program:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c0000006800e97800000000000000000a00000000000000040004"], 0x1c}}, 0x0) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYBLOB="400000006800010000000000000000000a00000000000000060007000200000018000880140001000000000000000000000004000000000008000500", @ANYRES32=r3], 0x40}}, 0x0) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@ipv4_newroute={0x24, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x10, 0x0, 0xfe, 0x4, 0x0, 0x1, 0x20000000}, [@RTA_NH_ID={0x8, 0x1e, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x4a044}, 0x4010)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r5) (async)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f0000000340)={'wpan0\x00', <r8=>0x0}) (async)
r9 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r9, 0x84, 0x6f, &(0x7f0000000780)={0x0, 0x10, &(0x7f0000000300)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f00000007c0)=0x10) (async)
shutdown(r9, 0x1) (async)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r9, 0x84, 0x72, &(0x7f00000000c0)={0x0, 0x0, 0x20}, 0xc)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x50, r6, 0x852dd6c070cd7e4d, 0x0, 0x0, {}, [@IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r8}, @IEEE802154_ATTR_PAN_ID={0x6}, @IEEE802154_ATTR_SHORT_ADDR={0x6}]}, 0x50}, 0x4, 0x700000000000000}, 0x0)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r10)
r12 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r12, 0x8933, &(0x7f0000000340)={'wpan0\x00', <r13=>0x0})
sendmsg$IEEE802154_LLSEC_ADD_DEV(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="4d7e00000000000000002a00000008002f000000000005003600000000000c0005000000000200000000050037000000000008000200", @ANYRES32=r13, @ANYBLOB="06000600fe000000060004"], 0x50}, 0x4, 0x700000000000000, 0x0, 0x4}, 0x4040084)
r14 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r15 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_802154(r14, 0x8933, &(0x7f0000000000)={'wpan0\x00', <r16=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r14, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000000c0)={0x5c, r15, 0x1, 0xfffffffd, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r16}, @NL802154_ATTR_SEC_DEVKEY={0x40, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8}, @NL802154_DEVKEY_ATTR_ID={0x28, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x1c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa3}]}, @NL802154_KEY_ID_ATTR_MODE={0x8}]}]}]}, 0x5c}}, 0x0)
r17 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r17, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@ipv4_newroute={0x24, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x10, 0x0, 0xfe, 0x4, 0x0, 0x1, 0x20003300}, [@RTA_NH_ID={0x8, 0x1e, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x4a044}, 0x4010) (async, rerun: 32)
r18 = socket$nl_netfilter(0x10, 0x3, 0xc) (rerun: 32)
sendmsg$NFT_BATCH(r18, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8}, @NFTA_CT_DIRECTION={0x5}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x9}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xc8}}, 0x0)

[   84.395854][ T5296] Bluetooth: hci0: command tx timeout
[   84.506785][ T5319] BUG: unable to handle page fault for address: ffffed101194b200
[   84.510592][ T5319] #PF: supervisor read access in kernel mode
[   84.513335][ T5319] #PF: error_code(0x0000) - not-present page
[   84.515834][ T5319] PGD 5ffd5067 P4D 5ffd5067 PUD 2fffa067 PMD 0 
[   84.518343][ T5319] Oops: Oops: 0000 [#1] SMP KASAN NOPTI
[   84.520595][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   84.524657][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   84.528548][ T5319] RIP: 0010:ip_route_output_key_hash_rcu+0x1264/0x25d0
[   84.531544][ T5319] Code: 72 11 09 49 83 c6 38 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 d9 50 26 f8 49 03 1e 4d 89 fd 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 bd 50 26 f8 4c 8b 3b e8 c5 49 a4
[   84.539768][ T5319] RSP: 0018:ffffc9000da7f5c0 EFLAGS: 00010a06
[   84.542516][ T5319] RAX: 1ffff1101194b200 RBX: ffff88808ca59000 RCX: ffff888000e14900
[   84.545946][ T5319] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   84.549307][ T5319] RBP: 0000000080000000 R08: ffff888000e14900 R09: 0000000000000003
[   84.552678][ T5319] R10: 0000000000000005 R11: 0000000000000000 R12: dffffc0000000000
[   84.555933][ T5319] R13: 0000000000000000 R14: ffff88801f8d3958 R15: 0000000000000000
[   84.559851][ T5319] FS:  00007f64611b66c0(0000) GS:ffff88808ca59000(0000) knlGS:0000000000000000
[   84.563881][ T5319] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   84.566728][ T5319] CR2: ffffed101194b200 CR3: 0000000042970000 CR4: 0000000000352ef0
[   84.570295][ T5319] Call Trace:
[   84.571906][ T5319]  <TASK>
[   84.573191][ T5319]  ? ip_route_output_key_hash+0xd8/0x2a0
[   84.575470][ T5319]  ip_route_output_key_hash+0x18d/0x2a0
[   84.577831][ T5319]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[   84.580420][ T5319]  ? crng_fast_key_erasure+0x196/0x270
[   84.582836][ T5319]  ? __pfx_crng_fast_key_erasure+0x10/0x10
[   84.585153][ T5319]  ip_route_output_flow+0x2a/0x150
[   84.587153][ T5319]  sctp_v4_get_dst+0x3f8/0x12b0
[   84.589109][ T5319]  ? crng_make_state+0x2c5/0x600
[   84.591088][ T5319]  ? lockdep_hardirqs_on+0x7a/0x110
[   84.593135][ T5319]  ? crng_make_state+0x36a/0x600
[   84.595099][ T5319]  ? __pfx_sctp_v4_get_dst+0x10/0x10
[   84.597428][ T5319]  ? _get_random_bytes+0x1e7/0x260
[   84.599744][ T5319]  ? preempt_schedule_thunk+0x16/0x30
[   84.602054][ T5319]  ? dst_release+0x72/0x1b0
[   84.604038][ T5319]  sctp_transport_route+0x118/0x2f0
[   84.606325][ T5319]  sctp_assoc_add_peer+0x650/0x13b0
[   84.608606][ T5319]  sctp_connect_new_asoc+0x329/0x6b0
[   84.610875][ T5319]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[   84.613517][ T5319]  ? sctp_endpoint_lookup_assoc+0xd1/0x260
[   84.616126][ T5319]  __sctp_connect+0x5cb/0xdc0
[   84.618171][ T5319]  ? __pfx___sctp_connect+0x10/0x10
[   84.620263][ T5319]  ? security_sctp_bind_connect+0x7e/0x2c0
[   84.622733][ T5319]  ? __sctp_setsockopt_connectx+0xc7/0x190
[   84.625241][ T5319]  sctp_getsockopt_connectx3+0x227/0x360
[   84.627578][ T5319]  ? __pfx_sctp_getsockopt_connectx3+0x10/0x10
[   84.630260][ T5319]  ? sctp_getsockopt+0x12f/0xb90
[   84.633750][ T5319]  ? __local_bh_enable_ip+0xd0/0x130
[   84.636173][ T5319]  sctp_getsockopt+0x984/0xb90
[   84.638325][ T5319]  ? __pfx_sock_common_getsockopt+0x10/0x10
[   84.640926][ T5319]  do_sock_getsockopt+0x37f/0x670
[   84.643196][ T5319]  ? __pfx_do_sock_getsockopt+0x10/0x10
[   84.645640][ T5319]  ? __fget_files+0x3a0/0x420
[   84.647910][ T5319]  ? __fget_files+0x2a/0x420
[   84.649956][ T5319]  __x64_sys_getsockopt+0x1a4/0x240
[   84.652159][ T5319]  do_syscall_64+0x14d/0xf80
[   84.654212][ T5319]  ? trace_irq_disable+0x3b/0x150
[   84.656512][ T5319]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.659171][ T5319]  ? clear_bhb_loop+0x40/0x90
[   84.661355][ T5319]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.664056][ T5319] RIP: 0033:0x7f646039c799
[   84.666141][ T5319] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   84.674551][ T5319] RSP: 002b:00007f64611b6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[   84.677929][ T5319] RAX: ffffffffffffffda RBX: 00007f6460615fa0 RCX: 00007f646039c799
[   84.681380][ T5319] RDX: 000000000000006f RSI: 0000000000000084 RDI: 0000000000000007
[   84.684708][ T5319] RBP: 00007f6460432bd9 R08: 00002000000007c0 R09: 0000000000000000
[   84.688178][ T5319] R10: 0000200000000780 R11: 0000000000000246 R12: 0000000000000000
[   84.691492][ T5319] R13: 00007f6460616038 R14: 00007f6460615fa0 R15: 00007ffedbcef908
[   84.694766][ T5319]  </TASK>
[   84.696082][ T5319] Modules linked in:
[   84.697830][ T5319] CR2: ffffed101194b200
[   84.699713][ T5319] ---[ end trace 0000000000000000 ]---
[   84.702089][ T5319] RIP: 0010:ip_route_output_key_hash_rcu+0x1264/0x25d0
[   84.705209][ T5319] Code: 72 11 09 49 83 c6 38 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 d9 50 26 f8 49 03 1e 4d 89 fd 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 bd 50 26 f8 4c 8b 3b e8 c5 49 a4
[   84.713828][ T5319] RSP: 0018:ffffc9000da7f5c0 EFLAGS: 00010a06
[   84.716692][ T5319] RAX: 1ffff1101194b200 RBX: ffff88808ca59000 RCX: ffff888000e14900
[   84.720516][ T5319] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   84.723672][ T5319] RBP: 0000000080000000 R08: ffff888000e14900 R09: 0000000000000003
[   84.727068][ T5319] R10: 0000000000000005 R11: 0000000000000000 R12: dffffc0000000000
[   84.730437][ T5319] R13: 0000000000000000 R14: ffff88801f8d3958 R15: 0000000000000000
[   84.733567][ T5319] FS:  00007f64611b66c0(0000) GS:ffff88808ca59000(0000) knlGS:0000000000000000
[   84.737115][ T5319] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   84.739731][ T5319] CR2: ffffed101194b200 CR3: 0000000042970000 CR4: 0000000000352ef0
[   84.742651][ T5319] Kernel panic - not syncing: Fatal exception
[   84.745113][ T5319] Kernel Offset: disabled
[   84.746932][ T5319] Rebooting in 86400 seconds..