program:
syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="120100002ec6601037210100352a010203010902120001000000000904"], 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x42801, 0x0) (fail_nth: 8)

[   74.862495][ T5315] Bluetooth: hci0: command tx timeout
[   75.172503][ T5329] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   75.323373][ T5329] usb 5-1: Using ep0 maxpacket: 16
[   75.332671][ T5329] usb 5-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35
[   75.336324][ T5329] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   75.340072][ T5329] usb 5-1: Product: syz
[   75.341793][ T5329] usb 5-1: Manufacturer: syz
[   75.344643][ T5329] usb 5-1: SerialNumber: syz
[   75.348909][ T5329] usb 5-1: config 0 descriptor??
[   75.361331][ T5329] as10x_usb: device has been detected
[   75.364693][ T5329] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led))
[   75.381554][ T5329] usb 5-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))...
[   75.401039][ T5329] as10x_usb: error during firmware upload part1
[   75.404762][ T5329] Registered device Sky IT Digital Key (green led)
[   75.561234][ T5335] random: crng reseeded on system resumption
[   75.570077][ T5335] FAULT_INJECTION: forcing a failure.
[   75.570077][ T5335] name failslab, interval 1, probability 0, space 0, times 1
[   75.575222][ T5335] CPU: 0 UID: 0 PID: 5335 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[   75.575239][ T5335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.575247][ T5335] Call Trace:
[   75.575254][ T5335]  <TASK>
[   75.575260][ T5335]  dump_stack_lvl+0x189/0x250
[   75.575346][ T5335]  ? __pfx____ratelimit+0x10/0x10
[   75.575395][ T5335]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.575408][ T5335]  ? __pfx__printk+0x10/0x10
[   75.575429][ T5335]  ? __lock_acquire+0xab9/0xd20
[   75.575444][ T5335]  should_fail_ex+0x414/0x560
[   75.575495][ T5335]  should_failslab+0xa8/0x100
[   75.575511][ T5335]  __kmalloc_cache_noprof+0x70/0x3d0
[   75.575525][ T5335]  ? async_schedule_node_domain+0x5b/0x120
[   75.575536][ T5335]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[   75.575551][ T5335]  async_schedule_node_domain+0x5b/0x120
[   75.575566][ T5335]  dev_cache_fw_image+0x364/0x3e0
[   75.575582][ T5335]  ? __pfx_dev_cache_fw_image+0x10/0x10
[   75.575596][ T5335]  ? __pfx_dev_cache_fw_image+0x10/0x10
[   75.575609][ T5335]  dpm_for_each_dev+0x53/0xb0
[   75.575623][ T5335]  fw_pm_notify+0x200/0x2a0
[   75.575634][ T5335]  ? __pfx_fw_pm_notify+0x10/0x10
[   75.575645][ T5335]  ? __pfx_autoremove_wake_function+0x10/0x10
[   75.575662][ T5335]  ? blocking_notifier_call_chain_robust+0x65/0x100
[   75.575683][ T5335]  notifier_call_chain+0x1b3/0x3e0
[   75.575703][ T5335]  blocking_notifier_call_chain_robust+0x85/0x100
[   75.575721][ T5335]  pm_notifier_call_chain_robust+0x2c/0x60
[   75.575734][ T5335]  snapshot_open+0x133/0x280
[   75.575747][ T5335]  ? __pfx_snapshot_open+0x10/0x10
[   75.575758][ T5335]  misc_open+0x2bc/0x330
[   75.575778][ T5335]  chrdev_open+0x4cc/0x5e0
[   75.575796][ T5335]  ? __pfx_chrdev_open+0x10/0x10
[   75.575814][ T5335]  ? __pfx_chrdev_open+0x10/0x10
[   75.575828][ T5335]  do_dentry_open+0xdf3/0x1970
[   75.575857][ T5335]  vfs_open+0x3b/0x340
[   75.575870][ T5335]  ? path_openat+0x2ecd/0x3830
[   75.575883][ T5335]  path_openat+0x2ee5/0x3830
[   75.575893][ T5335]  ? arch_stack_walk+0xfc/0x150
[   75.575932][ T5335]  ? __pfx_path_openat+0x10/0x10
[   75.575942][ T5335]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.575968][ T5335]  do_filp_open+0x1fa/0x410
[   75.575978][ T5335]  ? __lock_acquire+0xab9/0xd20
[   75.575992][ T5335]  ? __pfx_do_filp_open+0x10/0x10
[   75.576017][ T5335]  ? _raw_spin_unlock+0x28/0x50
[   75.576032][ T5335]  ? alloc_fd+0x64c/0x6c0
[   75.576054][ T5335]  do_sys_openat2+0x121/0x1c0
[   75.576072][ T5335]  ? __pfx_do_sys_openat2+0x10/0x10
[   75.576089][ T5335]  ? ksys_write+0x22a/0x250
[   75.576103][ T5335]  ? __pfx_ksys_write+0x10/0x10
[   75.576113][ T5335]  ? rcu_is_watching+0x15/0xb0
[   75.576127][ T5335]  __x64_sys_openat+0x138/0x170
[   75.576154][ T5335]  do_syscall_64+0xfa/0x3b0
[   75.576164][ T5335]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.576181][ T5335]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.576192][ T5335]  ? clear_bhb_loop+0x60/0xb0
[   75.576206][ T5335]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.576217][ T5335] RIP: 0033:0x7f545bf8e929
[   75.576228][ T5335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.576237][ T5335] RSP: 002b:00007f545ce7b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   75.576250][ T5335] RAX: ffffffffffffffda RBX: 00007f545c1b5fa0 RCX: 00007f545bf8e929
[   75.576258][ T5335] RDX: 0000000000042801 RSI: 00002000000002c0 RDI: ffffffffffffff9c
[   75.576266][ T5335] RBP: 00007f545ce7b090 R08: 0000000000000000 R09: 0000000000000000
[   75.576272][ T5335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   75.576279][ T5335] R13: 0000000000000000 R14: 00007f545c1b5fa0 R15: 00007ffd2b84b648
[   75.576296][ T5335]  </TASK>
[   75.579319][ T5335] 
[   75.734421][ T5335] ============================================
[   75.737484][ T5335] WARNING: possible recursive locking detected
[   75.740499][ T5335] 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 Not tainted
[   75.743578][ T5335] --------------------------------------------
[   75.746158][ T5335] syz.0.0/5335 is trying to acquire lock:
[   75.748487][ T5335] ffffffff8eb16408 (fw_lock){+.+.}-{4:4}, at: assign_fw+0x52/0x890
[   75.751803][ T5335] 
[   75.751803][ T5335] but task is already holding lock:
[   75.754959][ T5335] ffffffff8eb16408 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x1e8/0x2a0
[   75.758430][ T5335] 
[   75.758430][ T5335] other info that might help us debug this:
[   75.761785][ T5335]  Possible unsafe locking scenario:
[   75.761785][ T5335] 
[   75.765326][ T5335]        CPU0
[   75.766833][ T5335]        ----
[   75.768245][ T5335]   lock(fw_lock);
[   75.769844][ T5335]   lock(fw_lock);
[   75.771474][ T5335] 
[   75.771474][ T5335]  *** DEADLOCK ***
[   75.771474][ T5335] 
[   75.774730][ T5335]  May be due to missing lock nesting notation
[   75.774730][ T5335] 
[   75.778234][ T5335] 5 locks held by syz.0.0/5335:
[   75.780642][ T5335]  #0: ffffffff8e9c2d88 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[   75.784848][ T5335]  #1: ffffffff8dfee568 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x4a/0x70
[   75.789188][ T5335]  #2: ffffffff8e012990 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0x65/0x100
[   75.793987][ T5335]  #3: ffffffff8eb16408 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x1e8/0x2a0
[   75.797654][ T5335]  #4: ffffffff8eb11488 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x29/0xb0
[   75.801789][ T5335] 
[   75.801789][ T5335] stack backtrace:
[   75.804333][ T5335] CPU: 0 UID: 0 PID: 5335 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[   75.804347][ T5335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.804353][ T5335] Call Trace:
[   75.804360][ T5335]  <TASK>
[   75.804365][ T5335]  dump_stack_lvl+0x189/0x250
[   75.804386][ T5335]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.804399][ T5335]  ? __pfx__printk+0x10/0x10
[   75.804417][ T5335]  ? print_lock_name+0xde/0x100
[   75.804432][ T5335]  print_deadlock_bug+0x28b/0x2a0
[   75.804446][ T5335]  validate_chain+0x1a3f/0x2140
[   75.804460][ T5335]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   75.804476][ T5335]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.804493][ T5335]  __lock_acquire+0xab9/0xd20
[   75.804505][ T5335]  ? assign_fw+0x52/0x890
[   75.804514][ T5335]  lock_acquire+0x120/0x360
[   75.804524][ T5335]  ? assign_fw+0x52/0x890
[   75.804560][ T5335]  ? kasan_save_free_info+0x46/0x50
[   75.804578][ T5335]  ? kmem_cache_free+0x18f/0x400
[   75.804593][ T5335]  ? __async_dev_cache_fw_image+0x7f/0x280
[   75.804606][ T5335]  __mutex_lock+0x182/0xe80
[   75.804616][ T5335]  ? assign_fw+0x52/0x890
[   75.804624][ T5335]  ? path_openat+0x2ee5/0x3830
[   75.804635][ T5335]  ? do_filp_open+0x1fa/0x410
[   75.804644][ T5335]  ? __x64_sys_openat+0x138/0x170
[   75.804658][ T5335]  ? do_syscall_64+0xfa/0x3b0
[   75.804668][ T5335]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.804679][ T5335]  ? assign_fw+0x52/0x890
[   75.804688][ T5335]  ? __pfx___mutex_lock+0x10/0x10
[   75.804700][ T5335]  ? kasan_quarantine_put+0xdd/0x220
[   75.804711][ T5335]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.804729][ T5335]  assign_fw+0x52/0x890
[   75.804739][ T5335]  ? _request_firmware+0xe57/0x15b0
[   75.804750][ T5335]  ? kmem_cache_free+0x18f/0x400
[   75.804765][ T5335]  _request_firmware+0xeea/0x15b0
[   75.804775][ T5335]  ? __lock_acquire+0xab9/0xd20
[   75.804788][ T5335]  ? __pfx__request_firmware+0x10/0x10
[   75.804797][ T5335]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   75.804811][ T5335]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.804826][ T5335]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   75.804840][ T5335]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   75.804854][ T5335]  ? async_schedule_node_domain+0xa5/0x120
[   75.804865][ T5335]  __async_dev_cache_fw_image+0x7f/0x280
[   75.804876][ T5335]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[   75.804889][ T5335]  async_schedule_node_domain+0xde/0x120
[   75.804902][ T5335]  dev_cache_fw_image+0x364/0x3e0
[   75.804916][ T5335]  ? __pfx_dev_cache_fw_image+0x10/0x10
[   75.804930][ T5335]  ? __pfx_dev_cache_fw_image+0x10/0x10
[   75.804940][ T5335]  dpm_for_each_dev+0x53/0xb0
[   75.804952][ T5335]  fw_pm_notify+0x200/0x2a0
[   75.804962][ T5335]  ? __pfx_fw_pm_notify+0x10/0x10
[   75.804972][ T5335]  ? __pfx_autoremove_wake_function+0x10/0x10
[   75.804986][ T5335]  ? blocking_notifier_call_chain_robust+0x65/0x100
[   75.805001][ T5335]  notifier_call_chain+0x1b3/0x3e0
[   75.805015][ T5335]  blocking_notifier_call_chain_robust+0x85/0x100
[   75.805029][ T5335]  pm_notifier_call_chain_robust+0x2c/0x60
[   75.805039][ T5335]  snapshot_open+0x133/0x280
[   75.805052][ T5335]  ? __pfx_snapshot_open+0x10/0x10
[   75.805064][ T5335]  misc_open+0x2bc/0x330
[   75.805083][ T5335]  chrdev_open+0x4cc/0x5e0
[   75.805103][ T5335]  ? __pfx_chrdev_open+0x10/0x10
[   75.805117][ T5335]  ? __pfx_chrdev_open+0x10/0x10
[   75.805130][ T5335]  do_dentry_open+0xdf3/0x1970
[   75.805147][ T5335]  vfs_open+0x3b/0x340
[   75.805160][ T5335]  ? path_openat+0x2ecd/0x3830
[   75.805171][ T5335]  path_openat+0x2ee5/0x3830
[   75.805181][ T5335]  ? arch_stack_walk+0xfc/0x150
[   75.805202][ T5335]  ? __pfx_path_openat+0x10/0x10
[   75.805213][ T5335]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.805229][ T5335]  do_filp_open+0x1fa/0x410
[   75.805241][ T5335]  ? __lock_acquire+0xab9/0xd20
[   75.805253][ T5335]  ? __pfx_do_filp_open+0x10/0x10
[   75.805268][ T5335]  ? _raw_spin_unlock+0x28/0x50
[   75.805282][ T5335]  ? alloc_fd+0x64c/0x6c0
[   75.805298][ T5335]  do_sys_openat2+0x121/0x1c0
[   75.805316][ T5335]  ? __pfx_do_sys_openat2+0x10/0x10
[   75.805330][ T5335]  ? ksys_write+0x22a/0x250
[   75.805341][ T5335]  ? __pfx_ksys_write+0x10/0x10
[   75.805351][ T5335]  ? rcu_is_watching+0x15/0xb0
[   75.805364][ T5335]  __x64_sys_openat+0x138/0x170
[   75.805380][ T5335]  do_syscall_64+0xfa/0x3b0
[   75.805390][ T5335]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.805406][ T5335]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.805417][ T5335]  ? clear_bhb_loop+0x60/0xb0
[   75.805430][ T5335]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.805442][ T5335] RIP: 0033:0x7f545bf8e929
[   75.805456][ T5335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.805465][ T5335] RSP: 002b:00007f545ce7b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   75.805478][ T5335] RAX: ffffffffffffffda RBX: 00007f545c1b5fa0 RCX: 00007f545bf8e929
[   75.805485][ T5335] RDX: 0000000000042801 RSI: 00002000000002c0 RDI: ffffffffffffff9c
[   75.805493][ T5335] RBP: 00007f545ce7b090 R08: 0000000000000000 R09: 0000000000000000
[   75.805499][ T5335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   75.805505][ T5335] R13: 0000000000000000 R14: 00007f545c1b5fa0 R15: 00007ffd2b84b648
[   75.805515][ T5335]  </TASK>
[   76.153933][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[   76.156619][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[   76.872359][ T5315] Bluetooth: hci0: command tx timeout
[   78.952753][ T5315] Bluetooth: hci0: command tx timeout
[   81.032217][ T5315] Bluetooth: hci0: command tx timeout