Warning: Permanently added '10.128.1.35' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   51.059912][ T3506] 
[   51.062272][ T3506] =====================================
[   51.067798][ T3506] WARNING: bad unlock balance detected!
[   51.073322][ T3506] 5.15.112-syzkaller #0 Not tainted
[   51.078524][ T3506] -------------------------------------
[   51.084064][ T3506] kworker/u5:1/3506 is trying to release lock (&conn->chan_lock) at:
[   51.092134][ T3506] [<ffffffff8942ca53>] l2cap_recv_frame+0x1fc3/0x8870
[   51.099201][ T3506] but there are no more locks to release!
[   51.104905][ T3506] 
[   51.104905][ T3506] other info that might help us debug this:
[   51.112946][ T3506] 2 locks held by kworker/u5:1/3506:
[   51.118215][ T3506]  #0: ffff888074c38138 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0
[   51.128586][ T3506]  #1: ffffc90002bdfd20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0
[   51.139967][ T3506] 
[   51.139967][ T3506] stack backtrace:
[   51.145837][ T3506] CPU: 0 PID: 3506 Comm: kworker/u5:1 Not tainted 5.15.112-syzkaller #0
[   51.154154][ T3506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[   51.164207][ T3506] Workqueue: hci0 hci_rx_work
[   51.168884][ T3506] Call Trace:
[   51.172171][ T3506]  <TASK>
[   51.175112][ T3506]  dump_stack_lvl+0x1e3/0x2cb
[   51.179796][ T3506]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   51.185432][ T3506]  ? panic+0x84d/0x84d
[   51.189601][ T3506]  ? l2cap_recv_frame+0x1fc3/0x8870
[   51.194804][ T3506]  print_unlock_imbalance_bug+0x248/0x2b0
[   51.200520][ T3506]  ? list_move_tail+0x130/0x130
[   51.205371][ T3506]  lock_release+0x596/0x9a0
[   51.209871][ T3506]  ? __lock_acquire+0x1ff0/0x1ff0
[   51.214913][ T3506]  ? l2cap_recv_frame+0x1fc3/0x8870
[   51.220212][ T3506]  ? __lock_acquire+0x1ff0/0x1ff0
[   51.225236][ T3506]  ? __mutex_lock_common+0x444/0x25a0
[   51.230617][ T3506]  ? __mutex_unlock_slowpath+0x218/0x750
[   51.236239][ T3506]  ? l2cap_recv_frame+0x1fc3/0x8870
[   51.241426][ T3506]  __mutex_unlock_slowpath+0xde/0x750
[   51.246863][ T3506]  ? mutex_unlock+0x10/0x10
[   51.251380][ T3506]  ? mutex_unlock+0x10/0x10
[   51.255880][ T3506]  ? l2cap_disconnect_rsp+0x241/0x350
[   51.261250][ T3506]  l2cap_recv_frame+0x1fc3/0x8870
[   51.266277][ T3506]  ? l2cap_conn_unreliable+0x1a0/0x1a0
[   51.271728][ T3506]  ? mutex_unlock+0x10/0x10
[   51.276221][ T3506]  ? hci_conn_enter_active_mode+0x25c/0x360
[   51.282107][ T3506]  ? l2cap_recv_acldata+0x2ea/0x1560
[   51.287383][ T3506]  hci_rx_work+0x489/0x7d0
[   51.291814][ T3506]  process_one_work+0x8a1/0x10c0
[   51.296759][ T3506]  ? worker_detach_from_pool+0x260/0x260
[   51.302416][ T3506]  ? _raw_spin_lock_irqsave+0x120/0x120
[   51.307975][ T3506]  ? kthread_d