program:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
r1 = syz_mount_image$udf(&(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', 0x80, &(0x7f0000000280)=ANY=[@ANYBLOB="009d0e609c62517a68813f6b578e2fd2b349823558145159a317949dcbd54be4c36b6f14857fbb1963983b808b676663bb5e55330899648c7f63eb159926f6b541adc762bfd60e00247eda5373d9d7c8084d4bc2aab5abcea10f3526dac0abdf5e6ff7d4bec8b703be45c710eadcc7d384775276a3ce3e043e0fa4b684f56e8a4a5c628e25393cf7883c90532fe96490a3cf734421991574c1bd33ae90f20fddb872101a0de2e9689df0fe1295d3946fdd6a9c91"], 0x1, 0x486, &(0x7f0000002300)="$eJzs3M1vG0UYx/HfbGJ34xZw39yCKmEJiaIiSuy0pG8ghZa0SH2hTYJAKEUhcYLVxInitGoqaCtx6BEoElw4wKEXhKogwQUOHODGf8CFWw9cMCdOILSbWe/acV6KXxKH70dqPN19vDs7Mzv7bLyOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA9PIrfd0Zs/z6eCsrAwAAWuL8wKXu7ArXfwAAsPkMrnL/DwAAgE3FyNEnMvrh05I55/9/kXs2X7h6fehUf+23dRn/nR1+vPfPzWR7Dh1+ofdI8Lry+xvtcV0YGOxLn5yempnNFYu5sfRQIT86PZZb8xbqfX+1A34DpKeuXB0bHy+mswd7KlZfTz7YsjWVPN6bOvF0EDt0qr9/IBLTGfvPe19iuQw/Lkd3ZFT6+L45L8lR/W2xythpti7/IA74BzF0qt8/kMn8SGHOW2mChnAq2yQetFEL+qIuuySvXibemHu2mBwVZbQ7VTIXJHUE7fCs/4vh1TfgNKQaD82r57CktNqgzzawLXJ0WEZ3jyb1mtdmQf93Su+vd+XQdJ1ydF9G+18qmYv+fOCdT960efb19KuF8elIrDH2jGr360MrbfC5yZWj8/4ZXzKX1rsyaDkvWRqW0aHBa35eIT8vfex47+kzg9EMY88q2/FiD9ryWq7JsUjqYNYphwAAAAAAAAA2O3erLXzj+i9p+xkQ/ieMo+dl9OeZkv/RePS5hI7I8x1l7f7ZT3Pr3+WenJ6Zn81PvDtXc33C7XunODc7Mlp7tbq8k6/i1+GrPcdQp5hxdERGt/5ZCPebNF7ZTgPhju6dCOvmmqq1/rh5dPF5luAzhGP9e6LlmlV+iM/Hkna/zE9AYxjjqE9G49/vtc9+JLRkDrJx38rojy/22Tgn7gUFp2nS/+mO5ydz3V7sTzL68u8g1n/MTEGqsTOMzXixjow+OlcZu83G7gpjs17saRn9fLl27O4wtseL/UBGM7+ng9iEF/ukjU2FsQdHpyfHmtbAG5w3/9+U0Y4X0yboS9tedprtKMfeey+c729Xb2iZOb/e+T8ZWXbbjsMH3ni9vNcfe/54dWqP1zsy+vq7fTZucawEf85ku/8zHK9vyGjil8rYhI3dEcZm1tywbcLr/7dllC0slNvG9r/tgcj1P9L/T1SPjib1//bIsqTd75bGHDokFedvXBmZnMzNUqBAgUK5sN4zE1rBu/5/JqM3L/5aznfs9d+m1WH+99fN8Pp/rHpDTbr+74gsO2azkVin5M5NzcRSklucv/FcfmpkIjeRK/RkM0e7jx7qzcTiQW4Xlupuqk0pZu/Vrn34Vfn+rDL/q53/J6o31KT+3xlZlqjIV+o+dNj+/01Gb/24UL6PXin/D+6znnlq8bV8fjap/3dFliXtfh9pzKEDAAAAAAAAAAAAAAAAQFuLGUd3ZeQOd5rgu1Fref5vyRemmvT8VyqybKxF31eou1EBoA04cvS5jParZG55C7ZJ56Kv2NT+DQAA//+Juh/g")
r2 = fanotify_init(0x200, 0x0)
write(r0, &(0x7f0000000000)="0a000000010001", 0x7)
close_range(r1, r2, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r3, 0x400448ca, 0x0)

[   85.847407][ T5341] loop0: detected capacity change from 0 to 128
[   85.909822][ T5341] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256
[   85.968674][ T5341] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   85.982506][ T5341] Bluetooth: MGMT ver 1.23
[   85.999462][    C0] ------------[ cut here ]------------
[   86.002162][    C0] workqueue: cannot queue hci_cmd_timeout on wq hci0
[   86.005260][    C0] WARNING: kernel/workqueue.c:2252 at 0x0, CPU#0: udevd/5307
[   86.008488][    C0] Modules linked in:
[   86.010315][    C0] CPU: 0 UID: 0 PID: 5307 Comm: udevd Not tainted syzkaller #0 PREEMPT(full) 
[   86.013925][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.018522][    C0] RIP: 0010:__queue_work+0xd4b/0xf90
[   86.020926][    C0] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 26 78 9e 00 49 8b 75 00 49 81 c7 78 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc
[   86.029260][    C0] RSP: 0018:ffffc90000007b10 EFLAGS: 00010086
[   86.032234][    C0] RAX: 1ffff1100381d151 RBX: 0000000000000008 RCX: ffff888000b924c0
[   86.035929][    C0] RDX: ffff88803ff67978 RSI: ffffffff8a475b90 RDI: ffffffff8f8371d0
[   86.039938][    C0] RBP: 0000000000000100 R08: ffffffff8f808b77 R09: 1ffffffff1f0116e
[   86.043415][    C0] R10: dffffc0000000000 R11: ffffffff818a6b40 R12: dffffc0000000000
[   86.046902][    C0] R13: ffff88801c0e8a88 R14: ffffffff8f8371d0 R15: ffff88803ff67978
[   86.050238][    C0] FS:  00007f695ae3a880(0000) GS:ffff88808d69f000(0000) knlGS:0000000000000000
[   86.054291][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   86.057135][    C0] CR2: 00007f695a7909c0 CR3: 000000004525d000 CR4: 0000000000352ef0
[   86.060531][    C0] Call Trace:
[   86.062086][    C0]  <IRQ>
[   86.063381][    C0]  call_timer_fn+0x16e/0x590
[   86.065361][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[   86.067950][    C0]  ? call_timer_fn+0xbe/0x590
[   86.069905][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[   86.072183][    C0]  ? do_raw_spin_unlock+0x4d/0x240
[   86.074346][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[   86.076918][    C0]  __run_timer_base+0x646/0x860
[   86.078837][    C0]  ? __pfx___run_timer_base+0x10/0x10
[   86.081097][    C0]  ? seqcount_lockdep_reader_access+0x15e/0x1c0
[   86.083806][    C0]  run_timer_softirq+0xb7/0x180
[   86.085934][    C0]  handle_softirqs+0x27d/0x850
[   86.088080][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[   86.090122][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[   86.092343][    C0]  __irq_exit_rcu+0xca/0x1f0
[   86.094332][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[   86.096580][    C0]  irq_exit_rcu+0x9/0x30
[   86.098429][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[   86.100850][    C0]  </IRQ>
[   86.102154][    C0]  <TASK>
[   86.103472][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   86.105988][    C0] RIP: 0010:slab_update_freelist+0x61/0x100
[   86.108479][    C0] Code: 00 00 75 36 48 89 f7 4c 89 f6 48 89 ca e8 e7 fe ff ff 89 c3 eb 44 48 8b 19 48 8b 49 08 49 8b 06 49 8b 56 08 3e 48 0f c7 4e 20 <48> 89 c1 b0 01 74 4e 49 89 0e 49 89 56 08 eb 65 48 89 f3 49 89 cf
[   86.116635][    C0] RSP: 0018:ffffc9000d38fb08 EFLAGS: 00000242
[   86.119172][    C0] RAX: ffff888011d1ed38 RBX: ffff888011d1eeb0 RCX: 000000000015000b
[   86.122610][    C0] RDX: 000000000015000c RSI: ffffea0000474780 RDI: ffff88801b2e1780
[   86.125830][    C0] RBP: ffffc9000d38fbb8 R08: 0000000000000001 R09: ffffffff8228ef5c
[   86.129166][    C0] R10: dffffc0000000000 R11: fffffbfff1f0116f R12: 0000000000000000
[   86.132770][    C0] R13: ffff888011d1eeb0 R14: ffffc9000d38fb70 R15: 000000000015000c
[   86.136124][    C0]  ? qlist_free_all+0x8c/0x100
[   86.138296][    C0]  __slab_free+0x104/0x2a0
[   86.140815][    C0]  ? qlist_free_all+0x8c/0x100
[   86.143208][    C0]  qlist_free_all+0x97/0x100
[   86.145270][    C0]  kasan_quarantine_reduce+0x148/0x160
[   86.148272][    C0]  __kasan_slab_alloc+0x22/0x80
[   86.150923][    C0]  kmem_cache_alloc_noprof+0x367/0x6f0
[   86.153708][    C0]  ? getname_flags+0xb8/0x540
[   86.155764][    C0]  getname_flags+0xb8/0x540
[   86.157755][    C0]  vfs_fstatat+0x43/0x170
[   86.159738][    C0]  __x64_sys_newfstatat+0x116/0x190
[   86.162004][    C0]  ? __pfx___x64_sys_newfstatat+0x10/0x10
[   86.164460][    C0]  ? kmem_cache_free+0x197/0x620
[   86.166786][    C0]  ? do_syscall_64+0xbe/0xf80
[   86.168838][    C0]  do_syscall_64+0xfa/0xf80
[   86.170849][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.173465][    C0]  ? clear_bhb_loop+0x60/0xb0
[   86.175530][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.178132][    C0] RIP: 0033:0x7f695a711b0a
[   86.179857][    C0] Code: 48 8b 15 f1 f2 0d 00 f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 41 89 ca b8 06 01 00 00 0f 05 <3d> 00 f0 ff ff 77 07 31 c0 c3 0f 1f 40 00 48 8b 15 b9 f2 0d 00 f7
[   86.187493][    C0] RSP: 002b:00007ffeaa41aae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000106
[   86.190759][    C0] RAX: ffffffffffffffda RBX: 000000000000000e RCX: 00007f695a711b0a
[   86.193908][    C0] RDX: 00007ffeaa41aaf0 RSI: 00007ffeaa41abc0 RDI: 00000000ffffff9c
[   86.197328][    C0] RBP: 00007ffeaa41bc00 R08: 0000000000000000 R09: 0000000000000000
[   86.200657][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffeaa41c020
[   86.204068][    C0] R13: 0000000000000000 R14: 0000000000000008 R15: 000055c4d78d4250
[   86.207524][    C0]  </TASK>
[   86.208902][    C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   86.212041][    C0] CPU: 0 UID: 0 PID: 5307 Comm: udevd Not tainted syzkaller #0 PREEMPT(full) 
[   86.215687][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.220564][    C0] Call Trace:
[   86.222051][    C0]  <IRQ>
[   86.223378][    C0]  dump_stack_lvl+0x99/0x250
[   86.225495][    C0]  ? __asan_memcpy+0x40/0x70
[   86.227588][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[   86.230071][    C0]  ? __pfx__printk+0x10/0x10
[   86.232719][    C0]  vpanic+0x237/0x6d0
[   86.234634][    C0]  ? __pfx_vpanic+0x10/0x10
[   86.236674][    C0]  ? is_bpf_text_address+0x292/0x2b0
[   86.238932][    C0]  ? is_bpf_text_address+0x26/0x2b0
[   86.241140][    C0]  panic+0xb9/0xc0
[   86.242806][    C0]  ? __pfx_panic+0x10/0x10
[   86.244877][    C0]  __warn+0x317/0x4b0
[   86.246684][    C0]  __report_bug+0x288/0x500
[   86.248744][    C0]  ? __lock_acquire+0x6b6/0x2cf0
[   86.250927][    C0]  ? __pfx___report_bug+0x10/0x10
[   86.253249][    C0]  ? __pfx_hci_cmd_timeout+0x10/0x10
[   86.255590][    C0]  ? __lock_acquire+0x6b6/0x2cf0
[   86.257748][    C0]  report_bug_entry+0x16a/0x220
[   86.259799][    C0]  ? __queue_work+0xd4b/0xf90
[   86.261900][    C0]  ? __queue_work+0xd50/0xf90
[   86.263924][    C0]  handle_bug+0xca/0x200
[   86.265745][    C0]  exc_invalid_op+0x1a/0x50
[   86.267691][    C0]  asm_exc_invalid_op+0x1a/0x20
[   86.269850][    C0] RIP: 0010:__queue_work+0xd4b/0xf90
[   86.272313][    C0] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 26 78 9e 00 49 8b 75 00 49 81 c7 78 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc
[   86.280489][    C0] RSP: 0018:ffffc90000007b10 EFLAGS: 00010086
[   86.283177][    C0] RAX: 1ffff1100381d151 RBX: 0000000000000008 RCX: ffff888000b924c0
[   86.286529][    C0] RDX: ffff88803ff67978 RSI: ffffffff8a475b90 RDI: ffffffff8f8371d0
[   86.289933][    C0] RBP: 0000000000000100 R08: ffffffff8f808b77 R09: 1ffffffff1f0116e
[   86.293171][    C0] R10: dffffc0000000000 R11: ffffffff818a6b40 R12: dffffc0000000000
[   86.296520][    C0] R13: ffff88801c0e8a88 R14: ffffffff8f8371d0 R15: ffff88803ff67978
[   86.299868][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[   86.302343][    C0]  ? __pfx_hci_cmd_timeout+0x10/0x10
[   86.304558][    C0]  call_timer_fn+0x16e/0x590
[   86.306580][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[   86.309075][    C0]  ? call_timer_fn+0xbe/0x590
[   86.311091][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[   86.313206][    C0]  ? do_raw_spin_unlock+0x4d/0x240
[   86.315389][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[   86.317815][    C0]  __run_timer_base+0x646/0x860
[   86.320365][    C0]  ? __pfx___run_timer_base+0x10/0x10
[   86.322884][    C0]  ? seqcount_lockdep_reader_access+0x15e/0x1c0
[   86.325407][    C0]  run_timer_softirq+0xb7/0x180
[   86.327505][    C0]  handle_softirqs+0x27d/0x850
[   86.329599][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[   86.331709][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[   86.334015][    C0]  __irq_exit_rcu+0xca/0x1f0
[   86.336012][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[   86.338211][    C0]  irq_exit_rcu+0x9/0x30
[   86.340085][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[   86.342475][    C0]  </IRQ>
[   86.343813][    C0]  <TASK>
[   86.345138][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   86.347765][    C0] RIP: 0010:slab_update_freelist+0x61/0x100
[   86.350343][    C0] Code: 00 00 75 36 48 89 f7 4c 89 f6 48 89 ca e8 e7 fe ff ff 89 c3 eb 44 48 8b 19 48 8b 49 08 49 8b 06 49 8b 56 08 3e 48 0f c7 4e 20 <48> 89 c1 b0 01 74 4e 49 89 0e 49 89 56 08 eb 65 48 89 f3 49 89 cf
[   86.358634][    C0] RSP: 0018:ffffc9000d38fb08 EFLAGS: 00000242
[   86.361379][    C0] RAX: ffff888011d1ed38 RBX: ffff888011d1eeb0 RCX: 000000000015000b
[   86.364926][    C0] RDX: 000000000015000c RSI: ffffea0000474780 RDI: ffff88801b2e1780
[   86.368401][    C0] RBP: ffffc9000d38fbb8 R08: 0000000000000001 R09: ffffffff8228ef5c
[   86.371950][    C0] R10: dffffc0000000000 R11: fffffbfff1f0116f R12: 0000000000000000
[   86.375264][    C0] R13: ffff888011d1eeb0 R14: ffffc9000d38fb70 R15: 000000000015000c
[   86.378699][    C0]  ? qlist_free_all+0x8c/0x100
[   86.380846][    C0]  __slab_free+0x104/0x2a0
[   86.382860][    C0]  ? qlist_free_all+0x8c/0x100
[   86.385034][    C0]  qlist_free_all+0x97/0x100
[   86.387149][    C0]  kasan_quarantine_reduce+0x148/0x160
[   86.389551][    C0]  __kasan_slab_alloc+0x22/0x80
[   86.391791][    C0]  kmem_cache_alloc_noprof+0x367/0x6f0
[   86.394201][    C0]  ? getname_flags+0xb8/0x540
[   86.396371][    C0]  getname_flags+0xb8/0x540
[   86.398427][    C0]  vfs_fstatat+0x43/0x170
[   86.400409][    C0]  __x64_sys_newfstatat+0x116/0x190
[   86.402736][    C0]  ? __pfx___x64_sys_newfstatat+0x10/0x10
[   86.405238][    C0]  ? kmem_cache_free+0x197/0x620
[   86.407462][    C0]  ? do_syscall_64+0xbe/0xf80
[   86.409589][    C0]  do_syscall_64+0xfa/0xf80
[   86.411693][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.414408][    C0]  ? clear_bhb_loop+0x60/0xb0
[   86.416527][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.419139][    C0] RIP: 0033:0x7f695a711b0a
[   86.421180][    C0] Code: 48 8b 15 f1 f2 0d 00 f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 41 89 ca b8 06 01 00 00 0f 05 <3d> 00 f0 ff ff 77 07 31 c0 c3 0f 1f 40 00 48 8b 15 b9 f2 0d 00 f7
[   86.429302][    C0] RSP: 002b:00007ffeaa41aae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000106
[   86.432945][    C0] RAX: ffffffffffffffda RBX: 000000000000000e RCX: 00007f695a711b0a
[   86.436329][    C0] RDX: 00007ffeaa41aaf0 RSI: 00007ffeaa41abc0 RDI: 00000000ffffff9c
[   86.439762][    C0] RBP: 00007ffeaa41bc00 R08: 0000000000000000 R09: 0000000000000000
[   86.443232][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffeaa41c020
[   86.446708][    C0] R13: 0000000000000000 R14: 0000000000000008 R15: 000055c4d78d4250
[   86.450218][    C0]  </TASK>
[   86.451921][    C0] Kernel Offset: disabled
[   86.453920][    C0] Rebooting in 86400 seconds..