program:
r0 = perf_event_open(&(0x7f0000000040)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x2000000}, 0x0, 0x0, 0xffffffffffffffff, 0x3)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x200000, &(0x7f0000000500), 0xfc, 0x57c, &(0x7f0000000680)="$eJzs3U1rG9caAOB3xnbifNxrB0K4t4tiyKIpaaTY7kcKXaTL0oYG2n0qbMUEy1Gw5BC7gSaLZtNNCYVSGijtvvsuQ/9Af0WgDYQSTLvoxmXkkaPEki078kei54Gxz5kZ+ZxXM+/xGY2EAuhbY9mPNOL/EfF1EjHSsm0w8o1jq/stP745lS1JrKx88mcSSb6uuX+S/z6SV/4XEb9+GXE6Xd9ubXFptlSplOfzejGSa8Xa4tKZK3OlmfJM+erE5OS5tyYn3n3n7Z7F+vrFv7/7+P4H5746ufztzw+P3U3ifBzNt7XG8RxutVbGYix/Tobi/DM7jvegsf0k2esOsC0DeZ4PRTYGjMRAnvVtrYzsZteAHfZFltZAn0rkP/Sp5jygeW3fo+vgF8aj91cvgNbHP7j62kgMN66NDi8nT10ZZde7oz1oP2vjlz/u3c2W6N3rEACbunU7Is4ODq4f/5J8/Nu+s13s82wbxj/YPfez+c8b7eY/6dr8J9rMf460yd3t2Dz/04c9aKajbP73Xtv579pNq9GBvPafxpxvKLl8pVLOxrb/RsSpGDqY1Te4n/NZuvxgpdPG1vlftmTtN+eCeT8eDh58+jHTpXrpuYJu8eh2xCtt57/J2vFP2hz/7Pm42GUbJ8r3Xu20bfP4d9bKjxGvtT3+T+5oZaVifa7T/cli43woNs+K9f66c+K3Tu3vdfzZ8T+8cfyjSev92trW2/hh+J9yp23bPf8PJJ82ygfydTdK9fr8eMSB5KP16yeePLZZb+6fxX/q5MbjX7vz/1CW2F3Gf+f4ndZdh7cW/87K4p/e0vHfeuHBh59/36n97o7/m43SqXxNN+Nftx18nucOAAAAAAAA9ps0Io5GkhbWymlaKKy+v+N4HE4r1Vr99OXqwtXpaHxWdjSG0uad7pGW90OM5++HbdYnnqlPRsSxiPhm4FCjXpiqVqb3OngAAAAAAAAAAAAAAAAAAADYJ45EDLf7/H/m94G97h2w4zb4ym/gJdc5//MtvfimJ2Bfas3/g3vYD2D3mf9D/+oi/9Pd6Aew+/z/h/4l/6F/yX/oX/If+tdW8v+nCzvYEQAAAAAAAAAAAAAAAAAAAAAAAAAAAHg5XLxwIVtWlh/fnMrq09cXF2ar189Ml2uzhbmFqcJUdf5aYaZanamUC1PVuc3+XqVavTY+EQs3ivVyrV6sLS5dmqsuXK1fujJXmilfKg/tSlQAAAAAAAAAAAAAAAAAAADwYqktLs2WKpXyvILCtgqD+6MbnQppfqLvl/68MIU9HpgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMW/AQAA//+LGzah")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
writev(r1, &(0x7f0000000f00)=[{&(0x7f0000000080)="0263d067af3a8cb95adad205719e8576b63c24c0d18631b204c82e6a5cf0f3532527e7c97a91f884e339f57e34f30e8e5164bcdddfdd92062d9a3025d29c3dfe", 0x40}], 0x1)
mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) (fail_nth: 12)

[   86.922228][ T5313] Bluetooth: hci0: command tx timeout
[   87.055468][ T5335] loop0: detected capacity change from 0 to 1024
[   87.156551][ T5335] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   87.191298][ T5335] FAULT_INJECTION: forcing a failure.
[   87.191298][ T5335] name failslab, interval 1, probability 0, space 0, times 1
[   87.202820][ T5335] CPU: 0 UID: 0 PID: 5335 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   87.202839][ T5335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   87.202845][ T5335] Call Trace:
[   87.202851][ T5335]  <TASK>
[   87.202855][ T5335]  dump_stack_lvl+0xe8/0x150
[   87.202946][ T5335]  should_fail_ex+0x412/0x560
[   87.202995][ T5335]  should_failslab+0xa8/0x100
[   87.203007][ T5335]  __kmalloc_cache_noprof+0x88/0x660
[   87.203039][ T5335]  ? __lock_acquire+0x6b5/0x2cf0
[   87.203054][ T5335]  ? do_remap_pfn_range+0x103e/0x1250
[   87.203070][ T5335]  do_remap_pfn_range+0x103e/0x1250
[   87.203081][ T5335]  ? __lock_acquire+0x6b5/0x2cf0
[   87.203100][ T5335]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   87.203144][ T5335]  ? using_native_sched_clock+0x9/0x20
[   87.203158][ T5335]  ? arch_perf_update_userpage+0x2cf/0x3c0
[   87.203172][ T5335]  ? perf_event_update_userpage+0x33/0x6a0
[   87.203186][ T5335]  ? perf_event_update_userpage+0x33/0x6a0
[   87.203201][ T5335]  ? __lock_acquire+0x6b5/0x2cf0
[   87.203215][ T5335]  ? __pfx_do_remap_pfn_range+0x10/0x10
[   87.203228][ T5335]  ? __vma_start_exclude_readers+0x62f/0x940
[   87.203246][ T5335]  ? perf_event_update_userpage+0x33/0x6a0
[   87.203256][ T5335]  ? __pfx___vma_start_exclude_readers+0x10/0x10
[   87.203265][ T5335]  ? perf_mmap_rb+0xaf4/0xd30
[   87.203275][ T5335]  ? remap_pfn_range+0x148/0x1b0
[   87.203285][ T5335]  ? perf_mmap+0x2aa/0x490
[   87.203295][ T5335]  ? perf_mmap_to_page+0x181/0x1e0
[   87.203309][ T5335]  map_range+0x199/0x230
[   87.203325][ T5335]  perf_mmap+0x3ff/0x490
[   87.203337][ T5335]  mmap_region+0x1ab2/0x2280
[   87.203361][ T5335]  ? __pfx_mmap_region+0x10/0x10
[   87.203376][ T5335]  ? __lock_acquire+0x6b5/0x2cf0
[   87.203391][ T5335]  ? unwind_next_frame+0xa6/0x2550
[   87.203405][ T5335]  ? unwind_next_frame+0xa6/0x2550
[   87.203414][ T5335]  ? rcu_is_watching+0x15/0xb0
[   87.203423][ T5335]  ? __kasan_check_byte+0x12/0x40
[   87.203444][ T5335]  ? __bfs+0x153/0x290
[   87.203452][ T5335]  ? __pfx_hlock_conflict+0x10/0x10
[   87.203507][ T5335]  ? cap_mmap_addr+0xaf/0x100
[   87.203518][ T5335]  ? bpf_lsm_mmap_addr+0x9/0x50
[   87.203526][ T5335]  ? shmem_mapping+0xd/0x50
[   87.203534][ T5335]  ? memfd_check_seals_mmap+0xc5/0x200
[   87.203544][ T5335]  do_mmap+0xc39/0x10c0
[   87.203557][ T5335]  ? __pfx_do_mmap+0x10/0x10
[   87.203565][ T5335]  ? down_write_killable+0x180/0x240
[   87.203573][ T5335]  ? __pfx_down_write_killable+0x10/0x10
[   87.203581][ T5335]  ? apparmor_mmap_file+0x2da/0x3e0
[   87.203594][ T5335]  vm_mmap_pgoff+0x2c9/0x4f0
[   87.203605][ T5335]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[   87.203614][ T5335]  ? __fget_files+0x2a/0x420
[   87.203624][ T5335]  ? __fget_files+0x3a0/0x420
[   87.203651][ T5335]  ? __fget_files+0x2a/0x420
[   87.203661][ T5335]  ksys_mmap_pgoff+0x51e/0x760
[   87.203671][ T5335]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.203679][ T5335]  do_syscall_64+0x15f/0xf80
[   87.203689][ T5335]  ? trace_irq_disable+0x3b/0x140
[   87.203701][ T5335]  ? clear_bhb_loop+0x40/0x90
[   87.203716][ T5335]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.203729][ T5335] RIP: 0033:0x7f1cedf9c819
[   87.203740][ T5335] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   87.203750][ T5335] RSP: 002b:00007f1ceeea9fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   87.203767][ T5335] RAX: ffffffffffffffda RBX: 00007f1cee215fa0 RCX: 00007f1cedf9c819
[   87.203774][ T5335] RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000200000ffd000
[   87.203784][ T5335] RBP: 00007f1ceeeaa050 R08: 0000000000000003 R09: 0000000000000000
[   87.203790][ T5335] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000002
[   87.203795][ T5335] R13: 00007f1cee216038 R14: 00007f1cee215fa0 R15: 00007ffce4dedb88
[   87.203815][ T5335]  </TASK>
[   87.204515][ T5335] 
[   87.361341][ T5335] ============================================
[   87.363881][ T5335] WARNING: possible recursive locking detected
[   87.366446][ T5335] syzkaller #0 Not tainted
[   87.368362][ T5335] --------------------------------------------
[   87.370949][ T5335] syz.0.0/5335 is trying to acquire lock:
[   87.373350][ T5335] ffff8880129889c0 (&event->mmap_mutex){+.+.}-{4:4}, at: refcount_dec_and_mutex_lock+0x30/0xa0
[   87.377668][ T5335] 
[   87.377668][ T5335] but task is already holding lock:
[   87.380813][ T5335] ffff8880129889c0 (&event->mmap_mutex){+.+.}-{4:4}, at: perf_mmap+0x1bb/0x490
[   87.384518][ T5335] 
[   87.384518][ T5335] other info that might help us debug this:
[   87.388018][ T5335]  Possible unsafe locking scenario:
[   87.388018][ T5335] 
[   87.391236][ T5335]        CPU0
[   87.392687][ T5335]        ----
[   87.394142][ T5335]   lock(&event->mmap_mutex);
[   87.396208][ T5335]   lock(&event->mmap_mutex);
[   87.398421][ T5335] 
[   87.398421][ T5335]  *** DEADLOCK ***
[   87.398421][ T5335] 
[   87.401766][ T5335]  May be due to missing lock nesting notation
[   87.401766][ T5335] 
[   87.405289][ T5335] 2 locks held by syz.0.0/5335:
[   87.407339][ T5335]  #0: ffff888012b927f8 (&mm->mmap_lock){++++}-{4:4}, at: vm_mmap_pgoff+0x234/0x4f0
[   87.411085][ T5335]  #1: ffff8880129889c0 (&event->mmap_mutex){+.+.}-{4:4}, at: perf_mmap+0x1bb/0x490
[   87.414818][ T5335] 
[   87.414818][ T5335] stack backtrace:
[   87.417136][ T5335] CPU: 0 UID: 0 PID: 5335 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   87.417149][ T5335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   87.417156][ T5335] Call Trace:
[   87.417163][ T5335]  <TASK>
[   87.417169][ T5335]  dump_stack_lvl+0xe8/0x150
[   87.417189][ T5335]  print_deadlock_bug+0x279/0x290
[   87.417201][ T5335]  __lock_acquire+0x253f/0x2cf0
[   87.417219][ T5335]  ? refcount_dec_and_mutex_lock+0x30/0xa0
[   87.417231][ T5335]  lock_acquire+0x106/0x350
[   87.417245][ T5335]  ? refcount_dec_and_mutex_lock+0x30/0xa0
[   87.417261][ T5335]  __mutex_lock+0x1a3/0x1550
[   87.417271][ T5335]  ? refcount_dec_and_mutex_lock+0x30/0xa0
[   87.417285][ T5335]  ? ring_buffer_get+0xa1/0x420
[   87.417297][ T5335]  ? ring_buffer_get+0xa1/0x420
[   87.417310][ T5335]  ? refcount_dec_and_mutex_lock+0x30/0xa0
[   87.417322][ T5335]  ? __pfx___mutex_lock+0x10/0x10
[   87.417332][ T5335]  ? refcount_dec_not_one+0x11a/0x1a0
[   87.417344][ T5335]  ? __pfx_refcount_dec_not_one+0x10/0x10
[   87.417356][ T5335]  ? ring_buffer_get+0xa1/0x420
[   87.417367][ T5335]  ? __pfx_ring_buffer_get+0x10/0x10
[   87.417380][ T5335]  ? perf_mmap_close+0xc9/0xf90
[   87.417390][ T5335]  refcount_dec_and_mutex_lock+0x30/0xa0
[   87.417403][ T5335]  perf_mmap_close+0x953/0xf90
[   87.417414][ T5335]  ? perf_mmap_close+0xc9/0xf90
[   87.417424][ T5335]  ? remap_pfn_range+0x148/0x1b0
[   87.417436][ T5335]  ? __pfx_perf_mmap_close+0x10/0x10
[   87.417446][ T5335]  ? map_range+0x20a/0x230
[   87.417456][ T5335]  perf_mmap+0x41b/0x490
[   87.417465][ T5335]  mmap_region+0x1ab2/0x2280
[   87.417480][ T5335]  ? __pfx_mmap_region+0x10/0x10
[   87.417492][ T5335]  ? __lock_acquire+0x6b5/0x2cf0
[   87.417507][ T5335]  ? unwind_next_frame+0xa6/0x2550
[   87.417519][ T5335]  ? unwind_next_frame+0xa6/0x2550
[   87.417527][ T5335]  ? rcu_is_watching+0x15/0xb0
[   87.417536][ T5335]  ? __kasan_check_byte+0x12/0x40
[   87.417546][ T5335]  ? __bfs+0x153/0x290
[   87.417553][ T5335]  ? __pfx_hlock_conflict+0x10/0x10
[   87.417576][ T5335]  ? cap_mmap_addr+0xaf/0x100
[   87.417591][ T5335]  ? bpf_lsm_mmap_addr+0x9/0x50
[   87.417602][ T5335]  ? shmem_mapping+0xd/0x50
[   87.417611][ T5335]  ? memfd_check_seals_mmap+0xc5/0x200
[   87.417646][ T5335]  do_mmap+0xc39/0x10c0
[   87.417658][ T5335]  ? __pfx_do_mmap+0x10/0x10
[   87.417668][ T5335]  ? down_write_killable+0x180/0x240
[   87.417678][ T5335]  ? __pfx_down_write_killable+0x10/0x10
[   87.417689][ T5335]  ? apparmor_mmap_file+0x2da/0x3e0
[   87.417705][ T5335]  vm_mmap_pgoff+0x2c9/0x4f0
[   87.417719][ T5335]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[   87.417729][ T5335]  ? __fget_files+0x2a/0x420
[   87.417742][ T5335]  ? __fget_files+0x3a0/0x420
[   87.417753][ T5335]  ? __fget_files+0x2a/0x420
[   87.417766][ T5335]  ksys_mmap_pgoff+0x51e/0x760
[   87.417779][ T5335]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.417789][ T5335]  do_syscall_64+0x15f/0xf80
[   87.417799][ T5335]  ? trace_irq_disable+0x3b/0x140
[   87.417812][ T5335]  ? clear_bhb_loop+0x40/0x90
[   87.417822][ T5335]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.417833][ T5335] RIP: 0033:0x7f1cedf9c819
[   87.417844][ T5335] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   87.417853][ T5335] RSP: 002b:00007f1ceeea9fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   87.417865][ T5335] RAX: ffffffffffffffda RBX: 00007f1cee215fa0 RCX: 00007f1cedf9c819
[   87.417872][ T5335] RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000200000ffd000
[   87.417878][ T5335] RBP: 00007f1ceeeaa050 R08: 0000000000000003 R09: 0000000000000000
[   87.417884][ T5335] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000002
[   87.417889][ T5335] R13: 00007f1cee216038 R14: 00007f1cee215fa0 R15: 00007ffce4dedb88
[   87.417900][ T5335]  </TASK>
[   88.940855][ T5313] Bluetooth: hci0: command tx timeout
[   91.021918][ T5313] Bluetooth: hci0: command tx timeout
[   91.180903][ T5339] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[   91.744883][   T10] cfg80211: failed to load regulatory.db