Warning: Permanently added '10.128.0.16' (ED25519) to the list of known hosts. executing program [ 55.367751][ T3567] [ 55.370090][ T3567] ===================================== [ 55.375605][ T3567] WARNING: bad unlock balance detected! [ 55.381136][ T3567] 5.15.167-syzkaller #0 Not tainted [ 55.386312][ T3567] ------------------------------------- [ 55.391848][ T3567] kworker/u5:2/3567 is trying to release lock (&chan->lock) at: [ 55.399639][ T3567] [] l2cap_recv_frame+0x136f/0x8ae0 [ 55.406450][ T3567] but there are no more locks to release! [ 55.412147][ T3567] [ 55.412147][ T3567] other info that might help us debug this: [ 55.420179][ T3567] 2 locks held by kworker/u5:2/3567: [ 55.425452][ T3567] #0: ffff888024af0938 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 55.435787][ T3567] #1: ffffc900020f7d20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 55.447163][ T3567] [ 55.447163][ T3567] stack backtrace: [ 55.453034][ T3567] CPU: 0 PID: 3567 Comm: kworker/u5:2 Not tainted 5.15.167-syzkaller #0 [ 55.461352][ T3567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 55.471405][ T3567] Workqueue: hci0 hci_rx_work [ 55.476074][ T3567] Call Trace: [ 55.479333][ T3567] [ 55.482255][ T3567] dump_stack_lvl+0x1e3/0x2d0 [ 55.486918][ T3567] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 55.492531][ T3567] ? panic+0x860/0x860 [ 55.496604][ T3567] ? l2cap_recv_frame+0x136f/0x8ae0 [ 55.501787][ T3567] print_unlock_imbalance_bug+0x248/0x2b0 [ 55.507490][ T3567] ? list_move_tail+0x130/0x130 [ 55.512328][ T3567] lock_release+0x596/0x9a0 [ 55.516814][ T3567] ? mark_lock+0x98/0x340 [ 55.521143][ T3567] ? l2cap_recv_frame+0x136f/0x8ae0 [ 55.526326][ T3567] ? __lock_acquire+0x1ff0/0x1ff0 [ 55.531328][ T3567] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 55.537289][ T3567] ? lockdep_hardirqs_on_prepare+0x7a0/0x7a0 [ 55.543251][ T3567] ? l2cap_recv_frame+0x136f/0x8ae0 [ 55.548427][ T3567] __mutex_unlock_slowpath+0xde/0x750 [ 55.553800][ T3567] ? __local_bh_enable_ip+0x164/0x1f0 [ 55.559146][ T3567] ? mutex_unlock+0x10/0x10 [ 55.563625][ T3567] ? do_raw_spin_unlock+0x137/0x8b0 [ 55.568891][ T3567] ? l2cap_sock_recv_cb+0x18a/0x1e0 [ 55.574070][ T3567] l2cap_recv_frame+0x136f/0x8ae0 [ 55.579078][ T3567] ? l2cap_conn_unreliable+0x1a0/0x1a0 [ 55.584542][ T3567] ? __mutex_unlock_slowpath+0x218/0x750 [ 55.590156][ T3567] ? rcu_lock_release+0x5/0x20 [ 55.594912][ T3567] ? mutex_unlock+0x10/0x10 [ 55.599396][ T3567] ? hci_conn_enter_active_mode+0x25c/0x360 [ 55.605272][ T3567] ? l2cap_recv_acldata+0x2ea/0x1560 [ 55.610565][ T3567] hci_rx_work+0x48f/0x990 [ 55.615069][ T3567] process_one_work+0x8a1/0x10c0 [ 55.620082][ T3567] ? worker_detach_from_pool+0x260/0x260 [ 55.625701][ T3567] ? _raw_spin_lock_irqsave+0x120/0x120 [ 55.631243][ T3567] ? kthread_data+0x4e/0xc0 [ 55.635733][ T3567] ? wq_worker_running+0x97/0x170 [ 55.640835][ T3567] worker_thread+0xaca/0x1280 [ 55.645512][ T3567] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 55.651412][ T3567] kthread+0x3f6/0x4f0 [ 55.655462][ T3567] ? rcu_lock_release+0x20/0x20 [ 55.660293][ T3567] ? kthread_blkcg+0xd0/0xd0 [ 55.664876][ T3567] ret_from_fork+0x1f/0x30