------------[ cut here ]------------
workqueue: cannot queue hci_cmd_timeout on wq hci2
WARNING: CPU: 1 PID: 7070 at kernel/workqueue.c:2257 __queue_work+0xd03/0x1160 kernel/workqueue.c:2256
Modules linked in:
CPU: 1 UID: 0 PID: 7070 Comm: udevd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:__queue_work+0xd03/0x1160 kernel/workqueue.c:2256
Code: 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 4b 04 00 00 48 8b 75 18 4c 89 fa 48 c7 c7 20 27 8c 8b e8 1e 15 f7 ff 90 <0f> 0b 90 90 e9 2f f7 ff ff e8 4f e3 38 00 90 0f 0b 90 e9 b4 f5 ff
RSP: 0018:ffffc900006a0be8 EFLAGS: 00010082
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817b3ee8
RDX: ffff88805c554900 RSI: ffffffff817b3ef5 RDI: 0000000000000001
RBP: ffff888105164978 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 1ffff920000d418f
R13: 0000000000000100 R14: ffffffff81843990 R15: ffff888106657978
FS:  00007f07d6232880(0000) GS:ffff8880d6b0a000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f983955a990 CR3: 000000005f746000 CR4: 0000000000352ef0
Call Trace:
 <IRQ>
 call_timer_fn+0x19a/0x620 kernel/time/timer.c:1747
 expire_timers kernel/time/timer.c:1793 [inline]
 __run_timers+0x569/0x960 kernel/time/timer.c:2372
 __run_timer_base kernel/time/timer.c:2384 [inline]
 __run_timer_base kernel/time/timer.c:2376 [inline]
 run_timer_base+0x114/0x190 kernel/time/timer.c:2393
 run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2403
 handle_softirqs+0x219/0x8e0 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x109/0x170 kernel/softirq.c:723
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline]
 sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1052
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:virt_to_folio include/linux/mm.h:1245 [inline]
RIP: 0010:virt_to_slab mm/slab.h:191 [inline]
RIP: 0010:qlink_to_cache mm/kasan/quarantine.c:131 [inline]
RIP: 0010:qlist_free_all+0x78/0x120 mm/kasan/quarantine.c:176
Code: 85 e4 74 72 4c 89 e5 4c 89 eb 4d 85 ed 75 c0 48 89 ef e8 2b 48 48 ff 48 c1 e8 0c 48 c1 e0 06 48 03 05 3c 09 a7 0b 48 8b 48 08 <48> 89 c2 f6 c1 01 0f 85 89 00 00 00 66 90 31 c0 80 7a 33 f5 48 0f
RSP: 0018:ffffc900064f7c40 EFLAGS: 00000282
RAX: ffffea0001592180 RBX: 0000000000000000 RCX: ffffea0001592001
RDX: ffff88805c554900 RSI: ffffffff816df508 RDI: 0000000000000007
RBP: ffff888056486000 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff888056486000
R13: 0000000000000000 R14: ffffc900064f7c78 R15: ffff88805e3a5a80
 kasan_quarantine_reduce+0x195/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:352
 kasan_slab_alloc include/linux/kasan.h:252 [inline]
 slab_post_alloc_hook mm/slub.c:4970 [inline]
 slab_alloc_node mm/slub.c:5280 [inline]
 kmem_cache_alloc_noprof+0x250/0x6e0 mm/slub.c:5287
 getname_flags.part.0+0x4c/0x550 fs/namei.c:146
 getname_flags+0x93/0xf0 include/linux/audit.h:345
 getname include/linux/fs.h:2922 [inline]
 do_sys_openat2+0xb8/0x1d0 fs/open.c:1431
 do_sys_open fs/open.c:1452 [inline]
 __do_sys_openat fs/open.c:1468 [inline]
 __se_sys_openat fs/open.c:1463 [inline]
 __x64_sys_openat+0x174/0x210 fs/open.c:1463
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f07d5b15c3a
Code: 41 89 f2 48 89 54 24 e0 41 83 e2 40 75 2a 89 f0 f7 d0 a9 00 00 41 00 74 1f 89 f2 b8 01 01 00 00 48 89 fe bf 9c ff ff ff 0f 05 <48> 3d 00 f0 ff ff 77 2e c3 0f 1f 44 00 00 48 8d 44 24 08 c7 44 24
RSP: 002b:00007fff09c226e8 EFLAGS: 00000206 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007fff09c22720 RCX: 00007f07d5b15c3a
RDX: 0000000000090800 RSI: 00007fff09c22b20 RDI: 00000000ffffff9c
RBP: 0000000000000007 R08: 000055699e195f60 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 000055699e1cc640
R13: 00007fff09c23320 R14: 00007fff09c22f20 R15: 00007fff09c22b20
 </TASK>
----------------
Code disassembly (best guess):
   0:	85 e4                	test   %esp,%esp
   2:	74 72                	je     0x76
   4:	4c 89 e5             	mov    %r12,%rbp
   7:	4c 89 eb             	mov    %r13,%rbx
   a:	4d 85 ed             	test   %r13,%r13
   d:	75 c0                	jne    0xffffffcf
   f:	48 89 ef             	mov    %rbp,%rdi
  12:	e8 2b 48 48 ff       	call   0xff484842
  17:	48 c1 e8 0c          	shr    $0xc,%rax
  1b:	48 c1 e0 06          	shl    $0x6,%rax
  1f:	48 03 05 3c 09 a7 0b 	add    0xba7093c(%rip),%rax        # 0xba70962
  26:	48 8b 48 08          	mov    0x8(%rax),%rcx
* 2a:	48 89 c2             	mov    %rax,%rdx <-- trapping instruction
  2d:	f6 c1 01             	test   $0x1,%cl
  30:	0f 85 89 00 00 00    	jne    0xbf
  36:	66 90                	xchg   %ax,%ax
  38:	31 c0                	xor    %eax,%eax
  3a:	80 7a 33 f5          	cmpb   $0xf5,0x33(%rdx)
  3e:	48                   	rex.W
  3f:	0f                   	.byte 0xf