program:
syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000280)='./file1\x00', 0x402, &(0x7f0000000800)=ANY=[@ANYBLOB="756e695f786c6174653d312c6e6f6e756d7461696c3d300000000000000008303030303030303030303034303030303030303030302c73686f72746e616d653d65722c73686f72746e616d653d6d697865642c756e695f786c6174653d312c73686f72746e616d653d6d697865642c696f630100727365743d757466f69e75731725e72216799ebd57484a7e1948a8aa65667265652c757466383d312c6e66733d6e6f7374616c655f726f2c73686f72682e616d653d6d697865642c757466383d306d653d77696e6e742c007aea3388304ddedb3208ceb9b2c23924743277bd2c0d0019d44efede967f3df81cce421f7aafa8aa7c706311ab7a0ce39abf7858b6ba6ef5206da03692650000000000000001d0559b166f8c433d34c03a60999dea3bab649a260b216354ecc726cd1f6519546e8ef6ae17a0da1b9313ef4b5633c5f1bf756a7816d304d61c4d15539bae9f6e8dc91d178c85744c5cc226ca0568f9f6da8997bc10100b836488e47d0b7e6ccffaf123b1000000d6d876f2e37dde582f497ab6d4d11f7211b4aaf087f529ffc0000ee312a30cc69ae25ac6a986a76824020b12971980e00a27786eef1c2537fdcb1de9c4bed7175c6704f0c39d14da07a8edf97525a0c8138686d6e2b8d90102027245729e944719894ebe079bf1ab2b7002c54c5c714bff93d9475ff23f653874321e4ecc1ebd2baa44aea86a1617e53fcc5683e5c7b14e5158239aebf96ef3b73359414993575bf4e880ac24d7fee38c5a22f6fae6a22a2185cd5a25b7bc11062d649340f8220bfa18cae94fd73afbb38b2fc20a263e091c5eb14ce630628aaf65b7ccab9b4d3b2c220153cd28c86e6c8e58903c66698fd27f4f22a9fd1dd67d70de664e3b985f20ada8c0f531865a9093fe6d3cd52c721dcfe391a812583c4e745b824429ce98f2a7928d22c9b5302719058f593fddbbb60ca7"], 0x1, 0x284, &(0x7f0000000ac0)="$eJzs3M9qE2sYx/Ff05w2TWmTxTkHzgHxQTe6Gdp4ARKkBTGg1EbUhTC1Ew0Zk5IJlYjY7ty48DqKS3eCegPduHPvrhvBTcE/kUmnNGlTRW060Xw/0JmnfftL3slMwjMDma3rT+9VSoFTchtKpEwJaV3bUjasIiPROtGux9RpXWcnP7w9cfXGzUv5QmFuwWw+v3guZ2bTJ1/ef/js1OvG5LXn0y/GtZm9tfU+927z383/tr4s3i0HVg6sWmuYa0u1WsNd8j1bLgcVx+yK77mBZ+Vq4NW7xkt+bWWlaW51eSq9UveCwNxq0ype0xo1a9Sb5t5xy1VzHMem0sL3FDcWFtx83LNA3yTDRb2ed0clTRwYLm7EMSkAABCvzv5fA9f/h13Lt/v/dfr/X0D/PwzC/j8dvX+70f8DAAAAAAAAAAAAAAAAAAAAAPA72G61Mq1WK7O73v0Zl5SStPt73PNEf7D/h1vHF/dSkv94tbhalPyRcBnKl1SWL08zyuhT+3iI7NTzFwtzM9aW1St/LcqvrRZHu/OzyijbOz+7k7fu/F9Kd+Zzyujv3vlcz/yYzpzuyDvK6M1t1eRruX1c7+UfzZpduFzYl59o/x8AAAAAAH8C53MrOnvuff7uOHbI+E7+B64P7Du/Tur/ZLzbDgAAAADAsAiaDyqu73v1eIqP0cWCmKcxuMWYJP8fST8VP99x19e9oeSBvxx18aQ2AC/doBapcJce5QNOqB9TjfFDCQAAAEBf7DX9cc8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDhdRw3PDvkqRPHvKkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7L4GAAD//zwaJd0=")
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0)
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="040e0c060320007dfe"], 0xf)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
syz_emit_vhci(&(0x7f0000000a80)=ANY=[@ANYBLOB="040e0402030c"], 0x7)

[   88.512373][ T5329] loop0: detected capacity change from 0 to 128
[   88.551049][ T4673] Bluetooth: hci0: command tx timeout
[   88.683408][ T4673] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[   88.687455][ T4673] CPU: 0 UID: 0 PID: 4673 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) 
[   88.687473][ T4673] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   88.687481][ T4673] Workqueue: hci0 hci_rx_work
[   88.687624][ T4673] Call Trace:
[   88.687630][ T4673]  <TASK>
[   88.687635][ T4673]  dump_stack_lvl+0x189/0x250
[   88.687656][ T4673]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.687670][ T4673]  ? __pfx__printk+0x10/0x10
[   88.687687][ T4673]  ? kernfs_path_from_node+0x250/0x290
[   88.687730][ T4673]  ? kernfs_path_from_node+0x2f/0x290
[   88.687745][ T4673]  sysfs_create_dir_ns+0x259/0x280
[   88.687758][ T4673]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[   88.687772][ T4673]  ? do_raw_spin_unlock+0x4d/0x240
[   88.687789][ T4673]  kobject_add_internal+0x59f/0xb40
[   88.687809][ T4673]  kobject_add+0x155/0x220
[   88.687827][ T4673]  ? __pfx_kobject_add+0x10/0x10
[   88.687841][ T4673]  ? _raw_spin_unlock+0x28/0x50
[   88.687856][ T4673]  ? get_device_parent+0x366/0x3a0
[   88.687871][ T4673]  device_add+0x408/0xb50
[   88.687884][ T4673]  hci_conn_add_sysfs+0xd5/0x1e0
[   88.687922][ T4673]  le_conn_complete_evt+0xf39/0x1500
[   88.687946][ T4673]  ? __pfx_le_conn_complete_evt+0x10/0x10
[   88.687960][ T4673]  ? __mutex_unlock_slowpath+0x1a1/0x740
[   88.687973][ T4673]  ? __asan_memcpy+0x40/0x70
[   88.687987][ T4673]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   88.687999][ T4673]  ? skb_pull_data+0xfb/0x200
[   88.688014][ T4673]  hci_le_conn_complete_evt+0x187/0x450
[   88.688031][ T4673]  hci_event_packet+0x78f/0x1200
[   88.688046][ T4673]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   88.688061][ T4673]  ? __pfx_hci_event_packet+0x10/0x10
[   88.688082][ T4673]  ? kcov_remote_start+0x4d3/0x7f0
[   88.688093][ T4673]  ? local_clock_noinstr+0xe0/0xe0
[   88.688109][ T4673]  ? hci_send_to_monitor+0xe2/0x570
[   88.688126][ T4673]  hci_rx_work+0x46a/0xe80
[   88.688142][ T4673]  ? process_scheduled_works+0x9ef/0x17b0
[   88.688155][ T4673]  process_scheduled_works+0xae1/0x17b0
[   88.688185][ T4673]  ? __pfx_process_scheduled_works+0x10/0x10
[   88.688208][ T4673]  worker_thread+0x8a0/0xda0
[   88.688222][ T4673]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   88.688239][ T4673]  ? __kthread_parkme+0x7b/0x200
[   88.688258][ T4673]  kthread+0x711/0x8a0
[   88.688274][ T4673]  ? __pfx_worker_thread+0x10/0x10
[   88.688285][ T4673]  ? __pfx_kthread+0x10/0x10
[   88.688300][ T4673]  ? _raw_spin_unlock_irq+0x23/0x50
[   88.688311][ T4673]  ? lockdep_hardirqs_on+0x9c/0x150
[   88.688322][ T4673]  ? __pfx_kthread+0x10/0x10
[   88.688336][ T4673]  ret_from_fork+0x4bc/0x870
[   88.688372][ T4673]  ? __pfx_ret_from_fork+0x10/0x10
[   88.688392][ T4673]  ? __pfx_kthread+0x10/0x10
[   88.688408][ T4673]  ret_from_fork_asm+0x1a/0x30
[   88.688431][ T4673]  </TASK>
[   88.807516][ T5336] ------------[ cut here ]------------
[   88.809902][ T5336] workqueue: cannot queue hci_rx_work on wq hci0
[   88.812806][ T5336] WARNING: CPU: 0 PID: 5336 at kernel/workqueue.c:2258 __queue_work+0xd38/0xfb0
[   88.816620][ T5336] Modules linked in:
[   88.818363][ T5336] CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   88.822126][ T5336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   88.826661][ T5336] RIP: 0010:__queue_work+0xd38/0xfb0
[   88.828943][ T5336] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 c3 63 9d 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 20 eb 69 8b 4c 89 fa e8 b9 31 f9 ff 90 <0f> 0b 90 90 e9 1a f5 ff ff e8 ba 24 36 00 90 0f 0b 90 e9 dd fc ff
[   88.837430][ T5336] RSP: 0018:ffffc9000d51fa70 EFLAGS: 00010046
[   88.840078][ T5336] RAX: a2316d90a4ae6000 RBX: 0000000000000000 RCX: 0000000000100000
[   88.843433][ T5336] RDX: ffffc9000f22c000 RSI: 0000000000000867 RDI: 0000000000000868
[   88.846752][ T5336] RBP: 1ffff11007f0ea38 R08: 0000000000000003 R09: 0000000000000004
[   88.850017][ T5336] R10: dffffc0000000000 R11: fffffbfff1bba650 R12: dffffc0000000000
[   88.853509][ T5336] R13: ffff8880367ccae0 R14: ffff88801c2fc900 R15: ffff88803f875178
[   88.856927][ T5336] FS:  00007fee957576c0(0000) GS:ffff88808d733000(0000) knlGS:0000000000000000
[   88.860655][ T5336] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   88.863305][ T5336] CR2: 00007fee95756fc8 CR3: 000000000085d000 CR4: 0000000000352ef0
[   88.866508][ T5336] Call Trace:
[   88.867887][ T5336]  <TASK>
[   88.869102][ T5336]  ? rcu_is_watching+0x15/0xb0
[   88.871023][ T5336]  queue_work_on+0x181/0x270
[   88.872984][ T5336]  ? lockdep_hardirqs_on+0x9c/0x150
[   88.875079][ T5336]  ? __pfx_queue_work_on+0x10/0x10
[   88.877163][ T5336]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   88.879699][ T5336]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   88.882379][ T5336]  ? skb_queue_tail+0x30/0xf0
[   88.884264][ T5336]  hci_recv_frame+0x625/0x7c0
[   88.886201][ T5336]  ? skb_pull+0xc1/0x1d0
[   88.888115][ T5336]  vhci_write+0x358/0x4a0
[   88.890030][ T5336]  vfs_write+0x5c9/0xb30
[   88.892055][ T5336]  ? __pfx_vhci_write+0x10/0x10
[   88.894228][ T5336]  ? __pfx_vfs_write+0x10/0x10
[   88.896333][ T5336]  ? __fget_files+0x2a/0x420
[   88.898385][ T5336]  ksys_write+0x145/0x250
[   88.900289][ T5336]  ? __pfx_ksys_write+0x10/0x10
[   88.902475][ T5336]  ? do_syscall_64+0xbe/0xfa0
[   88.904565][ T5336]  do_syscall_64+0xfa/0xfa0
[   88.906563][ T5336]  ? lockdep_hardirqs_on+0x9c/0x150
[   88.908802][ T5336]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.911400][ T5336]  ? clear_bhb_loop+0x60/0xb0
[   88.913451][ T5336]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.916026][ T5336] RIP: 0033:0x7fee9498da7f
[   88.917995][ T5336] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   88.926168][ T5336] RSP: 002b:00007fee95757000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   88.929886][ T5336] RAX: ffffffffffffffda RBX: 00007fee94be6180 RCX: 00007fee9498da7f
[   88.933385][ T5336] RDX: 0000000000000007 RSI: 0000200000000a80 RDI: 00000000000000ca
[   88.936820][ T5336] RBP: 00007fee94a11f91 R08: 0000000000000000 R09: 0000000000000000
[   88.940294][ T5336] R10: 0000200000000a80 R11: 0000000000000293 R12: 0000000000000000
[   88.943690][ T5336] R13: 00007fee94be6218 R14: 00007fee94be6180 R15: 00007ffd74562f48
[   88.947209][ T5336]  </TASK>
[   88.948644][ T5336] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   88.952063][ T5336] CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   88.955684][ T5336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   88.960063][ T5336] Call Trace:
[   88.961626][ T5336]  <TASK>
[   88.962964][ T5336]  dump_stack_lvl+0x99/0x250
[   88.965000][ T5336]  ? __asan_memcpy+0x40/0x70
[   88.967053][ T5336]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.969379][ T5336]  ? __pfx__printk+0x10/0x10
[   88.971404][ T5336]  vpanic+0x237/0x6d0
[   88.973189][ T5336]  ? __pfx_vpanic+0x10/0x10
[   88.975235][ T5336]  panic+0xb9/0xc0
[   88.976900][ T5336]  ? __pfx_panic+0x10/0x10
[   88.978782][ T5336]  __warn+0x31b/0x4b0
[   88.980574][ T5336]  ? __queue_work+0xd38/0xfb0
[   88.982510][ T5336]  ? __queue_work+0xd38/0xfb0
[   88.984444][ T5336]  report_bug+0x2be/0x4f0
[   88.986305][ T5336]  ? __queue_work+0xd38/0xfb0
[   88.988323][ T5336]  ? __queue_work+0xd38/0xfb0
[   88.990353][ T5336]  ? __queue_work+0xd3a/0xfb0
[   88.992511][ T5336]  handle_bug+0x84/0x160
[   88.994251][ T5336]  exc_invalid_op+0x1a/0x50
[   88.996195][ T5336]  asm_exc_invalid_op+0x1a/0x20
[   88.998462][ T5336] RIP: 0010:__queue_work+0xd38/0xfb0
[   89.000668][ T5336] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 c3 63 9d 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 20 eb 69 8b 4c 89 fa e8 b9 31 f9 ff 90 <0f> 0b 90 90 e9 1a f5 ff ff e8 ba 24 36 00 90 0f 0b 90 e9 dd fc ff
[   89.008719][ T5336] RSP: 0018:ffffc9000d51fa70 EFLAGS: 00010046
[   89.011243][ T5336] RAX: a2316d90a4ae6000 RBX: 0000000000000000 RCX: 0000000000100000
[   89.014702][ T5336] RDX: ffffc9000f22c000 RSI: 0000000000000867 RDI: 0000000000000868
[   89.018478][ T5336] RBP: 1ffff11007f0ea38 R08: 0000000000000003 R09: 0000000000000004
[   89.021993][ T5336] R10: dffffc0000000000 R11: fffffbfff1bba650 R12: dffffc0000000000
[   89.025327][ T5336] R13: ffff8880367ccae0 R14: ffff88801c2fc900 R15: ffff88803f875178
[   89.028596][ T5336]  ? rcu_is_watching+0x15/0xb0
[   89.030592][ T5336]  queue_work_on+0x181/0x270
[   89.032725][ T5336]  ? lockdep_hardirqs_on+0x9c/0x150
[   89.034994][ T5336]  ? __pfx_queue_work_on+0x10/0x10
[   89.037307][ T5336]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   89.039875][ T5336]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   89.042698][ T5336]  ? skb_queue_tail+0x30/0xf0
[   89.044865][ T5336]  hci_recv_frame+0x625/0x7c0
[   89.047107][ T5336]  ? skb_pull+0xc1/0x1d0
[   89.049039][ T5336]  vhci_write+0x358/0x4a0
[   89.051016][ T5336]  vfs_write+0x5c9/0xb30
[   89.052859][ T5336]  ? __pfx_vhci_write+0x10/0x10
[   89.055048][ T5336]  ? __pfx_vfs_write+0x10/0x10
[   89.057247][ T5336]  ? __fget_files+0x2a/0x420
[   89.059331][ T5336]  ksys_write+0x145/0x250
[   89.061175][ T5336]  ? __pfx_ksys_write+0x10/0x10
[   89.062962][ T5336]  ? do_syscall_64+0xbe/0xfa0
[   89.064686][ T5336]  do_syscall_64+0xfa/0xfa0
[   89.066343][ T5336]  ? lockdep_hardirqs_on+0x9c/0x150
[   89.068692][ T5336]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.071576][ T5336]  ? clear_bhb_loop+0x60/0xb0
[   89.073562][ T5336]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.075850][ T5336] RIP: 0033:0x7fee9498da7f
[   89.077699][ T5336] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   89.085419][ T5336] RSP: 002b:00007fee95757000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   89.088729][ T5336] RAX: ffffffffffffffda RBX: 00007fee94be6180 RCX: 00007fee9498da7f
[   89.092427][ T5336] RDX: 0000000000000007 RSI: 0000200000000a80 RDI: 00000000000000ca
[   89.095867][ T5336] RBP: 00007fee94a11f91 R08: 0000000000000000 R09: 0000000000000000
[   89.099336][ T5336] R10: 0000200000000a80 R11: 0000000000000293 R12: 0000000000000000
[   89.102895][ T5336] R13: 00007fee94be6218 R14: 00007fee94be6180 R15: 00007ffd74562f48
[   89.106210][ T5336]  </TASK>
[   89.107823][ T5336] Kernel Offset: disabled
[   89.109634][ T5336] Rebooting in 86400 seconds..