Warning: Permanently added '10.128.0.27' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   38.876278][ T3964] 
[   38.876877][ T3964] =====================================
[   38.878067][ T3964] WARNING: bad unlock balance detected!
[   38.879264][ T3964] 5.15.110-syzkaller #0 Not tainted
[   38.880418][ T3964] -------------------------------------
[   38.881581][ T3964] kworker/u5:1/3964 is trying to release lock (&conn->chan_lock) at:
[   38.883335][ T3964] [<ffff800010cd9104>] l2cap_disconnect_rsp+0x210/0x30c
[   38.884876][ T3964] but there are no more locks to release!
[   38.886125][ T3964] 
[   38.886125][ T3964] other info that might help us debug this:
[   38.887844][ T3964] 2 locks held by kworker/u5:1/3964:
[   38.889018][ T3964]  #0: ffff0000c81b6938 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x66c/0x11b8
[   38.891321][ T3964]  #1: ffff80001a877c00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x6ac/0x11b8
[   38.893810][ T3964] 
[   38.893810][ T3964] stack backtrace:
[   38.895109][ T3964] CPU: 0 PID: 3964 Comm: kworker/u5:1 Not tainted 5.15.110-syzkaller #0
[   38.896985][ T3964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[   38.899207][ T3964] Workqueue: hci0 hci_rx_work
[   38.900269][ T3964] Call trace:
[   38.900973][ T3964]  dump_backtrace+0x0/0x530
[   38.901970][ T3964]  show_stack+0x2c/0x3c
[   38.902917][ T3964]  dump_stack_lvl+0x108/0x170
[   38.903964][ T3964]  dump_stack+0x1c/0x58
[   38.904831][ T3964]  print_unlock_imbalance_bug+0x250/0x2a4
[   38.906100][ T3964]  lock_release+0x4b8/0xa1c
[   38.907042][ T3964]  __mutex_unlock_slowpath+0xe0/0x6d4
[   38.908235][ T3964]  mutex_unlock+0x8c/0xe0
[   38.909231][ T3964]  l2cap_disconnect_rsp+0x210/0x30c
[   38.910394][ T3964]  l2cap_bredr_sig_cmd+0x970/0x7f54
[   38.911569][ T3964]  l2cap_recv_frame+0x848/0x6a48
[   38.912614][ T3964]  l2cap_recv_acldata+0x4f4/0x163c
[   38.913785][ T3964]  hci_rx_work+0x3b0/0x6d0
[   38.914741][ T3964]  process_one_work+0x790/0x11b8
[   38.915795][ T3964]  worker_thread+0x910/0x1034
[   38.916779][ T3964]  kthread+0x37c/0x45c
[   38.917578][ T3964]  ret_from_fork+0x10/0x20