program:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'bond0\x00', <r2=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000200)={'batadv0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000ec0)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x21}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE1={0x8, 0x1, r2}, @IFLA_HSR_SLAVE2={0x8, 0x2, r3}, @IFLA_HSR_PROTOCOL={0x5, 0x7, 0x1}]}}}]}, 0x48}}, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181000b00000000010000000000000e000a000f000000028002002d1f", 0x2e}], 0x1}, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000500)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "6b88ef", 0x8, 0x3a, 0x0, @private1, @local, {[], @echo_reply={0x81, 0x0, 0x0, 0x30, 0x88fb}}}}}}, 0x0) (fail_nth: 6)

[   75.565173][ T4672] Bluetooth: hci0: command tx timeout
[   75.614564][ T5324] bond0: entered promiscuous mode
[   75.616826][ T5324] bond_slave_0: entered promiscuous mode
[   75.619472][ T5324] bond_slave_1: entered promiscuous mode
[   75.623775][ T5324] batadv0: entered promiscuous mode
[   75.628433][ T5324] 8021q: adding VLAN 0 to HW filter on device hsr1
[   75.642450][ T5324] netlink: 'syz.0.0': attribute type 10 has an invalid length.
[   75.649624][ T5324] syz_tun: entered promiscuous mode
[   75.659371][ T5324] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[   75.671906][ T5324] FAULT_INJECTION: forcing a failure.
[   75.671906][ T5324] name failslab, interval 1, probability 0, space 0, times 1
[   75.677026][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.677042][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.677049][ T5324] Call Trace:
[   75.677056][ T5324]  <TASK>
[   75.677061][ T5324]  dump_stack_lvl+0x189/0x250
[   75.677178][ T5324]  ? __pfx____ratelimit+0x10/0x10
[   75.677221][ T5324]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.677235][ T5324]  ? __pfx__printk+0x10/0x10
[   75.677250][ T5324]  ? look_up_lock_class+0x74/0x170
[   75.677268][ T5324]  should_fail_ex+0x414/0x560
[   75.677313][ T5324]  should_failslab+0xa8/0x100
[   75.677329][ T5324]  kmem_cache_alloc_node_noprof+0x77/0x710
[   75.677343][ T5324]  ? __alloc_skb+0x112/0x2d0
[   75.677360][ T5324]  __alloc_skb+0x112/0x2d0
[   75.677376][ T5324]  __pskb_copy_fclone+0xa8/0xfb0
[   75.677386][ T5324]  ? do_raw_spin_unlock+0x4d/0x240
[   75.677399][ T5324]  ? prp_register_frame_out+0x5ea/0xb90
[   75.677412][ T5324]  ? prp_register_frame_out+0x5ea/0xb90
[   75.677422][ T5324]  ? skb_trim+0x83/0x1a0
[   75.677431][ T5324]  prp_get_untagged_frame+0x12f/0x1f0
[   75.677446][ T5324]  hsr_forward_skb+0x1013/0x2860
[   75.677464][ T5324]  ? hsr_forward_skb+0x9e/0x2860
[   75.677478][ T5324]  ? __pfx_hsr_forward_skb+0x10/0x10
[   75.677493][ T5324]  ? hsr_addr_is_self+0x26/0x410
[   75.677500][ T5324]  ? hsr_addr_is_self+0x26/0x410
[   75.677509][ T5324]  ? hsr_addr_is_self+0x2ef/0x410
[   75.677516][ T5324]  ? hsr_addr_is_self+0x26/0x410
[   75.677579][ T5324]  hsr_handle_frame+0x6ce/0xa70
[   75.677731][ T5324]  ? __pfx_hsr_handle_frame+0x10/0x10
[   75.677745][ T5324]  __netif_receive_skb_core+0x10b9/0x4380
[   75.677760][ T5324]  ? __pfx___skb_flow_dissect+0x10/0x10
[   75.677778][ T5324]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   75.677791][ T5324]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.677807][ T5324]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   75.677821][ T5324]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   75.677835][ T5324]  ? stack_depot_save_flags+0x41b/0x860
[   75.677852][ T5324]  ? __lock_acquire+0xab9/0xd20
[   75.677867][ T5324]  ? netif_receive_skb+0x115/0x790
[   75.677879][ T5324]  ? netif_receive_skb+0x115/0x790
[   75.677892][ T5324]  __netif_receive_skb+0x72/0x380
[   75.677912][ T5324]  ? netif_receive_skb+0x115/0x790
[   75.677923][ T5324]  netif_receive_skb+0x1cb/0x790
[   75.677934][ T5324]  ? __pfx___local_bh_disable_ip+0x10/0x10
[   75.677946][ T5324]  ? __pfx_netif_receive_skb+0x10/0x10
[   75.677960][ T5324]  ? tun_rx_batched+0x160/0x730
[   75.677974][ T5324]  tun_rx_batched+0x1b9/0x730
[   75.677984][ T5324]  ? __lock_acquire+0xab9/0xd20
[   75.677996][ T5324]  ? __pfx_tun_rx_batched+0x10/0x10
[   75.678009][ T5324]  ? tun_get_user+0x272f/0x3e90
[   75.678028][ T5324]  tun_get_user+0x2b65/0x3e90
[   75.678040][ T5324]  ? tun_get_user+0x6f6/0x3e90
[   75.678051][ T5324]  ? tun_get_user+0x272f/0x3e90
[   75.678064][ T5324]  ? aa_file_perm+0x44d/0x1550
[   75.678079][ T5324]  ? __pfx_tun_get_user+0x10/0x10
[   75.678096][ T5324]  ? __lock_acquire+0xab9/0xd20
[   75.678109][ T5324]  ? ref_tracker_alloc+0x318/0x460
[   75.678121][ T5324]  ? __lock_acquire+0xab9/0xd20
[   75.678132][ T5324]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   75.678149][ T5324]  ? tun_get+0x1c/0x2f0
[   75.678163][ T5324]  ? tun_get+0x1c/0x2f0
[   75.678173][ T5324]  ? tun_get+0x1c/0x2f0
[   75.678185][ T5324]  tun_chr_write_iter+0x113/0x200
[   75.678197][ T5324]  vfs_write+0x5c9/0xb30
[   75.678214][ T5324]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   75.678226][ T5324]  ? __pfx_vfs_write+0x10/0x10
[   75.678245][ T5324]  ? __fget_files+0x2a/0x420
[   75.678264][ T5324]  ksys_write+0x145/0x250
[   75.678278][ T5324]  ? __pfx_ksys_write+0x10/0x10
[   75.678293][ T5324]  ? do_syscall_64+0xbe/0xfa0
[   75.678310][ T5324]  do_syscall_64+0xfa/0xfa0
[   75.678322][ T5324]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.678336][ T5324]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.678346][ T5324]  ? clear_bhb_loop+0x60/0xb0
[   75.678359][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.678367][ T5324] RIP: 0033:0x7fde7d78e1ff
[   75.678378][ T5324] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   75.678388][ T5324] RSP: 002b:00007fde7e57d000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   75.678399][ T5324] RAX: ffffffffffffffda RBX: 00007fde7d9e5fa0 RCX: 00007fde7d78e1ff
[   75.678407][ T5324] RDX: 000000000000003e RSI: 0000200000000500 RDI: 00000000000000c8
[   75.678413][ T5324] RBP: 00007fde7e57d090 R08: 0000000000000000 R09: 0000000000000000
[   75.678419][ T5324] R10: 000000000000003e R11: 0000000000000293 R12: 0000000000000001
[   75.678425][ T5324] R13: 00007fde7d9e6038 R14: 00007fde7d9e5fa0 R15: 00007ffe058a3218
[   75.678443][ T5324]  </TASK>
[   75.678471][ T5324] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000f: 0000 [#1] SMP KASAN NOPTI
[   75.876580][ T5324] KASAN: null-ptr-deref in range [0x0000000000000078-0x000000000000007f]
[   75.880332][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.884247][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.888686][ T5324] RIP: 0010:skb_clone+0xd7/0x3a0
[   75.890591][ T5324] Code: 03 42 80 3c 20 00 74 08 4c 89 f7 e8 23 29 05 f9 49 83 3e 00 0f 85 a0 01 00 00 e8 94 dd 9d f8 48 8d 6b 7e 49 89 ee 49 c1 ee 03 <43> 0f b6 04 26 84 c0 0f 85 d1 01 00 00 44 0f b6 7d 00 41 83 e7 0c
[   75.899434][ T5324] RSP: 0018:ffffc9000d3bf200 EFLAGS: 00010207
[   75.902376][ T5324] RAX: ffffffff892235a1 RBX: 0000000000000000 RCX: ffff888030f62480
[   75.905841][ T5324] RDX: 0000000000000000 RSI: 0000000000000820 RDI: 0000000000000000
[   75.909123][ T5324] RBP: 000000000000007e R08: 00000000ffffffff R09: 1ffffffff1c0c44e
[   75.912483][ T5324] R10: dffffc0000000000 R11: fffffbfff1c0c44f R12: dffffc0000000000
[   75.915942][ T5324] R13: 0000000000000820 R14: 000000000000000f R15: ffff88803e051d80
[   75.919343][ T5324] FS:  00007fde7e57d6c0(0000) GS:ffff88808d72f000(0000) knlGS:0000000000000000
[   75.923115][ T5324] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   75.926103][ T5324] CR2: 00007fde7e51d9b8 CR3: 0000000042372000 CR4: 0000000000352ef0
[   75.929496][ T5324] Call Trace:
[   75.930971][ T5324]  <TASK>
[   75.932320][ T5324]  hsr_forward_skb+0x1013/0x2860
[   75.934547][ T5324]  ? hsr_forward_skb+0x9e/0x2860
[   75.936699][ T5324]  ? __pfx_hsr_forward_skb+0x10/0x10
[   75.938825][ T5324]  ? hsr_addr_is_self+0x26/0x410
[   75.940832][ T5324]  ? hsr_addr_is_self+0x26/0x410
[   75.942883][ T5324]  ? hsr_addr_is_self+0x2ef/0x410
[   75.945107][ T5324]  ? hsr_addr_is_self+0x26/0x410
[   75.947289][ T5324]  hsr_handle_frame+0x6ce/0xa70
[   75.949417][ T5324]  ? __pfx_hsr_handle_frame+0x10/0x10
[   75.951710][ T5324]  __netif_receive_skb_core+0x10b9/0x4380
[   75.953914][ T5324]  ? __pfx___skb_flow_dissect+0x10/0x10
[   75.956282][ T5324]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   75.958933][ T5324]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.961202][ T5324]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   75.963881][ T5324]  ? __pfx___netif_receive_skb_core+0x10/0x10
[   75.966597][ T5324]  ? stack_depot_save_flags+0x41b/0x860
[   75.969042][ T5324]  ? __lock_acquire+0xab9/0xd20
[   75.971244][ T5324]  ? netif_receive_skb+0x115/0x790
[   75.973403][ T5324]  ? netif_receive_skb+0x115/0x790
[   75.975571][ T5324]  __netif_receive_skb+0x72/0x380
[   75.977631][ T5324]  ? netif_receive_skb+0x115/0x790
[   75.979797][ T5324]  netif_receive_skb+0x1cb/0x790
[   75.981942][ T5324]  ? __pfx___local_bh_disable_ip+0x10/0x10
[   75.984636][ T5324]  ? __pfx_netif_receive_skb+0x10/0x10
[   75.986878][ T5324]  ? tun_rx_batched+0x160/0x730
[   75.989068][ T5324]  tun_rx_batched+0x1b9/0x730
[   75.991133][ T5324]  ? __lock_acquire+0xab9/0xd20
[   75.993368][ T5324]  ? __pfx_tun_rx_batched+0x10/0x10
[   75.996088][ T5324]  ? tun_get_user+0x272f/0x3e90
[   75.998333][ T5324]  tun_get_user+0x2b65/0x3e90
[   76.000476][ T5324]  ? tun_get_user+0x6f6/0x3e90
[   76.002539][ T5324]  ? tun_get_user+0x272f/0x3e90
[   76.004693][ T5324]  ? aa_file_perm+0x44d/0x1550
[   76.006746][ T5324]  ? __pfx_tun_get_user+0x10/0x10
[   76.008985][ T5324]  ? __lock_acquire+0xab9/0xd20
[   76.011151][ T5324]  ? ref_tracker_alloc+0x318/0x460
[   76.013388][ T5324]  ? __lock_acquire+0xab9/0xd20
[   76.015357][ T5324]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   76.017720][ T5324]  ? tun_get+0x1c/0x2f0
[   76.019554][ T5324]  ? tun_get+0x1c/0x2f0
[   76.021297][ T5324]  ? tun_get+0x1c/0x2f0
[   76.023131][ T5324]  tun_chr_write_iter+0x113/0x200
[   76.025328][ T5324]  vfs_write+0x5c9/0xb30
[   76.027149][ T5324]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   76.029415][ T5324]  ? __pfx_vfs_write+0x10/0x10
[   76.031461][ T5324]  ? __fget_files+0x2a/0x420
[   76.033568][ T5324]  ksys_write+0x145/0x250
[   76.035529][ T5324]  ? __pfx_ksys_write+0x10/0x10
[   76.037678][ T5324]  ? do_syscall_64+0xbe/0xfa0
[   76.039823][ T5324]  do_syscall_64+0xfa/0xfa0
[   76.042271][ T5324]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.044517][ T5324]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.047114][ T5324]  ? clear_bhb_loop+0x60/0xb0
[   76.049026][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.051626][ T5324] RIP: 0033:0x7fde7d78e1ff
[   76.053682][ T5324] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   76.061976][ T5324] RSP: 002b:00007fde7e57d000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   76.065354][ T5324] RAX: ffffffffffffffda RBX: 00007fde7d9e5fa0 RCX: 00007fde7d78e1ff
[   76.068660][ T5324] RDX: 000000000000003e RSI: 0000200000000500 RDI: 00000000000000c8
[   76.072194][ T5324] RBP: 00007fde7e57d090 R08: 0000000000000000 R09: 0000000000000000
[   76.075511][ T5324] R10: 000000000000003e R11: 0000000000000293 R12: 0000000000000001
[   76.079080][ T5324] R13: 00007fde7d9e6038 R14: 00007fde7d9e5fa0 R15: 00007ffe058a3218
[   76.082716][ T5324]  </TASK>
[   76.084068][ T5324] Modules linked in:
[   76.085986][ T5324] ---[ end trace 0000000000000000 ]---
[   76.088276][ T5324] RIP: 0010:skb_clone+0xd7/0x3a0
[   76.090436][ T5324] Code: 03 42 80 3c 20 00 74 08 4c 89 f7 e8 23 29 05 f9 49 83 3e 00 0f 85 a0 01 00 00 e8 94 dd 9d f8 48 8d 6b 7e 49 89 ee 49 c1 ee 03 <43> 0f b6 04 26 84 c0 0f 85 d1 01 00 00 44 0f b6 7d 00 41 83 e7 0c
[   76.098395][ T5324] RSP: 0018:ffffc9000d3bf200 EFLAGS: 00010207
[   76.100807][ T5324] RAX: ffffffff892235a1 RBX: 0000000000000000 RCX: ffff888030f62480
[   76.104407][ T5324] RDX: 0000000000000000 RSI: 0000000000000820 RDI: 0000000000000000
[   76.107913][ T5324] RBP: 000000000000007e R08: 00000000ffffffff R09: 1ffffffff1c0c44e
[   76.111345][ T5324] R10: dffffc0000000000 R11: fffffbfff1c0c44f R12: dffffc0000000000
[   76.114660][ T5324] R13: 0000000000000820 R14: 000000000000000f R15: ffff88803e051d80
[   76.118387][ T5324] FS:  00007fde7e57d6c0(0000) GS:ffff88808d72f000(0000) knlGS:0000000000000000
[   76.122181][ T5324] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   76.125025][ T5324] CR2: 00007fde7e51d9b8 CR3: 0000000042372000 CR4: 0000000000352ef0
[   76.128374][ T5324] Kernel panic - not syncing: Fatal exception in interrupt
[   76.131762][ T5324] Kernel Offset: disabled
[   76.133451][ T5324] Rebooting in 86400 seconds..