Warning: Permanently added '10.128.0.152' (ECDSA) to the list of known hosts. executing program [ 48.729746][ T3502] [ 48.732098][ T3502] ===================================== [ 48.737629][ T3502] WARNING: bad unlock balance detected! [ 48.743144][ T3502] 5.15.112-syzkaller #0 Not tainted [ 48.748314][ T3502] ------------------------------------- [ 48.753829][ T3502] kworker/u5:1/3502 is trying to release lock (&conn->chan_lock) at: [ 48.761874][ T3502] [] l2cap_bredr_sig_cmd+0xb07/0x9fb0 [ 48.768815][ T3502] but there are no more locks to release! [ 48.774507][ T3502] [ 48.774507][ T3502] other info that might help us debug this: [ 48.782539][ T3502] 2 locks held by kworker/u5:1/3502: [ 48.787801][ T3502] #0: ffff888014190138 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 48.798133][ T3502] #1: ffffc90002bdfd20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 48.809499][ T3502] [ 48.809499][ T3502] stack backtrace: [ 48.815364][ T3502] CPU: 0 PID: 3502 Comm: kworker/u5:1 Not tainted 5.15.112-syzkaller #0 [ 48.823666][ T3502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 48.833700][ T3502] Workqueue: hci0 hci_rx_work [ 48.838355][ T3502] Call Trace: [ 48.841618][ T3502] [ 48.844529][ T3502] dump_stack_lvl+0x1e3/0x2cb [ 48.849185][ T3502] ? io_uring_drop_tctx_refs+0x19d/0x19d [ 48.854813][ T3502] ? panic+0x84d/0x84d [ 48.858866][ T3502] ? l2cap_bredr_sig_cmd+0xb07/0x9fb0 [ 48.864215][ T3502] print_unlock_imbalance_bug+0x248/0x2b0 [ 48.869910][ T3502] ? list_move_tail+0x130/0x130 [ 48.874736][ T3502] lock_release+0x596/0x9a0 [ 48.879214][ T3502] ? __lock_acquire+0x1ff0/0x1ff0 [ 48.884215][ T3502] ? l2cap_bredr_sig_cmd+0xb07/0x9fb0 [ 48.889562][ T3502] ? __lock_acquire+0x1ff0/0x1ff0 [ 48.894570][ T3502] ? __mutex_lock_common+0x444/0x25a0 [ 48.899918][ T3502] ? __mutex_unlock_slowpath+0x218/0x750 [ 48.905525][ T3502] ? l2cap_bredr_sig_cmd+0xb07/0x9fb0 [ 48.910874][ T3502] __mutex_unlock_slowpath+0xde/0x750 [ 48.916221][ T3502] ? mutex_unlock+0x10/0x10 [ 48.920705][ T3502] ? mutex_unlock+0x10/0x10 [ 48.925187][ T3502] ? arch_stack_walk+0x10d/0x140 [ 48.930142][ T3502] ? reacquire_held_locks+0x660/0x660 [ 48.935488][ T3502] ? l2cap_disconnect_rsp+0x241/0x350 [ 48.940849][ T3502] l2cap_bredr_sig_cmd+0xb07/0x9fb0 [ 48.946023][ T3502] ? reacquire_held_locks+0x660/0x660 [ 48.951370][ T3502] ? add_chain_block+0x850/0x850 [ 48.956286][ T3502] ? l2cap_request_info+0x300/0x300 [ 48.961458][ T3502] ? __lock_acquire+0x1295/0x1ff0 [ 48.966483][ T3502] ? rcu_lock_release+0x20/0x20 [ 48.971309][ T3502] ? l2cap_recv_frame+0x8bc/0x8870 [ 48.976403][ T3502] ? __lock_acquire+0x1ff0/0x1ff0 [ 48.981424][ T3502] ? __mutex_lock_common+0x444/0x25a0 [ 48.986774][ T3502] ? __mutex_unlock_slowpath+0x218/0x750 [ 48.992389][ T3502] ? l2cap_recv_frame+0x3e6/0x8870 [ 48.997487][ T3502] ? mutex_unlock+0x10/0x10 [ 49.001972][ T3502] ? skb_pull+0x8e/0x130 [ 49.006190][ T3502] l2cap_recv_frame+0xa53/0x8870 [ 49.011107][ T3502] ? l2cap_conn_unreliable+0x1a0/0x1a0 [ 49.016565][ T3502] ? mutex_unlock+0x10/0x10 [ 49.021041][ T3502] ? hci_conn_enter_active_mode+0x25c/0x360 [ 49.026926][ T3502] ? l2cap_recv_acldata+0x2ea/0x1560 [ 49.032187][ T3502] hci_rx_work+0x489/0x7d0 [ 49.036580][ T3502] process_one_work+0x8a1/0x10c0 [ 49.041515][ T3502] ? worker_detach_from_pool+0x260/0x260 [ 49.047122][ T3502] ? _raw_spin_lock_irqsave+0x120/0x120 [ 49.052639][ T3502] ? kthread_data+0x4e/0xc0 [ 49.057118][ T3502] ? wq_worker_running+0x97/0x170 [ 49.062289][ T3502] worker_thread+0xaca/0x1280 [ 49.066946][ T3502] kthread+0x3f6/0x4f0 [ 49.070990][ T3502] ? rcu_lock_release+0x20/0x20 [ 49.075815][ T3502] ? kthread_blkcg+0xd0/0xd0 [ 49.0803