs_open+0x3b/0x340
[ 86.082332][ T5326] ? path_openat+0x2ecd/0x3830
[ 86.082344][ T5326] path_openat+0x2ee5/0x3830
[ 86.082375][ T5326] ? __pfx_path_openat+0x10/0x10
[ 86.082399][ T5326] do_filp_open+0x1fa/0x410
[ 86.082408][ T5326] ? __lock_acquire+0xab9/0xd20
[ 86.082419][ T5326] ? __pfx_do_filp_open+0x10/0x10
[ 86.082445][ T5326] ? _raw_spin_unlock+0x28/0x50
[ 86.082457][ T5326] ? alloc_fd+0x64c/0x6c0
[ 86.082477][ T5326] do_sys_openat2+0x121/0x1c0
[ 86.082488][ T5326] ? __pfx_do_sys_openat2+0x10/0x10
[ 86.082501][ T5326] ? ksys_write+0x22a/0x250
[ 86.082515][ T5326] ? __pfx_ksys_write+0x10/0x10
[ 86.082529][ T5326] __x64_sys_openat+0x138/0x170
[ 86.082543][ T5326] do_syscall_64+0xfa/0xfa0
[ 86.082553][ T5326] ? lockdep_hardirqs_on+0x9c/0x150
[ 86.082560][ T5326] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.082567][ T5326] ? clear_bhb_loop+0x60/0xb0
[ 86.082575][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.082583][ T5326] RIP: 0033:0x7f06d678eec9
[ 86.082593][ T5326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 86.082601][ T5326] RSP: 002b:00007f06d7654038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 86.082612][ T5326] RAX: ffffffffffffffda RBX: 00007f06d69e5fa0 RCX: 00007f06d678eec9
[ 86.082619][ T5326] RDX: 0000000000042801 RSI: 00002000000002c0 RDI: ffffffffffffff9c
[ 86.082625][ T5326] RBP: 00007f06d7654090 R08: 0000000000000000 R09: 0000000000000000
[ 86.082631][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 86.082636][ T5326] R13: 00007f06d69e6038 R14: 00007f06d69e5fa0 R15: 00007fffd39bb748
[ 86.082656][ T5326]
[ 86.085123][ T5326]
[ 86.232903][ T5326] ============================================
[ 86.235476][ T5326] WARNING: possible recursive locking detected
[ 86.238101][ T5326] syzkaller #0 Not tainted
[ 86.240025][ T5326] --------------------------------------------
[ 86.242660][ T5326] syz.0.0/5326 is trying to acquire lock:
[ 86.245157][ T5326] ffffffff8eae3148 (fw_lock){+.+.}-{4:4}, at: assign_fw+0x52/0x890
[ 86.248569][ T5326]
[ 86.248569][ T5326] but task is already holding lock:
[ 86.251995][ T5326] ffffffff8eae3148 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x1e8/0x2a0
[ 86.255624][ T5326]
[ 86.255624][ T5326] other info that might help us debug this:
[ 86.259114][ T5326] Possible unsafe locking scenario:
[ 86.259114][ T5326]
[ 86.262345][ T5326] CPU0
[ 86.263827][ T5326] ----
[ 86.265344][ T5326] lock(fw_lock);
[ 86.267111][ T5326] lock(fw_lock);
[ 86.268851][ T5326]
[ 86.268851][ T5326] *** DEADLOCK ***
[ 86.268851][ T5326]
[ 86.272114][ T5326] May be due to missing lock nesting notation
[ 86.272114][ T5326]
[ 86.275535][ T5326] 5 locks held by syz.0.0/5326:
[ 86.277666][ T5326] #0: ffffffff8e98cba8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[ 86.281074][ T5326] #1: ffffffff8dfed0e8 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x4a/0x70
[ 86.285059][ T5326] #2: ffffffff8e0107f0 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0x65/0x100
[ 86.289866][ T5326] #3: ffffffff8eae3148 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x1e8/0x2a0
[ 86.293457][ T5326] #4: ffffffff8eade1c8 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x29/0xb0
[ 86.297520][ T5326]
[ 86.297520][ T5326] stack backtrace:
[ 86.300079][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 86.300092][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 86.300098][ T5326] Call Trace:
[ 86.300106][ T5326]
[ 86.300111][ T5326] dump_stack_lvl+0x189/0x250
[ 86.300124][ T5326] ? __pfx_dump_stack_lvl+0x10/0x10
[ 86.300133][ T5326] ? __pfx__printk+0x10/0x10
[ 86.300142][ T5326] ? print_lock_name+0xde/0x100
[ 86.300150][ T5326] print_deadlock_bug+0x28b/0x2a0
[ 86.300164][ T5326] validate_chain+0x1a3f/0x2140
[ 86.300177][ T5326] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 86.300189][ T5326] ? lockdep_hardirqs_on+0x9c/0x150
[ 86.300202][ T5326] __lock_acquire+0xab9/0xd20
[ 86.300211][ T5326] ? assign_fw+0x52/0x890
[ 86.300219][ T5326] lock_acquire+0x120/0x360
[ 86.300227][ T5326] ? assign_fw+0x52/0x890
[ 86.300235][ T5326] ? __kasan_save_free_info+0x46/0x50
[ 86.300244][ T5326] ? kmem_cache_free+0x19b/0x690
[ 86.300254][ T5326] ? __async_dev_cache_fw_image+0x7f/0x280
[ 86.300273][ T5326] __mutex_lock+0x187/0x1350
[ 86.300285][ T5326] ? assign_fw+0x52/0x890
[ 86.300293][ T5326] ? path_openat+0x2ee5/0x3830
[ 86.300303][ T5326] ? do_filp_open+0x1fa/0x410
[ 86.300312][ T5326] ? __x64_sys_openat+0x138/0x170
[ 86.300320][ T5326] ? do_syscall_64+0xfa/0xfa0
[ 86.300330][ T5326] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.300342][ T5326] ? assign_fw+0x52/0x890
[ 86.300351][ T5326] ? __pfx___mutex_lock+0x10/0x10
[ 86.300365][ T5326] ? lockdep_hardirqs_on+0x9c/0x150
[ 86.300375][ T5326] assign_fw+0x52/0x890
[ 86.300382][ T5326] ? _request_firmware+0xe57/0x15b0
[ 86.300390][ T5326] ? kmem_cache_free+0x19b/0x690
[ 86.300400][ T5326] _request_firmware+0xeea/0x15b0
[ 86.300408][ T5326] ? __lock_acquire+0xab9/0xd20
[ 86.300419][ T5326] ? __pfx__request_firmware+0x10/0x10
[ 86.300427][ T5326] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 86.300435][ T5326] ? lockdep_hardirqs_on+0x9c/0x150
[ 86.300444][ T5326] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 86.300452][ T5326] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 86.300461][ T5326] __async_dev_cache_fw_image+0x7f/0x280
[ 86.300470][ T5326] ? __pfx___async_dev_cache_fw_image+0x10/0x10
[ 86.300479][ T5326] async_schedule_node_domain+0xde/0x120
[ 86.300490][ T5326] dev_cache_fw_image+0x364/0x3e0
[ 86.300499][ T5326] ? __pfx_dev_cache_fw_image+0x10/0x10
[ 86.300509][ T5326] ? __pfx_dev_cache_fw_image+0x10/0x10
[ 86.300518][ T5326] dpm_for_each_dev+0x56/0xb0
[ 86.300528][ T5326] fw_pm_notify+0x200/0x2a0
[ 86.300537][ T5326] ? __pfx_fw_pm_notify+0x10/0x10
[ 86.300545][ T5326] ? __pfx_autoremove_wake_function+0x10/0x10
[ 86.300556][ T5326] ? blocking_notifier_call_chain_robust+0x65/0x100
[ 86.300569][ T5326] notifier_call_chain+0x1b6/0x3e0
[ 86.300579][ T5326] blocking_notifier_call_chain_robust+0x85/0x100
[ 86.300590][ T5326] pm_notifier_call_chain_robust+0x2c/0x60
[ 86.300599][ T5326] snapshot_open+0x133/0x280
[ 86.300608][ T5326] ? __pfx_snapshot_open+0x10/0x10
[ 86.300617][ T5326] misc_open+0x2d5/0x350
[ 86.300631][ T5326] chrdev_open+0x4cc/0x5e0
[ 86.300644][ T5326] ? __pfx_chrdev_open+0x10/0x10
[ 86.300657][ T5326] ? fsnotify_open_perm_and_set_mode+0x113/0x610
[ 86.300672][ T5326] ? __pfx_chrdev_open+0x10/0x10
[ 86.300684][ T5326] do_dentry_open+0x953/0x13f0
[ 86.300701][ T5326] vfs_open+0x3b/0x340
[ 86.300714][ T5326] ? path_openat+0x2ecd/0x3830
[ 86.300724][ T5326] path_openat+0x2ee5/0x3830
[ 86.300742][ T5326] ? __pfx_path_openat+0x10/0x10
[ 86.300756][ T5326] do_filp_open+0x1fa/0x410
[ 86.300765][ T5326] ? __lock_acquire+0xab9/0xd20
[ 86.300775][ T5326] ? __pfx_do_filp_open+0x10/0x10
[ 86.300789][ T5326] ? _raw_spin_unlock+0x28/0x50
[ 86.300798][ T5326] ? alloc_fd+0x64c/0x6c0
[ 86.300812][ T5326] do_sys_openat2+0x121/0x1c0
[ 86.300822][ T5326] ? __pfx_do_sys_openat2+0x10/0x10
[ 86.300832][ T5326] ? ksys_write+0x22a/0x250
[ 86.300844][ T5326] ? __pfx_ksys_write+0x10/0x10
[ 86.300855][ T5326] __x64_sys_openat+0x138/0x170
[ 86.300866][ T5326] do_syscall_64+0xfa/0xfa0
[ 86.300876][ T5326] ? lockdep_hardirqs_on+0x9c/0x150
[ 86.300886][ T5326] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.300895][ T5326] ? clear_bhb_loop+0x60/0xb0
[ 86.300906][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.300916][ T5326] RIP: 0033:0x7f06d678eec9
[ 86.300927][ T5326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 86.300935][ T5326] RSP: 002b:00007f06d7654038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 86.300947][ T5326] RAX: ffffffffffffffda RBX: 00007f06d69e5fa0 RCX: 00007f06d678eec9
[ 86.300953][ T5326] RDX: 0000000000042801 RSI: 00002000000002c0 RDI: ffffffffffffff9c
[ 86.300959][ T5326] RBP: 00007f06d7654090 R08: 0000000000000000 R09: 0000000000000000
[ 86.300965][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 86.300971][ T5326] R13: 00007f06d69e6038 R14: 00007f06d69e5fa0 R15: 00007fffd39bb748
[ 86.300981][ T5326]
[ 87.458260][ T5302] Bluetooth: hci0: command tx timeout
[ 89.538736][ T5302] Bluetooth: hci0: command tx timeout
[ 91.618055][ T5302] Bluetooth: hci0: command tx timeout