program:
r0 = perf_event_open(&(0x7f0000002bc0)={0x2, 0x80, 0x49, 0x1, 0x0, 0x0, 0x0, 0x1, 0x14a69b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}, 0x402d, 0xc844, 0x410, 0x0, 0x7, 0x400002, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1000008, 0x13, r0, 0x0) (fail_nth: 12)
[ 85.013936][ T4664] Bluetooth: hci0: command tx timeout
[ 85.145791][ T5320] FAULT_INJECTION: forcing a failure.
[ 85.145791][ T5320] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[ 85.152520][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 85.152540][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 85.152548][ T5320] Call Trace:
[ 85.152557][ T5320]
[ 85.152563][ T5320] dump_stack_lvl+0xe8/0x150
[ 85.152688][ T5320] should_fail_ex+0x412/0x560
[ 85.152744][ T5320] prepare_alloc_pages+0x22a/0x650
[ 85.152786][ T5320] __alloc_frozen_pages_noprof+0x12f/0x380
[ 85.152806][ T5320] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 85.152824][ T5320] ? __pfx_policy_nodemask+0x10/0x10
[ 85.152843][ T5320] ? pagerange_is_ram_callback+0xe3/0x140
[ 85.152857][ T5320] ? __pfx_pagerange_is_ram_callback+0x10/0x10
[ 85.152873][ T5320] ? walk_system_ram_range+0x2e4/0x300
[ 85.152899][ T5320] alloc_pages_mpol+0x232/0x4a0
[ 85.152916][ T5320] alloc_pages_noprof+0xa8/0x190
[ 85.152943][ T5320] pte_alloc_one+0x23/0x370
[ 85.152963][ T5320] ? __pte_alloc+0x1d/0x430
[ 85.152981][ T5320] __pte_alloc+0x25/0x430
[ 85.152994][ T5320] ? pfnmap_setup_cachemode+0xb1/0xf0
[ 85.153010][ T5320] do_remap_pfn_range+0xbe6/0x1250
[ 85.153048][ T5320] ? __pfx_do_remap_pfn_range+0x10/0x10
[ 85.153063][ T5320] ? __lock_acquire+0x6b5/0x2cf0
[ 85.153088][ T5320] ? perf_event_update_userpage+0x33/0x6a0
[ 85.153111][ T5320] ? __pfx___vma_start_exclude_readers+0x10/0x10
[ 85.153132][ T5320] ? perf_mmap_rb+0xaf4/0xd30
[ 85.153147][ T5320] ? __pfx___mutex_lock+0x10/0x10
[ 85.153331][ T5320] ? remap_pfn_range+0x148/0x1b0
[ 85.153346][ T5320] ? __phys_addr+0xd3/0x180
[ 85.153360][ T5320] ? perf_mmap_to_page+0x181/0x1e0
[ 85.153380][ T5320] map_range+0x199/0x230
[ 85.153402][ T5320] perf_mmap+0x3f9/0x4b0
[ 85.153449][ T5320] mmap_region+0x18fe/0x2240
[ 85.153484][ T5320] ? __pfx_mmap_region+0x10/0x10
[ 85.153514][ T5320] ? perf_event_output_forward+0x3a6/0x480
[ 85.153572][ T5320] ? perf_swevent_event+0x714/0x7e0
[ 85.153618][ T5320] ? bpf_lsm_mmap_addr+0x9/0x50
[ 85.153632][ T5320] ? security_mmap_addr+0x71/0x240
[ 85.153657][ T5320] ? shmem_mapping+0xd/0x50
[ 85.153673][ T5320] ? memfd_check_seals_mmap+0xc5/0x200
[ 85.153695][ T5320] do_mmap+0xc39/0x10c0
[ 85.153723][ T5320] ? __pfx_do_mmap+0x10/0x10
[ 85.153739][ T5320] ? down_write_killable+0x180/0x240
[ 85.153756][ T5320] ? __pfx_down_write_killable+0x10/0x10
[ 85.153770][ T5320] ? apparmor_mmap_file+0x2da/0x3e0
[ 85.153794][ T5320] vm_mmap_pgoff+0x2c9/0x4f0
[ 85.153820][ T5320] ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 85.153837][ T5320] ? __fget_files+0x2a/0x420
[ 85.153858][ T5320] ? __fget_files+0x3a0/0x420
[ 85.153874][ T5320] ? __fget_files+0x2a/0x420
[ 85.153894][ T5320] ksys_mmap_pgoff+0x51e/0x760
[ 85.153919][ T5320] do_syscall_64+0x14d/0xf80
[ 85.153953][ T5320] ? trace_irq_disable+0x3b/0x150
[ 85.153973][ T5320] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.153988][ T5320] ? clear_bhb_loop+0x40/0x90
[ 85.154005][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.154021][ T5320] RIP: 0033:0x7f59be79c799
[ 85.154038][ T5320] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 85.154049][ T5320] RSP: 002b:00007f59babf4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 85.154066][ T5320] RAX: ffffffffffffffda RBX: 00007f59bea15fa0 RCX: 00007f59be79c799
[ 85.154076][ T5320] RDX: 0000000001000008 RSI: 0000000000002000 RDI: 0000200000ffe000
[ 85.154085][ T5320] RBP: 00007f59babf5050 R08: 0000000000000003 R09: 0000000000000000
[ 85.154092][ T5320] R10: 0000000000000013 R11: 0000000000000246 R12: 0000000000000002
[ 85.154100][ T5320] R13: 00007f59bea16038 R14: 00007f59bea15fa0 R15: 00007ffdf6b3ed98
[ 85.154122][ T5320]
[ 85.459426][ T5320]
[ 85.460578][ T5320] ============================================
[ 85.463283][ T5320] WARNING: possible recursive locking detected
[ 85.465914][ T5320] syzkaller #0 Not tainted
[ 85.467985][ T5320] --------------------------------------------
[ 85.472332][ T5320] syz.0.0/5320 is trying to acquire lock:
[ 85.475903][ T5320] ffff888012f3c9e0 (&event->mmap_mutex){+.+.}-{4:4}, at: refcount_dec_and_mutex_lock+0x30/0xa0
[ 85.480430][ T5320]
[ 85.480430][ T5320] but task is already holding lock:
[ 85.483662][ T5320] ffff888012f3c9e0 (&event->mmap_mutex){+.+.}-{4:4}, at: perf_mmap+0x1bb/0x4b0
[ 85.487448][ T5320]
[ 85.487448][ T5320] other info that might help us debug this:
[ 85.490676][ T5320] Possible unsafe locking scenario:
[ 85.490676][ T5320]
[ 85.494271][ T5320] CPU0
[ 85.496240][ T5320] ----
[ 85.498741][ T5320] lock(&event->mmap_mutex);
[ 85.501125][ T5320] lock(&event->mmap_mutex);
[ 85.503207][ T5320]
[ 85.503207][ T5320] *** DEADLOCK ***
[ 85.503207][ T5320]
[ 85.507084][ T5320] May be due to missing lock nesting notation
[ 85.507084][ T5320]
[ 85.510973][ T5320] 2 locks held by syz.0.0/5320:
[ 85.513220][ T5320] #0: ffff888011c2c080 (&mm->mmap_lock){++++}-{4:4}, at: vm_mmap_pgoff+0x234/0x4f0
[ 85.518216][ T5320] #1: ffff888012f3c9e0 (&event->mmap_mutex){+.+.}-{4:4}, at: perf_mmap+0x1bb/0x4b0
[ 85.522710][ T5320]
[ 85.522710][ T5320] stack backtrace:
[ 85.525377][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 85.525398][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 85.525405][ T5320] Call Trace:
[ 85.525439][ T5320]
[ 85.525447][ T5320] dump_stack_lvl+0xe8/0x150
[ 85.525470][ T5320] print_deadlock_bug+0x279/0x290
[ 85.525487][ T5320] __lock_acquire+0x253f/0x2cf0
[ 85.525503][ T5320] ? zap_page_range_single_batched+0x5b7/0x740
[ 85.525517][ T5320] ? __pfx_unmap_page_range+0x10/0x10
[ 85.525528][ T5320] lock_acquire+0xf0/0x2e0
[ 85.525539][ T5320] ? refcount_dec_and_mutex_lock+0x30/0xa0
[ 85.525557][ T5320] __mutex_lock+0x19f/0x1300
[ 85.525573][ T5320] ? refcount_dec_and_mutex_lock+0x30/0xa0
[ 85.525586][ T5320] ? __lock_acquire+0x6b5/0x2cf0
[ 85.525598][ T5320] ? ring_buffer_get+0xa1/0x420
[ 85.525611][ T5320] ? refcount_dec_and_mutex_lock+0x30/0xa0
[ 85.525625][ T5320] ? __pfx___mutex_lock+0x10/0x10
[ 85.525639][ T5320] ? refcount_dec_not_one+0x11a/0x1a0
[ 85.525652][ T5320] ? __pfx_refcount_dec_not_one+0x10/0x10
[ 85.525664][ T5320] ? ring_buffer_get+0xa1/0x420
[ 85.525676][ T5320] ? __pfx_ring_buffer_get+0x10/0x10
[ 85.525688][ T5320] ? perf_mmap_close+0xc9/0xf90
[ 85.525699][ T5320] refcount_dec_and_mutex_lock+0x30/0xa0
[ 85.525713][ T5320] perf_mmap_close+0x953/0xf90
[ 85.525725][ T5320] ? perf_mmap_close+0xc9/0xf90
[ 85.525734][ T5320] ? __pfx___mutex_lock+0x10/0x10
[ 85.525747][ T5320] ? remap_pfn_range+0x148/0x1b0
[ 85.525758][ T5320] ? __pfx_perf_mmap_close+0x10/0x10
[ 85.525769][ T5320] ? map_range+0x20c/0x230
[ 85.525780][ T5320] perf_mmap+0x418/0x4b0
[ 85.525789][ T5320] mmap_region+0x18fe/0x2240
[ 85.525806][ T5320] ? __pfx_mmap_region+0x10/0x10
[ 85.525822][ T5320] ? perf_event_output_forward+0x3a6/0x480
[ 85.525846][ T5320] ? perf_swevent_event+0x714/0x7e0
[ 85.525866][ T5320] ? bpf_lsm_mmap_addr+0x9/0x50
[ 85.525878][ T5320] ? security_mmap_addr+0x71/0x240
[ 85.525894][ T5320] ? shmem_mapping+0xd/0x50
[ 85.525906][ T5320] ? memfd_check_seals_mmap+0xc5/0x200
[ 85.525920][ T5320] do_mmap+0xc39/0x10c0
[ 85.525935][ T5320] ? __pfx_do_mmap+0x10/0x10
[ 85.525955][ T5320] ? down_write_killable+0x180/0x240
[ 85.525965][ T5320] ? __pfx_down_write_killable+0x10/0x10
[ 85.525976][ T5320] ? apparmor_mmap_file+0x2da/0x3e0
[ 85.525994][ T5320] vm_mmap_pgoff+0x2c9/0x4f0
[ 85.526010][ T5320] ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 85.526021][ T5320] ? __fget_files+0x2a/0x420
[ 85.526035][ T5320] ? __fget_files+0x3a0/0x420
[ 85.526047][ T5320] ? __fget_files+0x2a/0x420
[ 85.526057][ T5320] ksys_mmap_pgoff+0x51e/0x760
[ 85.526071][ T5320] do_syscall_64+0x14d/0xf80
[ 85.526087][ T5320] ? trace_irq_disable+0x3b/0x150
[ 85.526103][ T5320] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.526113][ T5320] ? clear_bhb_loop+0x40/0x90
[ 85.526123][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.526133][ T5320] RIP: 0033:0x7f59be79c799
[ 85.526146][ T5320] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 85.526155][ T5320] RSP: 002b:00007f59babf4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 85.526167][ T5320] RAX: ffffffffffffffda RBX: 00007f59bea15fa0 RCX: 00007f59be79c799
[ 85.526174][ T5320] RDX: 0000000001000008 RSI: 0000000000002000 RDI: 0000200000ffe000
[ 85.526181][ T5320] RBP: 00007f59babf5050 R08: 0000000000000003 R09: 0000000000000000
[ 85.526187][ T5320] R10: 0000000000000013 R11: 0000000000000246 R12: 0000000000000002
[ 85.526193][ T5320] R13: 00007f59bea16038 R14: 00007f59bea15fa0 R15: 00007ffdf6b3ed98
[ 85.526203][ T5320]
[ 87.073764][ T4664] Bluetooth: hci0: command tx timeout
[ 89.154091][ T4664] Bluetooth: hci0: command tx timeout
[ 91.233336][ T4664] Bluetooth: hci0: command tx timeout