Warning: Permanently added '10.128.0.218' (ED25519) to the list of known hosts.
executing program
[   53.161114][ T3273] Bluetooth: hci0: command 0x0409 tx timeout
[   55.240593][ T3548] Bluetooth: hci0: command 0x041b tx timeout
executing program
[   57.320603][ T3548] Bluetooth: hci0: command 0x040f tx timeout
[   59.400884][ T3548] Bluetooth: hci0: command 0x0419 tx timeout
executing program
[   61.480613][ T3548] Bluetooth: hci0: command 0x0405 tx timeout
executing program
[   69.643621][    T7] cfg80211: failed to load regulatory.db
executing program
executing program
executing program
executing program
executing program
[   91.402413][ T3988] 
[   91.403019][ T3988] ======================================================
[   91.404542][ T3988] WARNING: possible circular locking dependency detected
[   91.406086][ T3988] 5.15.156-syzkaller #0 Not tainted
[   91.407269][ T3988] ------------------------------------------------------
[   91.408767][ T3988] syz-executor281/3988 is trying to acquire lock:
[   91.410122][ T3988] ffff800016b98b68 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_exists+0xb0/0x32c
[   91.412158][ T3988] 
[   91.412158][ T3988] but task is already holding lock:
[   91.413830][ T3988] ffff800016b9c4c8 (rfcomm_ioctl_mutex){+.+.}-{3:3}, at: rfcomm_dev_ioctl+0x258/0x2434
[   91.415905][ T3988] 
[   91.415905][ T3988] which lock already depends on the new lock.
[   91.415905][ T3988] 
[   91.418268][ T3988] 
[   91.418268][ T3988] the existing dependency chain (in reverse order) is:
[   91.420298][ T3988] 
[   91.420298][ T3988] -> #3 (rfcomm_ioctl_mutex){+.+.}-{3:3}:
[   91.422085][ T3988]        __mutex_lock_common+0x194/0x2154
[   91.423338][ T3988]        mutex_lock_nested+0xa4/0xf8
[   91.424540][ T3988]        rfcomm_dev_ioctl+0x258/0x2434
[   91.425741][ T3988]        rfcomm_sock_ioctl+0x98/0xf0
[   91.426975][ T3988]        sock_do_ioctl+0x134/0x2dc
[   91.428140][ T3988]        sock_ioctl+0x4f0/0x8ac
[   91.429158][ T3988]        __arm64_sys_ioctl+0x14c/0x1c8
[   91.430366][ T3988]        invoke_syscall+0x98/0x2b8
[   91.431486][ T3988]        el0_svc_common+0x138/0x258
[   91.432730][ T3988]        do_el0_svc+0x58/0x14c
[   91.433785][ T3988]        el0_svc+0x7c/0x1f0
[   91.434792][ T3988]        el0t_64_sync_handler+0x84/0xe4
[   91.436019][ T3988]        el0t_64_sync+0x1a0/0x1a4
[   91.437095][ T3988] 
[   91.437095][ T3988] -> #2 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}:
[   91.439138][ T3988]        lock_sock_nested+0xec/0x1ec
[   91.440306][ T3988]        rfcomm_sk_state_change+0x60/0x2c8
[   91.441578][ T3988]        __rfcomm_dlc_close+0x23c/0x634
[   91.442779][ T3988]        rfcomm_dlc_close+0x100/0x194
[   91.443956][ T3988]        __rfcomm_sock_close+0x138/0x258
[   91.445256][ T3988]        rfcomm_sock_shutdown+0xa8/0x214
[   91.446486][ T3988]        rfcomm_sock_release+0x58/0x114
[   91.447705][ T3988]        sock_close+0xb8/0x1fc
[   91.448748][ T3988]        __fput+0x30c/0x7f0
[   91.449776][ T3988]        ____fput+0x20/0x30
[   91.450738][ T3988]        task_work_run+0x130/0x1e4
[   91.451882][ T3988]        do_exit+0x670/0x20bc
[   91.452921][ T3988]        do_group_exit+0x110/0x268
[   91.454038][ T3988]        get_signal+0x634/0x1550
[   91.455162][ T3988]        do_notify_resume+0x3d0/0x32b8
[   91.456359][ T3988]        el0_svc+0xfc/0x1f0
[   91.457425][ T3988]        el0t_64_sync_handler+0x84/0xe4
[   91.458666][ T3988]        el0t_64_sync+0x1a0/0x1a4
[   91.459823][ T3988] 
[   91.459823][ T3988] -> #1 (&d->lock){+.+.}-{3:3}:
[   91.461463][ T3988]        __mutex_lock_common+0x194/0x2154
[   91.462715][ T3988]        mutex_lock_nested+0xa4/0xf8
[   91.463901][ T3988]        __rfcomm_dlc_close+0x200/0x634
[   91.465139][ T3988]        rfcomm_dlc_close+0x100/0x194
[   91.466357][ T3988]        __rfcomm_sock_close+0x138/0x258
[   91.467644][ T3988]        rfcomm_sock_shutdown+0xa8/0x214
[   91.468850][ T3988]        rfcomm_sock_release+0x58/0x114
[   91.470103][ T3988]        sock_close+0xb8/0x1fc
[   91.471143][ T3988]        __fput+0x30c/0x7f0
[   91.472142][ T3988]        ____fput+0x20/0x30
[   91.473124][ T3988]        task_work_run+0x130/0x1e4
[   91.474271][ T3988]        do_exit+0x670/0x20bc
[   91.475301][ T3988]        do_group_exit+0x110/0x268
[   91.476387][ T3988]        get_signal+0x634/0x1550
[   91.477479][ T3988]        do_notify_resume+0x3d0/0x32b8
[   91.478641][ T3988]        el0_svc+0xfc/0x1f0
[   91.479606][ T3988]        el0t_64_sync_handler+0x84/0xe4
[   91.480918][ T3988]        el0t_64_sync+0x1a0/0x1a4
[   91.482013][ T3988] 
[   91.482013][ T3988] -> #0 (rfcomm_mutex){+.+.}-{3:3}:
[   91.483596][ T3988]        __lock_acquire+0x32d4/0x7638
[   91.484831][ T3988]        lock_acquire+0x240/0x77c
[   91.486002][ T3988]        __mutex_lock_common+0x194/0x2154
[   91.487231][ T3988]        mutex_lock_nested+0xa4/0xf8
[   91.488412][ T3988]        rfcomm_dlc_exists+0xb0/0x32c
[   91.489606][ T3988]        rfcomm_dev_ioctl+0x938/0x2434
[   91.490749][ T3988]        rfcomm_sock_ioctl+0x98/0xf0
[   91.491929][ T3988]        sock_do_ioctl+0x134/0x2dc
[   91.493101][ T3988]        sock_ioctl+0x4f0/0x8ac
[   91.494182][ T3988]        __arm64_sys_ioctl+0x14c/0x1c8
[   91.495357][ T3988]        invoke_syscall+0x98/0x2b8
[   91.496456][ T3988]        el0_svc_common+0x138/0x258
[   91.497555][ T3988]        do_el0_svc+0x58/0x14c
[   91.498640][ T3988]        el0_svc+0x7c/0x1f0
[   91.499623][ T3988]        el0t_64_sync_handler+0x84/0xe4
[   91.500841][ T3988]        el0t_64_sync+0x1a0/0x1a4
[   91.501926][ T3988] 
[   91.501926][ T3988] other info that might help us debug this:
[   91.501926][ T3988] 
[   91.504206][ T3988] Chain exists of:
[   91.504206][ T3988]   rfcomm_mutex --> sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM --> rfcomm_ioctl_mutex
[   91.504206][ T3988] 
[   91.507386][ T3988]  Possible unsafe locking scenario:
[   91.507386][ T3988] 
[   91.509008][ T3988]        CPU0                    CPU1
[   91.510133][ T3988]        ----                    ----
[   91.511316][ T3988]   lock(rfcomm_ioctl_mutex);
[   91.512364][ T3988]                                lock(sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM);
[   91.514234][ T3988]                                lock(rfcomm_ioctl_mutex);
[   91.515808][ T3988]   lock(rfcomm_mutex);
[   91.516717][ T3988] 
[   91.516717][ T3988]  *** DEADLOCK ***
[   91.516717][ T3988] 
[   91.518502][ T3988] 2 locks held by syz-executor281/3988:
[   91.519689][ T3988]  #0: ffff0000dd41b120 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sock_ioctl+0x88/0xf0
[   91.522238][ T3988]  #1: ffff800016b9c4c8 (rfcomm_ioctl_mutex){+.+.}-{3:3}, at: rfcomm_dev_ioctl+0x258/0x2434
[   91.524411][ T3988] 
[   91.524411][ T3988] stack backtrace:
[   91.525693][ T3988] CPU: 0 PID: 3988 Comm: syz-executor281 Not tainted 5.15.156-syzkaller #0
[   91.527557][ T3988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   91.529739][ T3988] Call trace:
[   91.530448][ T3988]  dump_backtrace+0x0/0x530
[   91.531468][ T3988]  show_stack+0x2c/0x3c
[   91.532366][ T3988]  dump_stack_lvl+0x108/0x170
[   91.533411][ T3988]  dump_stack+0x1c/0x58
[   91.534358][ T3988]  print_circular_bug+0x150/0x1b8
[   91.535500][ T3988]  check_noncircular+0x2cc/0x378
[   91.536532][ T3988]  __lock_acquire+0x32d4/0x7638
[   91.537630][ T3988]  lock_acquire+0x240/0x77c
[   91.538615][ T3988]  __mutex_lock_common+0x194/0x2154
[   91.539724][ T3988]  mutex_lock_nested+0xa4/0xf8
[   91.540840][ T3988]  rfcomm_dlc_exists+0xb0/0x32c
[   91.541938][ T3988]  rfcomm_dev_ioctl+0x938/0x2434
[   91.543045][ T3988]  rfcomm_sock_ioctl+0x98/0xf0
[   91.544161][ T3988]  sock_do_ioctl+0x134/0x2dc
[   91.545193][ T3988]  sock_ioctl+0x4f0/0x8ac
[   91.546163][ T3988]  __arm64_sys_ioctl+0x14c/0x1c8
[   91.547276][ T3988]  invoke_syscall+0x98/0x2b8
[   91.548275][ T3988]  el0_svc_common+0x138/0x258
[   91.549334][ T3988]  do_el0_svc+0x58/0x14c
[   91.550319][ T3988]  el0_svc+0x7c/0x1f0
[   91.551229][ T3988]  el0t_64_sync_handler+0x84/0xe4
[   91.552407][ T3988]  el0t_64_sync+0x1a0/0x1a4
executing program
executing program