last executing test programs:

1.04190928s ago: executing program 1 (id=218):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/udmabuf', 0x2, 0x0)

902.2625ms ago: executing program 1 (id=221):
io_getevents(0x0, 0x0, 0x0, &(0x7f0000000000), 0x0)

770.961771ms ago: executing program 1 (id=224):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_threshold', 0x2, 0x0)

680.311077ms ago: executing program 0 (id=225):
sched_rr_get_interval(0x0, &(0x7f0000000000))

565.325466ms ago: executing program 1 (id=226):
timer_gettime(0x0, &(0x7f0000000000))

564.738776ms ago: executing program 0 (id=227):
clone3(&(0x7f0000000000), 0x0)
exit(0x0)

492.710971ms ago: executing program 1 (id=228):
fsopen(&(0x7f0000000000), 0x0)

419.050807ms ago: executing program 0 (id=229):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ocfs2_control', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ocfs2_control', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ocfs2_control', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ocfs2_control', 0x800, 0x0)

232.744701ms ago: executing program 0 (id=230):
fchown(0xffffffffffffffff, 0x0, 0x0)

232.542222ms ago: executing program 0 (id=231):
socket$phonet_pipe(0x23, 0x5, 0x2)

140.796938ms ago: executing program 1 (id=232):
umount2(&(0x7f0000000000), 0x0)

0s ago: executing program 0 (id=234):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwbinder', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwbinder', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hwbinder', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwbinder', 0x800, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:41953' (ED25519) to the list of known hosts.
syzkaller login: [   97.446057][ T3301] cgroup: Unknown subsys name 'net'
[   97.665854][ T3301] cgroup: Unknown subsys name 'cpuset'
[   97.706132][ T3301] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   98.521665][ T3301] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  115.290673][ T3439] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  122.673177][ T3307] ==================================================================
[  122.678584][ T3307] BUG: KASAN: slab-use-after-free in binderfs_evict_inode+0xe8/0x114
[  122.679554][ T3307] Write at addr faf0000006f00d88 by task syz-executor/3307
[  122.679874][ T3307] Pointer tag: [fa], memory tag: [fe]
[  122.680028][ T3307] 
[  122.680700][ T3307] CPU: 0 UID: 0 PID: 3307 Comm: syz-executor Not tainted 6.15.0-syzkaller-07774-g90b83efa6701 #0 PREEMPT 
[  122.681058][ T3307] Hardware name: linux,dummy-virt (DT)
[  122.681279][ T3307] Call trace:
[  122.681505][ T3307]  show_stack+0x18/0x24 (C)
[  122.681797][ T3307]  dump_stack_lvl+0x78/0x90
[  122.681962][ T3307]  print_report+0x108/0x630
[  122.682085][ T3307]  kasan_report+0x88/0xac
[  122.682201][ T3307]  __do_kernel_fault+0x170/0x1c8
[  122.682364][ T3307]  do_tag_check_fault+0x78/0x8c
[  122.682510][ T3307]  do_mem_abort+0x44/0x94
[  122.682632][ T3307]  el1_abort+0x40/0x60
[  122.682753][ T3307]  el1h_64_sync_handler+0xa4/0x120
[  122.682869][ T3307]  el1h_64_sync+0x6c/0x70
[  122.683060][ T3307]  binderfs_evict_inode+0xe8/0x114 (P)
[  122.683185][ T3307]  evict+0xec/0x240
[  122.683304][ T3307]  iput+0xfc/0x1b8
[  122.683419][ T3307]  dentry_unlink_inode+0xc0/0x188
[  122.683538][ T3307]  __dentry_kill+0x7c/0x1d4
[  122.683660][ T3307]  shrink_dentry_list+0x74/0xe4
[  122.683778][ T3307]  shrink_dcache_parent+0xcc/0x14c
[  122.683896][ T3307]  shrink_dcache_for_umount+0x3c/0x1c8
[  122.684014][ T3307]  generic_shutdown_super+0x24/0x100
[  122.684130][ T3307]  kill_anon_super+0x20/0x90
[  122.684245][ T3307]  kill_litter_super+0x28/0x38
[  122.684361][ T3307]  binderfs_kill_super+0x18/0x40
[  122.684479][ T3307]  deactivate_locked_super+0x50/0x12c
[  122.684595][ T3307]  deactivate_super+0x84/0x9c
[  122.684740][ T3307]  cleanup_mnt+0xf4/0x184
[  122.684860][ T3307]  __cleanup_mnt+0x14/0x20
[  122.684977][ T3307]  task_work_run+0x78/0xd4
[  122.685096][ T3307]  do_exit+0x2c8/0x944
[  122.685213][ T3307]  do_group_exit+0x34/0x90
[  122.685328][ T3307]  copy_siginfo_to_user+0x0/0xec
[  122.685447][ T3307]  do_signal+0xf0/0x3ec
[  122.685563][ T3307]  do_notify_resume+0xe0/0x16c
[  122.685684][ T3307]  el0_svc+0xc4/0x124
[  122.685804][ T3307]  el0t_64_sync_handler+0x10c/0x138
[  122.685919][ T3307]  el0t_64_sync+0x1a4/0x1a8
[  122.686178][ T3307] 
[  122.688198][ T3307] Freed by task 3308:
[  122.688457][ T3307]  kasan_save_stack+0x3c/0x64
[  122.688756][ T3307]  save_stack_info+0x40/0x158
[  122.688923][ T3307]  kasan_save_free_info+0x18/0x24
[  122.689084][ T3307]  __kasan_slab_free+0x74/0x8c
[  122.689250][ T3307]  kfree+0xfc/0x30c
[  122.689457][ T3307]  binderfs_evict_inode+0x100/0x114
[  122.689629][ T3307]  evict+0xec/0x240
[  122.689790][ T3307]  iput+0xfc/0x1b8
[  122.689949][ T3307]  dentry_unlink_inode+0xc0/0x188
[  122.690111][ T3307]  __dentry_kill+0x7c/0x1d4
[  122.690273][ T3307]  shrink_dentry_list+0x74/0xe4
[  122.690436][ T3307]  shrink_dcache_parent+0xcc/0x14c
[  122.690599][ T3307]  shrink_dcache_for_umount+0x3c/0x1c8
[  122.690767][ T3307]  generic_shutdown_super+0x24/0x100
[  122.690928][ T3307]  kill_anon_super+0x20/0x90
[  122.691087][ T3307]  kill_litter_super+0x28/0x38
[  122.691247][ T3307]  binderfs_kill_super+0x18/0x40
[  122.691410][ T3307]  deactivate_locked_super+0x50/0x12c
[  122.691570][ T3307]  deactivate_super+0x84/0x9c
[  122.691780][ T3307]  cleanup_mnt+0xf4/0x184
[  122.691959][ T3307]  __cleanup_mnt+0x14/0x20
[  122.692123][ T3307]  task_work_run+0x78/0xd4
[  122.692288][ T3307]  do_exit+0x2c8/0x944
[  122.692448][ T3307]  do_group_exit+0x34/0x90
[  122.692607][ T3307]  copy_siginfo_to_user+0x0/0xec
[  122.692796][ T3307]  do_signal+0xf0/0x3ec
[  122.692956][ T3307]  do_notify_resume+0xe0/0x16c
[  122.693118][ T3307]  el0_svc+0xc4/0x124
[  122.693284][ T3307]  el0t_64_sync_handler+0x10c/0x138
[  122.693450][ T3307]  el0t_64_sync+0x1a4/0x1a8
[  122.693663][ T3307] 
[  122.693803][ T3307] The buggy address belongs to the object at fff0000006f00d80
[  122.693803][ T3307]  which belongs to the cache kmalloc-192 of size 192
[  122.694009][ T3307] The buggy address is located 8 bytes inside of
[  122.694009][ T3307]  192-byte region [fff0000006f00d80, fff0000006f00e40)
[  122.694190][ T3307] 
[  122.694441][ T3307] The buggy address belongs to the physical page:
[  122.694693][ T3307] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfcf0000006f003c0 pfn:0x46f00
[  122.695081][ T3307] anon flags: 0x1ffc00000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x0)
[  122.695496][ T3307] page_type: f5(slab)
[  122.695944][ T3307] raw: 01ffc00000000000 f8f0000003001300 0000000000000000 0000000000000001
[  122.696138][ T3307] raw: fcf0000006f003c0 000000000015000c 00000000f5000000 0000000000000000
[  122.696343][ T3307] page dumped because: kasan: bad access detected
[  122.696487][ T3307] 
[  122.696625][ T3307] Memory state around the buggy address:
[  122.697009][ T3307]  fff0000006f00b00: f0 f0 f0 f0 fc fc fc fc fc fc fc fc fc fc fc fc
[  122.697274][ T3307]  fff0000006f00c00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  122.697449][ T3307] >fff0000006f00d00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  122.697644][ T3307]                                            ^
[  122.697842][ T3307]  fff0000006f00e00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  122.697993][ T3307]  fff0000006f00f00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  122.698169][ T3307] ==================================================================
[  122.700023][ T3307] Disabling lock debugging due to kernel taint
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)

VM DIAGNOSIS:
05:54:28  Registers:
info registers vcpu 0

CPU#0
 PC=ffff800080716c0c X00=ffff800082cd1000 X01=ffff800080716bd0
X02=f1f00000056e0c00 X03=00000000ffffbaa2 X04=009fb16f39f8a4b6
X05=e0106667d81c7517 X06=b241aed8cb754989 X07=ed2737f37d107207
X08=fff000007f8d1fc8 X09=ffff800082a82c68 X10=0000000000000000
X11=ffff80008309be10 X12=ffff8000829cfd08 X13=ffff80008309bb7d
X14=ffff80008309bb88 X15=ffff80008309b9f0 X16=ffff800080000000
X17=fff07ffffd002000 X18=00000000ffffffff X19=f5f00000055f6680
X20=0000000000000056 X21=f4f00000057acc30 X22=f1f00000056e0c30
X23=ffff8000828cfdc0 X24=ffff800082a82d58 X25=0000000000000001
X26=f9f00000032b36c0 X27=0000000000000000 X28=f9f00000032b36c0
X29=ffff800080003f20 X30=8c8f80008013bec8  SP=ffff800080003f20
PSTATE=204020c9 --C- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000000000000000 P01=0000000000000000 P02=0000000000000000
P03=0000000000000000 P04=0000000000000000 P05=0000000000000000
P06=0000000000000000 P07=0000000000000000 P08=0000000000000000
P09=0000000000000000 P10=0000000000000000 P11=0000000000000000
P12=0000000000000000 P13=0000000000000000 P14=0000000000000000
P15=0000000000000000 FFR=0000000000000000
Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:000065676e616863:00746e657665752f
Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffff000000000000:ff00000000000000
Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ff000000f0000000
Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00000000ff0000ff
Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:3303330333033303:3303330333033303
Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:bcbcbcc0bcc03003:bcbcbcc0bcc03003
Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000073:0000aaab0fecccb0
Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000074:0000aaab0fec9f90
Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffc1977800:0000ffffc1977800
Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffc19777d0
Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
info registers vcpu 1

CPU#1
 PC=ffff8000800f5cc4 X00=0000000000000000 X01=f6f00000057ea480
X02=0000000000000001 X03=00000016c4ea749e X04=000000015582e408
X05=00000016c5526663 X06=0000000000100000 X07=0000000000000000
X08=f0f0000003400028 X09=ffff80008291a820 X10=ffff80008291a828
X11=0000000000000040 X12=0000000000000000 X13=ffff800082a08ef8
X14=0000000000000004 X15=0000000000000000 X16=0000000000000000
X17=0000000000000000 X18=0000000000000000 X19=fff000007f8ed900
X20=f3f000000457ee00 X21=0000000000000009 X22=f1f0000006185200
X23=0000000000000001 X24=0000000000000005 X25=f3f000000457ee00
X26=0000000000000001 X27=0000000000000000 X28=0000000000000001
X29=ffff800089213900 X30=ffff8000800f5cc4  SP=ffff800089213900
PSTATE=a14020c9 N-C- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000000000000000 P01=0000000000000000 P02=0000000000000000
P03=0000000000000000 P04=0000000000000000 P05=0000000000000000
P06=0000000000000000 P07=0000000000000000 P08=0000000000000000
P09=0000000000000000 P10=0000000000000000 P11=0000000000000000
P12=0000000000000000 P13=0000000000000000 P14=0000000000000000
P15=0000000000000000 FFR=0000000000000000
Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:2525252525252525:2525252525252525
Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:65642f000a732520:7325207334362e25
Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:65725f746e697270:20205d3730333354
Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:000000ff0000ff00:00ff0000000000ff
Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:000f00f00f00000f
Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:2820747269762d79:6d6d75642c78756e
Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:752d62616c73203a:4e4153414b203a47
Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6e6920656572662d:72657466612d6573
Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffc7e59d10:0000ffffc7e59d10
Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffc7e59ce0
Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000