[   18.428718][ T3638] 8021q: adding VLAN 0 to HW filter on device bond0
[   18.433012][ T3638] eql: remember to turn off Van-Jacobson compression on your slave devices
[   18.475045][ T1596] gvnic 0000:00:00.0 enp0s0: Device link is up.
[   18.478182][ T1954] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.108' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   42.822318][ T3965] 
[   42.822944][ T3965] =====================================
[   42.824270][ T3965] WARNING: bad unlock balance detected!
[   42.825599][ T3965] 5.15.109-syzkaller #0 Not tainted
[   42.826876][ T3965] -------------------------------------
[   42.828198][ T3965] kworker/u5:1/3965 is trying to release lock (&conn->chan_lock) at:
[   42.830202][ T3965] [<ffff800010cd6498>] l2cap_disconnect_rsp+0x210/0x30c
[   42.831895][ T3965] but there are no more locks to release!
[   42.833245][ T3965] 
[   42.833245][ T3965] other info that might help us debug this:
[   42.835255][ T3965] 2 locks held by kworker/u5:1/3965:
[   42.836497][ T3965]  #0: ffff0000dd1cb138 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x66c/0x11b8
[   42.839030][ T3965]  #1: ffff80001af77c00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x6ac/0x11b8
[   42.841861][ T3965] 
[   42.841861][ T3965] stack backtrace:
[   42.843321][ T3965] CPU: 0 PID: 3965 Comm: kworker/u5:1 Not tainted 5.15.109-syzkaller #0
[   42.845337][ T3965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[   42.847810][ T3965] Workqueue: hci0 hci_rx_work
[   42.848993][ T3965] Call trace:
[   42.849800][ T3965]  dump_backtrace+0x0/0x530
[   42.850922][ T3965]  show_stack+0x2c/0x3c
[   42.851935][ T3965]  dump_stack_lvl+0x108/0x170
[   42.853072][ T3965]  dump_stack+0x1c/0x58
[   42.854101][ T3965]  print_unlock_imbalance_bug+0x250/0x2a4
[   42.855480][ T3965]  lock_release+0x4b8/0xa1c
[   42.856572][ T3965]  __mutex_unlock_slowpath+0xe0/0x6d4
[   42.857883][ T3965]  mutex_unlock+0x8c/0xe0
[   42.858959][ T3965]  l2cap_disconnect_rsp+0x210/0x30c
[   42.860178][ T3965]  l2cap_bredr_sig_cmd+0x970/0x7f54
[   42.861453][ T3965]  l2cap_recv_frame+0x848/0x6a48
[   42.862667][ T3965]  l2cap_recv_acldata+0x4f4/0x163c
[   42.863901][ T3965]  hci_rx_work+0x3b0/0x6d0
[   42.864974][ T3965]  process_one_work+0x790/0x11b8
[   42.866190][ T3965]  worker_thread+0x910/0x1034
[   42.867338][ T3965]  kthread+0x37c/0x45c
[   42.868355][ T3965]  ret_from_fork+0x10/0x20