DUID 00:04:9a:9b:60:6a:39:26:c8:65:2f:c5:16:4d:58:03:30:c2
forked to background, child pid 3174
[   27.829649][ T3175] 8021q: adding VLAN 0 to HW filter on device bond0
[   27.841901][ T3175] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.20' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   54.175934][ T3505] 
[   54.178308][ T3505] =====================================
[   54.183839][ T3505] WARNING: bad unlock balance detected!
[   54.189368][ T3505] 5.15.109-syzkaller #0 Not tainted
[   54.194554][ T3505] -------------------------------------
[   54.200081][ T3505] kworker/u5:2/3505 is trying to release lock (&conn->chan_lock) at:
[   54.208144][ T3505] [<ffffffff89428093>] l2cap_recv_frame+0x1fc3/0x8870
[   54.214924][ T3505] but there are no more locks to release!
[   54.220623][ T3505] 
[   54.220623][ T3505] other info that might help us debug this:
[   54.228669][ T3505] 2 locks held by kworker/u5:2/3505:
[   54.234024][ T3505]  #0: ffff888024804138 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0
[   54.244389][ T3505]  #1: ffffc9000235fd20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0
[   54.255782][ T3505] 
[   54.255782][ T3505] stack backtrace:
[   54.261658][ T3505] CPU: 0 PID: 3505 Comm: kworker/u5:2 Not tainted 5.15.109-syzkaller #0
[   54.270165][ T3505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[   54.280219][ T3505] Workqueue: hci0 hci_rx_work
[   54.284898][ T3505] Call Trace:
[   54.288184][ T3505]  <TASK>
[   54.291108][ T3505]  dump_stack_lvl+0x1e3/0x2cb
[   54.295779][ T3505]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   54.301409][ T3505]  ? panic+0x84d/0x84d
[   54.305475][ T3505]  ? l2cap_recv_frame+0x1fc3/0x8870
[   54.310674][ T3505]  print_unlock_imbalance_bug+0x248/0x2b0
[   54.316385][ T3505]  ? list_move_tail+0x130/0x130
[   54.321235][ T3505]  lock_release+0x596/0x9a0
[   54.325731][ T3505]  ? __lock_acquire+0x1ff0/0x1ff0
[   54.330753][ T3505]  ? l2cap_recv_frame+0x1fc3/0x8870
[   54.336050][ T3505]  ? __lock_acquire+0x1ff0/0x1ff0
[   54.341077][ T3505]  ? __mutex_lock_common+0x444/0x25a0
[   54.346448][ T3505]  ? __mutex_unlock_slowpath+0x218/0x750
[   54.352087][ T3505]  ? l2cap_recv_frame+0x1fc3/0x8870
[   54.357289][ T3505]  __mutex_unlock_slowpath+0xde/0x750
[   54.362655][ T3505]  ? mutex_unlock+0x10/0x10
[   54.367152][ T3505]  ? mutex_unlock+0x10/0x10
[   54.371656][ T3505]  ? l2cap_disconnect_rsp+0x241/0x350
[   54.377020][ T3505]  l2cap_recv_frame+0x1fc3/0x8870
[   54.382044][ T3505]  ? l2cap_conn_unreliable+0x1a0/0x1a0
[   54.387506][ T3505]  ? mutex_unlock+0x10/0x10
[   54.392003][ T3505]  ? hci_conn_enter_active_mode+0x25c/0x360
[   54.397896][ T3505]  ? l2cap_recv_acldata+0x2ea/0x1560
[   54.403198][ T3505]  hci_rx_work+0x489/0x7d0
[   54.407631][ T3505]  process_one_work+0x8a1/0x10c0
[   54.412580][ T3505]  ? worker_detach_from_pool+0x260/0x260
[   54.418212][ T3505]  ? _raw_spin_lock_irqsave+0x120/0x120
[   54.423842][ T3505]  ? kthread_data+