DUID 00:04:9a:9b:60:6a:39:26:c8:65:2f:c5:16:4d:58:03:30:c2 forked to background, child pid 3174 [ 21.048171][ T3175] 8021q: adding VLAN 0 to HW filter on device bond0 [ 21.059085][ T3175] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.18' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 38.519456][ T3504] [ 38.521797][ T3504] ===================================== [ 38.527322][ T3504] WARNING: bad unlock balance detected! [ 38.532839][ T3504] 5.15.112-syzkaller #0 Not tainted [ 38.538008][ T3504] ------------------------------------- [ 38.543522][ T3504] kworker/u5:2/3504 is trying to release lock (&conn->chan_lock) at: [ 38.551583][ T3504] [] l2cap_bredr_sig_cmd+0xb07/0x9fb0 [ 38.558524][ T3504] but there are no more locks to release! [ 38.564213][ T3504] [ 38.564213][ T3504] other info that might help us debug this: [ 38.572249][ T3504] 2 locks held by kworker/u5:2/3504: [ 38.577510][ T3504] #0: ffff88807d445138 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 38.587841][ T3504] #1: ffffc90002c5fd20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 38.599225][ T3504] [ 38.599225][ T3504] stack backtrace: [ 38.605089][ T3504] CPU: 1 PID: 3504 Comm: kworker/u5:2 Not tainted 5.15.112-syzkaller #0 [ 38.613390][ T3504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 38.623423][ T3504] Workqueue: hci0 hci_rx_work [ 38.628082][ T3504] Call Trace: [ 38.631343][ T3504] [ 38.634256][ T3504] dump_stack_lvl+0x1e3/0x2cb [ 38.638918][ T3504] ? io_uring_drop_tctx_refs+0x19d/0x19d [ 38.644533][ T3504] ? panic+0x84d/0x84d [ 38.648587][ T3504] ? l2cap_bredr_sig_cmd+0xb07/0x9fb0 [ 38.653940][ T3504] print_unlock_imbalance_bug+0x248/0x2b0 [ 38.659642][ T3504] ? list_move_tail+0x130/0x130 [ 38.664476][ T3504] lock_release+0x596/0x9a0 [ 38.668960][ T3504] ? __lock_acquire+0x1ff0/0x1ff0 [ 38.673966][ T3504] ? l2cap_bredr_sig_cmd+0xb07/0x9fb0 [ 38.679321][ T3504] ? __lock_acquire+0x1ff0/0x1ff0 [ 38.684325][ T3504] ? __mutex_lock_common+0x444/0x25a0 [ 38.689677][ T3504] ? __mutex_unlock_slowpath+0x218/0x750 [ 38.695291][ T3504] ? l2cap_bredr_sig_cmd+0xb07/0x9fb0 [ 38.700645][ T3504] __mutex_unlock_slowpath+0xde/0x750 [ 38.705996][ T3504] ? mutex_unlock+0x10/0x10 [ 38.710480][ T3504] ? mutex_unlock+0x10/0x10 [ 38.714960][ T3504] ? reacquire_held_locks+0x660/0x660 [ 38.720318][ T3504] ? l2cap_disconnect_rsp+0x241/0x350 [ 38.725671][ T3504] l2cap_bredr_sig_cmd+0xb07/0x9fb0 [ 38.730853][ T3504] ? l2cap_request_info+0x300/0x300 [ 38.736030][ T3504] ? __lock_acquire+0x1295/0x1ff0 [ 38.741049][ T3504] ? rcu_lock_release+0x20/0x20 [ 38.745878][ T3504] ? l2cap_recv_frame+0x8bc/0x8870 [ 38.750966][ T3504] ? __lock_acquire+0x1ff0/0x1ff0 [ 38.755970][ T3504] ? __mutex_lock_common+0x444/0x25a0 [ 38.761324][ T3504] ? __mutex_unlock_slowpath+0x218/0x750 [ 38.766934][ T3504] ? l2cap_recv_frame+0x3e6/0x8870 [ 38.772032][ T3504] ? mutex_unlock+0x10/0x10 [ 38.776525][ T3504] ? skb_pull+0x8e/0x130 [ 38.780750][ T3504] l2cap_recv_frame+0xa53/0x8870 [ 38.785673][ T3504] ? l2cap_conn_unreliable+0x1a0/0x1a0 [ 38.791112][ T3504] ? mutex_unlock+0x10/0x10 [ 38.795592][ T3504] ? hci_conn_enter_active_mode+0x25c/0x360 [ 38.801464][ T3504] ? l2cap_recv_acldata+0x2ea/0x1560 [ 38.806733][ T3504] hci_rx_work+0x489/0x7d0 [ 38.811130][ T3504] process_one_work+0x8a1/0x10c0 [ 38.816054][ T3504] ? worker_detach_from_pool+0x260/