program:
r0 = perf_event_open(&(0x7f0000002bc0)={0x2, 0x80, 0x49, 0x1, 0x0, 0x0, 0x0, 0x1, 0x15e23a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x402d, 0xc841, 0x410, 0x0, 0x7, 0x400002, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1000008, 0x13, r0, 0x0) (fail_nth: 10)

[  102.040033][ T5308] Bluetooth: hci0: command tx timeout
[  102.131590][ T5331] FAULT_INJECTION: forcing a failure.
[  102.131590][ T5331] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  102.319212][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  102.319226][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  102.319231][ T5331] Call Trace:
[  102.319235][ T5331]  <TASK>
[  102.319239][ T5331]  dump_stack_lvl+0xe8/0x150
[  102.319410][ T5331]  should_fail_ex+0x412/0x560
[  102.319475][ T5331]  prepare_alloc_pages+0x22a/0x650
[  102.319503][ T5331]  __alloc_frozen_pages_noprof+0x12f/0x380
[  102.319513][ T5331]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  102.319544][ T5331]  ? __pfx_policy_nodemask+0x10/0x10
[  102.319559][ T5331]  ? walk_system_ram_range+0x2e4/0x300
[  102.319590][ T5331]  ? __pfx_pagerange_is_ram_callback+0x10/0x10
[  102.319604][ T5331]  alloc_pages_mpol+0x232/0x4a0
[  102.319615][ T5331]  alloc_pages_noprof+0xa8/0x1a0
[  102.319625][ T5331]  pte_alloc_one+0x22/0x370
[  102.319639][ T5331]  __pte_alloc+0x25/0x1a0
[  102.319647][ T5331]  ? pfnmap_setup_cachemode+0xb1/0xf0
[  102.319656][ T5331]  do_remap_pfn_range+0xbe6/0x1250
[  102.319676][ T5331]  ? __pfx_do_remap_pfn_range+0x10/0x10
[  102.319685][ T5331]  ? __lock_acquire+0x6b5/0x2cf0
[  102.319705][ T5331]  ? perf_event_update_userpage+0x33/0x6a0
[  102.319719][ T5331]  ? __pfx___vma_start_exclude_readers+0x10/0x10
[  102.319731][ T5331]  ? perf_mmap_rb+0xaf4/0xd30
[  102.319741][ T5331]  ? __pfx___mutex_lock+0x10/0x10
[  102.319806][ T5331]  ? remap_pfn_range+0x148/0x1b0
[  102.319818][ T5331]  ? __phys_addr+0xd3/0x180
[  102.319829][ T5331]  ? perf_mmap_to_page+0x181/0x1e0
[  102.319846][ T5331]  map_range+0x199/0x230
[  102.319864][ T5331]  perf_mmap+0x3f9/0x4b0
[  102.319877][ T5331]  mmap_region+0x18fe/0x2240
[  102.319893][ T5331]  ? __pfx_mmap_region+0x10/0x10
[  102.319911][ T5331]  ? perf_event_output_forward+0x3a6/0x480
[  102.319942][ T5331]  ? perf_swevent_event+0x714/0x7e0
[  102.319968][ T5331]  ? bpf_lsm_mmap_addr+0x9/0x50
[  102.319978][ T5331]  ? security_mmap_addr+0x71/0x240
[  102.320014][ T5331]  ? shmem_mapping+0xd/0x50
[  102.320047][ T5331]  ? memfd_check_seals_mmap+0xc5/0x200
[  102.320082][ T5331]  do_mmap+0xc39/0x10c0
[  102.320098][ T5331]  ? __pfx_do_mmap+0x10/0x10
[  102.320107][ T5331]  ? down_write_killable+0x180/0x240
[  102.320120][ T5331]  ? __pfx_down_write_killable+0x10/0x10
[  102.320131][ T5331]  ? apparmor_mmap_file+0x2da/0x3e0
[  102.320143][ T5331]  vm_mmap_pgoff+0x2c9/0x4f0
[  102.320158][ T5331]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  102.320168][ T5331]  ? __fget_files+0x2a/0x420
[  102.320181][ T5331]  ? __fget_files+0x3a0/0x420
[  102.320191][ T5331]  ? __fget_files+0x2a/0x420
[  102.320203][ T5331]  ksys_mmap_pgoff+0x51e/0x760
[  102.320217][ T5331]  do_syscall_64+0x14d/0xf80
[  102.320226][ T5331]  ? trace_irq_disable+0x3b/0x150
[  102.320234][ T5331]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.320242][ T5331]  ? clear_bhb_loop+0x40/0x90
[  102.320253][ T5331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.320260][ T5331] RIP: 0033:0x7fe1bfd9c819
[  102.320269][ T5331] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  102.320276][ T5331] RSP: 002b:00007fe1c0bccfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  102.320287][ T5331] RAX: ffffffffffffffda RBX: 00007fe1c0015fa0 RCX: 00007fe1bfd9c819
[  102.320293][ T5331] RDX: 0000000001000008 RSI: 0000000000002000 RDI: 0000200000ffe000
[  102.320299][ T5331] RBP: 00007fe1c0bcd050 R08: 0000000000000003 R09: 0000000000000000
[  102.320306][ T5331] R10: 0000000000000013 R11: 0000000000000246 R12: 0000000000000002
[  102.320313][ T5331] R13: 00007fe1c0016038 R14: 00007fe1c0015fa0 R15: 00007ffc981e1f08
[  102.320330][ T5331]  </TASK>
[  102.556620][ T5331] 
[  102.557683][ T5331] ============================================
[  102.560053][ T5331] WARNING: possible recursive locking detected
[  102.562520][ T5331] syzkaller #0 Not tainted
[  102.564050][ T5331] --------------------------------------------
[  102.566432][ T5331] syz.0.0/5331 is trying to acquire lock:
[  102.568579][ T5331] ffff888040d489e0 (&event->mmap_mutex){+.+.}-{4:4}, at: refcount_dec_and_mutex_lock+0x30/0xa0
[  102.573436][ T5331] 
[  102.573436][ T5331] but task is already holding lock:
[  102.576627][ T5331] ffff888040d489e0 (&event->mmap_mutex){+.+.}-{4:4}, at: perf_mmap+0x1bb/0x4b0
[  102.580212][ T5331] 
[  102.580212][ T5331] other info that might help us debug this:
[  102.583344][ T5331]  Possible unsafe locking scenario:
[  102.583344][ T5331] 
[  102.586869][ T5331]        CPU0
[  102.588976][ T5331]        ----
[  102.590614][ T5331]   lock(&event->mmap_mutex);
[  102.592847][ T5331]   lock(&event->mmap_mutex);
[  102.594853][ T5331] 
[  102.594853][ T5331]  *** DEADLOCK ***
[  102.594853][ T5331] 
[  102.598099][ T5331]  May be due to missing lock nesting notation
[  102.598099][ T5331] 
[  102.601691][ T5331] 2 locks held by syz.0.0/5331:
[  102.604013][ T5331]  #0: ffff88801ac7d900 (&mm->mmap_lock){++++}-{4:4}, at: vm_mmap_pgoff+0x234/0x4f0
[  102.609118][ T5331]  #1: ffff888040d489e0 (&event->mmap_mutex){+.+.}-{4:4}, at: perf_mmap+0x1bb/0x4b0
[  102.613137][ T5331] 
[  102.613137][ T5331] stack backtrace:
[  102.615713][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  102.615729][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  102.615737][ T5331] Call Trace:
[  102.615746][ T5331]  <TASK>
[  102.615753][ T5331]  dump_stack_lvl+0xe8/0x150
[  102.615772][ T5331]  print_deadlock_bug+0x279/0x290
[  102.615797][ T5331]  __lock_acquire+0x253f/0x2cf0
[  102.615812][ T5331]  ? zap_page_range_single_batched+0x5b7/0x740
[  102.615821][ T5331]  ? __pfx_unmap_page_range+0x10/0x10
[  102.615828][ T5331]  lock_acquire+0xf0/0x2e0
[  102.615837][ T5331]  ? refcount_dec_and_mutex_lock+0x30/0xa0
[  102.615849][ T5331]  __mutex_lock+0x19f/0x1300
[  102.615859][ T5331]  ? refcount_dec_and_mutex_lock+0x30/0xa0
[  102.615865][ T5331]  ? __lock_acquire+0x6b5/0x2cf0
[  102.615877][ T5331]  ? ring_buffer_get+0xa1/0x420
[  102.615888][ T5331]  ? refcount_dec_and_mutex_lock+0x30/0xa0
[  102.615898][ T5331]  ? __pfx___mutex_lock+0x10/0x10
[  102.615909][ T5331]  ? refcount_dec_not_one+0x11a/0x1a0
[  102.615920][ T5331]  ? __pfx_refcount_dec_not_one+0x10/0x10
[  102.615929][ T5331]  ? ring_buffer_get+0xa1/0x420
[  102.615940][ T5331]  ? __pfx_ring_buffer_get+0x10/0x10
[  102.615951][ T5331]  ? perf_mmap_close+0xc9/0xf90
[  102.615962][ T5331]  refcount_dec_and_mutex_lock+0x30/0xa0
[  102.615973][ T5331]  perf_mmap_close+0x953/0xf90
[  102.615984][ T5331]  ? perf_mmap_close+0xc9/0xf90
[  102.615994][ T5331]  ? __pfx___mutex_lock+0x10/0x10
[  102.616006][ T5331]  ? remap_pfn_range+0x148/0x1b0
[  102.616017][ T5331]  ? __pfx_perf_mmap_close+0x10/0x10
[  102.616024][ T5331]  ? map_range+0x20c/0x230
[  102.616031][ T5331]  perf_mmap+0x418/0x4b0
[  102.616038][ T5331]  mmap_region+0x18fe/0x2240
[  102.616049][ T5331]  ? __pfx_mmap_region+0x10/0x10
[  102.616059][ T5331]  ? perf_event_output_forward+0x3a6/0x480
[  102.616075][ T5331]  ? perf_swevent_event+0x714/0x7e0
[  102.616092][ T5331]  ? bpf_lsm_mmap_addr+0x9/0x50
[  102.616104][ T5331]  ? security_mmap_addr+0x71/0x240
[  102.616118][ T5331]  ? shmem_mapping+0xd/0x50
[  102.616129][ T5331]  ? memfd_check_seals_mmap+0xc5/0x200
[  102.616144][ T5331]  do_mmap+0xc39/0x10c0
[  102.616158][ T5331]  ? __pfx_do_mmap+0x10/0x10
[  102.616169][ T5331]  ? down_write_killable+0x180/0x240
[  102.616184][ T5331]  ? __pfx_down_write_killable+0x10/0x10
[  102.616196][ T5331]  ? apparmor_mmap_file+0x2da/0x3e0
[  102.616208][ T5331]  vm_mmap_pgoff+0x2c9/0x4f0
[  102.616222][ T5331]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  102.616234][ T5331]  ? __fget_files+0x2a/0x420
[  102.616249][ T5331]  ? __fget_files+0x3a0/0x420
[  102.616261][ T5331]  ? __fget_files+0x2a/0x420
[  102.616274][ T5331]  ksys_mmap_pgoff+0x51e/0x760
[  102.616289][ T5331]  do_syscall_64+0x14d/0xf80
[  102.616302][ T5331]  ? trace_irq_disable+0x3b/0x150
[  102.616309][ T5331]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.616316][ T5331]  ? clear_bhb_loop+0x40/0x90
[  102.616323][ T5331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.616330][ T5331] RIP: 0033:0x7fe1bfd9c819
[  102.616339][ T5331] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  102.616345][ T5331] RSP: 002b:00007fe1c0bccfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  102.616360][ T5331] RAX: ffffffffffffffda RBX: 00007fe1c0015fa0 RCX: 00007fe1bfd9c819
[  102.616366][ T5331] RDX: 0000000001000008 RSI: 0000000000002000 RDI: 0000200000ffe000
[  102.616372][ T5331] RBP: 00007fe1c0bcd050 R08: 0000000000000003 R09: 0000000000000000
[  102.616378][ T5331] R10: 0000000000000013 R11: 0000000000000246 R12: 0000000000000002
[  102.616384][ T5331] R13: 00007fe1c0016038 R14: 00007fe1c0015fa0 R15: 00007ffc981e1f08
[  102.616395][ T5331]  </TASK>
[  104.108958][ T5308] Bluetooth: hci0: command tx timeout
[  106.189214][ T5308] Bluetooth: hci0: command tx timeout
[  108.269429][ T5308] Bluetooth: hci0: command tx timeout