last executing test programs:

1.769596625s ago: executing program 1 (id=105):
lgetxattr(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0)

1.620162746s ago: executing program 1 (id=107):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/member', 0x2, 0x0)

615.170803ms ago: executing program 0 (id=118):
socket$vsock_dgram(0x28, 0x2, 0x0)

476.532264ms ago: executing program 0 (id=119):
writev(0xffffffffffffffff, &(0x7f0000000000), 0x0)

377.175142ms ago: executing program 0 (id=120):
socket$nl_netfilter(0x10, 0x3, 0xc)

377.046031ms ago: executing program 1 (id=112):
flistxattr(0xffffffffffffffff, &(0x7f0000000000), 0x0)

270.915469ms ago: executing program 0 (id=121):
munlockall()

270.718259ms ago: executing program 1 (id=122):
sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x0)

263.63202ms ago: executing program 0 (id=123):
syz_init_net_socket$ax25(0x3, 0x2, 0x0)

89.109103ms ago: executing program 0 (id=124):
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

88.694764ms ago: executing program 1 (id=125):
sigaltstack(&(0x7f0000000000), 0x0)

0s ago: executing program 1 (id=126):
pwritev2(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:11225' (ED25519) to the list of known hosts.
syzkaller login: [  100.812387][ T3301] cgroup: Unknown subsys name 'net'
[  101.069538][ T3301] cgroup: Unknown subsys name 'cpuset'
[  101.099174][ T3301] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  101.797326][ T3301] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  121.064936][ T3431] ==================================================================
[  121.070368][ T3431] BUG: KASAN: slab-use-after-free in binderfs_evict_inode+0xe8/0x114
[  121.071322][ T3431] Write at addr faf000000785d0c8 by task syz-executor/3431
[  121.071617][ T3431] Pointer tag: [fa], memory tag: [fe]
[  121.071769][ T3431] 
[  121.072389][ T3431] CPU: 0 UID: 0 PID: 3431 Comm: syz-executor Not tainted 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT 
[  121.072734][ T3431] Hardware name: linux,dummy-virt (DT)
[  121.072947][ T3431] Call trace:
[  121.073253][ T3431]  show_stack+0x18/0x24 (C)
[  121.073583][ T3431]  dump_stack_lvl+0x78/0x90
[  121.073747][ T3431]  print_report+0x108/0x630
[  121.073882][ T3431]  kasan_report+0x88/0xac
[  121.074004][ T3431]  __do_kernel_fault+0x170/0x1c8
[  121.074129][ T3431]  do_tag_check_fault+0x78/0x8c
[  121.074247][ T3431]  do_mem_abort+0x44/0x94
[  121.074363][ T3431]  el1_abort+0x40/0x60
[  121.074482][ T3431]  el1h_64_sync_handler+0xa4/0x120
[  121.074597][ T3431]  el1h_64_sync+0x6c/0x70
[  121.074778][ T3431]  binderfs_evict_inode+0xe8/0x114 (P)
[  121.074899][ T3431]  evict+0xec/0x240
[  121.075017][ T3431]  iput+0xfc/0x1b8
[  121.075135][ T3431]  dentry_unlink_inode+0xc0/0x188
[  121.075254][ T3431]  __dentry_kill+0x7c/0x1d4
[  121.075372][ T3431]  shrink_dentry_list+0x74/0xe4
[  121.075485][ T3431]  shrink_dcache_parent+0xcc/0x14c
[  121.075599][ T3431]  shrink_dcache_for_umount+0x3c/0x1c8
[  121.075714][ T3431]  generic_shutdown_super+0x24/0x100
[  121.075830][ T3431]  kill_anon_super+0x20/0x90
[  121.075944][ T3431]  kill_litter_super+0x28/0x38
[  121.076059][ T3431]  binderfs_kill_super+0x18/0x40
[  121.076180][ T3431]  deactivate_locked_super+0x50/0x12c
[  121.076296][ T3431]  deactivate_super+0x84/0x9c
[  121.076410][ T3431]  cleanup_mnt+0xf4/0x184
[  121.076525][ T3431]  __cleanup_mnt+0x14/0x20
[  121.076638][ T3431]  task_work_run+0x78/0xd4
[  121.076756][ T3431]  do_exit+0x2c8/0x944
[  121.076872][ T3431]  do_group_exit+0x34/0x90
[  121.076987][ T3431]  copy_siginfo_to_user+0x0/0xec
[  121.077172][ T3431]  do_signal+0x94/0x3ec
[  121.077289][ T3431]  do_notify_resume+0xe0/0x16c
[  121.077405][ T3431]  el0_svc+0xc4/0x124
[  121.077520][ T3431]  el0t_64_sync_handler+0x10c/0x138
[  121.077702][ T3431]  el0t_64_sync+0x1a4/0x1a8
[  121.078063][ T3431] 
[  121.080021][ T3431] Freed by task 3308:
[  121.080275][ T3431]  kasan_save_stack+0x3c/0x64
[  121.080522][ T3431]  save_stack_info+0x40/0x158
[  121.080687][ T3431]  kasan_save_free_info+0x18/0x24
[  121.080848][ T3431]  __kasan_slab_free+0x74/0x8c
[  121.081007][ T3431]  kfree+0xfc/0x30c
[  121.081234][ T3431]  binderfs_evict_inode+0x100/0x114
[  121.081395][ T3431]  evict+0xec/0x240
[  121.081554][ T3431]  iput+0xfc/0x1b8
[  121.081712][ T3431]  dentry_unlink_inode+0xc0/0x188
[  121.081874][ T3431]  __dentry_kill+0x7c/0x1d4
[  121.082034][ T3431]  shrink_dentry_list+0x74/0xe4
[  121.082197][ T3431]  shrink_dcache_parent+0xcc/0x14c
[  121.082356][ T3431]  shrink_dcache_for_umount+0x3c/0x1c8
[  121.082514][ T3431]  generic_shutdown_super+0x24/0x100
[  121.082674][ T3431]  kill_anon_super+0x20/0x90
[  121.082833][ T3431]  kill_litter_super+0x28/0x38
[  121.082992][ T3431]  binderfs_kill_super+0x18/0x40
[  121.083154][ T3431]  deactivate_locked_super+0x50/0x12c
[  121.083314][ T3431]  deactivate_super+0x84/0x9c
[  121.083473][ T3431]  cleanup_mnt+0xf4/0x184
[  121.083632][ T3431]  __cleanup_mnt+0x14/0x20
[  121.083789][ T3431]  task_work_run+0x78/0xd4
[  121.083949][ T3431]  do_exit+0x2c8/0x944
[  121.084108][ T3431]  do_group_exit+0x34/0x90
[  121.084271][ T3431]  copy_siginfo_to_user+0x0/0xec
[  121.084434][ T3431]  do_signal+0xf0/0x3ec
[  121.084596][ T3431]  do_notify_resume+0xe0/0x16c
[  121.084756][ T3431]  el0_svc+0xc4/0x124
[  121.084916][ T3431]  el0t_64_sync_handler+0x10c/0x138
[  121.085102][ T3431]  el0t_64_sync+0x1a4/0x1a8
[  121.085301][ T3431] 
[  121.085440][ T3431] The buggy address belongs to the object at fff000000785d0c0
[  121.085440][ T3431]  which belongs to the cache kmalloc-192 of size 192
[  121.085654][ T3431] The buggy address is located 8 bytes inside of
[  121.085654][ T3431]  192-byte region [fff000000785d0c0, fff000000785d180)
[  121.085834][ T3431] 
[  121.086080][ T3431] The buggy address belongs to the physical page:
[  121.086326][ T3431] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfbf000000785de40 pfn:0x4785d
[  121.086674][ T3431] flags: 0x1ffc00000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x0)
[  121.087135][ T3431] page_type: f5(slab)
[  121.087586][ T3431] raw: 01ffc00000000000 f3f0000003001300 dead000000000122 0000000000000000
[  121.087861][ T3431] raw: fbf000000785de40 000000008015000e 00000000f5000000 0000000000000000
[  121.088069][ T3431] page dumped because: kasan: bad access detected
[  121.088222][ T3431] 
[  121.088358][ T3431] Memory state around the buggy address:
[  121.088675][ T3431]  fff000000785ce00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  121.088869][ T3431]  fff000000785cf00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  121.089069][ T3431] >fff000000785d000: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  121.089241][ T3431]                                                        ^
[  121.089430][ T3431]  fff000000785d100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  121.089581][ T3431]  fff000000785d200: fe fe fe fe f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6
[  121.089752][ T3431] ==================================================================
[  121.090820][ T3431] Disabling lock debugging due to kernel taint
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  122.138149][ T3451] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.

VM DIAGNOSIS:
09:04:12  Registers:
info registers vcpu 0

CPU#0
 PC=ffff800081b28c5c X00=ffff800081b28c58 X01=f4f00000052ac900
X02=0000000000000000 X03=0000000000000025 X04=000000000000b7e9
X05=00000000001b425a X06=000000000006bd8e X07=f0f0000006144c00
X08=f0f0000006144c80 X09=0000000000000000 X10=000000000000016b
X11=0000000000000000 X12=0000000000000009 X13=0000000000000000
X14=000000000000016b X15=ffff800081b72ed0 X16=ffff800080000000
X17=fff07ffffd002000 X18=0000000000000000 X19=0000000000000000
X20=ffff800082a022c8 X21=ffff800082a022c0 X22=0000000000000000
X23=0000000000000004 X24=ffff800082a022c8 X25=0000000000000028
X26=0000000000000001 X27=0000000000000000 X28=0000000000000001
X29=ffff800080003410 X30=ffff80008017c804  SP=ffff800080003410
PSTATE=804020c9 N--- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000000000000000 P01=0000000000000000 P02=0000000000000000
P03=0000000000000000 P04=0000000000000000 P05=0000000000000000
P06=0000000000000000 P07=0000000000000000 P08=0000000000000000
P09=0000000000000000 P10=0000000000000000 P11=0000000000000000
P12=0000000000000000 P13=0000000000000000 P14=0000000000000000
P15=0000000000000000 FFR=0000000000000000
Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:2525252525252525:2525252525252525
Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:742064656c696146:0000000000006425
Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ff00000f00000000
Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffffffffff00ff
Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00000000ffffff0f
Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00000000cccccc00
Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000073:0000aaaaf7b9bcb0
Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000074:0000aaaaf7b98f90
Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffeae197e0:0000ffffeae197e0
Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd8:0000ffffeae197b0
Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
info registers vcpu 1

CPU#1
 PC=ffff8000808c7530 X00=0000000000000002 X01=0000000000000018
X02=ffff800082cc5018 X03=ffff800082a82fa0 X04=f5f00000030dd880
X05=0000000000000035 X06=3b393e392578657e X07=0000000000000000
X08=7f7f7f7f7f7f7f7f X09=ffff800082a82fd0 X10=0000000000000001
X11=ffff80008309be10 X12=ffff8000829d0048 X13=ffff80008309bb7d
X14=ffff80008309bb88 X15=ffff80008309b9f0 X16=ffff800080008000
X17=fff07ffffd01b000 X18=00000000ffffffff X19=fff000007fe16031
X20=ffff8000808c75e0 X21=f5f00000030dd880 X22=fff000007fe16031
X23=ffff8000808c75e0 X24=0000000000000050 X25=0000000000000001
X26=f1f00000032b36c0 X27=0000000000000000 X28=0000000000000000
X29=ffff80008309bc90 X30=ffff8000808c7608  SP=ffff80008309bc90
PSTATE=804020c9 N--- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000000000000000 P01=0000000000000000 P02=0000000000000000
P03=0000000000000000 P04=0000000000000000 P05=0000000000000000
P06=0000000000000000 P07=0000000000000000 P08=0000000000000000
P09=0000000000000000 P10=0000000000000000 P11=0000000000000000
P12=0000000000000000 P13=0000000000000000 P14=0000000000000000
P15=0000000000000000 FFR=0000000000000000
Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000