program:
r0 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000400)={'veth0_to_hsr\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, {0x0, 0xffe1}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x9}}]}}]}, 0x48}}, 0xc840)
sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)=@newtfilter={0x54, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0x6}, {}, {0x7, 0xfff1}}, [@filter_kind_options=@f_u32={{0x8}, {0x28, 0x2, [@TCA_U32_SEL={0x24, 0x5, {0xd, 0x7, 0x1, 0x3d3f, 0x0, 0xfff, 0xb709, 0x58f, [{0x0, 0x20008000, 0x4, 0x1}]}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4084}, 0x24040084)
recvmmsg$unix(r0, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/219, 0xdb}], 0x1}}], 0x1, 0x60, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x6b, 0x0, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[], 0xc3}, 0x1, 0x100000000000000, 0x0, 0x2000}, 0x40400c0)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)

[  183.892659][ T5332] Bluetooth: hci0: command tx timeout
[  183.957211][ T5352] netlink: 44 bytes leftover after parsing attributes in process `syz.0.0'.
[  183.961823][ T5352] ------------[ cut here ]------------
[  183.964331][ T5352] memcpy: detected field-spanning write (size 32) of single field "&new->sel" at net/sched/cls_u32.c:855 (size 16)
[  183.970791][ T5352] WARNING: net/sched/cls_u32.c:855 at u32_change+0x1da0/0x2720, CPU#0: syz.0.0/5352
[  183.974792][ T5352] Modules linked in:
[  183.976918][ T5352] CPU: 0 UID: 0 PID: 5352 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  183.981884][ T5352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  183.986384][ T5352] RIP: 0010:u32_change+0x1daf/0x2720
[  183.988776][ T5352] Code: 3d d2 54 41 06 01 75 33 e8 7e 3d 0b f8 eb 50 e8 77 3d 0b f8 48 8d 3d c0 8b 66 06 b9 10 00 00 00 4c 89 f6 48 c7 c2 c0 bc e1 8c <67> 48 0f b9 3a e9 af ee ff ff e8 52 3d 0b f8 eb 24 e8 4b 3d 0b f8
[  183.998605][ T5352] RSP: 0018:ffffc9000c78efc0 EFLAGS: 00010287
[  184.002089][ T5352] RAX: ffffffff89ba86f9 RBX: ffff8880120d5c00 RCX: 0000000000000010
[  184.006066][ T5352] RDX: ffffffff8ce1bcc0 RSI: 0000000000000020 RDI: ffffffff902112c0
[  184.010355][ T5352] RBP: ffffc9000c78f178 R08: 0000000000000dc0 R09: 00000000ffffffff
[  184.013713][ T5352] R10: dffffc0000000000 R11: fffffbfff2023f57 R12: ffff8880120d58e8
[  184.017294][ T5352] R13: 0000000000000001 R14: 0000000000000020 R15: 0000000000000001
[  184.021781][ T5352] FS:  00007f7a4e5fb6c0(0000) GS:ffff88808ca49000(0000) knlGS:0000000000000000
[  184.025891][ T5352] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  184.029082][ T5352] CR2: 00007f7a4d987020 CR3: 0000000042ffa000 CR4: 0000000000352ef0
[  184.033398][ T5352] Call Trace:
[  184.034989][ T5352]  <TASK>
[  184.036371][ T5352]  ? __pfx_u32_change+0x10/0x10
[  184.038333][ T5352]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  184.040923][ T5352]  tc_new_tfilter+0xff8/0x1780
[  184.043175][ T5352]  ? __pfx_tc_new_tfilter+0x10/0x10
[  184.046010][ T5352]  ? __pfx_tc_new_tfilter+0x10/0x10
[  184.048739][ T5352]  rtnetlink_rcv_msg+0x7d5/0xbe0
[  184.051113][ T5352]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[  184.053613][ T5352]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  184.056726][ T5352]  ? ref_tracker_free+0x693/0x840
[  184.059780][ T5352]  ? __copy_skb_header+0xa3/0x4a0
[  184.062391][ T5352]  ? __pfx_ref_tracker_free+0x10/0x10
[  184.064843][ T5352]  ? __skb_clone+0x63/0x7a0
[  184.066803][ T5352]  netlink_rcv_skb+0x232/0x4b0
[  184.069029][ T5352]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  184.071662][ T5352]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  184.074002][ T5352]  ? netlink_deliver_tap+0x2e/0x1b0
[  184.076458][ T5352]  netlink_unicast+0x80f/0x9b0
[  184.078561][ T5352]  ? __pfx_netlink_unicast+0x10/0x10
[  184.081315][ T5352]  ? netlink_sendmsg+0x650/0xb40
[  184.083858][ T5352]  ? skb_put+0x11b/0x210
[  184.085842][ T5352]  netlink_sendmsg+0x813/0xb40
[  184.088056][ T5352]  ? __pfx_netlink_sendmsg+0x10/0x10
[  184.090514][ T5352]  ? aa_sock_msg_perm+0xf1/0x1b0
[  184.092682][ T5352]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  184.095392][ T5352]  ____sys_sendmsg+0x972/0x9f0
[  184.097629][ T5352]  ? __pfx_____sys_sendmsg+0x10/0x10
[  184.100101][ T5352]  ? import_iovec+0x73/0xa0
[  184.102098][ T5352]  ___sys_sendmsg+0x2a5/0x360
[  184.104189][ T5352]  ? __pfx____sys_sendmsg+0x10/0x10
[  184.106297][ T5352]  ? preempt_schedule_common+0x82/0xd0
[  184.109005][ T5352]  ? preempt_schedule_thunk+0x16/0x30
[  184.112605][ T5352]  ? __fget_files+0x2a/0x420
[  184.114731][ T5352]  ? __fget_files+0x3a0/0x420
[  184.117077][ T5352]  __sys_sendmmsg+0x27c/0x4e0
[  184.119094][ T5352]  ? __pfx___sys_sendmmsg+0x10/0x10
[  184.121493][ T5352]  ? do_futex+0x395/0x420
[  184.123424][ T5352]  ? rcu_is_watching+0x15/0xb0
[  184.125668][ T5352]  __x64_sys_sendmmsg+0xa0/0xc0
[  184.127998][ T5352]  do_syscall_64+0x14d/0xf80
[  184.130114][ T5352]  ? trace_irq_disable+0x3b/0x150
[  184.132153][ T5352]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.134792][ T5352]  ? clear_bhb_loop+0x40/0x90
[  184.136981][ T5352]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.139745][ T5352] RIP: 0033:0x7f7a4d79c819
[  184.141999][ T5352] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  184.151408][ T5352] RSP: 002b:00007f7a4e5fafe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  184.155549][ T5352] RAX: ffffffffffffffda RBX: 00007f7a4da15fa0 RCX: 00007f7a4d79c819
[  184.158725][ T5352] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000004
[  184.163302][ T5352] RBP: 00007f7a4d832c91 R08: 0000000000000000 R09: 0000000000000000
[  184.167485][ T5352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  184.171638][ T5352] R13: 00007f7a4da16038 R14: 00007f7a4da15fa0 R15: 00007ffd2860c398
[  184.175083][ T5352]  </TASK>
[  184.176468][ T5352] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  184.180138][ T5352] CPU: 0 UID: 0 PID: 5352 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  184.184781][ T5352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  184.189166][ T5352] Call Trace:
[  184.190647][ T5352]  <TASK>
[  184.191957][ T5352]  vpanic+0x56c/0xa60
[  184.193832][ T5352]  ? __pfx__printk+0x10/0x10
[  184.196164][ T5352]  ? __pfx_vpanic+0x10/0x10
[  184.198552][ T5352]  ? is_bpf_text_address+0x292/0x2b0
[  184.201222][ T5352]  ? is_bpf_text_address+0x26/0x2b0
[  184.203532][ T5352]  panic+0xc5/0xd0
[  184.205233][ T5352]  ? __pfx_panic+0x10/0x10
[  184.207374][ T5352]  __warn+0x315/0x4f0
[  184.209366][ T5352]  ? u32_change+0x1da0/0x2720
[  184.212011][ T5352]  ? u32_change+0x1da0/0x2720
[  184.214228][ T5352]  __report_bug+0x29a/0x540
[  184.216798][ T5352]  ? ___sys_sendmsg+0x2a5/0x360
[  184.219621][ T5352]  ? __sys_sendmmsg+0x27c/0x4e0
[  184.222785][ T5352]  ? __x64_sys_sendmmsg+0xa0/0xc0
[  184.225481][ T5352]  ? u32_change+0x1da0/0x2720
[  184.227635][ T5352]  ? __pfx___report_bug+0x10/0x10
[  184.229852][ T5352]  report_bug_entry+0x19a/0x290
[  184.232236][ T5352]  ? u32_change+0x1daf/0x2720
[  184.234800][ T5352]  ? u32_change+0x1db4/0x2720
[  184.237072][ T5352]  handle_bug+0xce/0x200
[  184.238796][ T5352]  exc_invalid_op+0x1a/0x50
[  184.240793][ T5352]  asm_exc_invalid_op+0x1a/0x20
[  184.242966][ T5352] RIP: 0010:u32_change+0x1daf/0x2720
[  184.245658][ T5352] Code: 3d d2 54 41 06 01 75 33 e8 7e 3d 0b f8 eb 50 e8 77 3d 0b f8 48 8d 3d c0 8b 66 06 b9 10 00 00 00 4c 89 f6 48 c7 c2 c0 bc e1 8c <67> 48 0f b9 3a e9 af ee ff ff e8 52 3d 0b f8 eb 24 e8 4b 3d 0b f8
[  184.255366][ T5352] RSP: 0018:ffffc9000c78efc0 EFLAGS: 00010287
[  184.258242][ T5352] RAX: ffffffff89ba86f9 RBX: ffff8880120d5c00 RCX: 0000000000000010
[  184.261962][ T5352] RDX: ffffffff8ce1bcc0 RSI: 0000000000000020 RDI: ffffffff902112c0
[  184.266740][ T5352] RBP: ffffc9000c78f178 R08: 0000000000000dc0 R09: 00000000ffffffff
[  184.270585][ T5352] R10: dffffc0000000000 R11: fffffbfff2023f57 R12: ffff8880120d58e8
[  184.273719][ T5352] R13: 0000000000000001 R14: 0000000000000020 R15: 0000000000000001
[  184.276842][ T5352]  ? u32_change+0x1d99/0x2720
[  184.278821][ T5352]  ? __pfx_u32_change+0x10/0x10
[  184.281085][ T5352]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  184.283967][ T5352]  tc_new_tfilter+0xff8/0x1780
[  184.286335][ T5352]  ? __pfx_tc_new_tfilter+0x10/0x10
[  184.288899][ T5352]  ? __pfx_tc_new_tfilter+0x10/0x10
[  184.291284][ T5352]  rtnetlink_rcv_msg+0x7d5/0xbe0
[  184.293375][ T5352]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[  184.295782][ T5352]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  184.298634][ T5352]  ? ref_tracker_free+0x693/0x840
[  184.301288][ T5352]  ? __copy_skb_header+0xa3/0x4a0
[  184.303717][ T5352]  ? __pfx_ref_tracker_free+0x10/0x10
[  184.306053][ T5352]  ? __skb_clone+0x63/0x7a0
[  184.308170][ T5352]  netlink_rcv_skb+0x232/0x4b0
[  184.311125][ T5352]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  184.314012][ T5352]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  184.316235][ T5352]  ? netlink_deliver_tap+0x2e/0x1b0
[  184.318650][ T5352]  netlink_unicast+0x80f/0x9b0
[  184.320958][ T5352]  ? __pfx_netlink_unicast+0x10/0x10
[  184.323497][ T5352]  ? netlink_sendmsg+0x650/0xb40
[  184.325802][ T5352]  ? skb_put+0x11b/0x210
[  184.327910][ T5352]  netlink_sendmsg+0x813/0xb40
[  184.330196][ T5352]  ? __pfx_netlink_sendmsg+0x10/0x10
[  184.332752][ T5352]  ? aa_sock_msg_perm+0xf1/0x1b0
[  184.335121][ T5352]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  184.337740][ T5352]  ____sys_sendmsg+0x972/0x9f0
[  184.339938][ T5352]  ? __pfx_____sys_sendmsg+0x10/0x10
[  184.342318][ T5352]  ? import_iovec+0x73/0xa0
[  184.344417][ T5352]  ___sys_sendmsg+0x2a5/0x360
[  184.346369][ T5352]  ? __pfx____sys_sendmsg+0x10/0x10
[  184.348912][ T5352]  ? preempt_schedule_common+0x82/0xd0
[  184.351640][ T5352]  ? preempt_schedule_thunk+0x16/0x30
[  184.353957][ T5352]  ? __fget_files+0x2a/0x420
[  184.355997][ T5352]  ? __fget_files+0x3a0/0x420
[  184.358302][ T5352]  __sys_sendmmsg+0x27c/0x4e0
[  184.361443][ T5352]  ? __pfx___sys_sendmmsg+0x10/0x10
[  184.364031][ T5352]  ? do_futex+0x395/0x420
[  184.366058][ T5352]  ? rcu_is_watching+0x15/0xb0
[  184.368260][ T5352]  __x64_sys_sendmmsg+0xa0/0xc0
[  184.370514][ T5352]  do_syscall_64+0x14d/0xf80
[  184.372642][ T5352]  ? trace_irq_disable+0x3b/0x150
[  184.375106][ T5352]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.378422][ T5352]  ? clear_bhb_loop+0x40/0x90
[  184.380835][ T5352]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.383561][ T5352] RIP: 0033:0x7f7a4d79c819
[  184.385722][ T5352] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  184.395214][ T5352] RSP: 002b:00007f7a4e5fafe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  184.398888][ T5352] RAX: ffffffffffffffda RBX: 00007f7a4da15fa0 RCX: 00007f7a4d79c819
[  184.402855][ T5352] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000004
[  184.406279][ T5352] RBP: 00007f7a4d832c91 R08: 0000000000000000 R09: 0000000000000000
[  184.409879][ T5352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  184.413597][ T5352] R13: 00007f7a4da16038 R14: 00007f7a4da15fa0 R15: 00007ffd2860c398
[  184.417533][ T5352]  </TASK>
[  184.419489][ T5352] Kernel Offset: disabled
[  184.421632][ T5352] Rebooting in 86400 seconds..