program:
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x80)
mknodat$loop(0xffffffffffffff9c, 0x0, 0x6000, 0x1)
socket$netlink(0x10, 0x3, 0x0)
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x2a, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x9}, 0x107200, 0x10002, 0x20da, 0x7, 0xa, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
lseek(0xffffffffffffffff, 0x3, 0x1)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x4c, 0x0, 0x0)
ioctl$OCFS2_IOC_INFO(r0, 0x80106f05, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
r1 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000400)={'veth0_to_hsr\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, {0x0, 0xffe1}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x9}}]}}]}, 0x48}}, 0xc840)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)=@newtfilter={0x54, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0x6}, {}, {0x7, 0xfff1}}, [@filter_kind_options=@f_u32={{0x8}, {0x28, 0x2, [@TCA_U32_SEL={0x24, 0x5, {0xd, 0x7, 0x1, 0x3d3f, 0x0, 0xfff, 0xb709, 0x58f, [{0x0, 0x20008000, 0x4, 0x1}]}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4084}, 0x24040084)
recvmmsg$unix(r1, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/219, 0xdb}], 0x1}}], 0x1, 0x60, 0x0)
sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)={0x30, 0x0, 0x1, 0x3, 0x0, {}, [@GTPA_LINK={0x8}, @GTPA_FLOW={0x6, 0x6, 0x4}, @GTPA_TID={0xc}]}, 0x30}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[], 0xc3}, 0x1, 0x100000000000000, 0x0, 0x2000}, 0x40400c0)
r3 = socket(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0x0)

[   85.836403][   T45] Bluetooth: hci0: command tx timeout
[   85.896071][ T5324] netlink: 'syz.0.0': attribute type 3 has an invalid length.
[   85.901083][ T5324] netlink: 24 bytes leftover after parsing attributes in process `syz.0.0'.
[   85.906531][ T5324] ------------[ cut here ]------------
[   85.909813][ T5324] memcpy: detected field-spanning write (size 32) of single field "&new->sel" at net/sched/cls_u32.c:855 (size 16)
[   85.914963][ T5324] WARNING: net/sched/cls_u32.c:855 at u32_change+0x1da0/0x2720, CPU#0: syz.0.0/5324
[   85.920591][ T5324] Modules linked in:
[   85.922545][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.927250][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.932483][ T5324] RIP: 0010:u32_change+0x1daf/0x2720
[   85.934872][ T5324] Code: 3d 5a 91 41 06 01 75 33 e8 ce 7f 0b f8 eb 50 e8 c7 7f 0b f8 48 8d 3d c0 c7 66 06 b9 10 00 00 00 4c 89 f6 48 c7 c2 00 b3 e1 8c <67> 48 0f b9 3a e9 af ee ff ff e8 a2 7f 0b f8 eb 24 e8 9b 7f 0b f8
[   85.944659][ T5324] RSP: 0018:ffffc9000de46fc0 EFLAGS: 00010287
[   85.947453][ T5324] RAX: ffffffff89ba3ea9 RBX: ffff888034c65800 RCX: 0000000000000010
[   85.950938][ T5324] RDX: ffffffff8ce1b300 RSI: 0000000000000020 RDI: ffffffff90210670
[   85.955411][ T5324] RBP: ffffc9000de47178 R08: 0000000000000dc0 R09: 00000000ffffffff
[   85.959391][ T5324] R10: dffffc0000000000 R11: fffffbfff2023dd7 R12: ffff88801f2558e8
[   85.962842][ T5324] R13: 0000000000000001 R14: 0000000000000020 R15: 0000000000000001
[   85.966451][ T5324] FS:  00007fdaa840a6c0(0000) GS:ffff88808ca4c000(0000) knlGS:0000000000000000
[   85.971334][ T5324] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.974647][ T5324] CR2: 0000200000006040 CR3: 000000000bb73000 CR4: 0000000000352ef0
[   85.978520][ T5324] Call Trace:
[   85.979960][ T5324]  <TASK>
[   85.981296][ T5324]  ? __pfx_u32_change+0x10/0x10
[   85.983466][ T5324]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[   85.986655][ T5324]  tc_new_tfilter+0xff8/0x1780
[   85.989487][ T5324]  ? __pfx_tc_new_tfilter+0x10/0x10
[   85.991649][ T5324]  ? __pfx_tc_new_tfilter+0x10/0x10
[   85.993946][ T5324]  rtnetlink_rcv_msg+0x7d5/0xbe0
[   85.996245][ T5324]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[   85.999742][ T5324]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   86.002675][ T5324]  ? ref_tracker_free+0x693/0x840
[   86.005057][ T5324]  ? __copy_skb_header+0xa3/0x4a0
[   86.007280][ T5324]  ? __pfx_ref_tracker_free+0x10/0x10
[   86.009652][ T5324]  ? __skb_clone+0x63/0x7a0
[   86.012408][ T5324]  netlink_rcv_skb+0x232/0x4b0
[   86.015320][ T5324]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   86.018479][ T5324]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   86.020874][ T5324]  ? netlink_deliver_tap+0x2e/0x1b0
[   86.023015][ T5324]  netlink_unicast+0x80f/0x9b0
[   86.025160][ T5324]  ? __pfx_netlink_unicast+0x10/0x10
[   86.027575][ T5324]  ? netlink_sendmsg+0x650/0xb40
[   86.030155][ T5324]  ? skb_put+0x11b/0x210
[   86.032804][ T5324]  netlink_sendmsg+0x813/0xb40
[   86.034960][ T5324]  ? __pfx_netlink_sendmsg+0x10/0x10
[   86.037378][ T5324]  ? aa_sock_msg_perm+0xf1/0x1b0
[   86.039585][ T5324]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   86.041982][ T5324]  ____sys_sendmsg+0x972/0x9f0
[   86.044630][ T5324]  ? __pfx_____sys_sendmsg+0x10/0x10
[   86.047548][ T5324]  ? import_iovec+0x73/0xa0
[   86.049810][ T5324]  ___sys_sendmsg+0x2a5/0x360
[   86.051826][ T5324]  ? __pfx____sys_sendmsg+0x10/0x10
[   86.054292][ T5324]  ? preempt_schedule_common+0x82/0xd0
[   86.056908][ T5324]  ? preempt_schedule_thunk+0x16/0x30
[   86.059381][ T5324]  ? __fget_files+0x2a/0x420
[   86.061788][ T5324]  ? __fget_files+0x3a0/0x420
[   86.064219][ T5324]  __sys_sendmmsg+0x27c/0x4e0
[   86.066565][ T5324]  ? __pfx___sys_sendmmsg+0x10/0x10
[   86.069012][ T5324]  ? do_futex+0x395/0x420
[   86.070937][ T5324]  ? rcu_is_watching+0x15/0xb0
[   86.073124][ T5324]  __x64_sys_sendmmsg+0xa0/0xc0
[   86.075689][ T5324]  do_syscall_64+0x14d/0xf80
[   86.078422][ T5324]  ? trace_irq_disable+0x3b/0x150
[   86.080687][ T5324]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.083371][ T5324]  ? clear_bhb_loop+0x40/0x90
[   86.085451][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.088405][ T5324] RIP: 0033:0x7fdaa759c819
[   86.090568][ T5324] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   86.099739][ T5324] RSP: 002b:00007fdaa8409fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   86.103348][ T5324] RAX: ffffffffffffffda RBX: 00007fdaa7815fa0 RCX: 00007fdaa759c819
[   86.107031][ T5324] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000006
[   86.111417][ T5324] RBP: 00007fdaa7632c91 R08: 0000000000000000 R09: 0000000000000000
[   86.115591][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.119607][ T5324] R13: 00007fdaa7816038 R14: 00007fdaa7815fa0 R15: 00007ffe9d74e5c8
[   86.123447][ T5324]  </TASK>
[   86.125136][ T5324] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   86.128732][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   86.132521][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   86.137055][ T5324] Call Trace:
[   86.139014][ T5324]  <TASK>
[   86.140626][ T5324]  vpanic+0x56c/0xa60
[   86.142498][ T5324]  ? __pfx__printk+0x10/0x10
[   86.144529][ T5324]  ? __pfx_vpanic+0x10/0x10
[   86.146644][ T5324]  ? is_bpf_text_address+0x292/0x2b0
[   86.149091][ T5324]  ? is_bpf_text_address+0x26/0x2b0
[   86.151779][ T5324]  panic+0xc5/0xd0
[   86.153832][ T5324]  ? __pfx_panic+0x10/0x10
[   86.156168][ T5324]  __warn+0x315/0x4f0
[   86.157968][ T5324]  ? u32_change+0x1da0/0x2720
[   86.160083][ T5324]  ? u32_change+0x1da0/0x2720
[   86.162540][ T5324]  __report_bug+0x29a/0x540
[   86.164588][ T5324]  ? ___sys_sendmsg+0x2a5/0x360
[   86.166837][ T5324]  ? __sys_sendmmsg+0x27c/0x4e0
[   86.169089][ T5324]  ? __x64_sys_sendmmsg+0xa0/0xc0
[   86.171324][ T5324]  ? u32_change+0x1da0/0x2720
[   86.173568][ T5324]  ? __pfx___report_bug+0x10/0x10
[   86.175899][ T5324]  report_bug_entry+0x19a/0x290
[   86.178491][ T5324]  ? u32_change+0x1daf/0x2720
[   86.181377][ T5324]  ? u32_change+0x1db4/0x2720
[   86.183760][ T5324]  handle_bug+0xce/0x200
[   86.185650][ T5324]  exc_invalid_op+0x1a/0x50
[   86.187728][ T5324]  asm_exc_invalid_op+0x1a/0x20
[   86.190169][ T5324] RIP: 0010:u32_change+0x1daf/0x2720
[   86.193020][ T5324] Code: 3d 5a 91 41 06 01 75 33 e8 ce 7f 0b f8 eb 50 e8 c7 7f 0b f8 48 8d 3d c0 c7 66 06 b9 10 00 00 00 4c 89 f6 48 c7 c2 00 b3 e1 8c <67> 48 0f b9 3a e9 af ee ff ff e8 a2 7f 0b f8 eb 24 e8 9b 7f 0b f8
[   86.202153][ T5324] RSP: 0018:ffffc9000de46fc0 EFLAGS: 00010287
[   86.204966][ T5324] RAX: ffffffff89ba3ea9 RBX: ffff888034c65800 RCX: 0000000000000010
[   86.208913][ T5324] RDX: ffffffff8ce1b300 RSI: 0000000000000020 RDI: ffffffff90210670
[   86.213143][ T5324] RBP: ffffc9000de47178 R08: 0000000000000dc0 R09: 00000000ffffffff
[   86.216741][ T5324] R10: dffffc0000000000 R11: fffffbfff2023dd7 R12: ffff88801f2558e8
[   86.220310][ T5324] R13: 0000000000000001 R14: 0000000000000020 R15: 0000000000000001
[   86.224559][ T5324]  ? u32_change+0x1d99/0x2720
[   86.226987][ T5324]  ? __pfx_u32_change+0x10/0x10
[   86.229297][ T5324]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[   86.231875][ T5324]  tc_new_tfilter+0xff8/0x1780
[   86.234220][ T5324]  ? __pfx_tc_new_tfilter+0x10/0x10
[   86.236634][ T5324]  ? __pfx_tc_new_tfilter+0x10/0x10
[   86.239080][ T5324]  rtnetlink_rcv_msg+0x7d5/0xbe0
[   86.241556][ T5324]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[   86.243949][ T5324]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   86.246791][ T5324]  ? ref_tracker_free+0x693/0x840
[   86.249547][ T5324]  ? __copy_skb_header+0xa3/0x4a0
[   86.251900][ T5324]  ? __pfx_ref_tracker_free+0x10/0x10
[   86.254440][ T5324]  ? __skb_clone+0x63/0x7a0
[   86.256616][ T5324]  netlink_rcv_skb+0x232/0x4b0
[   86.259190][ T5324]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   86.262279][ T5324]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   86.264829][ T5324]  ? netlink_deliver_tap+0x2e/0x1b0
[   86.267287][ T5324]  netlink_unicast+0x80f/0x9b0
[   86.269593][ T5324]  ? __pfx_netlink_unicast+0x10/0x10
[   86.272389][ T5324]  ? netlink_sendmsg+0x650/0xb40
[   86.274953][ T5324]  ? skb_put+0x11b/0x210
[   86.276917][ T5324]  netlink_sendmsg+0x813/0xb40
[   86.279183][ T5324]  ? __pfx_netlink_sendmsg+0x10/0x10
[   86.281884][ T5324]  ? aa_sock_msg_perm+0xf1/0x1b0
[   86.284282][ T5324]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   86.286742][ T5324]  ____sys_sendmsg+0x972/0x9f0
[   86.289088][ T5324]  ? __pfx_____sys_sendmsg+0x10/0x10
[   86.291515][ T5324]  ? import_iovec+0x73/0xa0
[   86.293617][ T5324]  ___sys_sendmsg+0x2a5/0x360
[   86.295608][ T5324]  ? __pfx____sys_sendmsg+0x10/0x10
[   86.297940][ T5324]  ? preempt_schedule_common+0x82/0xd0
[   86.300404][ T5324]  ? preempt_schedule_thunk+0x16/0x30
[   86.302935][ T5324]  ? __fget_files+0x2a/0x420
[   86.305518][ T5324]  ? __fget_files+0x3a0/0x420
[   86.307875][ T5324]  __sys_sendmmsg+0x27c/0x4e0
[   86.310020][ T5324]  ? __pfx___sys_sendmmsg+0x10/0x10
[   86.312352][ T5324]  ? do_futex+0x395/0x420
[   86.314563][ T5324]  ? rcu_is_watching+0x15/0xb0
[   86.317199][ T5324]  __x64_sys_sendmmsg+0xa0/0xc0
[   86.319567][ T5324]  do_syscall_64+0x14d/0xf80
[   86.321654][ T5324]  ? trace_irq_disable+0x3b/0x150
[   86.324100][ T5324]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.327178][ T5324]  ? clear_bhb_loop+0x40/0x90
[   86.329963][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.332786][ T5324] RIP: 0033:0x7fdaa759c819
[   86.334920][ T5324] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   86.344931][ T5324] RSP: 002b:00007fdaa8409fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   86.348902][ T5324] RAX: ffffffffffffffda RBX: 00007fdaa7815fa0 RCX: 00007fdaa759c819
[   86.352963][ T5324] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000006
[   86.357010][ T5324] RBP: 00007fdaa7632c91 R08: 0000000000000000 R09: 0000000000000000
[   86.360645][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.365337][ T5324] R13: 00007fdaa7816038 R14: 00007fdaa7815fa0 R15: 00007ffe9d74e5c8
[   86.369010][ T5324]  </TASK>
[   86.370781][ T5324] Kernel Offset: disabled
[   86.372826][ T5324] Rebooting in 86400 seconds..