Warning: Permanently added '10.128.0.91' (ECDSA) to the list of known hosts.
executing program
[   63.674457][ T3599] 
[   63.676813][ T3599] =====================================
[   63.682344][ T3599] WARNING: bad unlock balance detected!
[   63.687878][ T3599] 5.16.0-rc4-syzkaller #0 Not tainted
[   63.693244][ T3599] -------------------------------------
[   63.698779][ T3599] syz-executor747/3599 is trying to release lock (&call->user_mutex) at:
[   63.707209][ T3599] [<ffffffff8851ff73>] rxrpc_do_sendmsg+0xc13/0x1350
[   63.713915][ T3599] but there are no more locks to release!
[   63.719625][ T3599] 
[   63.719625][ T3599] other info that might help us debug this:
[   63.727678][ T3599] no locks held by syz-executor747/3599.
[   63.733308][ T3599] 
[   63.733308][ T3599] stack backtrace:
[   63.739191][ T3599] CPU: 1 PID: 3599 Comm: syz-executor747 Not tainted 5.16.0-rc4-syzkaller #0
[   63.747949][ T3599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   63.758006][ T3599] Call Trace:
[   63.761283][ T3599]  <TASK>
[   63.764375][ T3599]  dump_stack_lvl+0xcd/0x134
[   63.768973][ T3599]  lock_release.cold+0x49/0x4e
[   63.773730][ T3599]  ? rxrpc_do_sendmsg+0xc13/0x1350
[   63.779020][ T3599]  ? lock_downgrade+0x6e0/0x6e0
[   63.783869][ T3599]  ? trace_rxrpc_timer+0x290/0x290
[   63.788978][ T3599]  __mutex_unlock_slowpath+0x99/0x5e0
[   63.794357][ T3599]  ? wait_for_completion_io+0x270/0x270
[   63.799901][ T3599]  ? wake_up_q+0xf0/0xf0
[   63.804145][ T3599]  ? rxrpc_do_sendmsg+0xef8/0x1350
[   63.809254][ T3599]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   63.815498][ T3599]  ? rxrpc_put_peer+0x8a/0x3c0
[   63.820462][ T3599]  rxrpc_do_sendmsg+0xc13/0x1350
[   63.825404][ T3599]  ? rxrpc_kernel_send_data+0x450/0x450
[   63.830946][ T3599]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[   63.837189][ T3599]  ? rxrpc_lookup_local+0x9bd/0x1050
[   63.842477][ T3599]  rxrpc_sendmsg+0x420/0x630
[   63.847083][ T3599]  ? rxrpc_sock_set_min_security_level+0xe0/0xe0
[   63.853408][ T3599]  sock_sendmsg+0xcf/0x120
[   63.857821][ T3599]  ____sys_sendmsg+0x6e8/0x810
[   63.862582][ T3599]  ? kernel_sendmsg+0x50/0x50
[   63.867255][ T3599]  ? do_recvmmsg+0x6d0/0x6d0
[   63.871836][ T3599]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   63.877812][ T3599]  ? lock_downgrade+0x6e0/0x6e0
[   63.882659][ T3599]  ___sys_sendmsg+0xf3/0x170
[   63.887243][ T3599]  ? sendmsg_copy_msghdr+0x160/0x160
[   63.892527][ T3599]  ? __fget_files+0x2ce/0x4c0
[   63.897201][ T3599]  ? lock_downgrade+0x6e0/0x6e0
[   63.902057][ T3599]  ? __fget_light+0xea/0x280
[   63.907947][ T3599]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   63.914187][ T3599]  __sys_sendmsg+0xe5/0x1b0
[   63.918689][ T3599]  ? __sys_sendmsg_sock+0x30/0x30
[   63.923713][ T3599]  ? syscall_enter_from_user_mode+0x21/0x70
[   63.929607][ T3599]  do_syscall_64+0x35/0xb0
[   63.934021][ T3599]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   63.939911][ T3599] RIP: 0033:0x7f708e284df9
[   63.944458][ T3599] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   63.964309][ T3599] RSP: 002b:00007f708e237318 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   63.972714][ T3599] RAX: ffffffff