Warning: Permanently added '10.128.0.80' (ECDSA) to the list of known hosts.
syzkaller login: [   63.361509][ T3548] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   63.370913][ T3548] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   63.378600][ T3548] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   63.387219][ T3548] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   63.394627][ T3548] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   63.402108][ T3548] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
executing program
[   63.460288][ T3548] 
[   63.462697][ T3548] =====================================
[   63.468231][ T3548] WARNING: bad unlock balance detected!
[   63.473761][ T3548] 6.1.26-syzkaller #0 Not tainted
[   63.478772][ T3548] -------------------------------------
[   63.484299][ T3548] kworker/u5:2/3548 is trying to release lock (&conn->chan_lock) at:
[   63.492363][ T3548] [<ffffffff89937f5c>] l2cap_recv_frame+0x1fcc/0x8890
[   63.499138][ T3548] but there are no more locks to release!
[   63.504836][ T3548] 
[   63.504836][ T3548] other info that might help us debug this:
[   63.512987][ T3548] 2 locks held by kworker/u5:2/3548:
[   63.518259][ T3548]  #0: ffff8880764cb138 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x77a/0x11f0
[   63.528619][ T3548]  #1: ffffc90003a7fd20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7bd/0x11f0
[   63.540030][ T3548] 
[   63.540030][ T3548] stack backtrace:
[   63.545906][ T3548] CPU: 0 PID: 3548 Comm: kworker/u5:2 Not tainted 6.1.26-syzkaller #0
[   63.554046][ T3548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[   63.564094][ T3548] Workqueue: hci0 hci_rx_work
[   63.568774][ T3548] Call Trace:
[   63.572061][ T3548]  <TASK>
[   63.575001][ T3548]  dump_stack_lvl+0x1e3/0x2cb
[   63.579701][ T3548]  ? nf_tcp_handle_invalid+0x642/0x642
[   63.585162][ T3548]  ? panic+0x75d/0x75d
[   63.589234][ T3548]  ? l2cap_recv_frame+0x1fcc/0x8890
[   63.594459][ T3548]  print_unlock_imbalance_bug+0x24e/0x2c0
[   63.600188][ T3548]  ? list_move_tail+0x130/0x130
[   63.605082][ T3548]  lock_release+0x5ad/0xa20
[   63.609590][ T3548]  ? l2cap_recv_frame+0x1fcc/0x8890
[   63.614788][ T3548]  ? __lock_acquire+0x1f80/0x1f80
[   63.619808][ T3548]  ? __mutex_lock_common+0x429/0x2520
[   63.625352][ T3548]  ? __mutex_unlock_slowpath+0x218/0x750
[   63.630984][ T3548]  ? l2cap_recv_frame+0x1fcc/0x8890
[   63.636176][ T3548]  __mutex_unlock_slowpath+0xde/0x750
[   63.641548][ T3548]  ? mutex_unlock+0x10/0x10
[   63.646051][ T3548]  ? mutex_unlock+0x10/0x10
[   63.650553][ T3548]  ? l2cap_disconnect_rsp+0x241/0x350
[   63.655940][ T3548]  l2cap_recv_frame+0x1fcc/0x8890
[   63.660984][ T3548]  ? l2cap_conn_unreliable+0x1a0/0x1a0
[   63.666452][ T3548]  ? mutex_unlock+0x10/0x10
[   63.670967][ T3548]  ? hci_conn_enter_active_mode+0x25c/0x360
[   63.676862][ T3548]  ? l2cap_recv_acldata+0x2ed/0x1570
[   63.682142][ T3548]  hci_rx_work+0x39b/0xa80
[   63.686558][ T3548]  process_one_work+0x8aa/0x11f0
[   63.691511][ T3548]  ? worker_detach_from_pool+0x260/0x260
[   63.697145][ T3548]  ? _raw_spin_lock_irqsave+0x120/0x120
[   63.702690][ T3548]  ? kthread_data+0x4e/0xc0
[   63.707190][ T3548]  ? wq_worker_running+0x97/