program:
r0 = perf_event_open(&(0x7f0000000040)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x3)
r1 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1})
ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0x40045612, &(0x7f0000000000)=0x1)
ioctl$vim2m_VIDIOC_DQBUF(r1, 0xc0585611, &(0x7f0000000040)=@overlay={0x0, 0x1, 0x4, 0x0, 0x1000, {}, {0x4, 0x0, 0x0, 0x1, 0x0, 0x0, "12848098"}, 0x3})
mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) (fail_nth: 15)
[ 102.602645][ T5290] Bluetooth: hci0: command tx timeout
[ 102.750017][ T5331] FAULT_INJECTION: forcing a failure.
[ 102.750017][ T5331] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[ 102.756286][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 102.756304][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 102.756311][ T5331] Call Trace:
[ 102.756317][ T5331]
[ 102.756323][ T5331] dump_stack_lvl+0xe8/0x150
[ 102.756411][ T5331] should_fail_ex+0x412/0x560
[ 102.756462][ T5331] prepare_alloc_pages+0x22a/0x650
[ 102.756485][ T5331] __alloc_frozen_pages_noprof+0x12f/0x380
[ 102.756502][ T5331] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 102.756521][ T5331] ? __pfx_policy_nodemask+0x10/0x10
[ 102.756542][ T5331] alloc_pages_mpol+0x235/0x490
[ 102.756561][ T5331] alloc_pages_noprof+0xac/0x2a0
[ 102.756577][ T5331] pte_alloc_one+0x22/0x370
[ 102.756593][ T5331] __pte_alloc+0x25/0x1a0
[ 102.756611][ T5331] do_remap_pfn_range+0xbe6/0x1250
[ 102.756649][ T5331] ? __lock_acquire+0x6b5/0x2cf0
[ 102.756662][ T5331] ? __pfx_do_remap_pfn_range+0x10/0x10
[ 102.756679][ T5331] ? __vma_start_exclude_readers+0x62f/0x940
[ 102.756695][ T5331] ? perf_event_update_userpage+0x33/0x6a0
[ 102.756716][ T5331] ? __pfx___vma_start_exclude_readers+0x10/0x10
[ 102.756729][ T5331] ? perf_mmap_rb+0xaf4/0xd30
[ 102.756744][ T5331] ? remap_pfn_range+0x148/0x1b0
[ 102.756758][ T5331] ? perf_mmap+0x2aa/0x490
[ 102.756771][ T5331] ? perf_mmap_to_page+0x181/0x1e0
[ 102.756783][ T5331] map_range+0x199/0x230
[ 102.756802][ T5331] perf_mmap+0x3ff/0x490
[ 102.756817][ T5331] mmap_region+0x19a3/0x22a0
[ 102.756844][ T5331] ? __pfx_mmap_region+0x10/0x10
[ 102.756863][ T5331] ? __lock_acquire+0x6b5/0x2cf0
[ 102.756875][ T5331] ? unwind_next_frame+0xa6/0x2550
[ 102.756895][ T5331] ? unwind_next_frame+0xa6/0x2550
[ 102.756908][ T5331] ? rcu_is_watching+0x15/0xb0
[ 102.756928][ T5331] ? __kasan_check_byte+0x12/0x40
[ 102.756947][ T5331] ? __bfs+0x153/0x290
[ 102.756960][ T5331] ? __pfx_hlock_conflict+0x10/0x10
[ 102.757020][ T5331] ? cap_mmap_addr+0xaf/0x100
[ 102.757037][ T5331] ? bpf_lsm_mmap_addr+0x9/0x50
[ 102.757053][ T5331] ? shmem_mapping+0xd/0x50
[ 102.757070][ T5331] ? memfd_check_seals_mmap+0xc5/0x200
[ 102.757085][ T5331] do_mmap+0xc39/0x10c0
[ 102.757104][ T5331] ? __pfx_do_mmap+0x10/0x10
[ 102.757113][ T5331] ? down_write_killable+0x180/0x240
[ 102.757173][ T5331] ? __pfx_down_write_killable+0x10/0x10
[ 102.757188][ T5331] ? apparmor_mmap_file+0x2da/0x3e0
[ 102.757209][ T5331] vm_mmap_pgoff+0x2c9/0x4f0
[ 102.757230][ T5331] ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 102.757247][ T5331] ? __fget_files+0x2a/0x420
[ 102.757262][ T5331] ? __fget_files+0x3a0/0x420
[ 102.757272][ T5331] ? __fget_files+0x2a/0x420
[ 102.757285][ T5331] ksys_mmap_pgoff+0x51e/0x760
[ 102.757299][ T5331] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 102.757312][ T5331] do_syscall_64+0x15f/0xf80
[ 102.757327][ T5331] ? clear_bhb_loop+0x40/0x90
[ 102.757340][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 102.757352][ T5331] RIP: 0033:0x7fc3a419cdd9
[ 102.757364][ T5331] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 102.757373][ T5331] RSP: 002b:00007fc3a4ff8fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 102.757386][ T5331] RAX: ffffffffffffffda RBX: 00007fc3a4416090 RCX: 00007fc3a419cdd9
[ 102.757394][ T5331] RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000200000ffd000
[ 102.757401][ T5331] RBP: 00007fc3a4ff9050 R08: 0000000000000003 R09: 0000000000000000
[ 102.757408][ T5331] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000002
[ 102.757414][ T5331] R13: 00007fc3a4416128 R14: 00007fc3a4416090 R15: 00007fff95312e08
[ 102.757432][ T5331]
[ 102.757494][ T5331]
[ 102.908515][ T5331] ============================================
[ 102.911161][ T5331] WARNING: possible recursive locking detected
[ 102.914045][ T5331] syzkaller #0 Not tainted
[ 102.915960][ T5331] --------------------------------------------
[ 102.918656][ T5331] syz.0.0/5331 is trying to acquire lock:
[ 102.921074][ T5331] ffff88801282c9c0 (&event->mmap_mutex){+.+.}-{4:4}, at: refcount_dec_and_mutex_lock+0x30/0xa0
[ 102.925434][ T5331]
[ 102.925434][ T5331] but task is already holding lock:
[ 102.928564][ T5331] ffff88801282c9c0 (&event->mmap_mutex){+.+.}-{4:4}, at: perf_mmap+0x1bb/0x490
[ 102.932334][ T5331]
[ 102.932334][ T5331] other info that might help us debug this:
[ 102.936074][ T5331] Possible unsafe locking scenario:
[ 102.936074][ T5331]
[ 102.939218][ T5331] CPU0
[ 102.940709][ T5331] ----
[ 102.942143][ T5331] lock(&event->mmap_mutex);
[ 102.944149][ T5331] lock(&event->mmap_mutex);
[ 102.946188][ T5331]
[ 102.946188][ T5331] *** DEADLOCK ***
[ 102.946188][ T5331]
[ 102.950111][ T5331] May be due to missing lock nesting notation
[ 102.950111][ T5331]
[ 102.954007][ T5331] 2 locks held by syz.0.0/5331:
[ 102.956392][ T5331] #0: ffff8880128c1bb8 (&mm->mmap_lock){++++}-{4:4}, at: vm_mmap_pgoff+0x234/0x4f0
[ 102.960496][ T5331] #1: ffff88801282c9c0 (&event->mmap_mutex){+.+.}-{4:4}, at: perf_mmap+0x1bb/0x490
[ 102.964438][ T5331]
[ 102.964438][ T5331] stack backtrace:
[ 102.967011][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 102.967025][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 102.967032][ T5331] Call Trace:
[ 102.967039][ T5331]
[ 102.967045][ T5331] dump_stack_lvl+0xe8/0x150
[ 102.967063][ T5331] print_deadlock_bug+0x279/0x290
[ 102.967079][ T5331] __lock_acquire+0x253f/0x2cf0
[ 102.967097][ T5331] ? refcount_dec_and_mutex_lock+0x30/0xa0
[ 102.967110][ T5331] lock_acquire+0x106/0x350
[ 102.967121][ T5331] ? refcount_dec_and_mutex_lock+0x30/0xa0
[ 102.967137][ T5331] __mutex_lock+0x1a3/0x1550
[ 102.967151][ T5331] ? refcount_dec_and_mutex_lock+0x30/0xa0
[ 102.967166][ T5331] ? ring_buffer_get+0xa1/0x420
[ 102.967182][ T5331] ? ring_buffer_get+0xa1/0x420
[ 102.967197][ T5331] ? refcount_dec_and_mutex_lock+0x30/0xa0
[ 102.967211][ T5331] ? __pfx___mutex_lock+0x10/0x10
[ 102.967223][ T5331] ? refcount_dec_not_one+0x11a/0x1a0
[ 102.967236][ T5331] ? __pfx_refcount_dec_not_one+0x10/0x10
[ 102.967249][ T5331] ? ring_buffer_get+0xa1/0x420
[ 102.967263][ T5331] ? __pfx_ring_buffer_get+0x10/0x10
[ 102.967277][ T5331] ? perf_mmap_close+0xc9/0xf90
[ 102.967292][ T5331] refcount_dec_and_mutex_lock+0x30/0xa0
[ 102.967306][ T5331] perf_mmap_close+0x953/0xf90
[ 102.967318][ T5331] ? perf_mmap_close+0xc9/0xf90
[ 102.967331][ T5331] ? remap_pfn_range+0x148/0x1b0
[ 102.967347][ T5331] ? __pfx_perf_mmap_close+0x10/0x10
[ 102.967360][ T5331] ? map_range+0x20a/0x230
[ 102.967374][ T5331] perf_mmap+0x41b/0x490
[ 102.967387][ T5331] mmap_region+0x19a3/0x22a0
[ 102.967406][ T5331] ? __pfx_mmap_region+0x10/0x10
[ 102.967422][ T5331] ? __lock_acquire+0x6b5/0x2cf0
[ 102.967433][ T5331] ? unwind_next_frame+0xa6/0x2550
[ 102.967448][ T5331] ? unwind_next_frame+0xa6/0x2550
[ 102.967459][ T5331] ? rcu_is_watching+0x15/0xb0
[ 102.967472][ T5331] ? __kasan_check_byte+0x12/0x40
[ 102.967486][ T5331] ? __bfs+0x153/0x290
[ 102.967496][ T5331] ? __pfx_hlock_conflict+0x10/0x10
[ 102.967523][ T5331] ? cap_mmap_addr+0xaf/0x100
[ 102.967540][ T5331] ? bpf_lsm_mmap_addr+0x9/0x50
[ 102.967557][ T5331] ? shmem_mapping+0xd/0x50
[ 102.967571][ T5331] ? memfd_check_seals_mmap+0xc5/0x200
[ 102.967583][ T5331] do_mmap+0xc39/0x10c0
[ 102.967596][ T5331] ? __pfx_do_mmap+0x10/0x10
[ 102.967605][ T5331] ? down_write_killable+0x180/0x240
[ 102.967627][ T5331] ? __pfx_down_write_killable+0x10/0x10
[ 102.967642][ T5331] ? apparmor_mmap_file+0x2da/0x3e0
[ 102.967659][ T5331] vm_mmap_pgoff+0x2c9/0x4f0
[ 102.967676][ T5331] ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 102.967692][ T5331] ? __fget_files+0x2a/0x420
[ 102.967703][ T5331] ? __fget_files+0x3a0/0x420
[ 102.967713][ T5331] ? __fget_files+0x2a/0x420
[ 102.967724][ T5331] ksys_mmap_pgoff+0x51e/0x760
[ 102.967735][ T5331] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 102.967747][ T5331] do_syscall_64+0x15f/0xf80
[ 102.967759][ T5331] ? clear_bhb_loop+0x40/0x90
[ 102.967771][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 102.967782][ T5331] RIP: 0033:0x7fc3a419cdd9
[ 102.967794][ T5331] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 102.967802][ T5331] RSP: 002b:00007fc3a4ff8fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 102.967814][ T5331] RAX: ffffffffffffffda RBX: 00007fc3a4416090 RCX: 00007fc3a419cdd9
[ 102.967821][ T5331] RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000200000ffd000
[ 102.967828][ T5331] RBP: 00007fc3a4ff9050 R08: 0000000000000003 R09: 0000000000000000
[ 102.967835][ T5331] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000002
[ 102.967841][ T5331] R13: 00007fc3a4416128 R14: 00007fc3a4416090 R15: 00007fff95312e08
[ 102.967851][ T5331]
[ 104.661388][ T5290] Bluetooth: hci0: command tx timeout
[ 106.741473][ T5290] Bluetooth: hci0: command tx timeout