program:
syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000280)='./file1\x00', 0x402, &(0x7f0000000800)=ANY=[@ANYBLOB="756e695f786c6174653d312c6e6f6e756d7461696c3d300000000000000008303030303030303030303034303030303030303030302c73686f72746e616d653d65722c73686f72746e616d653d6d697865642c756e695f786c6174653d312c73686f72746e616d653d6d697865642c696f630100727365743d757466f69e75731725e72216799ebd57484a7e1948a8aa65667265652c757466383d312c6e66733d6e6f7374616c655f726f2c73686f72682e616d653d6d697865642c757466383d306d653d77696e6e742c007aea3388304ddedb3208ceb9b2c23924743277bd2c0d0019d44efede967f3df81cce421f7aafa8aa7c706311ab7a0ce39abf7858b6ba6ef5206da03692650000000000000001d0559b166f8c433d34c03a60999dea3bab649a260b216354ecc726cd1f6519546e8ef6ae17a0da1b9313ef4b5633c5f1bf756a7816d304d61c4d15539bae9f6e8dc91d178c85744c5cc226ca0568f9f6da8997bc10100b836488e47d0b7e6ccffaf123b1000000d6d876f2e37dde582f497ab6d4d11f7211b4aaf087f529ffc0000ee312a30cc69ae25ac6a986a76824020b12971980e00a27786eef1c2537fdcb1de9c4bed7175c6704f0c39d14da07a8edf97525a0c8138686d6e2b8d90102027245729e944719894ebe079bf1ab2b7002c54c5c714bff93d9475ff23f653874321e4ecc1ebd2baa44aea86a1617e53fcc5683e5c7b14e5158239aebf96ef3b73359414993575bf4e880ac24d7fee38c5a22f6fae6a22a2185cd5a25b7bc11062d649340f8220bfa18cae94fd73afbb38b2fc20a263e091c5eb14ce630628aaf65b7ccab9b4d3b2c220153cd28c86e6c8e58903c66698fd27f4f22a9fd1dd67d70de664e3b985f20ada8c0f531865a9093fe6d3cd52c721dcfe391a812583c4e745b824429ce98f2a7928d22c9b5302719058f593fddbbb60ca7"], 0x1, 0x284, &(0x7f0000000ac0)="$eJzs3M9qE2sYx/Ff05w2TWmTxTkHzgHxQTe6Gdp4ARKkBTGg1EbUhTC1Ew0Zk5IJlYjY7ty48DqKS3eCegPduHPvrhvBTcE/kUmnNGlTRW060Xw/0JmnfftL3slMwjMDma3rT+9VSoFTchtKpEwJaV3bUjasIiPROtGux9RpXWcnP7w9cfXGzUv5QmFuwWw+v3guZ2bTJ1/ef/js1OvG5LXn0y/GtZm9tfU+927z383/tr4s3i0HVg6sWmuYa0u1WsNd8j1bLgcVx+yK77mBZ+Vq4NW7xkt+bWWlaW51eSq9UveCwNxq0ype0xo1a9Sb5t5xy1VzHMem0sL3FDcWFtx83LNA3yTDRb2ed0clTRwYLm7EMSkAABCvzv5fA9f/h13Lt/v/dfr/X0D/PwzC/j8dvX+70f8DAAAAAAAAAAAAAAAAAAAAAPA72G61Mq1WK7O73v0Zl5SStPt73PNEf7D/h1vHF/dSkv94tbhalPyRcBnKl1SWL08zyuhT+3iI7NTzFwtzM9aW1St/LcqvrRZHu/OzyijbOz+7k7fu/F9Kd+Zzyujv3vlcz/yYzpzuyDvK6M1t1eRruX1c7+UfzZpduFzYl59o/x8AAAAAAH8C53MrOnvuff7uOHbI+E7+B64P7Du/Tur/ZLzbDgAAAADAsAiaDyqu73v1eIqP0cWCmKcxuMWYJP8fST8VP99x19e9oeSBvxx18aQ2AC/doBapcJce5QNOqB9TjfFDCQAAAEBf7DX9cc8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDhdRw3PDvkqRPHvKkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7L4GAAD//zwaJd0=")
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0)
syz_emit_vhci(&(0x7f0000000a80)=ANY=[@ANYBLOB="040e0402030c"], 0x7)

[   86.194199][ T5342] loop0: detected capacity change from 0 to 128
[   86.309897][ T4686] Bluetooth: hci0: command tx timeout
[   86.341363][ T5343] ------------[ cut here ]------------
[   86.343897][ T5343] workqueue: cannot queue hci_rx_work on wq hci0
[   86.346907][ T5343] WARNING: kernel/workqueue.c:2252 at __queue_work+0xd1f/0xf90, CPU#0: syz.0.0/5343
[   86.351393][ T5343] Modules linked in:
[   86.353257][ T5343] CPU: 0 UID: 0 PID: 5343 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   86.357394][ T5343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   86.362101][ T5343] RIP: 0010:__queue_work+0xd4a/0xf90
[   86.364582][ T5343] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 f7 db 9f 00 49 8b 75 00 49 81 c7 78 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d e9 ce 11
[   86.373406][ T5343] RSP: 0018:ffffc9000e9bfb20 EFLAGS: 00010086
[   86.376194][ T5343] RAX: 1ffff1100229b17b RBX: 0000000000000008 RCX: 0000000000100000
[   86.379802][ T5343] RDX: ffff888042c3a178 RSI: ffffffff8a70b300 RDI: ffffffff8fd1e080
[   86.383749][ T5343] RBP: 0000000000000000 R08: ffff8880114d8bc7 R09: 1ffff1100229b178
[   86.387385][ T5343] R10: dffffc0000000000 R11: ffffed100229b179 R12: dffffc0000000000
[   86.391098][ T5343] R13: ffff8880114d8bd8 R14: ffffffff8fd1e080 R15: ffff888042c3a178
[   86.394445][ T5343] FS:  00007f7e534fa6c0(0000) GS:ffff88808cf1d000(0000) knlGS:0000000000000000
[   86.398191][ T5343] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   86.401053][ T5343] CR2: 00007f7e534f9ff0 CR3: 0000000012b61000 CR4: 0000000000352ef0
[   86.404617][ T5343] Call Trace:
[   86.406236][ T5343]  <TASK>
[   86.407609][ T5343]  ? rcu_is_watching+0x15/0xb0
[   86.409841][ T5343]  queue_work_on+0x106/0x1c0
[   86.412100][ T5343]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   86.414703][ T5343]  hci_recv_frame+0x625/0x7c0
[   86.416806][ T5343]  ? skb_pull+0xc1/0x1d0
[   86.418733][ T5343]  vhci_write+0x358/0x4a0
[   86.420711][ T5343]  vfs_write+0x61d/0xb90
[   86.422556][ T5343]  ? __pfx_vfs_write+0x10/0x10
[   86.424772][ T5343]  ? __fget_files+0x2a/0x420
[   86.426972][ T5343]  ksys_write+0x150/0x270
[   86.428996][ T5343]  ? __pfx_ksys_write+0x10/0x10
[   86.431184][ T5343]  do_syscall_64+0xe2/0xf80
[   86.433242][ T5343]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.436096][ T5343]  ? trace_irq_disable+0x37/0x100
[   86.438520][ T5343]  ? clear_bhb_loop+0x60/0xb0
[   86.440742][ T5343]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.443435][ T5343] RIP: 0033:0x7f7e5255b58e
[   86.445722][ T5343] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[   86.454777][ T5343] RSP: 002b:00007f7e534f9fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   86.458469][ T5343] RAX: ffffffffffffffda RBX: 00007f7e534fa6c0 RCX: 00007f7e5255b58e
[   86.461895][ T5343] RDX: 0000000000000007 RSI: 0000200000000a80 RDI: 00000000000000ca
[   86.465417][ T5343] RBP: 00007f7e52608bf7 R08: 0000000000000000 R09: 0000000000000000
[   86.468983][ T5343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.472424][ T5343] R13: 00007f7e52816128 R14: 00007f7e52816090 R15: 00007fff1b824e48
[   86.476135][ T5343]  </TASK>
[   86.477843][ T5343] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   86.481315][ T5343] CPU: 0 UID: 0 PID: 5343 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   86.485241][ T5343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   86.489642][ T5343] Call Trace:
[   86.491142][ T5343]  <TASK>
[   86.492315][ T5343]  vpanic+0x1e0/0x670
[   86.493889][ T5343]  panic+0xc5/0xd0
[   86.495695][ T5343]  ? __pfx_panic+0x10/0x10
[   86.497811][ T5343]  __warn+0x315/0x4a0
[   86.499775][ T5343]  ? __queue_work+0xd1f/0xf90
[   86.502019][ T5343]  ? __queue_work+0xd1f/0xf90
[   86.504221][ T5343]  __report_bug+0x29a/0x540
[   86.506290][ T5343]  ? __queue_work+0xd1f/0xf90
[   86.508482][ T5343]  ? __pfx___report_bug+0x10/0x10
[   86.510803][ T5343]  ? vhci_write+0xbe/0x4a0
[   86.512942][ T5343]  ? __pfx_hci_rx_work+0x10/0x10
[   86.515282][ T5343]  ? __lock_acquire+0x6b5/0x2cf0
[   86.517577][ T5343]  report_bug_entry+0x19a/0x290
[   86.519726][ T5343]  ? __queue_work+0xd4a/0xf90
[   86.521851][ T5343]  ? __queue_work+0xd4f/0xf90
[   86.523917][ T5343]  handle_bug+0xca/0x200
[   86.525761][ T5343]  exc_invalid_op+0x1a/0x50
[   86.527743][ T5343]  asm_exc_invalid_op+0x1a/0x20
[   86.529882][ T5343] RIP: 0010:__queue_work+0xd4a/0xf90
[   86.532235][ T5343] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 f7 db 9f 00 49 8b 75 00 49 81 c7 78 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d e9 ce 11
[   86.541193][ T5343] RSP: 0018:ffffc9000e9bfb20 EFLAGS: 00010086
[   86.543967][ T5343] RAX: 1ffff1100229b17b RBX: 0000000000000008 RCX: 0000000000100000
[   86.547556][ T5343] RDX: ffff888042c3a178 RSI: ffffffff8a70b300 RDI: ffffffff8fd1e080
[   86.551248][ T5343] RBP: 0000000000000000 R08: ffff8880114d8bc7 R09: 1ffff1100229b178
[   86.555054][ T5343] R10: dffffc0000000000 R11: ffffed100229b179 R12: dffffc0000000000
[   86.558683][ T5343] R13: ffff8880114d8bd8 R14: ffffffff8fd1e080 R15: ffff888042c3a178
[   86.562299][ T5343]  ? __pfx_hci_rx_work+0x10/0x10
[   86.564555][ T5343]  ? rcu_is_watching+0x15/0xb0
[   86.566794][ T5343]  queue_work_on+0x106/0x1c0
[   86.568919][ T5343]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   86.571565][ T5343]  hci_recv_frame+0x625/0x7c0
[   86.573708][ T5343]  ? skb_pull+0xc1/0x1d0
[   86.575664][ T5343]  vhci_write+0x358/0x4a0
[   86.577601][ T5343]  vfs_write+0x61d/0xb90
[   86.579466][ T5343]  ? __pfx_vfs_write+0x10/0x10
[   86.581665][ T5343]  ? __fget_files+0x2a/0x420
[   86.583761][ T5343]  ksys_write+0x150/0x270
[   86.585683][ T5343]  ? __pfx_ksys_write+0x10/0x10
[   86.587820][ T5343]  do_syscall_64+0xe2/0xf80
[   86.589809][ T5343]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.592544][ T5343]  ? trace_irq_disable+0x37/0x100
[   86.594795][ T5343]  ? clear_bhb_loop+0x60/0xb0
[   86.596956][ T5343]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.601137][ T5343] RIP: 0033:0x7f7e5255b58e
[   86.603402][ T5343] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[   86.612270][ T5343] RSP: 002b:00007f7e534f9fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   86.616084][ T5343] RAX: ffffffffffffffda RBX: 00007f7e534fa6c0 RCX: 00007f7e5255b58e
[   86.619659][ T5343] RDX: 0000000000000007 RSI: 0000200000000a80 RDI: 00000000000000ca
[   86.623241][ T5343] RBP: 00007f7e52608bf7 R08: 0000000000000000 R09: 0000000000000000
[   86.626831][ T5343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.630331][ T5343] R13: 00007f7e52816128 R14: 00007f7e52816090 R15: 00007fff1b824e48
[   86.633799][ T5343]  </TASK>
[   86.635572][ T5343] Kernel Offset: disabled
[   86.637547][ T5343] Rebooting in 86400 seconds..