program:
r0 = perf_event_open(&(0x7f0000002bc0)={0x2, 0x80, 0x49, 0x1, 0x0, 0x0, 0x0, 0x1, 0x14a69b, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x800}, 0x100ed, 0xc844, 0x410, 0x0, 0x7, 0x400002, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000003, 0x13, r0, 0x0) (fail_nth: 14)

[  102.670199][   T45] Bluetooth: hci0: command tx timeout
[  102.812265][ T5327] FAULT_INJECTION: forcing a failure.
[  102.812265][ T5327] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  102.819166][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  102.819189][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  102.819197][ T5327] Call Trace:
[  102.819207][ T5327]  <TASK>
[  102.819216][ T5327]  dump_stack_lvl+0xe8/0x150
[  102.819347][ T5327]  should_fail_ex+0x412/0x560
[  102.819407][ T5327]  prepare_alloc_pages+0x22a/0x650
[  102.819429][ T5327]  __alloc_frozen_pages_noprof+0x12f/0x380
[  102.819446][ T5327]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  102.819463][ T5327]  ? __pfx_policy_nodemask+0x10/0x10
[  102.819479][ T5327]  ? walk_system_ram_range+0x2e4/0x300
[  102.819498][ T5327]  ? __pfx_pagerange_is_ram_callback+0x10/0x10
[  102.819513][ T5327]  alloc_pages_mpol+0x232/0x4a0
[  102.819530][ T5327]  alloc_pages_noprof+0xa8/0x190
[  102.819544][ T5327]  pte_alloc_one+0x22/0x370
[  102.819564][ T5327]  __pte_alloc+0x25/0x1a0
[  102.819576][ T5327]  ? pfnmap_setup_cachemode+0xb1/0xf0
[  102.819590][ T5327]  do_remap_pfn_range+0xbe6/0x1250
[  102.819624][ T5327]  ? __pfx_do_remap_pfn_range+0x10/0x10
[  102.819637][ T5327]  ? __lock_acquire+0x6b5/0x2cf0
[  102.819659][ T5327]  ? perf_event_update_userpage+0x33/0x6a0
[  102.819705][ T5327]  ? __pfx___vma_start_exclude_readers+0x10/0x10
[  102.819725][ T5327]  ? perf_mmap_rb+0xaf4/0xd30
[  102.819738][ T5327]  ? __pfx___mutex_lock+0x10/0x10
[  102.819982][ T5327]  ? remap_pfn_range+0x148/0x1b0
[  102.819995][ T5327]  ? __phys_addr+0xd3/0x180
[  102.820009][ T5327]  ? perf_mmap_to_page+0x181/0x1e0
[  102.820030][ T5327]  map_range+0x199/0x230
[  102.820048][ T5327]  perf_mmap+0x3f9/0x4b0
[  102.820063][ T5327]  mmap_region+0x18fe/0x2240
[  102.820108][ T5327]  ? __pfx_mmap_region+0x10/0x10
[  102.820139][ T5327]  ? perf_event_output_forward+0x3a6/0x480
[  102.820198][ T5327]  ? perf_swevent_event+0x714/0x7e0
[  102.820246][ T5327]  ? bpf_lsm_mmap_addr+0x9/0x50
[  102.820261][ T5327]  ? security_mmap_addr+0x71/0x240
[  102.820278][ T5327]  ? shmem_mapping+0xd/0x50
[  102.820295][ T5327]  ? memfd_check_seals_mmap+0xc5/0x200
[  102.820313][ T5327]  do_mmap+0xc39/0x10c0
[  102.820338][ T5327]  ? __pfx_do_mmap+0x10/0x10
[  102.820351][ T5327]  ? down_write_killable+0x180/0x240
[  102.820368][ T5327]  ? __pfx_down_write_killable+0x10/0x10
[  102.820382][ T5327]  ? apparmor_mmap_file+0x2da/0x3e0
[  102.820400][ T5327]  vm_mmap_pgoff+0x2c9/0x4f0
[  102.820422][ T5327]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  102.820438][ T5327]  ? __fget_files+0x2a/0x420
[  102.820459][ T5327]  ? __fget_files+0x3a0/0x420
[  102.820475][ T5327]  ? __fget_files+0x2a/0x420
[  102.820496][ T5327]  ksys_mmap_pgoff+0x51e/0x760
[  102.820519][ T5327]  do_syscall_64+0x14d/0xf80
[  102.820531][ T5327]  ? trace_irq_disable+0x3b/0x150
[  102.820551][ T5327]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.820566][ T5327]  ? clear_bhb_loop+0x40/0x90
[  102.820583][ T5327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.820598][ T5327] RIP: 0033:0x7f491e39c799
[  102.820615][ T5327] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  102.820626][ T5327] RSP: 002b:00007f491f241fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  102.820641][ T5327] RAX: ffffffffffffffda RBX: 00007f491e615fa0 RCX: 00007f491e39c799
[  102.820651][ T5327] RDX: 0000000002000003 RSI: 0000000000002000 RDI: 0000200000ffe000
[  102.820659][ T5327] RBP: 00007f491f242050 R08: 0000000000000003 R09: 0000000000000000
[  102.820667][ T5327] R10: 0000000000000013 R11: 0000000000000246 R12: 0000000000000002
[  102.820675][ T5327] R13: 00007f491e616038 R14: 00007f491e615fa0 R15: 00007ffc7b8b9638
[  102.820698][ T5327]  </TASK>
[  103.187190][ T5327] 
[  103.188468][ T5327] ============================================
[  103.191350][ T5327] WARNING: possible recursive locking detected
[  103.194355][ T5327] syzkaller #0 Not tainted
[  103.197054][ T5327] --------------------------------------------
[  103.200920][ T5327] syz.0.0/5327 is trying to acquire lock:
[  103.204149][ T5327] ffff8880367449e0 (&event->mmap_mutex){+.+.}-{4:4}, at: refcount_dec_and_mutex_lock+0x30/0xa0
[  103.208919][ T5327] 
[  103.208919][ T5327] but task is already holding lock:
[  103.212365][ T5327] ffff8880367449e0 (&event->mmap_mutex){+.+.}-{4:4}, at: perf_mmap+0x1bb/0x4b0
[  103.216596][ T5327] 
[  103.216596][ T5327] other info that might help us debug this:
[  103.220341][ T5327]  Possible unsafe locking scenario:
[  103.220341][ T5327] 
[  103.224562][ T5327]        CPU0
[  103.226665][ T5327]        ----
[  103.228678][ T5327]   lock(&event->mmap_mutex);
[  103.230916][ T5327]   lock(&event->mmap_mutex);
[  103.233085][ T5327] 
[  103.233085][ T5327]  *** DEADLOCK ***
[  103.233085][ T5327] 
[  103.236882][ T5327]  May be due to missing lock nesting notation
[  103.236882][ T5327] 
[  103.241025][ T5327] 2 locks held by syz.0.0/5327:
[  103.243640][ T5327]  #0: ffff888012436540 (&mm->mmap_lock){++++}-{4:4}, at: vm_mmap_pgoff+0x234/0x4f0
[  103.248770][ T5327]  #1: ffff8880367449e0 (&event->mmap_mutex){+.+.}-{4:4}, at: perf_mmap+0x1bb/0x4b0
[  103.253228][ T5327] 
[  103.253228][ T5327] stack backtrace:
[  103.256007][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  103.256026][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  103.256036][ T5327] Call Trace:
[  103.256049][ T5327]  <TASK>
[  103.256055][ T5327]  dump_stack_lvl+0xe8/0x150
[  103.256078][ T5327]  print_deadlock_bug+0x279/0x290
[  103.256096][ T5327]  __lock_acquire+0x253f/0x2cf0
[  103.256120][ T5327]  ? zap_page_range_single_batched+0x5b7/0x740
[  103.256133][ T5327]  ? __pfx_unmap_page_range+0x10/0x10
[  103.256144][ T5327]  lock_acquire+0xf0/0x2e0
[  103.256157][ T5327]  ? refcount_dec_and_mutex_lock+0x30/0xa0
[  103.256176][ T5327]  __mutex_lock+0x19f/0x1300
[  103.256189][ T5327]  ? refcount_dec_and_mutex_lock+0x30/0xa0
[  103.256202][ T5327]  ? __lock_acquire+0x6b5/0x2cf0
[  103.256212][ T5327]  ? ring_buffer_get+0xa1/0x420
[  103.256225][ T5327]  ? refcount_dec_and_mutex_lock+0x30/0xa0
[  103.256240][ T5327]  ? __pfx___mutex_lock+0x10/0x10
[  103.256251][ T5327]  ? refcount_dec_not_one+0x11a/0x1a0
[  103.256266][ T5327]  ? __pfx_refcount_dec_not_one+0x10/0x10
[  103.256279][ T5327]  ? ring_buffer_get+0xa1/0x420
[  103.256290][ T5327]  ? __pfx_ring_buffer_get+0x10/0x10
[  103.256301][ T5327]  ? perf_mmap_close+0xc9/0xf90
[  103.256311][ T5327]  refcount_dec_and_mutex_lock+0x30/0xa0
[  103.256325][ T5327]  perf_mmap_close+0x953/0xf90
[  103.256335][ T5327]  ? perf_mmap_close+0xc9/0xf90
[  103.256344][ T5327]  ? __pfx___mutex_lock+0x10/0x10
[  103.256353][ T5327]  ? remap_pfn_range+0x148/0x1b0
[  103.256363][ T5327]  ? __pfx_perf_mmap_close+0x10/0x10
[  103.256373][ T5327]  ? map_range+0x20c/0x230
[  103.256384][ T5327]  perf_mmap+0x418/0x4b0
[  103.256394][ T5327]  mmap_region+0x18fe/0x2240
[  103.256411][ T5327]  ? __pfx_mmap_region+0x10/0x10
[  103.256426][ T5327]  ? perf_event_output_forward+0x3a6/0x480
[  103.256449][ T5327]  ? perf_swevent_event+0x714/0x7e0
[  103.256470][ T5327]  ? bpf_lsm_mmap_addr+0x9/0x50
[  103.256481][ T5327]  ? security_mmap_addr+0x71/0x240
[  103.256493][ T5327]  ? shmem_mapping+0xd/0x50
[  103.256507][ T5327]  ? memfd_check_seals_mmap+0xc5/0x200
[  103.256523][ T5327]  do_mmap+0xc39/0x10c0
[  103.256538][ T5327]  ? __pfx_do_mmap+0x10/0x10
[  103.256550][ T5327]  ? down_write_killable+0x180/0x240
[  103.256562][ T5327]  ? __pfx_down_write_killable+0x10/0x10
[  103.256573][ T5327]  ? apparmor_mmap_file+0x2da/0x3e0
[  103.256585][ T5327]  vm_mmap_pgoff+0x2c9/0x4f0
[  103.256597][ T5327]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  103.256607][ T5327]  ? __fget_files+0x2a/0x420
[  103.256621][ T5327]  ? __fget_files+0x3a0/0x420
[  103.256632][ T5327]  ? __fget_files+0x2a/0x420
[  103.256645][ T5327]  ksys_mmap_pgoff+0x51e/0x760
[  103.256661][ T5327]  do_syscall_64+0x14d/0xf80
[  103.256671][ T5327]  ? trace_irq_disable+0x3b/0x150
[  103.256687][ T5327]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.256697][ T5327]  ? clear_bhb_loop+0x40/0x90
[  103.256708][ T5327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.256718][ T5327] RIP: 0033:0x7f491e39c799
[  103.256730][ T5327] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  103.256739][ T5327] RSP: 002b:00007f491f241fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  103.256751][ T5327] RAX: ffffffffffffffda RBX: 00007f491e615fa0 RCX: 00007f491e39c799
[  103.256758][ T5327] RDX: 0000000002000003 RSI: 0000000000002000 RDI: 0000200000ffe000
[  103.256764][ T5327] RBP: 00007f491f242050 R08: 0000000000000003 R09: 0000000000000000
[  103.256770][ T5327] R10: 0000000000000013 R11: 0000000000000246 R12: 0000000000000002
[  103.256776][ T5327] R13: 00007f491e616038 R14: 00007f491e615fa0 R15: 00007ffc7b8b9638
[  103.256785][ T5327]  </TASK>
[  104.740600][   T45] Bluetooth: hci0: command tx timeout
[  106.822170][   T45] Bluetooth: hci0: command tx timeout
[  108.900200][   T45] Bluetooth: hci0: command tx timeout