program:
r0 = perf_event_open(&(0x7f0000000040)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0)
mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) (fail_nth: 13)

[   96.857563][ T4668] Bluetooth: hci0: command tx timeout
[   97.050392][ T5326] bridge_slave_0: left allmulticast mode
[   97.056872][ T5326] bridge_slave_0: left promiscuous mode
[   97.073460][ T5326] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.094008][ T5327] FAULT_INJECTION: forcing a failure.
[   97.094008][ T5327] name failslab, interval 1, probability 0, space 0, times 1
[   97.105749][ T5326] bridge_slave_1: left allmulticast mode
[   97.108174][ T5326] bridge_slave_1: left promiscuous mode
[   97.112173][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   97.112196][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   97.112205][ T5327] Call Trace:
[   97.112213][ T5327]  <TASK>
[   97.112220][ T5327]  dump_stack_lvl+0xe8/0x150
[   97.112360][ T5327]  should_fail_ex+0x412/0x560
[   97.112418][ T5327]  should_failslab+0xa8/0x100
[   97.112434][ T5327]  __kmalloc_cache_noprof+0x88/0x660
[   97.112454][ T5327]  ? do_remap_pfn_range+0x103e/0x1250
[   97.112469][ T5327]  ? __lock_acquire+0x6b5/0x2cf0
[   97.112489][ T5327]  do_remap_pfn_range+0x103e/0x1250
[   97.112511][ T5327]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   97.112575][ T5327]  ? lockdep_hardirqs_on+0x7a/0x110
[   97.112594][ T5327]  ? using_native_sched_clock+0x9/0x20
[   97.112609][ T5327]  ? arch_perf_update_userpage+0x2cf/0x3c0
[   97.112631][ T5327]  ? perf_event_update_userpage+0x33/0x6a0
[   97.112654][ T5327]  ? __pfx_do_remap_pfn_range+0x10/0x10
[   97.112670][ T5327]  ? __lock_acquire+0x6b5/0x2cf0
[   97.112694][ T5327]  ? perf_event_update_userpage+0x33/0x6a0
[   97.112718][ T5327]  ? __pfx___vma_start_exclude_readers+0x10/0x10
[   97.112741][ T5327]  ? perf_mmap_rb+0xaf4/0xd30
[   97.112758][ T5327]  ? __pfx___mutex_lock+0x10/0x10
[   97.112781][ T5327]  ? remap_pfn_range+0x148/0x1b0
[   97.112798][ T5327]  ? __phys_addr+0xd3/0x180
[   97.112815][ T5327]  ? perf_mmap_to_page+0x181/0x1e0
[   97.112838][ T5327]  map_range+0x199/0x230
[   97.112864][ T5327]  perf_mmap+0x3f9/0x4b0
[   97.112883][ T5327]  mmap_region+0x18fe/0x2240
[   97.112927][ T5327]  ? __pfx_mmap_region+0x10/0x10
[   97.112962][ T5327]  ? unwind_next_frame+0xa5/0x23c0
[   97.112984][ T5327]  ? rcu_is_watching+0x15/0xb0
[   97.113017][ T5327]  ? __bfs+0x153/0x290
[   97.113035][ T5327]  ? __pfx_hlock_conflict+0x10/0x10
[   97.113133][ T5327]  ? bpf_lsm_mmap_addr+0x9/0x50
[   97.113149][ T5327]  ? security_mmap_addr+0x71/0x240
[   97.113176][ T5327]  ? shmem_mapping+0xd/0x50
[   97.113194][ T5327]  ? memfd_check_seals_mmap+0xc5/0x200
[   97.113218][ T5327]  do_mmap+0xc39/0x10c0
[   97.113251][ T5327]  ? __pfx_do_mmap+0x10/0x10
[   97.113269][ T5327]  ? down_write_killable+0x180/0x240
[   97.113289][ T5327]  ? __pfx_down_write_killable+0x10/0x10
[   97.113305][ T5327]  ? apparmor_mmap_file+0x2da/0x3e0
[   97.113334][ T5327]  vm_mmap_pgoff+0x2c9/0x4f0
[   97.113363][ T5327]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[   97.113384][ T5327]  ? __fget_files+0x2a/0x420
[   97.113409][ T5327]  ? __fget_files+0x3a0/0x420
[   97.113428][ T5327]  ? __fget_files+0x2a/0x420
[   97.113452][ T5327]  ksys_mmap_pgoff+0x51e/0x760
[   97.113479][ T5327]  do_syscall_64+0x14d/0xf80
[   97.113503][ T5327]  ? trace_irq_disable+0x3b/0x150
[   97.113525][ T5327]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.113542][ T5327]  ? clear_bhb_loop+0x40/0x90
[   97.113562][ T5327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.113577][ T5327] RIP: 0033:0x7f781b59c799
[   97.113614][ T5327] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   97.113625][ T5327] RSP: 002b:00007f781c518fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   97.113642][ T5327] RAX: ffffffffffffffda RBX: 00007f781b816090 RCX: 00007f781b59c799
[   97.113653][ T5327] RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000200000ffd000
[   97.113661][ T5327] RBP: 00007f781c519050 R08: 0000000000000003 R09: 0000000000000000
[   97.113670][ T5327] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000002
[   97.113678][ T5327] R13: 00007f781b816128 R14: 00007f781b816090 R15: 00007fff42f958e8
[   97.113704][ T5327]  </TASK>
[   97.113780][ T5327] 
[   97.286250][ T5327] ============================================
[   97.289374][ T5327] WARNING: possible recursive locking detected
[   97.292125][ T5327] syzkaller #0 Not tainted
[   97.294135][ T5327] --------------------------------------------
[   97.297189][ T5327] syz.0.0/5327 is trying to acquire lock:
[   97.300247][ T5327] ffff8880118e49e0 (&event->mmap_mutex){+.+.}-{4:4}, at: refcount_dec_and_mutex_lock+0x30/0xa0
[   97.305262][ T5327] 
[   97.305262][ T5327] but task is already holding lock:
[   97.308559][ T5327] ffff8880118e49e0 (&event->mmap_mutex){+.+.}-{4:4}, at: perf_mmap+0x1bb/0x4b0
[   97.313544][ T5327] 
[   97.313544][ T5327] other info that might help us debug this:
[   97.318185][ T5327]  Possible unsafe locking scenario:
[   97.318185][ T5327] 
[   97.321547][ T5327]        CPU0
[   97.323056][ T5327]        ----
[   97.324620][ T5327]   lock(&event->mmap_mutex);
[   97.326696][ T5327]   lock(&event->mmap_mutex);
[   97.328957][ T5327] 
[   97.328957][ T5327]  *** DEADLOCK ***
[   97.328957][ T5327] 
[   97.332575][ T5327]  May be due to missing lock nesting notation
[   97.332575][ T5327] 
[   97.336238][ T5327] 2 locks held by syz.0.0/5327:
[   97.338348][ T5327]  #0: ffff88801ac84cc0 (&mm->mmap_lock){++++}-{4:4}, at: vm_mmap_pgoff+0x234/0x4f0
[   97.342499][ T5327]  #1: ffff8880118e49e0 (&event->mmap_mutex){+.+.}-{4:4}, at: perf_mmap+0x1bb/0x4b0
[   97.347177][ T5327] 
[   97.347177][ T5327] stack backtrace:
[   97.349709][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   97.349724][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   97.349731][ T5327] Call Trace:
[   97.349749][ T5327]  <TASK>
[   97.349755][ T5327]  dump_stack_lvl+0xe8/0x150
[   97.349778][ T5327]  print_deadlock_bug+0x279/0x290
[   97.349799][ T5327]  __lock_acquire+0x253f/0x2cf0
[   97.349816][ T5327]  ? __pfx_unmap_page_range+0x10/0x10
[   97.349829][ T5327]  lock_acquire+0xf0/0x2e0
[   97.349841][ T5327]  ? refcount_dec_and_mutex_lock+0x30/0xa0
[   97.349865][ T5327]  __mutex_lock+0x19f/0x1300
[   97.349882][ T5327]  ? refcount_dec_and_mutex_lock+0x30/0xa0
[   97.349895][ T5327]  ? __lock_acquire+0x6b5/0x2cf0
[   97.349910][ T5327]  ? ring_buffer_get+0xa1/0x420
[   97.349922][ T5327]  ? refcount_dec_and_mutex_lock+0x30/0xa0
[   97.349937][ T5327]  ? __pfx___mutex_lock+0x10/0x10
[   97.349951][ T5327]  ? refcount_dec_not_one+0x11a/0x1a0
[   97.349963][ T5327]  ? __pfx_refcount_dec_not_one+0x10/0x10
[   97.349978][ T5327]  ? ring_buffer_get+0xa1/0x420
[   97.349988][ T5327]  ? __pfx_ring_buffer_get+0x10/0x10
[   97.350097][ T5327]  ? perf_mmap_close+0xc9/0xf90
[   97.350112][ T5327]  refcount_dec_and_mutex_lock+0x30/0xa0
[   97.350132][ T5327]  perf_mmap_close+0x953/0xf90
[   97.350143][ T5327]  ? perf_mmap_close+0xc9/0xf90
[   97.350153][ T5327]  ? __pfx___mutex_lock+0x10/0x10
[   97.350169][ T5327]  ? remap_pfn_range+0x148/0x1b0
[   97.350186][ T5327]  ? __pfx_perf_mmap_close+0x10/0x10
[   97.350197][ T5327]  ? map_range+0x20c/0x230
[   97.350210][ T5327]  perf_mmap+0x418/0x4b0
[   97.350221][ T5327]  mmap_region+0x18fe/0x2240
[   97.350241][ T5327]  ? __pfx_mmap_region+0x10/0x10
[   97.350257][ T5327]  ? unwind_next_frame+0xa5/0x23c0
[   97.350276][ T5327]  ? rcu_is_watching+0x15/0xb0
[   97.350294][ T5327]  ? __bfs+0x153/0x290
[   97.350309][ T5327]  ? __pfx_hlock_conflict+0x10/0x10
[   97.350343][ T5327]  ? bpf_lsm_mmap_addr+0x9/0x50
[   97.350356][ T5327]  ? security_mmap_addr+0x71/0x240
[   97.350375][ T5327]  ? shmem_mapping+0xd/0x50
[   97.350387][ T5327]  ? memfd_check_seals_mmap+0xc5/0x200
[   97.350403][ T5327]  do_mmap+0xc39/0x10c0
[   97.350425][ T5327]  ? __pfx_do_mmap+0x10/0x10
[   97.350438][ T5327]  ? down_write_killable+0x180/0x240
[   97.350450][ T5327]  ? __pfx_down_write_killable+0x10/0x10
[   97.350461][ T5327]  ? apparmor_mmap_file+0x2da/0x3e0
[   97.350480][ T5327]  vm_mmap_pgoff+0x2c9/0x4f0
[   97.350496][ T5327]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[   97.350509][ T5327]  ? __fget_files+0x2a/0x420
[   97.350526][ T5327]  ? __fget_files+0x3a0/0x420
[   97.350539][ T5327]  ? __fget_files+0x2a/0x420
[   97.350552][ T5327]  ksys_mmap_pgoff+0x51e/0x760
[   97.350570][ T5327]  do_syscall_64+0x14d/0xf80
[   97.350588][ T5327]  ? trace_irq_disable+0x3b/0x150
[   97.350606][ T5327]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.350619][ T5327]  ? clear_bhb_loop+0x40/0x90
[   97.350631][ T5327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.350643][ T5327] RIP: 0033:0x7f781b59c799
[   97.350658][ T5327] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   97.350667][ T5327] RSP: 002b:00007f781c518fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   97.350682][ T5327] RAX: ffffffffffffffda RBX: 00007f781b816090 RCX: 00007f781b59c799
[   97.350691][ T5327] RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000200000ffd000
[   97.350701][ T5327] RBP: 00007f781c519050 R08: 0000000000000003 R09: 0000000000000000
[   97.350707][ T5327] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000002
[   97.350714][ T5327] R13: 00007f781b816128 R14: 00007f781b816090 R15: 00007fff42f958e8
[   97.350725][ T5327]  </TASK>
[   97.559702][ T5326] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.567321][ T5326] bond0: (slave bond_slave_0): Releasing backup interface
[   97.575941][ T5326] bond0: (slave bond_slave_1): Releasing backup interface
[   97.585364][ T5326] team0: Port device team_slave_0 removed
[   97.590705][ T5326] team0: Port device team_slave_1 removed
[   97.595530][ T5326] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   97.599240][ T5326] batman_adv: batadv0: Removing interface: batadv_slave_0
[   97.605022][ T5326] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   97.609208][ T5326] batman_adv: batadv0: Removing interface: batadv_slave_1
[   97.614697][ T5326] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[   98.911880][ T4668] Bluetooth: hci0: command tx timeout
[  100.992061][ T4668] Bluetooth: hci0: command tx timeout