program:
rt_sigprocmask(0x0, &(0x7f0000000300)={[0xfffffffffffffff9]}, 0x0, 0x8)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
connect$inet(r2, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r2, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0)
r3 = add_key$user(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x1}, &(0x7f0000000380)="a0b59f21883aa67a874909f68b74b02db4a73d7628957e644de699c0e73497b7fccac8b1201d9f4c64cdac82ce6548cf598c70d7e8892921dc771bdeef1972c807d13422fd84ef40fc8cb541ee146969373b1aa8eb603cee27a3cd4d7afe7382f67b2603928cb919cbcaab2298654ac8a81e71f77af85903171df93d636f643fa6cb0e89f66714a17670ea473daed5177bb27e31c0d875aba8b4bdcc5c4713ac87c9c4fbbc990b27d7d66d123ec3325342848db1a28b999b760e60f5d6ced576", 0xc0, 0xffffffffffffffff)
r4 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000080)="06fce64b50", 0x5, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f00000001c0)={r3, r3, r4}, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000400)={0x50, r0, 0x801, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY={0x28, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0x2}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac05}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "6fda71cd1f929ef6933754b546"}]}]}, 0x50}}, 0x0)
perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x400001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x8}, 0x7602, 0x0, 0x0, 0x9, 0x200, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
syz_usb_connect$cdc_ncm(0x5, 0x6e, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x5, 0x7dece3cfbdb0bf46, 0xf7, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x5}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x8, 0x0, 0x3}, {0x6, 0x24, 0x1a, 0xffff}}, {{0x9, 0x5, 0x81, 0x3, 0x20, 0x0, 0x9a, 0x9}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0x5, 0xfd, 0x2}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x5, 0x5, 0x3}}}}}}}]}}, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0})

[   85.483740][ T5306] Bluetooth: hci0: command tx timeout
[   86.436506][ T5331] ------------[ cut here ]------------
[   86.438677][ T5331] WARNING: CPU: 0 PID: 5331 at kernel/events/core.c:7211 perf_pending_task+0x319/0x400
[   86.442720][ T5331] Modules linked in:
[   86.444293][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) 
[   86.449038][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.453713][ T5331] RIP: 0010:perf_pending_task+0x319/0x400
[   86.456071][ T5331] Code: 85 8f 00 00 00 41 fe 4d 00 eb 05 e8 21 4f cd ff 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d e9 4e 34 76 09 cc e8 08 4f cd ff 90 <0f> 0b 90 41 80 3c 1c 00 0f 85 02 ff ff ff e9 05 ff ff ff 44 89 e1
[   86.464050][ T5331] RSP: 0018:ffffc9000d387a10 EFLAGS: 00010293
[   86.466789][ T5331] RAX: ffffffff81f2fe18 RBX: dffffc0000000000 RCX: ffff888000f72440
[   86.470180][ T5331] RDX: 0000000000000000 RSI: 00000000749ace0f RDI: 0000000000000000
[   86.473408][ T5331] RBP: 00000000749ace0f R08: ffffffff8fa10af7 R09: 1ffffffff1f4215e
[   86.476758][ T5331] R10: dffffc0000000000 R11: ffffffff81f2fb00 R12: 1ffff110035f890f
[   86.480105][ T5331] R13: ffff888000f72440 R14: ffff88801afc4ad8 R15: ffff88801afc4878
[   86.483519][ T5331] FS:  0000000000000000(0000) GS:ffff88808d251000(0000) knlGS:0000000000000000
[   86.487363][ T5331] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   86.490182][ T5331] CR2: 00007fff31fc7f04 CR3: 0000000051487000 CR4: 0000000000352ef0
[   86.493859][ T5331] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   86.496947][ T5331] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   86.500317][ T5331] Call Trace:
[   86.501838][ T5331]  <TASK>
[   86.503266][ T5331]  task_work_run+0x1d1/0x260
[   86.505221][ T5331]  ? __pfx_task_work_run+0x10/0x10
[   86.507296][ T5331]  do_exit+0x6b5/0x22e0
[   86.509193][ T5331]  ? __pfx_do_exit+0x10/0x10
[   86.511182][ T5331]  ? proc_coredump_connector+0x172/0x4b0
[   86.513728][ T5331]  ? __pfx_proc_coredump_connector+0x10/0x10
[   86.516240][ T5331]  do_group_exit+0x21c/0x2d0
[   86.518733][ T5331]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.521114][ T5331]  get_signal+0x1286/0x1340
[   86.523565][ T5331]  arch_do_signal_or_restart+0x9a/0x750
[   86.526092][ T5331]  ? __rseq_handle_notify_resume+0x37e/0x11f0
[   86.529667][ T5331]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[   86.535663][ T5331]  ? local_irq_enable_exit_to_user+0x5/0x10
[   86.538537][ T5331]  irqentry_exit_to_user_mode+0x81/0x120
[   86.541017][ T5331]  exc_page_fault+0x9f/0xf0
[   86.543104][ T5331]  asm_exc_page_fault+0x26/0x30
[   86.545284][ T5331] RIP: 0033:0x7f795c05ffb6
[   86.547155][ T5331] Code: Unable to access opcode bytes at 0x7f795c05ff8c.
[   86.549921][ T5331] RSP: 002b:00007f795cf34f70 EFLAGS: 00010202
[   86.552652][ T5331] RAX: 0000000000000000 RBX: 00007f795c3b6080 RCX: 0000200000000540
[   86.556205][ T5331] RDX: 0000200000000000 RSI: 0000200000000000 RDI: 00007f795c211f3b
[   86.559764][ T5331] RBP: 00007f795c210b39 R08: 00007f795c04e3a0 R09: 0000000000000000
[   86.563501][ T5331] R10: 0000000000000005 R11: 0000200000000000 R12: 0000000000000005
[   86.567266][ T5331] R13: 000000000000006e R14: 0000200000000000 R15: 00007fff31fc5c08
[   86.570677][ T5331]  </TASK>
[   86.571984][ T5331] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   86.575052][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) 
[   86.579571][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.584106][ T5331] Call Trace:
[   86.585602][ T5331]  <TASK>
[   86.586934][ T5331]  dump_stack_lvl+0x99/0x250
[   86.589044][ T5331]  ? __asan_memcpy+0x40/0x70
[   86.591494][ T5331]  ? __pfx_dump_stack_lvl+0x10/0x10
[   86.593826][ T5331]  ? __pfx__printk+0x10/0x10
[   86.595887][ T5331]  panic+0x2db/0x790
[   86.597662][ T5331]  ? __pfx_panic+0x10/0x10
[   86.599626][ T5331]  __warn+0x31b/0x4b0
[   86.601343][ T5331]  ? perf_pending_task+0x319/0x400
[   86.603419][ T5331]  ? perf_pending_task+0x319/0x400
[   86.605410][ T5331]  report_bug+0x2be/0x4f0
[   86.607124][ T5331]  ? perf_pending_task+0x319/0x400
[   86.609225][ T5331]  ? perf_pending_task+0x319/0x400
[   86.611420][ T5331]  ? perf_pending_task+0x31b/0x400
[   86.613361][ T5331]  handle_bug+0x84/0x160
[   86.614957][ T5331]  exc_invalid_op+0x1a/0x50
[   86.616798][ T5331]  asm_exc_invalid_op+0x1a/0x20
[   86.618958][ T5331] RIP: 0010:perf_pending_task+0x319/0x400
[   86.621649][ T5331] Code: 85 8f 00 00 00 41 fe 4d 00 eb 05 e8 21 4f cd ff 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d e9 4e 34 76 09 cc e8 08 4f cd ff 90 <0f> 0b 90 41 80 3c 1c 00 0f 85 02 ff ff ff e9 05 ff ff ff 44 89 e1
[   86.630014][ T5331] RSP: 0018:ffffc9000d387a10 EFLAGS: 00010293
[   86.632760][ T5331] RAX: ffffffff81f2fe18 RBX: dffffc0000000000 RCX: ffff888000f72440
[   86.636290][ T5331] RDX: 0000000000000000 RSI: 00000000749ace0f RDI: 0000000000000000
[   86.639654][ T5331] RBP: 00000000749ace0f R08: ffffffff8fa10af7 R09: 1ffffffff1f4215e
[   86.643257][ T5331] R10: dffffc0000000000 R11: ffffffff81f2fb00 R12: 1ffff110035f890f
[   86.646656][ T5331] R13: ffff888000f72440 R14: ffff88801afc4ad8 R15: ffff88801afc4878
[   86.650497][ T5331]  ? __pfx_perf_pending_task+0x10/0x10
[   86.653192][ T5331]  ? perf_pending_task+0x318/0x400
[   86.655471][ T5331]  task_work_run+0x1d1/0x260
[   86.657615][ T5331]  ? __pfx_task_work_run+0x10/0x10
[   86.659888][ T5331]  do_exit+0x6b5/0x22e0
[   86.661705][ T5331]  ? __pfx_do_exit+0x10/0x10
[   86.663747][ T5331]  ? proc_coredump_connector+0x172/0x4b0
[   86.666040][ T5331]  ? __pfx_proc_coredump_connector+0x10/0x10
[   86.668542][ T5331]  do_group_exit+0x21c/0x2d0
[   86.670542][ T5331]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.672847][ T5331]  get_signal+0x1286/0x1340
[   86.674829][ T5331]  arch_do_signal_or_restart+0x9a/0x750
[   86.677314][ T5331]  ? __rseq_handle_notify_resume+0x37e/0x11f0
[   86.679900][ T5331]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[   86.682649][ T5331]  ? local_irq_enable_exit_to_user+0x5/0x10
[   86.685013][ T5331]  irqentry_exit_to_user_mode+0x81/0x120
[   86.687470][ T5331]  exc_page_fault+0x9f/0xf0
[   86.689525][ T5331]  asm_exc_page_fault+0x26/0x30
[   86.691323][ T5331] RIP: 0033:0x7f795c05ffb6
[   86.693179][ T5331] Code: Unable to access opcode bytes at 0x7f795c05ff8c.
[   86.695806][ T5331] RSP: 002b:00007f795cf34f70 EFLAGS: 00010202
[   86.698181][ T5331] RAX: 0000000000000000 RBX: 00007f795c3b6080 RCX: 0000200000000540
[   86.701118][ T5331] RDX: 0000200000000000 RSI: 0000200000000000 RDI: 00007f795c211f3b
[   86.703825][ T5331] RBP: 00007f795c210b39 R08: 00007f795c04e3a0 R09: 0000000000000000
[   86.706391][ T5331] R10: 0000000000000005 R11: 0000200000000000 R12: 0000000000000005
[   86.708943][ T5331] R13: 000000000000006e R14: 0000200000000000 R15: 00007fff31fc5c08
[   86.711748][ T5331]  </TASK>
[   86.713289][ T5331] Kernel Offset: disabled
[   86.715121][ T5331] Rebooting in 86400 seconds..