[   18.415367][ T3637] 8021q: adding VLAN 0 to HW filter on device bond0
[   18.419143][ T3637] eql: remember to turn off Van-Jacobson compression on your slave devices
[   18.462907][  T136] gvnic 0000:00:00.0 enp0s0: Device link is up.
[   18.468148][ T3550] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.81' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   44.537750][ T3967] 
[   44.538380][ T3967] =====================================
[   44.539702][ T3967] WARNING: bad unlock balance detected!
[   44.541061][ T3967] 5.15.109-syzkaller #0 Not tainted
[   44.542293][ T3967] -------------------------------------
[   44.543656][ T3967] kworker/u5:2/3967 is trying to release lock (&conn->chan_lock) at:
[   44.545651][ T3967] [<ffff800010cd6498>] l2cap_disconnect_rsp+0x210/0x30c
[   44.547289][ T3967] but there are no more locks to release!
[   44.548617][ T3967] 
[   44.548617][ T3967] other info that might help us debug this:
[   44.550606][ T3967] 2 locks held by kworker/u5:2/3967:
[   44.551863][ T3967]  #0: ffff0000d38b3138 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x66c/0x11b8
[   44.554462][ T3967]  #1: ffff80001ae37c00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x6ac/0x11b8
[   44.557252][ T3967] 
[   44.557252][ T3967] stack backtrace:
[   44.558700][ T3967] CPU: 0 PID: 3967 Comm: kworker/u5:2 Not tainted 5.15.109-syzkaller #0
[   44.560670][ T3967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[   44.563153][ T3967] Workqueue: hci0 hci_rx_work
[   44.564357][ T3967] Call trace:
[   44.565153][ T3967]  dump_backtrace+0x0/0x530
[   44.566199][ T3967]  show_stack+0x2c/0x3c
[   44.567252][ T3967]  dump_stack_lvl+0x108/0x170
[   44.568408][ T3967]  dump_stack+0x1c/0x58
[   44.569499][ T3967]  print_unlock_imbalance_bug+0x250/0x2a4
[   44.570919][ T3967]  lock_release+0x4b8/0xa1c
[   44.572018][ T3967]  __mutex_unlock_slowpath+0xe0/0x6d4
[   44.573369][ T3967]  mutex_unlock+0x8c/0xe0
[   44.574408][ T3967]  l2cap_disconnect_rsp+0x210/0x30c
[   44.575747][ T3967]  l2cap_bredr_sig_cmd+0x970/0x7f54
[   44.576998][ T3967]  l2cap_recv_frame+0x848/0x6a48
[   44.578196][ T3967]  l2cap_recv_acldata+0x4f4/0x163c
[   44.579429][ T3967]  hci_rx_work+0x3b0/0x6d0
[   44.580522][ T3967]  process_one_work+0x790/0x11b8
[   44.581721][ T3967]  worker_thread+0x910/0x1034
[   44.582812][ T3967]  kthread+0x37c/0x45c
[   44.583811][ T3967]  ret_from_fork+0x10/0x20