program:
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x2000, 0x0, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
r1 = gettid()
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0xfffffffffffffffe)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x463af000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
r4 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000400)={'veth0_to_hsr\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r5, {0x0, 0xffe1}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x9}}]}}]}, 0x48}}, 0xc840)
sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)=@newtfilter={0x54, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r5, {0x6}, {}, {0x7, 0xfff1}}, [@filter_kind_options=@f_u32={{0x8}, {0x28, 0x2, [@TCA_U32_SEL={0x24, 0x5, {0xd, 0x7, 0x1, 0x3d3f, 0x0, 0xfff, 0xb709, 0x58f, [{0x0, 0x20008000, 0x4, 0x1}]}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4084}, 0x24040084)
recvmmsg$unix(r4, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/219, 0xdb}], 0x1}}], 0x1, 0x60, 0x0)
sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010002000000fedbdf250000000008000100", @ANYRES32=0x0, @ANYBLOB="084002000100000008000100", @ANYRES32=r5], 0x2c}, 0x1, 0x0, 0x0, 0x4004054}, 0x4000044)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[], 0xc3}, 0x1, 0x100000000000000, 0x0, 0x2000}, 0x40400c0)
r6 = socket(0x10, 0x3, 0x0)
sendmmsg(r6, &(0x7f0000000000), 0x4000000000001f2, 0x0)

[   84.556564][ T5300] Bluetooth: hci0: command tx timeout
[   84.988199][ T5327] netlink: 44 bytes leftover after parsing attributes in process `syz.0.0'.
[   84.992398][ T5327] ------------[ cut here ]------------
[   84.996252][ T5327] memcpy: detected field-spanning write (size 32) of single field "&new->sel" at net/sched/cls_u32.c:855 (size 16)
[   85.001512][ T5327] WARNING: net/sched/cls_u32.c:855 at u32_change+0x1da0/0x2720, CPU#0: syz.0.0/5327
[   85.007860][ T5327] Modules linked in:
[   85.010132][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.014241][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.018894][ T5327] RIP: 0010:u32_change+0x1daf/0x2720
[   85.021325][ T5327] Code: 3d da 87 41 06 01 75 33 e8 ee 73 0b f8 eb 50 e8 e7 73 0b f8 48 8d 3d 00 be 66 06 b9 10 00 00 00 4c 89 f6 48 c7 c2 00 b7 e1 8c <67> 48 0f b9 3a e9 af ee ff ff e8 c2 73 0b f8 eb 24 e8 bb 73 0b f8
[   85.031079][ T5327] RSP: 0018:ffffc9000db86fc0 EFLAGS: 00010283
[   85.033731][ T5327] RAX: ffffffff89ba4aa9 RBX: ffff888011a49400 RCX: 0000000000000010
[   85.037122][ T5327] RDX: ffffffff8ce1b700 RSI: 0000000000000020 RDI: ffffffff902108b0
[   85.041705][ T5327] RBP: ffffc9000db87178 R08: 0000000000000dc0 R09: 00000000ffffffff
[   85.045722][ T5327] R10: dffffc0000000000 R11: fffffbfff2023e17 R12: ffff8880122354e8
[   85.049451][ T5327] R13: 0000000000000001 R14: 0000000000000020 R15: 0000000000000001
[   85.053377][ T5327] FS:  00007f3342c4f6c0(0000) GS:ffff88808ca4c000(0000) knlGS:0000000000000000
[   85.057494][ T5327] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.060604][ T5327] CR2: 00007f3341f8a980 CR3: 0000000011b68000 CR4: 0000000000352ef0
[   85.064189][ T5327] Call Trace:
[   85.066185][ T5327]  <TASK>
[   85.068119][ T5327]  ? __pfx_u32_change+0x10/0x10
[   85.070925][ T5327]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[   85.073554][ T5327]  tc_new_tfilter+0xff8/0x1780
[   85.075750][ T5327]  ? __pfx_tc_new_tfilter+0x10/0x10
[   85.078292][ T5327]  ? __pfx_tc_new_tfilter+0x10/0x10
[   85.080667][ T5327]  rtnetlink_rcv_msg+0x7d5/0xbe0
[   85.083297][ T5327]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[   85.086667][ T5327]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   85.089499][ T5327]  ? ref_tracker_free+0x693/0x840
[   85.092026][ T5327]  ? __copy_skb_header+0xa3/0x4a0
[   85.094359][ T5327]  ? __pfx_ref_tracker_free+0x10/0x10
[   85.096990][ T5327]  ? __skb_clone+0x63/0x7a0
[   85.099310][ T5327]  netlink_rcv_skb+0x232/0x4b0
[   85.101808][ T5327]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   85.105210][ T5327]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   85.108057][ T5327]  ? netlink_deliver_tap+0x2e/0x1b0
[   85.110572][ T5327]  netlink_unicast+0x80f/0x9b0
[   85.113042][ T5327]  ? __pfx_netlink_unicast+0x10/0x10
[   85.116159][ T5327]  ? netlink_sendmsg+0x650/0xb40
[   85.119015][ T5327]  ? skb_put+0x11b/0x210
[   85.121211][ T5327]  netlink_sendmsg+0x813/0xb40
[   85.123354][ T5327]  ? __pfx_netlink_sendmsg+0x10/0x10
[   85.126129][ T5327]  ? aa_sock_msg_perm+0xf1/0x1b0
[   85.128554][ T5327]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   85.130842][ T5327]  ____sys_sendmsg+0x972/0x9f0
[   85.133094][ T5327]  ? __pfx_____sys_sendmsg+0x10/0x10
[   85.135571][ T5327]  ? import_iovec+0x73/0xa0
[   85.137596][ T5327]  ___sys_sendmsg+0x2a5/0x360
[   85.139704][ T5327]  ? __pfx____sys_sendmsg+0x10/0x10
[   85.142150][ T5327]  ? __pfx_futex_wake_mark+0x10/0x10
[   85.144688][ T5327]  ? __fget_files+0x2a/0x420
[   85.146976][ T5327]  ? __fget_files+0x3a0/0x420
[   85.149206][ T5327]  __sys_sendmmsg+0x27c/0x4e0
[   85.151349][ T5327]  ? __pfx___sys_sendmmsg+0x10/0x10
[   85.153835][ T5327]  ? do_futex+0x333/0x420
[   85.155918][ T5327]  ? rcu_is_watching+0x15/0xb0
[   85.157635][ T5327]  __x64_sys_sendmmsg+0xa0/0xc0
[   85.159480][ T5327]  do_syscall_64+0x14d/0xf80
[   85.161389][ T5327]  ? trace_irq_disable+0x3b/0x150
[   85.163651][ T5327]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.166411][ T5327]  ? clear_bhb_loop+0x40/0x90
[   85.168628][ T5327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.171241][ T5327] RIP: 0033:0x7f3341d9c819
[   85.173380][ T5327] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.181999][ T5327] RSP: 002b:00007f3342c4efe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   85.185645][ T5327] RAX: ffffffffffffffda RBX: 00007f3342016180 RCX: 00007f3341d9c819
[   85.189885][ T5327] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000006
[   85.193414][ T5327] RBP: 00007f3341e32c91 R08: 0000000000000000 R09: 0000000000000000
[   85.197092][ T5327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.200648][ T5327] R13: 00007f3342016218 R14: 00007f3342016180 R15: 00007ffd34ad49e8
[   85.204478][ T5327]  </TASK>
[   85.206754][ T5327] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   85.210692][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.214976][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.218773][ T5327] Call Trace:
[   85.220155][ T5327]  <TASK>
[   85.221709][ T5327]  vpanic+0x56c/0xa60
[   85.223814][ T5327]  ? __pfx__printk+0x10/0x10
[   85.225984][ T5327]  ? __pfx_vpanic+0x10/0x10
[   85.228527][ T5327]  ? is_bpf_text_address+0x292/0x2b0
[   85.231310][ T5327]  ? is_bpf_text_address+0x26/0x2b0
[   85.233737][ T5327]  panic+0xc5/0xd0
[   85.235403][ T5327]  ? __pfx_panic+0x10/0x10
[   85.237483][ T5327]  __warn+0x315/0x4f0
[   85.239564][ T5327]  ? u32_change+0x1da0/0x2720
[   85.242183][ T5327]  ? u32_change+0x1da0/0x2720
[   85.244645][ T5327]  __report_bug+0x29a/0x540
[   85.246997][ T5327]  ? ___sys_sendmsg+0x2a5/0x360
[   85.249256][ T5327]  ? __sys_sendmmsg+0x27c/0x4e0
[   85.251552][ T5327]  ? __x64_sys_sendmmsg+0xa0/0xc0
[   85.253699][ T5327]  ? u32_change+0x1da0/0x2720
[   85.255882][ T5327]  ? __pfx___report_bug+0x10/0x10
[   85.258147][ T5327]  report_bug_entry+0x19a/0x290
[   85.260857][ T5327]  ? u32_change+0x1daf/0x2720
[   85.263779][ T5327]  ? u32_change+0x1db4/0x2720
[   85.266159][ T5327]  handle_bug+0xce/0x200
[   85.267893][ T5327]  exc_invalid_op+0x1a/0x50
[   85.269950][ T5327]  asm_exc_invalid_op+0x1a/0x20
[   85.272241][ T5327] RIP: 0010:u32_change+0x1daf/0x2720
[   85.275307][ T5327] Code: 3d da 87 41 06 01 75 33 e8 ee 73 0b f8 eb 50 e8 e7 73 0b f8 48 8d 3d 00 be 66 06 b9 10 00 00 00 4c 89 f6 48 c7 c2 00 b7 e1 8c <67> 48 0f b9 3a e9 af ee ff ff e8 c2 73 0b f8 eb 24 e8 bb 73 0b f8
[   85.284949][ T5327] RSP: 0018:ffffc9000db86fc0 EFLAGS: 00010283
[   85.287568][ T5327] RAX: ffffffff89ba4aa9 RBX: ffff888011a49400 RCX: 0000000000000010
[   85.291009][ T5327] RDX: ffffffff8ce1b700 RSI: 0000000000000020 RDI: ffffffff902108b0
[   85.295180][ T5327] RBP: ffffc9000db87178 R08: 0000000000000dc0 R09: 00000000ffffffff
[   85.298976][ T5327] R10: dffffc0000000000 R11: fffffbfff2023e17 R12: ffff8880122354e8
[   85.302400][ T5327] R13: 0000000000000001 R14: 0000000000000020 R15: 0000000000000001
[   85.305700][ T5327]  ? u32_change+0x1d99/0x2720
[   85.308205][ T5327]  ? __pfx_u32_change+0x10/0x10
[   85.310859][ T5327]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[   85.313610][ T5327]  tc_new_tfilter+0xff8/0x1780
[   85.315883][ T5327]  ? __pfx_tc_new_tfilter+0x10/0x10
[   85.318221][ T5327]  ? __pfx_tc_new_tfilter+0x10/0x10
[   85.320796][ T5327]  rtnetlink_rcv_msg+0x7d5/0xbe0
[   85.323844][ T5327]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[   85.326648][ T5327]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   85.329201][ T5327]  ? ref_tracker_free+0x693/0x840
[   85.331578][ T5327]  ? __copy_skb_header+0xa3/0x4a0
[   85.334128][ T5327]  ? __pfx_ref_tracker_free+0x10/0x10
[   85.336693][ T5327]  ? __skb_clone+0x63/0x7a0
[   85.339088][ T5327]  netlink_rcv_skb+0x232/0x4b0
[   85.341812][ T5327]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   85.344614][ T5327]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   85.346955][ T5327]  ? netlink_deliver_tap+0x2e/0x1b0
[   85.348959][ T5327]  netlink_unicast+0x80f/0x9b0
[   85.351099][ T5327]  ? __pfx_netlink_unicast+0x10/0x10
[   85.353985][ T5327]  ? netlink_sendmsg+0x650/0xb40
[   85.356804][ T5327]  ? skb_put+0x11b/0x210
[   85.358951][ T5327]  netlink_sendmsg+0x813/0xb40
[   85.360977][ T5327]  ? __pfx_netlink_sendmsg+0x10/0x10
[   85.363390][ T5327]  ? aa_sock_msg_perm+0xf1/0x1b0
[   85.365538][ T5327]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   85.367861][ T5327]  ____sys_sendmsg+0x972/0x9f0
[   85.369983][ T5327]  ? __pfx_____sys_sendmsg+0x10/0x10
[   85.372731][ T5327]  ? import_iovec+0x73/0xa0
[   85.375262][ T5327]  ___sys_sendmsg+0x2a5/0x360
[   85.377815][ T5327]  ? __pfx____sys_sendmsg+0x10/0x10
[   85.380211][ T5327]  ? __pfx_futex_wake_mark+0x10/0x10
[   85.382769][ T5327]  ? __fget_files+0x2a/0x420
[   85.384956][ T5327]  ? __fget_files+0x3a0/0x420
[   85.387293][ T5327]  __sys_sendmmsg+0x27c/0x4e0
[   85.389977][ T5327]  ? __pfx___sys_sendmmsg+0x10/0x10
[   85.392932][ T5327]  ? do_futex+0x333/0x420
[   85.395001][ T5327]  ? rcu_is_watching+0x15/0xb0
[   85.397072][ T5327]  __x64_sys_sendmmsg+0xa0/0xc0
[   85.399190][ T5327]  do_syscall_64+0x14d/0xf80
[   85.401036][ T5327]  ? trace_irq_disable+0x3b/0x150
[   85.403102][ T5327]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.405481][ T5327]  ? clear_bhb_loop+0x40/0x90
[   85.407602][ T5327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.410833][ T5327] RIP: 0033:0x7f3341d9c819
[   85.413481][ T5327] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.421845][ T5327] RSP: 002b:00007f3342c4efe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   85.425779][ T5327] RAX: ffffffffffffffda RBX: 00007f3342016180 RCX: 00007f3341d9c819
[   85.430380][ T5327] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000006
[   85.434886][ T5327] RBP: 00007f3341e32c91 R08: 0000000000000000 R09: 0000000000000000
[   85.438330][ T5327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.441761][ T5327] R13: 00007f3342016218 R14: 00007f3342016180 R15: 00007ffd34ad49e8
[   85.445619][ T5327]  </TASK>
[   85.447271][ T5327] Kernel Offset: disabled
[   85.449246][ T5327] Rebooting in 86400 seconds..