program:
syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="120100002ec6601037210100352a010203010902120001000000000904"], 0x0)
copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x9, 0x0)
syz_usb_ep_write$ath9k_ep1(0xffffffffffffffff, 0x82, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x42801, 0x0) (fail_nth: 8)
[ 84.764640][ T5299] Bluetooth: hci0: command tx timeout
qemu-system-x86_64: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0xc1000)
[ 85.063738][ T5323] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 85.215183][ T5323] usb 5-1: Using ep0 maxpacket: 16
[ 85.226751][ T5323] usb 5-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35
[ 85.232487][ T5323] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 85.236705][ T5323] usb 5-1: Product: syz
[ 85.238592][ T5323] usb 5-1: Manufacturer: syz
[ 85.240836][ T5323] usb 5-1: SerialNumber: syz
[ 85.255510][ T5323] usb 5-1: config 0 descriptor??
[ 85.292139][ T5323] as10x_usb: device has been detected
[ 85.297427][ T5323] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led))
[ 85.319893][ T5323] usb 5-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))...
[ 85.367095][ T5323] as10x_usb: error during firmware upload part1
[ 85.371722][ T5323] Registered device Sky IT Digital Key (green led)
[ 85.467931][ T5326] random: crng reseeded on system resumption
[ 85.477290][ T5326] FAULT_INJECTION: forcing a failure.
[ 85.477290][ T5326] name failslab, interval 1, probability 0, space 0, times 1
[ 85.488216][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 85.488235][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 85.488242][ T5326] Call Trace:
[ 85.488247][ T5326]
[ 85.488253][ T5326] dump_stack_lvl+0xe8/0x150
[ 85.488402][ T5326] should_fail_ex+0x412/0x560
[ 85.488478][ T5326] should_failslab+0xa8/0x100
[ 85.488496][ T5326] __kmalloc_cache_noprof+0x88/0x660
[ 85.488516][ T5326] ? async_schedule_node_domain+0x5b/0x120
[ 85.488537][ T5326] ? __pfx___async_dev_cache_fw_image+0x10/0x10
[ 85.488557][ T5326] async_schedule_node_domain+0x5b/0x120
[ 85.488573][ T5326] dev_cache_fw_image+0x36c/0x3f0
[ 85.488595][ T5326] ? __pfx_dev_cache_fw_image+0x10/0x10
[ 85.488606][ T5326] ? dpm_for_each_dev+0x7d/0xb0
[ 85.488623][ T5326] ? dev_cache_fw_image+0xe/0x3f0
[ 85.488636][ T5326] ? __pfx_dev_cache_fw_image+0x10/0x10
[ 85.488650][ T5326] dpm_for_each_dev+0x56/0xb0
[ 85.488665][ T5326] fw_pm_notify+0x20c/0x2d0
[ 85.488677][ T5326] ? __pfx_fw_pm_notify+0x10/0x10
[ 85.488690][ T5326] ? __pfx_autoremove_wake_function+0x10/0x10
[ 85.488713][ T5326] notifier_call_chain+0x1be/0x400
[ 85.488741][ T5326] blocking_notifier_call_chain_robust+0x85/0x100
[ 85.488761][ T5326] pm_notifier_call_chain_robust+0x2c/0x60
[ 85.488779][ T5326] snapshot_open+0x133/0x280
[ 85.488793][ T5326] ? __pfx_snapshot_open+0x10/0x10
[ 85.488806][ T5326] misc_open+0x2d5/0x350
[ 85.488823][ T5326] chrdev_open+0x4cd/0x5e0
[ 85.488847][ T5326] ? __pfx_chrdev_open+0x10/0x10
[ 85.488858][ T5326] ? fsnotify_open_perm_and_set_mode+0x135/0x6d0
[ 85.488877][ T5326] ? __pfx_chrdev_open+0x10/0x10
[ 85.488887][ T5326] do_dentry_open+0x785/0x14e0
[ 85.488910][ T5326] vfs_open+0x3b/0x340
[ 85.488921][ T5326] ? path_openat+0x2df0/0x3860
[ 85.488939][ T5326] path_openat+0x2e08/0x3860
[ 85.488962][ T5326] ? __pfx_stack_trace_save+0x10/0x10
[ 85.488978][ T5326] ? stack_depot_save_flags+0x33/0x810
[ 85.488997][ T5326] ? __pfx_path_openat+0x10/0x10
[ 85.489013][ T5326] ? __x64_sys_openat+0x138/0x170
[ 85.489024][ T5326] ? do_syscall_64+0x14d/0xf80
[ 85.489085][ T5326] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.489102][ T5326] ? __lock_acquire+0x6b5/0x2cf0
[ 85.489122][ T5326] do_file_open+0x23e/0x4a0
[ 85.489141][ T5326] ? __pfx_do_file_open+0x10/0x10
[ 85.489170][ T5326] ? _raw_spin_unlock+0x28/0x50
[ 85.489184][ T5326] ? alloc_fd+0x64b/0x6c0
[ 85.489205][ T5326] do_sys_openat2+0x113/0x200
[ 85.489220][ T5326] ? __pfx_do_sys_openat2+0x10/0x10
[ 85.489236][ T5326] ? rcu_is_watching+0x15/0xb0
[ 85.489255][ T5326] __x64_sys_openat+0x138/0x170
[ 85.489271][ T5326] do_syscall_64+0x14d/0xf80
[ 85.489285][ T5326] ? trace_irq_disable+0x3b/0x150
[ 85.489304][ T5326] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.489315][ T5326] ? clear_bhb_loop+0x40/0x90
[ 85.489330][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.489343][ T5326] RIP: 0033:0x7f960d79c799
[ 85.489357][ T5326] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 85.489366][ T5326] RSP: 002b:00007f960e6a6fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 85.489381][ T5326] RAX: ffffffffffffffda RBX: 00007f960da15fa0 RCX: 00007f960d79c799
[ 85.489387][ T5326] RDX: 0000000000042801 RSI: 00002000000002c0 RDI: ffffffffffffff9c
[ 85.489393][ T5326] RBP: 00007f960e6a7050 R08: 0000000000000000 R09: 0000000000000000
[ 85.489399][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 85.489404][ T5326] R13: 00007f960da16038 R14: 00007f960da15fa0 R15: 00007fff62f72288
[ 85.489423][ T5326]
[ 85.491789][ T5326]
[ 85.678427][ T5326] ============================================
[ 85.682126][ T5326] WARNING: possible recursive locking detected
[ 85.685520][ T5326] syzkaller #0 Not tainted
[ 85.688043][ T5326] --------------------------------------------
[ 85.691550][ T5326] syz.0.0/5326 is trying to acquire lock:
[ 85.695223][ T5326] ffffffff8f1936a8 (fw_lock){+.+.}-{4:4}, at: assign_fw+0x52/0x8d0
[ 85.700308][ T5326]
[ 85.700308][ T5326] but task is already holding lock:
[ 85.704490][ T5326] ffffffff8f1936a8 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x1f4/0x2d0
[ 85.709115][ T5326]
[ 85.709115][ T5326] other info that might help us debug this:
[ 85.714779][ T5326] Possible unsafe locking scenario:
[ 85.714779][ T5326]
[ 85.719405][ T5326] CPU0
[ 85.721224][ T5326] ----
[ 85.722927][ T5326] lock(fw_lock);
[ 85.725075][ T5326] lock(fw_lock);
[ 85.726955][ T5326]
[ 85.726955][ T5326] *** DEADLOCK ***
[ 85.726955][ T5326]
[ 85.731003][ T5326] May be due to missing lock nesting notation
[ 85.731003][ T5326]
[ 85.735702][ T5326] 5 locks held by syz.0.0/5326:
[ 85.738654][ T5326] #0: ffffffff8f019e28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[ 85.743293][ T5326] #1: ffffffff8e607d68 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x49/0x70
[ 85.747997][ T5326] #2: ffffffff8e62f350 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0x65/0x100
[ 85.754309][ T5326] #3: ffffffff8f1936a8 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x1f4/0x2d0
[ 85.758985][ T5326] #4: ffffffff8f18e548 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x29/0xb0
[ 85.764137][ T5326]
[ 85.764137][ T5326] stack backtrace:
[ 85.766858][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 85.766882][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 85.766889][ T5326] Call Trace:
[ 85.766902][ T5326]
[ 85.766910][ T5326] dump_stack_lvl+0xe8/0x150
[ 85.766945][ T5326] print_deadlock_bug+0x279/0x290
[ 85.766964][ T5326] __lock_acquire+0x253f/0x2cf0
[ 85.766978][ T5326] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 85.766995][ T5326] ? lockdep_hardirqs_on+0x7a/0x110
[ 85.767009][ T5326] ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 85.767020][ T5326] ? stack_depot_save_flags+0x3f3/0x810
[ 85.767033][ T5326] lock_acquire+0xf0/0x2e0
[ 85.767044][ T5326] ? assign_fw+0x52/0x8d0
[ 85.767059][ T5326] __mutex_lock+0x19f/0x1300
[ 85.767074][ T5326] ? assign_fw+0x52/0x8d0
[ 85.767082][ T5326] ? path_openat+0x2e08/0x3860
[ 85.767099][ T5326] ? do_sys_openat2+0x113/0x200
[ 85.767111][ T5326] ? __x64_sys_openat+0x138/0x170
[ 85.767121][ T5326] ? do_syscall_64+0x14d/0xf80
[ 85.767135][ T5326] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.767146][ T5326] ? assign_fw+0x52/0x8d0
[ 85.767158][ T5326] ? __pfx___mutex_lock+0x10/0x10
[ 85.767173][ T5326] ? kasan_quarantine_put+0xbb/0x1f0
[ 85.767191][ T5326] ? lockdep_hardirqs_on+0x7a/0x110
[ 85.767203][ T5326] assign_fw+0x52/0x8d0
[ 85.767214][ T5326] ? kfree+0x1c1/0x630
[ 85.767231][ T5326] ? _request_firmware+0xf11/0x1780
[ 85.767241][ T5326] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 85.767253][ T5326] _request_firmware+0xfb6/0x1780
[ 85.767266][ T5326] ? __pfx__request_firmware+0x10/0x10
[ 85.767276][ T5326] ? do_raw_spin_lock+0x12b/0x2f0
[ 85.767287][ T5326] __async_dev_cache_fw_image+0x7f/0x2d0
[ 85.767301][ T5326] ? __pfx___async_dev_cache_fw_image+0x10/0x10
[ 85.767314][ T5326] async_schedule_node_domain+0xe1/0x120
[ 85.767333][ T5326] dev_cache_fw_image+0x36c/0x3f0
[ 85.767346][ T5326] ? __pfx_dev_cache_fw_image+0x10/0x10
[ 85.767356][ T5326] ? dpm_for_each_dev+0x7d/0xb0
[ 85.767369][ T5326] ? dev_cache_fw_image+0xe/0x3f0
[ 85.767380][ T5326] ? __pfx_dev_cache_fw_image+0x10/0x10
[ 85.767391][ T5326] dpm_for_each_dev+0x56/0xb0
[ 85.767403][ T5326] fw_pm_notify+0x20c/0x2d0
[ 85.767413][ T5326] ? __pfx_fw_pm_notify+0x10/0x10
[ 85.767423][ T5326] ? __pfx_autoremove_wake_function+0x10/0x10
[ 85.767437][ T5326] notifier_call_chain+0x1be/0x400
[ 85.767460][ T5326] blocking_notifier_call_chain_robust+0x85/0x100
[ 85.767474][ T5326] pm_notifier_call_chain_robust+0x2c/0x60
[ 85.767489][ T5326] snapshot_open+0x133/0x280
[ 85.767505][ T5326] ? __pfx_snapshot_open+0x10/0x10
[ 85.767515][ T5326] misc_open+0x2d5/0x350
[ 85.767527][ T5326] chrdev_open+0x4cd/0x5e0
[ 85.767540][ T5326] ? __pfx_chrdev_open+0x10/0x10
[ 85.767549][ T5326] ? fsnotify_open_perm_and_set_mode+0x135/0x6d0
[ 85.767566][ T5326] ? __pfx_chrdev_open+0x10/0x10
[ 85.767574][ T5326] do_dentry_open+0x785/0x14e0
[ 85.767589][ T5326] vfs_open+0x3b/0x340
[ 85.767598][ T5326] ? path_openat+0x2df0/0x3860
[ 85.767611][ T5326] path_openat+0x2e08/0x3860
[ 85.767627][ T5326] ? __pfx_stack_trace_save+0x10/0x10
[ 85.767639][ T5326] ? stack_depot_save_flags+0x33/0x810
[ 85.767650][ T5326] ? __pfx_path_openat+0x10/0x10
[ 85.767661][ T5326] ? __x64_sys_openat+0x138/0x170
[ 85.767672][ T5326] ? do_syscall_64+0x14d/0xf80
[ 85.767683][ T5326] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.767693][ T5326] ? __lock_acquire+0x6b5/0x2cf0
[ 85.767704][ T5326] do_file_open+0x23e/0x4a0
[ 85.767718][ T5326] ? __pfx_do_file_open+0x10/0x10
[ 85.767733][ T5326] ? _raw_spin_unlock+0x28/0x50
[ 85.767743][ T5326] ? alloc_fd+0x64b/0x6c0
[ 85.767757][ T5326] do_sys_openat2+0x113/0x200
[ 85.767768][ T5326] ? __pfx_do_sys_openat2+0x10/0x10
[ 85.767780][ T5326] ? rcu_is_watching+0x15/0xb0
[ 85.767796][ T5326] __x64_sys_openat+0x138/0x170
[ 85.767807][ T5326] do_syscall_64+0x14d/0xf80
[ 85.767821][ T5326] ? trace_irq_disable+0x3b/0x150
[ 85.767839][ T5326] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.767847][ T5326] ? clear_bhb_loop+0x40/0x90
[ 85.767859][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.767869][ T5326] RIP: 0033:0x7f960d79c799
[ 85.767884][ T5326] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 85.767893][ T5326] RSP: 002b:00007f960e6a6fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 85.767908][ T5326] RAX: ffffffffffffffda RBX: 00007f960da15fa0 RCX: 00007f960d79c799
[ 85.767915][ T5326] RDX: 0000000000042801 RSI: 00002000000002c0 RDI: ffffffffffffff9c
[ 85.767921][ T5326] RBP: 00007f960e6a7050 R08: 0000000000000000 R09: 0000000000000000
[ 85.767926][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 85.767932][ T5326] R13: 00007f960da16038 R14: 00007f960da15fa0 R15: 00007fff62f72288
[ 85.767949][ T5326]
[ 86.794336][ T5299] Bluetooth: hci0: command tx timeout
[ 88.874774][ T45] Bluetooth: hci0: command tx timeout
[ 90.954069][ T45] Bluetooth: hci0: command tx timeout