./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1939908395

<...>
Warning: Permanently added '10.128.1.86' (ED25519) to the list of known hosts.
execve("./syz-executor1939908395", ["./syz-executor1939908395"], 0x7ffd7a0f5fd0 /* 10 vars */) = 0
brk(NULL)                               = 0x55555614e000
brk(0x55555614ed40)                     = 0x55555614ed40
arch_prctl(ARCH_SET_FS, 0x55555614e3c0) = 0
set_tid_address(0x55555614e690)         = 5057
set_robust_list(0x55555614e6a0, 24)     = 0
rseq(0x55555614ece0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1939908395", 4096) = 28
getrandom("\x62\x94\xdb\x00\x94\x94\x9f\x35", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55555614ed40
brk(0x55555616fd40)                     = 0x55555616fd40
brk(0x555556170000)                     = 0x555556170000
mprotect(0x7fa0a3cfd000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555614e690) = 5058
./strace-static-x86_64: Process 5058 attached
[pid  5058] set_robust_list(0x55555614e6a0, 24) = 0
[pid  5058] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5058] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5058] setsid()                    = 1
[pid  5058] openat(AT_FDCWD, "/proc/self/ns/net", O_RDONLY) = 3
[pid  5058] dup2(3, 201)                = 201
[pid  5058] close(3)                    = 0
[pid  5058] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5058] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5058] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5058] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5058] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5058] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5058] unshare(CLONE_NEWNS)        = 0
[pid  5058] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5058] unshare(CLONE_NEWIPC)       = 0
[pid  5058] unshare(CLONE_NEWCGROUP)    = 0
[pid  5058] unshare(CLONE_NEWUTS)       = 0
[pid  5058] unshare(CLONE_SYSVSEM)      = 0
[pid  5058] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5058] write(3, "16777216", 8)     = 8
[pid  5058] close(3)                    = 0
[pid  5058] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5058] write(3, "536870912", 9)    = 9
[pid  5058] close(3)                    = 0
[pid  5058] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5058] write(3, "1024", 4)         = 4
[pid  5058] close(3)                    = 0
[pid  5058] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5058] write(3, "8192", 4)         = 4
[pid  5058] close(3)                    = 0
[pid  5058] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5058] write(3, "1024", 4)         = 4
[pid  5058] close(3)                    = 0
[pid  5058] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5058] write(3, "1024", 4)         = 4
[pid  5058] close(3)                    = 0
[pid  5058] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5058] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5058] close(3)                    = 0
[pid  5058] getpid()                    = 1
[pid  5058] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5058] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5058] unshare(CLONE_NEWNET)       = 0
[pid  5058] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5058] write(3, "0 65535", 7)      = 7
[pid  5058] close(3)                    = 0
[pid  5058] mkdir("/dev/binderfs", 0777) = 0
[pid  5058] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5058] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5058] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5061 attached
, child_tidptr=0x55555614e690) = 2
[pid  5061] set_robust_list(0x55555614e6a0, 24) = 0
[pid  5061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5061] setpgid(0, 0)               = 0
[pid  5061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5061] write(3, "1000", 4)         = 4
[pid  5061] close(3)                    = 0
[pid  5061] futex(0x7fa0a3d0332c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5061] rt_sigaction(SIGRT_1, {sa_handler=0x7fa0a3c9d930, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa0a3c8efb0}, NULL, 8) = 0
[pid  5061] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid  5061] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa0a3c18000
[pid  5061] mprotect(0x7fa0a3c19000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  5061] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid  5061] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa0a3c38990, parent_tid=0x7fa0a3c38990, exit_signal=0, stack=0x7fa0a3c18000, stack_size=0x20300, tls=0x7fa0a3c386c0}./strace-static-x86_64: Process 5062 attached
 <unfinished ...>
[pid  5062] rseq(0x7fa0a3c38fe0, 0x20, 0, 0x53053053 <unfinished ...>
[pid  5061] <... clone3 resumed> => {parent_tid=[3]}, 88) = 3
[pid  5062] <... rseq resumed>)         = 0
[pid  5062] set_robust_list(0x7fa0a3c389a0, 24) = 0
[pid  5061] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5062] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5061] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5062] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5061] futex(0x7fa0a3d03328, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5062] openat(AT_FDCWD, "/proc/self/ns/net", O_RDONLY <unfinished ...>
[pid  5061] <... futex resumed>)        = 0
[pid  5062] <... openat resumed>)       = 3
[pid  5061] futex(0x7fa0a3d0332c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5062] setns(201, 0)               = 0
[pid  5062] socket(AF_NFC, SOCK_DGRAM, NFC_SOCKPROTO_LLCP) = 4
[pid  5062] setns(3, 0)                 = 0
[pid  5062] close(3)                    = 0
[pid  5062] futex(0x7fa0a3d0332c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5062] futex(0x7fa0a3d03328, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5061] <... futex resumed>)        = 0
[pid  5061] futex(0x7fa0a3d03328, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5062] <... futex resumed>)        = 0
[pid  5061] <... futex resumed>)        = 1
[pid  5062] openat(AT_FDCWD, "/dev/virtual_nci", O_RDWR <unfinished ...>
[pid  5061] futex(0x7fa0a3d0332c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5062] <... openat resumed>)       = 3
[pid  5062] futex(0x7fa0a3d0332c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5061] <... futex resumed>)        = 0
[pid  5062] futex(0x7fa0a3d03328, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5061] futex(0x7fa0a3d03328, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5062] <... futex resumed>)        = 0
[pid  5061] <... futex resumed>)        = 1
[pid  5062] ioctl(3, _IOC(_IOC_NONE, 0, 0, 0) <unfinished ...>
[pid  5061] futex(0x7fa0a3d0332c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5062] <... ioctl resumed>, 0x20000180) = 0
[pid  5062] futex(0x7fa0a3d0332c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5062] futex(0x7fa0a3d03328, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5061] <... futex resumed>)        = 0
[pid  5061] futex(0x7fa0a3d03328, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5062] <... futex resumed>)        = 0
[pid  5061] futex(0x7fa0a3d0332c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5062] bind(4, {sa_family=AF_NFC, dev_idx=if_nametoindex("bond0"), target_idx=0, nfc_protocol=0 /* NFC_PROTO_??? */, dsap=0, ssap=0, service_name="\x94\xf7\x0c\x47\xab\xa8\x62\x63\xa1\x46\x84\x73\x93\xee\xe5\x9e\xde\x0c\x74\x0a\x48\x4c\x39\xa2\xc3\x0c\xef\x77\x5b\x56\x38\xdd\x7d\x3a\x8c\xe7\x2e\x8f\xe8\xc2\x35\x2d\x16\x5f\xe4\xb0\xc5\x97\x05", service_name_len=49}, 96) = 0
[pid  5062] futex(0x7fa0a3d0332c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5061] <... futex resumed>)        = 0
[pid  5062] futex(0x7fa0a3d03328, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5061] futex(0x7fa0a3d03328, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5062] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  5062] sendmmsg(4,  <unfinished ...>
[pid  5061] <... futex resumed>)        = 0
[pid  5061] futex(0x7fa0a3d0332c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5062] <... sendmmsg resumed>[{msg_hdr={msg_name={sa_family=AF_NFC, dev_idx=0, target_idx=0x1, nfc_protocol=NFC_PROTO_JEWEL, dsap=0x1f, ssap=0x2 /* LLCP_SAP_IP */, service_name="\x57\x74\x85\x79\x78\x5e\xcf\xb9\xb2\xcb\xeb\xd9\xa0\x4e\x45\xc6\xbf\xcf\x8e\x67\x02\x01\xbf\x4a\x7c\x6e\xd4\xd3\xe1\x30\xa1\x3f\x84\x53\xbc\x44\x27\x70\x44\x6a\x20\x6a", service_name_len=42}, msg_namelen=96, msg_iov=[{iov_base=NULL, iov_len=0}, {iov_base="\x83\x44\xc1\x47\x4f\xf6\x62\x1f\xe9\xf4\x06\x95\x53\x46\x0c\xc5\x4f\x2a\xad\x35\x4c\xed\xf2\x6f\xcf\x0d\x7c\xfd\x22\x3f\xef\x04\x16\xe5\x69\x3c\xe1\x20\x31\x51\x0a\xe5\x6b\x6e\xfc\x18\x38\xc0\x36\xd0\x0f\x96\x46\xc3\xcb\x6e\xaf\xa2\x8c\x30\xec\x9a\x99\xba\x7f\x65\x37\xbd\xbb\xb8\xae\x0c\xb2\x44\x6d\xb7\x32\x14\x96\x5a\xeb\x4c\x94\xf4\xc2\xa9\x8b\xda\xdf\x5c\x06\x52\x90\xcf\x1b\xa0\x97\x32\x3a\x3e"..., iov_len=4096}, {iov_base=NULL, iov_len=0}], msg_iovlen=3, msg_controllen=0, msg_flags=MSG_DONTROUTE|MSG_PROBE}, msg_len=4096}], 1, 0) = 1
[pid  5062] sendmmsg(4, [{msg_hdr={msg_name={sa_family=AF_NFC, dev_idx=0, target_idx=0x1, nfc_protocol=NFC_PROTO_JEWEL, dsap=0x1f, ssap=0x2 /* LLCP_SAP_IP */, service_name="\x57\x74\x85\x79\x78\x5e\xcf\xb9\xb2\xcb\xeb\xd9\xa0\x4e\x45\xc6\xbf\xcf\x8e\x67\x02\x01\xbf\x4a\x7c\x6e\xd4\xd3\xe1\x30\xa1\x3f\x84\x53\xbc\x44\x27\x70\x44\x6a\x20\x6a", service_name_len=42}, msg_namelen=96, msg_iov=[{iov_base=NULL, iov_len=0}, {iov_base="\x83\x44\xc1\x47\x4f\xf6\x62\x1f\xe9\xf4\x06\x95\x53\x46\x0c\xc5\x4f\x2a\xad\x35\x4c\xed\xf2\x6f\xcf\x0d\x7c\xfd\x22\x3f\xef\x04\x16\xe5\x69\x3c\xe1\x20\x31\x51\x0a\xe5\x6b\x6e\xfc\x18\x38\xc0\x36\xd0\x0f\x96\x46\xc3\xcb\x6e\xaf\xa2\x8c\x30\xec\x9a\x99\xba\x7f\x65\x37\xbd\xbb\xb8\xae\x0c\xb2\x44\x6d\xb7\x32\x14\x96\x5a\xeb\x4c\x94\xf4\xc2\xa9\x8b\xda\xdf\x5c\x06\x52\x90\xcf\x1b\xa0\x97\x32\x3a\x3e"..., iov_len=4096}, {iov_base=NULL, iov_len=0}], msg_iovlen=3, msg_controllen=0, msg_flags=MSG_DONTROUTE|MSG_PROBE}, msg_len=4096}], 1, 0) = 1
[pid  5062] sendmmsg(4, [{msg_hdr={msg_name={sa_family=AF_NFC, dev_idx=0, target_idx=0x1, nfc_protocol=NFC_PROTO_JEWEL, dsap=0x1f, ssap=0x2 /* LLCP_SAP_IP */, service_name="\x57\x74\x85\x79\x78\x5e\xcf\xb9\xb2\xcb\xeb\xd9\xa0\x4e\x45\xc6\xbf\xcf\x8e\x67\x02\x01\xbf\x4a\x7c\x6e\xd4\xd3\xe1\x30\xa1\x3f\x84\x53\xbc\x44\x27\x70\x44\x6a\x20\x6a", service_name_len=42}, msg_namelen=96, msg_iov=[{iov_base=NULL, iov_len=0}, {iov_base="\x83\x44\xc1\x47\x4f\xf6\x62\x1f\xe9\xf4\x06\x95\x53\x46\x0c\xc5\x4f\x2a\xad\x35\x4c\xed\xf2\x6f\xcf\x0d\x7c\xfd\x22\x3f\xef\x04\x16\xe5\x69\x3c\xe1\x20\x31\x51\x0a\xe5\x6b\x6e\xfc\x18\x38\xc0\x36\xd0\x0f\x96\x46\xc3\xcb\x6e\xaf\xa2\x8c\x30\xec\x9a\x99\xba\x7f\x65\x37\xbd\xbb\xb8\xae\x0c\xb2\x44\x6d\xb7\x32\x14\x96\x5a\xeb\x4c\x94\xf4\xc2\xa9\x8b\xda\xdf\x5c\x06\x52\x90\xcf\x1b\xa0\x97\x32\x3a\x3e"..., iov_len=4096}, {iov_base=NULL, iov_len=0}], msg_iovlen=3, msg_controllen=0, msg_flags=MSG_DONTROUTE|MSG_PROBE}, msg_len=4096}], 1, 0) = 1
[pid  5062] sendmmsg(4, [{msg_hdr={msg_name={sa_family=AF_NFC, dev_idx=0, target_idx=0x1, nfc_protocol=NFC_PROTO_JEWEL, dsap=0x1f, ssap=0x2 /* LLCP_SAP_IP */, service_name="\x57\x74\x85\x79\x78\x5e\xcf\xb9\xb2\xcb\xeb\xd9\xa0\x4e\x45\xc6\xbf\xcf\x8e\x67\x02\x01\xbf\x4a\x7c\x6e\xd4\xd3\xe1\x30\xa1\x3f\x84\x53\xbc\x44\x27\x70\x44\x6a\x20\x6a", service_name_len=42}, msg_namelen=96, msg_iov=[{iov_base=NULL, iov_len=0}, {iov_base="\x83\x44\xc1\x47\x4f\xf6\x62\x1f\xe9\xf4\x06\x95\x53\x46\x0c\xc5\x4f\x2a\xad\x35\x4c\xed\xf2\x6f\xcf\x0d\x7c\xfd\x22\x3f\xef\x04\x16\xe5\x69\x3c\xe1\x20\x31\x51\x0a\xe5\x6b\x6e\xfc\x18\x38\xc0\x36\xd0\x0f\x96\x46\xc3\xcb\x6e\xaf\xa2\x8c\x30\xec\x9a\x99\xba\x7f\x65\x37\xbd\xbb\xb8\xae\x0c\xb2\x44\x6d\xb7\x32\x14\x96\x5a\xeb\x4c\x94\xf4\xc2\xa9\x8b\xda\xdf\x5c\x06\x52\x90\xcf\x1b\xa0\x97\x32\x3a\x3e"..., iov_len=4096}, {iov_base=NULL, iov_len=0}], msg_iovlen=3, msg_controllen=0, msg_flags=MSG_DONTROUTE|MSG_PROBE}, msg_len=4096}], 1, 0) = 1
[pid  5062] sendmmsg(4, [{msg_hdr={msg_name={sa_family=AF_NFC, dev_idx=0, target_idx=0x1, nfc_protocol=NFC_PROTO_JEWEL, dsap=0x1f, ssap=0x2 /* LLCP_SAP_IP */, service_name="\x57\x74\x85\x79\x78\x5e\xcf\xb9\xb2\xcb\xeb\xd9\xa0\x4e\x45\xc6\xbf\xcf\x8e\x67\x02\x01\xbf\x4a\x7c\x6e\xd4\xd3\xe1\x30\xa1\x3f\x84\x53\xbc\x44\x27\x70\x44\x6a\x20\x6a", service_name_len=42}, msg_namelen=96, msg_iov=[{iov_base=NULL, iov_len=0}, {iov_base="\x83\x44\xc1\x47\x4f\xf6\x62\x1f\xe9\xf4\x06\x95\x53\x46\x0c\xc5\x4f\x2a\xad\x35\x4c\xed\xf2\x6f\xcf\x0d\x7c\xfd\x22\x3f\xef\x04\x16\xe5\x69\x3c\xe1\x20\x31\x51\x0a\xe5\x6b\x6e\xfc\x18\x38\xc0\x36\xd0\x0f\x96\x46\xc3\xcb\x6e\xaf\xa2\x8c\x30\xec\x9a\x99\xba\x7f\x65\x37\xbd\xbb\xb8\xae\x0c\xb2\x44\x6d\xb7\x32\x14\x96\x5a\xeb\x4c\x94\xf4\xc2\xa9\x8b\xda\xdf\x5c\x06\x52\x90\xcf\x1b\xa0\x97\x32\x3a\x3e"..., iov_len=4096}, {iov_base=NULL, iov_len=0}], msg_iovlen=3, msg_controllen=0, msg_flags=MSG_DONTROUTE|MSG_PROBE}, msg_len=4096}], 1, 0) = 1
[pid  5062] sendmmsg(4, [{msg_hdr={msg_name={sa_family=AF_NFC, dev_idx=0, target_idx=0x1, nfc_protocol=NFC_PROTO_JEWEL, dsap=0x1f, ssap=0x2 /* LLCP_SAP_IP */, service_name="\x57\x74\x85\x79\x78\x5e\xcf\xb9\xb2\xcb\xeb\xd9\xa0\x4e\x45\xc6\xbf\xcf\x8e\x67\x02\x01\xbf\x4a\x7c\x6e\xd4\xd3\xe1\x30\xa1\x3f\x84\x53\xbc\x44\x27\x70\x44\x6a\x20\x6a", service_name_len=42}, msg_namelen=96, msg_iov=[{iov_base=NULL, iov_len=0}, {iov_base="\x83\x44\xc1\x47\x4f\xf6\x62\x1f\xe9\xf4\x06\x95\x53\x46\x0c\xc5\x4f\x2a\xad\x35\x4c\xed\xf2\x6f\xcf\x0d\x7c\xfd\x22\x3f\xef\x04\x16\xe5\x69\x3c\xe1\x20\x31\x51\x0a\xe5\x6b\x6e\xfc\x18\x38\xc0\x36\xd0\x0f\x96\x46\xc3\xcb\x6e\xaf\xa2\x8c\x30\xec\x9a\x99\xba\x7f\x65\x37\xbd\xbb\xb8\xae\x0c\xb2\x44\x6d\xb7\x32\x14\x96\x5a\xeb\x4c\x94\xf4\xc2\xa9\x8b\xda\xdf\x5c\x06\x52\x90\xcf\x1b\xa0\x97\x32\x3a\x3e"..., iov_len=4096}, {iov_base=NULL, iov_len=0}], msg_iovlen=3, msg_controllen=0, msg_flags=MSG_DONTROUTE|MSG_PROBE}, msg_len=4096}], 1, 0) = 1
[pid  5062] sendmmsg(4, [{msg_hdr={msg_name={sa_family=AF_NFC, dev_idx=0, target_idx=0x1, nfc_protocol=NFC_PROTO_JEWEL, dsap=0x1f, ssap=0x2 /* LLCP_SAP_IP */, service_name="\x57\x74\x85\x79\x78\x5e\xcf\xb9\xb2\xcb\xeb\xd9\xa0\x4e\x45\xc6\xbf\xcf\x8e\x67\x02\x01\xbf\x4a\x7c\x6e\xd4\xd3\xe1\x30\xa1\x3f\x84\x53\xbc\x44\x27\x70\x44\x6a\x20\x6a", service_name_len=42}, msg_namelen=96, msg_iov=[{iov_base=NULL, iov_len=0}, {iov_base="\x83\x44\xc1\x47\x4f\xf6\x62\x1f\xe9\xf4\x06\x95\x53\x46\x0c\xc5\x4f\x2a\xad\x35\x4c\xed\xf2\x6f\xcf\x0d\x7c\xfd\x22\x3f\xef\x04\x16\xe5\x69\x3c\xe1\x20\x31\x51\x0a\xe5\x6b\x6e\xfc\x18\x38\xc0\x36\xd0\x0f\x96\x46\xc3\xcb\x6e\xaf\xa2\x8c\x30\xec\x9a\x99\xba\x7f\x65\x37\xbd\xbb\xb8\xae\x0c\xb2\x44\x6d\xb7\x32\x14\x96\x5a\xeb\x4c\x94\xf4\xc2\xa9\x8b\xda\xdf\x5c\x06\x52\x90\xcf\x1b\xa0\x97\x32\x3a\x3e"..., iov_len=4096}, {iov_base=NULL, iov_len=0}], msg_iovlen=3, msg_controllen=0, msg_flags=MSG_DONTROUTE|MSG_PROBE}, msg_len=4096}], 1, 0) = 1
[pid  5062] sendmmsg(4,  <unfinished ...>
[pid  5061] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  5061] close(3)                    = 0
[pid  5062] <... sendmmsg resumed>[{msg_hdr={msg_name={sa_family=AF_NFC, dev_idx=0, target_idx=0x1, nfc_protocol=NFC_PROTO_JEWEL, dsap=0x1f, ssap=0x2 /* LLCP_SAP_IP */, service_name="\x57\x74\x85\x79\x78\x5e\xcf\xb9\xb2\xcb\xeb\xd9\xa0\x4e\x45\xc6\xbf\xcf\x8e\x67\x02\x01\xbf\x4a\x7c\x6e\xd4\xd3\xe1\x30\xa1\x3f\x84\x53\xbc\x44\x27\x70\x44\x6a\x20\x6a", service_name_len=42}, msg_namelen=96, msg_iov=[{iov_base=NULL, iov_len=0}, {iov_base="\x83\x44\xc1\x47\x4f\xf6\x62\x1f\xe9\xf4\x06\x95\x53\x46\x0c\xc5\x4f\x2a\xad\x35\x4c\xed\xf2\x6f\xcf\x0d\x7c\xfd\x22\x3f\xef\x04\x16\xe5\x69\x3c\xe1\x20\x31\x51\x0a\xe5\x6b\x6e\xfc\x18\x38\xc0\x36\xd0\x0f\x96\x46\xc3\xcb\x6e\xaf\xa2\x8c\x30\xec\x9a\x99\xba\x7f\x65\x37\xbd\xbb\xb8\xae\x0c\xb2\x44\x6d\xb7\x32\x14\x96\x5a\xeb\x4c\x94\xf4\xc2\xa9\x8b\xda\xdf\x5c\x06\x52\x90\xcf\x1b\xa0\x97\x32\x3a\x3e"..., iov_len=4096}, {iov_base=NULL, iov_len=0}], msg_iovlen=3, msg_controllen=0, msg_flags=MSG_DONTROUTE|MSG_PROBE}, msg_len=1792}], 1, 0) = 1
[pid  5062] sendmmsg(4,  <unfinished ...>
[pid  5061] close(4)                    = 0
[pid  5061] close(5)                    = -1 EBADF (Bad file descriptor)
[pid  5061] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5061] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5061] close(8)                    = -1 EBADF (Bad file descriptor)
[   56.503886][ T5062] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-6)
[   56.522700][ T5062] ==================================================================
[   56.530799][ T5062] BUG: KASAN: slab-use-after-free in nfc_alloc_send_skb+0x149/0x1c0
[   56.538810][ T5062] Read of size 4 at addr ffff888075231548 by task syz-executor193/5062
[   56.547036][ T5062] 
[pid  5061] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5061] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5061] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5061] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5061] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5061] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5061] close(15)                   = -1 EBADF (Bad file descriptor)
[   56.549357][ T5062] CPU: 1 PID: 5062 Comm: syz-executor193 Not tainted 6.6.0-syzkaller-14263-gaea6bf908d73 #0
[   56.559400][ T5062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[   56.569444][ T5062] Call Trace:
[   56.572709][ T5062]  <TASK>
[   56.575626][ T5062]  dump_stack_lvl+0x1e7/0x2d0
[   56.580297][ T5062]  ? nf_tcp_handle_invalid+0x650/0x650
[   56.585747][ T5062]  ? panic+0x850/0x850
[   56.589817][ T5062]  ? _printk+0xd5/0x120
[   56.593983][ T5062]  print_report+0x163/0x540
[   56.598467][ T5062]  ? __virt_addr_valid+0x22f/0x2e0
[   56.603561][ T5062]  ? __phys_addr+0xba/0x170
[   56.608047][ T5062]  ? nfc_alloc_send_skb+0x149/0x1c0
[   56.613230][ T5062]  kasan_report+0x142/0x170
[   56.617723][ T5062]  ? nfc_alloc_send_skb+0x149/0x1c0
[   56.622918][ T5062]  nfc_alloc_send_skb+0x149/0x1c0
[   56.627954][ T5062]  nfc_llcp_send_ui_frame+0x2ac/0x670
[   56.633322][ T5062]  ? nfc_llcp_send_i_frame+0x4f0/0x4f0
[   56.638775][ T5062]  ? llcp_sock_sendmsg+0x1fc/0x390
[   56.644049][ T5062]  ? nfc_llcp_getsockopt+0x560/0x560
[   56.649325][ T5062]  ____sys_sendmsg+0x592/0x890
[   56.654083][ T5062]  ? __sys_sendmsg_sock+0x30/0x30
[   56.659095][ T5062]  ? __fget_files+0x3fe/0x480
[   56.663765][ T5062]  __sys_sendmmsg+0x3b2/0x730
[   56.668435][ T5062]  ? __ia32_sys_sendmsg+0x90/0x90
[   56.673463][ T5062]  ? do_raw_spin_lock+0x14d/0x3a0
[   56.678484][ T5062]  ? lockdep_hardirqs_on_prepare+0x43c/0x7a0
[   56.684478][ T5062]  ? _raw_spin_unlock_irq+0x23/0x50
[   56.689682][ T5062]  ? lockdep_hardirqs_on+0x98/0x140
[   56.694886][ T5062]  ? print_irqtrace_events+0x220/0x220
[   56.700346][ T5062]  ? syscall_enter_from_user_mode+0x32/0x230
[   56.706323][ T5062]  __x64_sys_sendmmsg+0xa0/0xb0
[   56.711183][ T5062]  do_syscall_64+0x44/0x110
[   56.715678][ T5062]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   56.721576][ T5062] RIP: 0033:0x7fa0a3c77969
[   56.725987][ T5062] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   56.745946][ T5062] RSP: 002b:00007fa0a3c38208 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   56.754386][ T5062] RAX: ffffffffffffffda RBX: 00007fa0a3d03328 RCX: 00007fa0a3c77969
[   56.762353][ T5062] RDX: 0000000000000001 RSI: 00000000200013c0 RDI: 0000000000000004
[   56.770317][ T5062] RBP: 00007fa0a3d03320 R08: 0000000000000000 R09: 0000000000000000
[   56.778296][ T5062] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa0a3cd01a4
[   56.786262][ T5062] R13: 0000000000000039 R14: 00007fa0a3d010f0 R15: 00007fa0a3c38670
[   56.794235][ T5062]  </TASK>
[   56.797242][ T5062] 
[   56.799554][ T5062] Allocated by task 5062:
[   56.803870][ T5062]  kasan_set_track+0x4f/0x70
[   56.808455][ T5062]  __kasan_kmalloc+0x98/0xb0
[   56.813126][ T5062]  nfc_allocate_device+0x12f/0x520
[   56.818317][ T5062]  nci_allocate_device+0x1e2/0x360
[   56.823415][ T5062]  virtual_ncidev_open+0x75/0x1b0
[   56.828429][ T5062]  misc_open+0x30b/0x380
[   56.832673][ T5062]  chrdev_open+0x5ab/0x630
[   56.837089][ T5062]  do_dentry_open+0x8fd/0x1590
[   56.841840][ T5062]  path_openat+0x2845/0x3280
[   56.846421][ T5062]  do_filp_open+0x234/0x490
[   56.850916][ T5062]  do_sys_openat2+0x13e/0x1d0
[   56.855579][ T5062]  __x64_sys_openat+0x247/0x290
[   56.860417][ T5062]  do_syscall_64+0x44/0x110
[   56.864938][ T5062]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   56.870858][ T5062] 
[   56.873167][ T5062] Freed by task 5061:
[   56.877168][ T5062]  kasan_set_track+0x4f/0x70
[   56.881775][ T5062]  kasan_save_free_info+0x28/0x40
[   56.886890][ T5062]  ____kasan_slab_free+0xd6/0x120
[   56.891943][ T5062]  __kmem_cache_free+0x263/0x3a0
[   56.896878][ T5062]  device_release+0x95/0x1c0
[   56.901462][ T5062]  kobject_put+0x1ee/0x430
[   56.905868][ T5062]  nci_free_device+0x38/0x50
[   56.910445][ T5062]  virtual_ncidev_close+0x70/0x90
[   56.915455][ T5062]  __fput+0x3cc/0xa10
[   56.919425][ T5062]  __se_sys_close+0x15f/0x220
[   56.924090][ T5062]  do_syscall_64+0x44/0x110
[   56.928580][ T5062]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   56.934477][ T5062] 
[   56.936793][ T5062] The buggy address belongs to the object at ffff888075231000
[   56.936793][ T5062]  which belongs to the cache kmalloc-2k of size 2048
[   56.950847][ T5062] The buggy address is located 1352 bytes inside of
[   56.950847][ T5062]  freed 2048-byte region [ffff888075231000, ffff888075231800)
[   56.964826][ T5062] 
[   56.967146][ T5062] The buggy address belongs to the physical page:
[   56.973549][ T5062] page:ffffea0001d48c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75230
[   56.983697][ T5062] head:ffffea0001d48c00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   56.992615][ T5062] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   57.000583][ T5062] page_type: 0xffffffff()
[   57.004921][ T5062] raw: 00fff00000000840 ffff888012c42000 dead000000000122 0000000000000000
[   57.013506][ T5062] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[   57.022075][ T5062] page dumped because: kasan: bad access detected
[   57.028472][ T5062] page_owner tracks the page as allocated
[   57.034360][ T5062] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5062, tgid 5061 (syz-executor193), ts 56272329966, free_ts 55738397890
[   57.055973][ T5062]  post_alloc_hook+0x1e6/0x210
[   57.060740][ T5062]  get_page_from_freelist+0x339a/0x3530
[   57.066279][ T5062]  __alloc_pages+0x255/0x670
[   57.070859][ T5062]  alloc_pages_mpol+0x3de/0x640
[   57.075705][ T5062]  alloc_slab_page+0x6a/0x160
[   57.080405][ T5062]  new_slab+0x84/0x2f0
[   57.084467][ T5062]  ___slab_alloc+0xc85/0x1310
[   57.089133][ T5062]  __kmem_cache_alloc_node+0x21d/0x300
[   57.094588][ T5062]  kmalloc_trace+0x2a/0xe0
[   57.098996][ T5062]  nci_allocate_device+0xe9/0x360
[   57.104006][ T5062]  virtual_ncidev_open+0x75/0x1b0
[   57.109019][ T5062]  misc_open+0x30b/0x380
[   57.113255][ T5062]  chrdev_open+0x5ab/0x630
[   57.117656][ T5062]  do_dentry_open+0x8fd/0x1590
[   57.122407][ T5062]  path_openat+0x2845/0x3280
[   57.126987][ T5062]  do_filp_open+0x234/0x490
[   57.131481][ T5062] page last free stack trace:
[   57.136135][ T5062]  free_unref_page_prepare+0x92a/0xa50
[   57.141591][ T5062]  free_unref_page+0x37/0x3f0
[   57.146257][ T5062]  __slab_free+0x2f6/0x390
[   57.150661][ T5062]  qlist_free_all+0x75/0xe0
[   57.155154][ T5062]  kasan_quarantine_reduce+0x14b/0x160
[   57.160601][ T5062]  __kasan_slab_alloc+0x23/0x70
[   57.165438][ T5062]  slab_post_alloc_hook+0x6c/0x3c0
[   57.170540][ T5062]  __kmem_cache_alloc_node+0x1d0/0x300
[   57.175985][ T5062]  __kmalloc+0xa8/0x230
[   57.180131][ T5062]  tomoyo_supervisor+0xe06/0x11f0
[   57.185145][ T5062]  tomoyo_env_perm+0x178/0x210
[   57.189897][ T5062]  tomoyo_find_next_domain+0x1383/0x1cf0
[   57.195520][ T5062]  tomoyo_bprm_check_security+0x114/0x170
[   57.201240][ T5062]  security_bprm_check+0x63/0xa0
[   57.206163][ T5062]  bprm_execve+0x95f/0x18a0
[   57.210655][ T5062]  do_execveat_common+0x580/0x720
[   57.215667][ T5062] 
[   57.217978][ T5062] Memory state around the buggy address:
[   57.223593][ T5062]  ffff888075231400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   57.231661][ T5062]  ffff888075231480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   57.239714][ T5062] >ffff888075231500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   57.247754][ T5062]                                               ^
[pid  5061] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5061] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5061] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5061] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5061] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5061] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5061] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5061] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5061] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5061] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5061] close(26)                   = -1 EBADF (Bad file descriptor)
[   57.254151][ T5062]  ffff888075231580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   57.262197][ T5062]  ffff888075231600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   57.270242][ T5062] ==================================================================
[   57.280021][ T5062] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   57.287233][ T5062] CPU: 1 PID: 5062 Comm: syz-executor193 Not tainted 6.6.0-syzkaller-14263-gaea6bf908d73 #0
[   57.297395][ T5062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[   57.307454][ T5062] Call Trace:
[   57.310725][ T5062]  <TASK>
[   57.313658][ T5062]  dump_stack_lvl+0x1e7/0x2d0
[   57.318330][ T5062]  ? nf_tcp_handle_invalid+0x650/0x650
[   57.323867][ T5062]  ? panic+0x850/0x850
[   57.327931][ T5062]  ? lockdep_hardirqs_on_prepare+0x43c/0x7a0
[   57.333907][ T5062]  ? vscnprintf+0x5d/0x80
[   57.338230][ T5062]  panic+0x349/0x850
[   57.342117][ T5062]  ? check_panic_on_warn+0x21/0xa0
[   57.347218][ T5062]  ? __memcpy_flushcache+0x2b0/0x2b0
[   57.352509][ T5062]  ? _raw_spin_unlock_irqrestore+0x12c/0x140
[   57.358484][ T5062]  ? _raw_spin_unlock+0x40/0x40
[   57.363333][ T5062]  check_panic_on_warn+0x82/0xa0
[   57.368260][ T5062]  ? nfc_alloc_send_skb+0x149/0x1c0
[   57.373447][ T5062]  end_report+0x6e/0x130
[   57.377677][ T5062]  kasan_report+0x153/0x170
[   57.382169][ T5062]  ? nfc_alloc_send_skb+0x149/0x1c0
[   57.387357][ T5062]  nfc_alloc_send_skb+0x149/0x1c0
[   57.392374][ T5062]  nfc_llcp_send_ui_frame+0x2ac/0x670
[   57.397916][ T5062]  ? nfc_llcp_send_i_frame+0x4f0/0x4f0
[   57.403395][ T5062]  ? llcp_sock_sendmsg+0x1fc/0x390
[   57.408500][ T5062]  ? nfc_llcp_getsockopt+0x560/0x560
[   57.413779][ T5062]  ____sys_sendmsg+0x592/0x890
[   57.418538][ T5062]  ? __sys_sendmsg_sock+0x30/0x30
[   57.423573][ T5062]  ? __fget_files+0x3fe/0x480
[   57.428244][ T5062]  __sys_sendmmsg+0x3b2/0x730
[   57.432919][ T5062]  ? __ia32_sys_sendmsg+0x90/0x90
[   57.437949][ T5062]  ? do_raw_spin_lock+0x14d/0x3a0
[   57.442972][ T5062]  ? lockdep_hardirqs_on_prepare+0x43c/0x7a0
[   57.448946][ T5062]  ? _raw_spin_unlock_irq+0x23/0x50
[   57.454136][ T5062]  ? lockdep_hardirqs_on+0x98/0x140
[   57.459338][ T5062]  ? print_irqtrace_events+0x220/0x220
[   57.464881][ T5062]  ? syscall_enter_from_user_mode+0x32/0x230
[   57.470852][ T5062]  __x64_sys_sendmmsg+0xa0/0xb0
[   57.475696][ T5062]  do_syscall_64+0x44/0x110
[   57.480186][ T5062]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   57.486157][ T5062] RIP: 0033:0x7fa0a3c77969
[   57.490565][ T5062] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   57.510248][ T5062] RSP: 002b:00007fa0a3c38208 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   57.518652][ T5062] RAX: ffffffffffffffda RBX: 00007fa0a3d03328 RCX: 00007fa0a3c77969
[   57.526613][ T5062] RDX: 0000000000000001 RSI: 00000000200013c0 RDI: 0000000000000004
[   57.534603][ T5062] RBP: 00007fa0a3d03320 R08: 0000000000000000 R09: 0000000000000000
[   57.542561][ T5062] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa0a3cd01a4
[   57.550519][ T5062] R13: 0000000000000039 R14: 00007fa0a3d010f0 R15: 00007fa0a3c38670
[   57.558495][ T5062]  </TASK>
[   57.561732][ T5062] Kernel Offset: disabled
[   57.566040][ T5062] Rebooting in 86400 seconds..