program:
socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="120100002ec6601037210100352a010203010902120001000000000904"], 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x42801, 0x0) (fail_nth: 8)
[ 102.532005][ T5289] Bluetooth: hci0: command tx timeout
[ 102.602014][ T806] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 102.751967][ T806] usb 5-1: Using ep0 maxpacket: 16
[ 102.759749][ T806] usb 5-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35
[ 102.765231][ T806] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 102.768696][ T806] usb 5-1: Product: syz
[ 102.770516][ T806] usb 5-1: Manufacturer: syz
[ 102.774058][ T806] usb 5-1: SerialNumber: syz
[ 102.783967][ T806] usb 5-1: config 0 descriptor??
[ 102.800298][ T806] as10x_usb: device has been detected
[ 102.804670][ T806] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led))
[ 102.817998][ T806] usb 5-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))...
[ 102.849549][ T806] as10x_usb: error during firmware upload part1
[ 102.853879][ T806] Registered device Sky IT Digital Key (green led)
[ 102.992670][ T5323] random: crng reseeded on system resumption
[ 103.016330][ T5323] FAULT_INJECTION: forcing a failure.
[ 103.016330][ T5323] name failslab, interval 1, probability 0, space 0, times 1
[ 103.030420][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 103.030440][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 103.030445][ T5323] Call Trace:
[ 103.030449][ T5323]
[ 103.030453][ T5323] dump_stack_lvl+0xe8/0x150
[ 103.030523][ T5323] should_fail_ex+0x412/0x560
[ 103.030560][ T5323] should_failslab+0xa8/0x100
[ 103.030576][ T5323] __kmalloc_cache_noprof+0x88/0x660
[ 103.030588][ T5323] ? async_schedule_node_domain+0x5b/0x120
[ 103.030597][ T5323] ? __pfx___async_dev_cache_fw_image+0x10/0x10
[ 103.030610][ T5323] async_schedule_node_domain+0x5b/0x120
[ 103.030619][ T5323] dev_cache_fw_image+0x36c/0x3f0
[ 103.030632][ T5323] ? __pfx_dev_cache_fw_image+0x10/0x10
[ 103.030642][ T5323] ? lockdep_hardirqs_on+0x7a/0x110
[ 103.030690][ T5323] ? enable_work+0x1fd/0x230
[ 103.030699][ T5323] ? __pfx_dev_cache_fw_image+0x10/0x10
[ 103.030710][ T5323] dpm_for_each_dev+0x56/0xb0
[ 103.030721][ T5323] fw_pm_notify+0x20c/0x2d0
[ 103.030734][ T5323] ? __pfx_fw_pm_notify+0x10/0x10
[ 103.030748][ T5323] ? __pfx_autoremove_wake_function+0x10/0x10
[ 103.030767][ T5323] ? blocking_notifier_call_chain_robust+0x65/0x100
[ 103.030782][ T5323] notifier_call_chain+0x1ad/0x3d0
[ 103.030795][ T5323] blocking_notifier_call_chain_robust+0x85/0x100
[ 103.030806][ T5323] pm_notifier_call_chain_robust+0x2c/0x60
[ 103.030815][ T5323] snapshot_open+0x133/0x280
[ 103.030825][ T5323] ? __pfx_snapshot_open+0x10/0x10
[ 103.030832][ T5323] misc_open+0x2d5/0x350
[ 103.030843][ T5323] chrdev_open+0x4cd/0x5e0
[ 103.030855][ T5323] ? __pfx_chrdev_open+0x10/0x10
[ 103.030865][ T5323] ? fsnotify_open_perm_and_set_mode+0x135/0x6d0
[ 103.030877][ T5323] ? __pfx_chrdev_open+0x10/0x10
[ 103.030886][ T5323] do_dentry_open+0x785/0x14e0
[ 103.030899][ T5323] vfs_open+0x3b/0x340
[ 103.030905][ T5323] ? path_openat+0x2df0/0x3860
[ 103.030915][ T5323] path_openat+0x2e08/0x3860
[ 103.030930][ T5323] ? __pfx_stack_trace_save+0x10/0x10
[ 103.030966][ T5323] ? stack_depot_save_flags+0x33/0x810
[ 103.030978][ T5323] ? __pfx_path_openat+0x10/0x10
[ 103.030986][ T5323] ? __x64_sys_openat+0x138/0x170
[ 103.030995][ T5323] ? __lock_acquire+0x6b5/0x2cf0
[ 103.031008][ T5323] do_file_open+0x23e/0x4a0
[ 103.031019][ T5323] ? __pfx_do_file_open+0x10/0x10
[ 103.031035][ T5323] ? _raw_spin_unlock+0x28/0x50
[ 103.031044][ T5323] ? alloc_fd+0x64b/0x6c0
[ 103.031057][ T5323] do_sys_openat2+0x113/0x200
[ 103.031070][ T5323] ? __pfx_do_sys_openat2+0x10/0x10
[ 103.031081][ T5323] ? ksys_write+0x242/0x270
[ 103.031096][ T5323] ? __pfx_ksys_write+0x10/0x10
[ 103.031108][ T5323] __x64_sys_openat+0x138/0x170
[ 103.031118][ T5323] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 103.031129][ T5323] do_syscall_64+0x15f/0xf80
[ 103.031143][ T5323] ? trace_irq_disable+0x3b/0x140
[ 103.031159][ T5323] ? clear_bhb_loop+0x40/0x90
[ 103.031172][ T5323] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 103.031179][ T5323] RIP: 0033:0x7f3b1339ce59
[ 103.031188][ T5323] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 103.031194][ T5323] RSP: 002b:00007f3b1424ffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 103.031203][ T5323] RAX: ffffffffffffffda RBX: 00007f3b13615fa0 RCX: 00007f3b1339ce59
[ 103.031208][ T5323] RDX: 0000000000042801 RSI: 00002000000002c0 RDI: ffffffffffffff9c
[ 103.031213][ T5323] RBP: 00007f3b14250050 R08: 0000000000000000 R09: 0000000000000000
[ 103.031217][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 103.031222][ T5323] R13: 00007f3b13616038 R14: 00007f3b13615fa0 R15: 00007fff3f9483d8
[ 103.031233][ T5323]
[ 103.211405][ T5323]
[ 103.212573][ T5323] ============================================
[ 103.215352][ T5323] WARNING: possible recursive locking detected
[ 103.218111][ T5323] syzkaller #0 Not tainted
[ 103.220205][ T5323] --------------------------------------------
[ 103.222955][ T5323] syz.0.0/5323 is trying to acquire lock:
[ 103.225374][ T5323] ffffffff8f3a7360 (fw_lock){+.+.}-{4:4}, at: assign_fw+0x52/0x8d0
[ 103.228801][ T5323]
[ 103.228801][ T5323] but task is already holding lock:
[ 103.231807][ T5323] ffffffff8f3a7360 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x1f4/0x2d0
[ 103.235244][ T5323]
[ 103.235244][ T5323] other info that might help us debug this:
[ 103.238537][ T5323] Possible unsafe locking scenario:
[ 103.238537][ T5323]
[ 103.241538][ T5323] CPU0
[ 103.242981][ T5323] ----
[ 103.244460][ T5323] lock(fw_lock);
[ 103.246061][ T5323] lock(fw_lock);
[ 103.247685][ T5323]
[ 103.247685][ T5323] *** DEADLOCK ***
[ 103.247685][ T5323]
[ 103.251141][ T5323] May be due to missing lock nesting notation
[ 103.251141][ T5323]
[ 103.254436][ T5323] 5 locks held by syz.0.0/5323:
[ 103.256441][ T5323] #0: ffffffff8f229e80 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[ 103.260011][ T5323] #1: ffffffff8e806220 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x49/0x70
[ 103.264338][ T5323] #2: ffffffff8e82dce8 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0x65/0x100
[ 103.269254][ T5323] #3: ffffffff8f3a7360 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x1f4/0x2d0
[ 103.272908][ T5323] #4: ffffffff8f3a21e0 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x29/0xb0
[ 103.276879][ T5323]
[ 103.276879][ T5323] stack backtrace:
[ 103.279445][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 103.279458][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 103.279465][ T5323] Call Trace:
[ 103.279472][ T5323]
[ 103.279477][ T5323] dump_stack_lvl+0xe8/0x150
[ 103.279491][ T5323] print_deadlock_bug+0x279/0x290
[ 103.279507][ T5323] __lock_acquire+0x253f/0x2cf0
[ 103.279520][ T5323] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 103.279534][ T5323] ? lockdep_hardirqs_on+0x7a/0x110
[ 103.279549][ T5323] ? assign_fw+0x52/0x8d0
[ 103.279561][ T5323] lock_acquire+0x106/0x350
[ 103.279572][ T5323] ? assign_fw+0x52/0x8d0
[ 103.279588][ T5323] __mutex_lock+0x1a3/0x1550
[ 103.279603][ T5323] ? assign_fw+0x52/0x8d0
[ 103.279615][ T5323] ? path_openat+0x2e08/0x3860
[ 103.279628][ T5323] ? do_file_open+0x23e/0x4a0
[ 103.279640][ T5323] ? do_sys_openat2+0x113/0x200
[ 103.279650][ T5323] ? __x64_sys_openat+0x138/0x170
[ 103.279659][ T5323] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 103.279670][ T5323] ? assign_fw+0x52/0x8d0
[ 103.279684][ T5323] ? __pfx___mutex_lock+0x10/0x10
[ 103.279700][ T5323] ? kasan_quarantine_put+0xbb/0x1f0
[ 103.279713][ T5323] ? lockdep_hardirqs_on+0x7a/0x110
[ 103.279726][ T5323] assign_fw+0x52/0x8d0
[ 103.279738][ T5323] ? kfree+0x1c5/0x640
[ 103.279748][ T5323] ? _request_firmware+0xf11/0x1780
[ 103.279759][ T5323] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 103.279772][ T5323] _request_firmware+0xfb6/0x1780
[ 103.279790][ T5323] ? __pfx__request_firmware+0x10/0x10
[ 103.279803][ T5323] ? do_raw_spin_lock+0x12b/0x2f0
[ 103.279820][ T5323] __async_dev_cache_fw_image+0x7f/0x2d0
[ 103.279835][ T5323] ? __pfx___async_dev_cache_fw_image+0x10/0x10
[ 103.279849][ T5323] async_schedule_node_domain+0xe1/0x120
[ 103.279862][ T5323] dev_cache_fw_image+0x36c/0x3f0
[ 103.279878][ T5323] ? __pfx_dev_cache_fw_image+0x10/0x10
[ 103.279893][ T5323] ? lockdep_hardirqs_on+0x7a/0x110
[ 103.279905][ T5323] ? enable_work+0x1fd/0x230
[ 103.279918][ T5323] ? __pfx_dev_cache_fw_image+0x10/0x10
[ 103.279932][ T5323] dpm_for_each_dev+0x56/0xb0
[ 103.279947][ T5323] fw_pm_notify+0x20c/0x2d0
[ 103.279960][ T5323] ? __pfx_fw_pm_notify+0x10/0x10
[ 103.279973][ T5323] ? __pfx_autoremove_wake_function+0x10/0x10
[ 103.279989][ T5323] ? blocking_notifier_call_chain_robust+0x65/0x100
[ 103.280005][ T5323] notifier_call_chain+0x1ad/0x3d0
[ 103.280019][ T5323] blocking_notifier_call_chain_robust+0x85/0x100
[ 103.280033][ T5323] pm_notifier_call_chain_robust+0x2c/0x60
[ 103.280042][ T5323] snapshot_open+0x133/0x280
[ 103.280051][ T5323] ? __pfx_snapshot_open+0x10/0x10
[ 103.280061][ T5323] misc_open+0x2d5/0x350
[ 103.280075][ T5323] chrdev_open+0x4cd/0x5e0
[ 103.280090][ T5323] ? __pfx_chrdev_open+0x10/0x10
[ 103.280104][ T5323] ? fsnotify_open_perm_and_set_mode+0x135/0x6d0
[ 103.280118][ T5323] ? __pfx_chrdev_open+0x10/0x10
[ 103.280132][ T5323] do_dentry_open+0x785/0x14e0
[ 103.280145][ T5323] vfs_open+0x3b/0x340
[ 103.280154][ T5323] ? path_openat+0x2df0/0x3860
[ 103.280167][ T5323] path_openat+0x2e08/0x3860
[ 103.280183][ T5323] ? __pfx_stack_trace_save+0x10/0x10
[ 103.280196][ T5323] ? stack_depot_save_flags+0x33/0x810
[ 103.280205][ T5323] ? __pfx_path_openat+0x10/0x10
[ 103.280212][ T5323] ? __x64_sys_openat+0x138/0x170
[ 103.280219][ T5323] ? __lock_acquire+0x6b5/0x2cf0
[ 103.280228][ T5323] do_file_open+0x23e/0x4a0
[ 103.280240][ T5323] ? __pfx_do_file_open+0x10/0x10
[ 103.280255][ T5323] ? _raw_spin_unlock+0x28/0x50
[ 103.280266][ T5323] ? alloc_fd+0x64b/0x6c0
[ 103.280278][ T5323] do_sys_openat2+0x113/0x200
[ 103.280289][ T5323] ? __pfx_do_sys_openat2+0x10/0x10
[ 103.280299][ T5323] ? ksys_write+0x242/0x270
[ 103.280311][ T5323] ? __pfx_ksys_write+0x10/0x10
[ 103.280324][ T5323] __x64_sys_openat+0x138/0x170
[ 103.280335][ T5323] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 103.280345][ T5323] do_syscall_64+0x15f/0xf80
[ 103.280367][ T5323] ? trace_irq_disable+0x3b/0x140
[ 103.280382][ T5323] ? clear_bhb_loop+0x40/0x90
[ 103.280394][ T5323] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 103.280405][ T5323] RIP: 0033:0x7f3b1339ce59
[ 103.280417][ T5323] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 103.280426][ T5323] RSP: 002b:00007f3b1424ffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 103.280438][ T5323] RAX: ffffffffffffffda RBX: 00007f3b13615fa0 RCX: 00007f3b1339ce59
[ 103.280446][ T5323] RDX: 0000000000042801 RSI: 00002000000002c0 RDI: ffffffffffffff9c
[ 103.280453][ T5323] RBP: 00007f3b14250050 R08: 0000000000000000 R09: 0000000000000000
[ 103.280458][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 103.280462][ T5323] R13: 00007f3b13616038 R14: 00007f3b13615fa0 R15: 00007fff3f9483d8
[ 103.280469][ T5323]
[ 104.611834][ T5289] Bluetooth: hci0: command tx timeout
[ 106.692526][ T5289] Bluetooth: hci0: command tx timeout