program: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000006ac0)='/dev/bsg/0:0:0:0\x00', 0x337500, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c0000006800e97800000000000000000a00000000000000040004"], 0x1c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet6_udp(0xa, 0x2, 0x0) r6 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0) ioctl$CEC_S_MODE(r6, 0x40046109, &(0x7f00000000c0)=0x31) r7 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0) ioctl$CEC_S_MODE(r7, 0x40046109, &(0x7f00000000c0)=0x32) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYBLOB="400000006800010000000000000000000a00000000000000060007000200000018000880140001000000000000000000000004000000000008000500", @ANYRES32=r8], 0x40}}, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@ipv4_newroute={0x24, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x10, 0x0, 0xfe, 0x4, 0x0, 0x1, 0x20000000}, [@RTA_NH_ID={0x8, 0x1e, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x4a044}, 0x4010) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001800dd8d00000000000000dd02001000f332d560717940c908001e00020061a0"], 0x24}, 0x1, 0x0, 0x0, 0x4a044}, 0x4010) shutdown(r2, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000140)=0x10) r11 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r11, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000040)={r12}, 0x8) ioctl$SG_EMULATED_HOST(r0, 0x2203, &(0x7f0000006b00)) [ 73.569690][ T4668] Bluetooth: hci0: command tx timeout [ 73.650839][ T5319] BUG: unable to handle page fault for address: ffffed1011959800 [ 73.654250][ T5319] #PF: supervisor read access in kernel mode [ 73.656825][ T5319] #PF: error_code(0x0000) - not-present page [ 73.659374][ T5319] PGD 5ffcd067 P4D 5ffcd067 PUD 2fff7067 PMD 0 [ 73.662040][ T5319] Oops: Oops: 0000 [#1] SMP KASAN NOPTI [ 73.664455][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 73.668134][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 73.672518][ T5319] RIP: 0010:ip_route_output_key_hash_rcu+0x1264/0x25d0 [ 73.675487][ T5319] Code: 11 19 09 49 83 c6 38 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 b9 1e 32 f8 49 03 1e 4d 89 fd 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 9d 1e 32 f8 4c 8b 3b e8 c5 f5 a0 [ 73.683026][ T5319] RSP: 0018:ffffc9000b1d75c0 EFLAGS: 00010a06 [ 73.685581][ T5319] RAX: 1ffff11011959800 RBX: ffff88808cacc000 RCX: 0000000000100000 [ 73.689099][ T5319] RDX: ffffc90020802000 RSI: 0000000000002cc2 RDI: 0000000000002cc3 [ 73.692580][ T5319] RBP: 0000000080000000 R08: ffff8880341d4900 R09: 0000000000000003 [ 73.696011][ T5319] R10: 0000000000000005 R11: 0000000000000002 R12: dffffc0000000000 [ 73.699374][ T5319] R13: 0000000000000000 R14: ffff8880338a5158 R15: 0000000000000000 [ 73.702910][ T5319] FS: 00007f5fd48296c0(0000) GS:ffff88808cacc000(0000) knlGS:0000000000000000 [ 73.706209][ T5319] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 73.708720][ T5319] CR2: ffffed1011959800 CR3: 00000000421ce000 CR4: 0000000000352ef0 [ 73.712081][ T5319] Call Trace: [ 73.713611][ T5319] [ 73.714990][ T5319] ? ip_route_output_key_hash+0xd8/0x2a0 [ 73.717766][ T5319] ip_route_output_key_hash+0x18d/0x2a0 [ 73.720185][ T5319] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 73.722804][ T5319] ? crng_fast_key_erasure+0x196/0x270 [ 73.725320][ T5319] ? __pfx_crng_fast_key_erasure+0x10/0x10 [ 73.727909][ T5319] ip_route_output_flow+0x2a/0x150 [ 73.730053][ T5319] sctp_v4_get_dst+0x3f8/0x12b0 [ 73.732199][ T5319] ? crng_make_state+0x2c5/0x600 [ 73.734385][ T5319] ? lockdep_hardirqs_on+0x7a/0x110 [ 73.736692][ T5319] ? crng_make_state+0x36a/0x600 [ 73.738917][ T5319] ? __pfx_sctp_v4_get_dst+0x10/0x10 [ 73.741246][ T5319] ? _get_random_bytes+0x1e7/0x260 [ 73.743342][ T5319] ? dst_release+0x72/0x1b0 [ 73.745355][ T5319] sctp_transport_route+0x118/0x2f0 [ 73.747659][ T5319] sctp_assoc_add_peer+0x650/0x13b0 [ 73.749857][ T5319] sctp_connect_new_asoc+0x329/0x6b0 [ 73.751973][ T5319] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 73.754460][ T5319] ? sctp_get_af_specific+0x29/0x80 [ 73.756517][ T5319] ? sctp_inet6_send_verify+0x80/0x300 [ 73.758801][ T5319] ? sctp_endpoint_lookup_assoc+0xd1/0x260 [ 73.761082][ T5319] __sctp_connect+0x5cb/0xdc0 [ 73.763199][ T5319] ? __pfx___sctp_connect+0x10/0x10 [ 73.765665][ T5319] ? security_sctp_bind_connect+0x7e/0x2c0 [ 73.768240][ T5319] ? __sctp_setsockopt_connectx+0xc7/0x190 [ 73.770834][ T5319] sctp_getsockopt_connectx3+0x227/0x360 [ 73.773325][ T5319] ? lock_sock_nested+0x6a/0x100 [ 73.775409][ T5319] ? __pfx_sctp_getsockopt_connectx3+0x10/0x10 [ 73.778124][ T5319] ? __local_bh_enable_ip+0xd0/0x130 [ 73.780166][ T5319] sctp_getsockopt+0x984/0xb90 [ 73.781866][ T5319] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 73.784243][ T5319] do_sock_getsockopt+0x37f/0x670 [ 73.786357][ T5319] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 73.788851][ T5319] ? __fget_files+0x3a0/0x420 [ 73.790926][ T5319] ? __fget_files+0x2a/0x420 [ 73.792961][ T5319] __x64_sys_getsockopt+0x1a4/0x240 [ 73.795172][ T5319] do_syscall_64+0xe2/0xf80 [ 73.797212][ T5319] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.799876][ T5319] ? trace_irq_disable+0x37/0x100 [ 73.802065][ T5319] ? clear_bhb_loop+0x60/0xb0 [ 73.804181][ T5319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.806791][ T5319] RIP: 0033:0x7f5fd399bf79 [ 73.808846][ T5319] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 73.817829][ T5319] RSP: 002b:00007f5fd4829028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 73.821485][ T5319] RAX: ffffffffffffffda RBX: 00007f5fd3c15fa0 RCX: 00007f5fd399bf79 [ 73.824963][ T5319] RDX: 000000000000006f RSI: 0000000000000084 RDI: 0000000000000004 [ 73.828537][ T5319] RBP: 00007f5fd3a327e0 R08: 0000200000000140 R09: 0000000000000000 [ 73.832072][ T5319] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 73.835458][ T5319] R13: 00007f5fd3c16038 R14: 00007f5fd3c15fa0 R15: 00007ffd5e230678 [ 73.838524][ T5319] [ 73.839761][ T5319] Modules linked in: [ 73.841262][ T5319] CR2: ffffed1011959800 [ 73.842974][ T5319] ---[ end trace 0000000000000000 ]--- [ 73.845315][ T5319] RIP: 0010:ip_route_output_key_hash_rcu+0x1264/0x25d0 [ 73.848421][ T5319] Code: 11 19 09 49 83 c6 38 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 b9 1e 32 f8 49 03 1e 4d 89 fd 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 9d 1e 32 f8 4c 8b 3b e8 c5 f5 a0 [ 73.856786][ T5319] RSP: 0018:ffffc9000b1d75c0 EFLAGS: 00010a06 [ 73.859590][ T5319] RAX: 1ffff11011959800 RBX: ffff88808cacc000 RCX: 0000000000100000 [ 73.862964][ T5319] RDX: ffffc90020802000 RSI: 0000000000002cc2 RDI: 0000000000002cc3 [ 73.866226][ T5319] RBP: 0000000080000000 R08: ffff8880341d4900 R09: 0000000000000003 [ 73.869654][ T5319] R10: 0000000000000005 R11: 0000000000000002 R12: dffffc0000000000 [ 73.872993][ T5319] R13: 0000000000000000 R14: ffff8880338a5158 R15: 0000000000000000 [ 73.876111][ T5319] FS: 00007f5fd48296c0(0000) GS:ffff88808cacc000(0000) knlGS:0000000000000000 [ 73.879914][ T5319] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 73.882655][ T5319] CR2: ffffed1011959800 CR3: 00000000421ce000 CR4: 0000000000352ef0 [ 73.885924][ T5319] Kernel panic - not syncing: Fatal exception [ 73.888677][ T5319] Kernel Offset: disabled [ 73.890431][ T5319] Rebooting in 86400 seconds..