program:
syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="120100002ec6601037210100352a010203010902120001000000000904"], 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x42801, 0x0) (fail_nth: 9)
[ 99.859679][ T4666] Bluetooth: hci0: command tx timeout
[ 100.197953][ T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 100.347923][ T9] usb 5-1: Using ep0 maxpacket: 16
[ 100.355792][ T9] usb 5-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35
[ 100.360904][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 100.364703][ T9] usb 5-1: Product: syz
[ 100.368064][ T9] usb 5-1: Manufacturer: syz
[ 100.374919][ T9] usb 5-1: SerialNumber: syz
[ 100.385628][ T9] usb 5-1: config 0 descriptor??
[ 100.400858][ T9] as10x_usb: device has been detected
[ 100.404661][ T9] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led))
[ 100.422605][ T9] usb 5-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))...
[ 100.444668][ T9] as10x_usb: error during firmware upload part1
[ 100.449379][ T9] Registered device Sky IT Digital Key (green led)
[ 100.594647][ T5322] random: crng reseeded on system resumption
[ 100.603939][ T5322] FAULT_INJECTION: forcing a failure.
[ 100.603939][ T5322] name failslab, interval 1, probability 0, space 0, times 1
[ 100.611352][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 100.611372][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 100.611380][ T5322] Call Trace:
[ 100.611386][ T5322]
[ 100.611392][ T5322] dump_stack_lvl+0xe8/0x150
[ 100.611592][ T5322] should_fail_ex+0x412/0x560
[ 100.611719][ T5322] should_failslab+0xa8/0x100
[ 100.611776][ T5322] __kmalloc_cache_noprof+0x88/0x660
[ 100.611798][ T5322] ? async_schedule_node_domain+0x5b/0x120
[ 100.611848][ T5322] ? __pfx___async_dev_cache_fw_image+0x10/0x10
[ 100.611914][ T5322] async_schedule_node_domain+0x5b/0x120
[ 100.611933][ T5322] dev_cache_fw_image+0x36c/0x3f0
[ 100.611950][ T5322] ? __pfx_dev_cache_fw_image+0x10/0x10
[ 100.611963][ T5322] ? lockdep_hardirqs_on+0x7a/0x110
[ 100.612022][ T5322] ? enable_work+0x1fd/0x230
[ 100.612051][ T5322] ? __pfx_dev_cache_fw_image+0x10/0x10
[ 100.612071][ T5322] dpm_for_each_dev+0x56/0xb0
[ 100.612093][ T5322] fw_pm_notify+0x20c/0x2d0
[ 100.612109][ T5322] ? __pfx_fw_pm_notify+0x10/0x10
[ 100.612126][ T5322] ? __pfx_autoremove_wake_function+0x10/0x10
[ 100.612150][ T5322] notifier_call_chain+0x1be/0x400
[ 100.612185][ T5322] blocking_notifier_call_chain_robust+0x85/0x100
[ 100.612201][ T5322] pm_notifier_call_chain_robust+0x2c/0x60
[ 100.612218][ T5322] snapshot_open+0x133/0x280
[ 100.612235][ T5322] ? __pfx_snapshot_open+0x10/0x10
[ 100.612250][ T5322] misc_open+0x2d5/0x350
[ 100.612287][ T5322] chrdev_open+0x4cd/0x5e0
[ 100.612306][ T5322] ? __pfx_chrdev_open+0x10/0x10
[ 100.612320][ T5322] ? fsnotify_open_perm_and_set_mode+0x135/0x6d0
[ 100.612345][ T5322] ? __pfx_chrdev_open+0x10/0x10
[ 100.612357][ T5322] do_dentry_open+0x785/0x14e0
[ 100.612382][ T5322] vfs_open+0x3b/0x340
[ 100.612396][ T5322] ? path_openat+0x2df0/0x3860
[ 100.612409][ T5322] path_openat+0x2e08/0x3860
[ 100.612433][ T5322] ? __pfx_stack_trace_save+0x10/0x10
[ 100.612450][ T5322] ? stack_depot_save_flags+0x33/0x810
[ 100.612475][ T5322] ? __pfx_path_openat+0x10/0x10
[ 100.612485][ T5322] ? __x64_sys_openat+0x138/0x170
[ 100.612500][ T5322] ? do_syscall_64+0x14d/0xf80
[ 100.612512][ T5322] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 100.612550][ T5322] ? __lock_acquire+0x6b5/0x2cf0
[ 100.612571][ T5322] do_file_open+0x23e/0x4a0
[ 100.612587][ T5322] ? __pfx_do_file_open+0x10/0x10
[ 100.612620][ T5322] ? _raw_spin_unlock+0x28/0x50
[ 100.612638][ T5322] ? alloc_fd+0x64b/0x6c0
[ 100.612662][ T5322] do_sys_openat2+0x113/0x200
[ 100.612680][ T5322] ? __pfx_do_sys_openat2+0x10/0x10
[ 100.612696][ T5322] ? ksys_write+0x242/0x270
[ 100.612717][ T5322] ? __pfx_ksys_write+0x10/0x10
[ 100.612739][ T5322] __x64_sys_openat+0x138/0x170
[ 100.612759][ T5322] do_syscall_64+0x14d/0xf80
[ 100.612773][ T5322] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 100.612785][ T5322] ? clear_bhb_loop+0x40/0x90
[ 100.612802][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 100.612815][ T5322] RIP: 0033:0x7f1d5779c799
[ 100.612830][ T5322] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 100.612840][ T5322] RSP: 002b:00007f1d5868efe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 100.612855][ T5322] RAX: ffffffffffffffda RBX: 00007f1d57a15fa0 RCX: 00007f1d5779c799
[ 100.612863][ T5322] RDX: 0000000000042801 RSI: 00002000000002c0 RDI: ffffffffffffff9c
[ 100.612872][ T5322] RBP: 00007f1d5868f050 R08: 0000000000000000 R09: 0000000000000000
[ 100.612879][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 100.612886][ T5322] R13: 00007f1d57a16038 R14: 00007f1d57a15fa0 R15: 00007ffe769e6048
[ 100.612905][ T5322]
[ 100.614931][ T5322]
[ 100.794331][ T5322] ============================================
[ 100.796995][ T5322] WARNING: possible recursive locking detected
[ 100.799695][ T5322] syzkaller #0 Not tainted
[ 100.801674][ T5322] --------------------------------------------
[ 100.804522][ T5322] syz.0.0/5322 is trying to acquire lock:
[ 100.807612][ T5322] ffffffff8f1941c8 (fw_lock){+.+.}-{4:4}, at: assign_fw+0x52/0x8d0
[ 100.812083][ T5322]
[ 100.812083][ T5322] but task is already holding lock:
[ 100.815142][ T5322] ffffffff8f1941c8 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x1f4/0x2d0
[ 100.818731][ T5322]
[ 100.818731][ T5322] other info that might help us debug this:
[ 100.821996][ T5322] Possible unsafe locking scenario:
[ 100.821996][ T5322]
[ 100.825252][ T5322] CPU0
[ 100.826856][ T5322] ----
[ 100.828807][ T5322] lock(fw_lock);
[ 100.831165][ T5322] lock(fw_lock);
[ 100.833448][ T5322]
[ 100.833448][ T5322] *** DEADLOCK ***
[ 100.833448][ T5322]
[ 100.837326][ T5322] May be due to missing lock nesting notation
[ 100.837326][ T5322]
[ 100.841184][ T5322] 5 locks held by syz.0.0/5322:
[ 100.843394][ T5322] #0: ffffffff8f01a7a8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[ 100.847001][ T5322] #1: ffffffff8e607de8 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x49/0x70
[ 100.852359][ T5322] #2: ffffffff8e62f3d0 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0x65/0x100
[ 100.857933][ T5322] #3: ffffffff8f1941c8 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x1f4/0x2d0
[ 100.862110][ T5322] #4: ffffffff8f18f068 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x29/0xb0
[ 100.867325][ T5322]
[ 100.867325][ T5322] stack backtrace:
[ 100.870592][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 100.870610][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 100.870617][ T5322] Call Trace:
[ 100.870625][ T5322]
[ 100.870632][ T5322] dump_stack_lvl+0xe8/0x150
[ 100.870652][ T5322] print_deadlock_bug+0x279/0x290
[ 100.870667][ T5322] __lock_acquire+0x253f/0x2cf0
[ 100.870678][ T5322] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 100.870690][ T5322] ? lockdep_hardirqs_on+0x7a/0x110
[ 100.870697][ T5322] ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 100.870708][ T5322] ? stack_depot_save_flags+0x3f3/0x810
[ 100.870718][ T5322] lock_acquire+0xf0/0x2e0
[ 100.870727][ T5322] ? assign_fw+0x52/0x8d0
[ 100.870738][ T5322] __mutex_lock+0x19f/0x1300
[ 100.870746][ T5322] ? assign_fw+0x52/0x8d0
[ 100.870754][ T5322] ? path_openat+0x2e08/0x3860
[ 100.870761][ T5322] ? do_sys_openat2+0x113/0x200
[ 100.870770][ T5322] ? __x64_sys_openat+0x138/0x170
[ 100.870779][ T5322] ? do_syscall_64+0x14d/0xf80
[ 100.870786][ T5322] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 100.870794][ T5322] ? assign_fw+0x52/0x8d0
[ 100.870803][ T5322] ? __pfx___mutex_lock+0x10/0x10
[ 100.870811][ T5322] ? kasan_quarantine_put+0xbb/0x1f0
[ 100.870822][ T5322] ? lockdep_hardirqs_on+0x7a/0x110
[ 100.870829][ T5322] assign_fw+0x52/0x8d0
[ 100.870838][ T5322] ? kfree+0x1c1/0x630
[ 100.870849][ T5322] ? _request_firmware+0xf11/0x1780
[ 100.870858][ T5322] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 100.870869][ T5322] _request_firmware+0xfb6/0x1780
[ 100.870881][ T5322] ? __pfx__request_firmware+0x10/0x10
[ 100.870895][ T5322] ? do_raw_spin_lock+0x12b/0x2f0
[ 100.870903][ T5322] __async_dev_cache_fw_image+0x7f/0x2d0
[ 100.870914][ T5322] ? __pfx___async_dev_cache_fw_image+0x10/0x10
[ 100.870926][ T5322] async_schedule_node_domain+0xe1/0x120
[ 100.870941][ T5322] dev_cache_fw_image+0x36c/0x3f0
[ 100.870957][ T5322] ? __pfx_dev_cache_fw_image+0x10/0x10
[ 100.870969][ T5322] ? lockdep_hardirqs_on+0x7a/0x110
[ 100.870975][ T5322] ? enable_work+0x1fd/0x230
[ 100.870987][ T5322] ? __pfx_dev_cache_fw_image+0x10/0x10
[ 100.870996][ T5322] dpm_for_each_dev+0x56/0xb0
[ 100.871012][ T5322] fw_pm_notify+0x20c/0x2d0
[ 100.871025][ T5322] ? __pfx_fw_pm_notify+0x10/0x10
[ 100.871038][ T5322] ? __pfx_autoremove_wake_function+0x10/0x10
[ 100.871051][ T5322] notifier_call_chain+0x1be/0x400
[ 100.871064][ T5322] blocking_notifier_call_chain_robust+0x85/0x100
[ 100.871071][ T5322] pm_notifier_call_chain_robust+0x2c/0x60
[ 100.871080][ T5322] snapshot_open+0x133/0x280
[ 100.871090][ T5322] ? __pfx_snapshot_open+0x10/0x10
[ 100.871099][ T5322] misc_open+0x2d5/0x350
[ 100.871108][ T5322] chrdev_open+0x4cd/0x5e0
[ 100.871117][ T5322] ? __pfx_chrdev_open+0x10/0x10
[ 100.871124][ T5322] ? fsnotify_open_perm_and_set_mode+0x135/0x6d0
[ 100.871135][ T5322] ? __pfx_chrdev_open+0x10/0x10
[ 100.871143][ T5322] do_dentry_open+0x785/0x14e0
[ 100.871153][ T5322] vfs_open+0x3b/0x340
[ 100.871161][ T5322] ? path_openat+0x2df0/0x3860
[ 100.871167][ T5322] path_openat+0x2e08/0x3860
[ 100.871175][ T5322] ? __pfx_stack_trace_save+0x10/0x10
[ 100.871183][ T5322] ? stack_depot_save_flags+0x33/0x810
[ 100.871196][ T5322] ? __pfx_path_openat+0x10/0x10
[ 100.871204][ T5322] ? __x64_sys_openat+0x138/0x170
[ 100.871216][ T5322] ? do_syscall_64+0x14d/0xf80
[ 100.871225][ T5322] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 100.871237][ T5322] ? __lock_acquire+0x6b5/0x2cf0
[ 100.871250][ T5322] do_file_open+0x23e/0x4a0
[ 100.871260][ T5322] ? __pfx_do_file_open+0x10/0x10
[ 100.871280][ T5322] ? _raw_spin_unlock+0x28/0x50
[ 100.871294][ T5322] ? alloc_fd+0x64b/0x6c0
[ 100.871309][ T5322] do_sys_openat2+0x113/0x200
[ 100.871322][ T5322] ? __pfx_do_sys_openat2+0x10/0x10
[ 100.871334][ T5322] ? ksys_write+0x242/0x270
[ 100.871346][ T5322] ? __pfx_ksys_write+0x10/0x10
[ 100.871361][ T5322] __x64_sys_openat+0x138/0x170
[ 100.871375][ T5322] do_syscall_64+0x14d/0xf80
[ 100.871385][ T5322] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 100.871394][ T5322] ? clear_bhb_loop+0x40/0x90
[ 100.871405][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 100.871416][ T5322] RIP: 0033:0x7f1d5779c799
[ 100.871430][ T5322] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 100.871439][ T5322] RSP: 002b:00007f1d5868efe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 100.871452][ T5322] RAX: ffffffffffffffda RBX: 00007f1d57a15fa0 RCX: 00007f1d5779c799
[ 100.871460][ T5322] RDX: 0000000000042801 RSI: 00002000000002c0 RDI: ffffffffffffff9c
[ 100.871483][ T5322] RBP: 00007f1d5868f050 R08: 0000000000000000 R09: 0000000000000000
[ 100.871488][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 100.871492][ T5322] R13: 00007f1d57a16038 R14: 00007f1d57a15fa0 R15: 00007ffe769e6048
[ 100.871499][ T5322]
[ 101.917214][ T4666] Bluetooth: hci0: command tx timeout
[ 103.997326][ T4666] Bluetooth: hci0: command tx timeout
[ 106.077268][ T4666] Bluetooth: hci0: command tx timeout