BUG: Dentry still in use in unmount

soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
------------[ cut here ]------------
BUG: Dentry ffff888121dca300{i=2,n=binder-control}  still in use (1) [unmount of binder binder]
WARNING: fs/dcache.c:1638 at umount_check+0xaa/0x200 fs/dcache.c:1630, CPU#1: syz-executor/304
Modules linked in:
CPU: 1 UID: 0 PID: 304 Comm: syz-executor Not tainted syzkaller #0 PREEMPT  2de019896396298ffdc22f242964aa93cf960186
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:umount_check+0x197/0x200 fs/dcache.c:1630
Code: 20 00 74 08 4c 89 ef e8 a7 74 ee ff 4d 8b 4d 00 49 81 c7 c0 03 00 00 48 8b 7d c8 48 89 de 48 8b 55 d0 48 89 d9 45 89 f0 41 57 <67> 48 0f b9 3a 48 83 c4 08 31 c0 48 83 c4 10 5b 41 5c 41 5d 41 5e
RSP: 0018:ffffc90001b977c8 EFLAGS: 00010286
RAX: 1ffffffff0f864a8 RBX: ffff888121dca300 RCX: ffff888121dca300
RDX: 0000000000000002 RSI: ffff888121dca300 RDI: ffffffff87edb640
RBP: ffffc90001b97808 R08: 0000000000000001 R09: ffffffff8688e0c0
R10: 0000000000000000 R11: ffffffff8214d7d0 R12: dffffc0000000000
R13: ffffffff87c32540 R14: 0000000000000001 R15: ffff8881013453c0
FS:  0000000000000000(0000) GS:ffff88826e3ef000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0144a17da0 CR3: 00000000074ae000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 d_walk+0x2b9/0x4f0 fs/dcache.c:1345
 do_one_tree+0x2e/0x90 fs/dcache.c:1645
 shrink_dcache_for_umount+0x92/0x140 fs/dcache.c:1661
 generic_shutdown_super+0x6a/0x300 fs/super.c:621
 kill_anon_super+0x4b/0x1d0 fs/super.c:1289
 binderfs_kill_super+0x45/0x60 drivers/android/binder/rust_binderfs.c:750
 deactivate_locked_super+0xd0/0x2b0 fs/super.c:474
 deactivate_super+0xb8/0xe0 fs/super.c:507
 cleanup_mnt+0x49e/0x530 fs/namespace.c:1318
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1325
 task_work_run+0x1e7/0x260 kernel/task_work.c:233
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0x7aa/0x2170 kernel/exit.c:971
 do_group_exit+0x214/0x2e0 kernel/exit.c:1112
 get_signal+0x12d2/0x1410 kernel/signal.c:3034
 arch_do_signal_or_restart+0xbb/0x760 arch/x86/kernel/signal.c:337
 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline]
 exit_to_user_mode_loop+0x73/0xd0 kernel/entry/common.c:75
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]
 do_syscall_64+0x13f/0xf80 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f85769560d7
Code: Unable to access opcode bytes at 0x7f85769560ad.
RSP: 002b:00007fff3b30ec70 EFLAGS: 00000202 ORIG_RAX: 0000000000000000
RAX: fffffffffffffe00 RBX: 0000555566179500 RCX: 00007f85769560d7
RDX: 0000000000000030 RSI: 00007fff3b30ed50 RDI: 00000000000000f9
RBP: 00007fff3b30ecfc R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001
R13: 00007f8576bde280 R14: 00000000000061b6 R15: 00007fff3b30ed50
 </TASK>
---[ end trace 0000000000000000 ]---
VFS: Busy inodes after unmount of binder (binder)
------------[ cut here ]------------
kernel BUG at fs/super.c:653!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 0 UID: 0 PID: 304 Comm: syz-executor Tainted: G        W           syzkaller #0 PREEMPT  2de019896396298ffdc22f242964aa93cf960186
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:generic_shutdown_super+0x2f6/0x300 fs/super.c:651
Code: fc ff df 80 3c 08 00 74 08 4c 89 f7 e8 b3 19 f5 ff 49 8b 16 48 81 c3 c0 03 00 00 48 c7 c7 60 7f 3b 86 48 89 de e8 8a 54 16 ff <0f> 0b 0f 1f 84 00 00 00 00 00 b8 00 00 00 00 90 90 90 90 90 90 90
RSP: 0018:ffffc90001b978d8 EFLAGS: 00010246
RAX: 0000000000000031 RBX: ffff8881013453c0 RCX: 4251db28c0548800
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
RBP: ffffc90001b97900 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffffbfff0e9fdcc R12: 0000000000000000
R13: dffffc0000000000 R14: ffffffff87c32540 R15: 1ffff11020268a8d
FS:  0000000000000000(0000) GS:ffff88826e2ef000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0144a16088 CR3: 00000001097dc000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 kill_anon_super+0x4b/0x1d0 fs/super.c:1289
 binderfs_kill_super+0x45/0x60 drivers/android/binder/rust_binderfs.c:750
 deactivate_locked_super+0xd0/0x2b0 fs/super.c:474
 deactivate_super+0xb8/0xe0 fs/super.c:507
 cleanup_mnt+0x49e/0x530 fs/namespace.c:1318
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1325
 task_work_run+0x1e7/0x260 kernel/task_work.c:233
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0x7aa/0x2170 kernel/exit.c:971
 do_group_exit+0x214/0x2e0 kernel/exit.c:1112
 get_signal+0x12d2/0x1410 kernel/signal.c:3034
 arch_do_signal_or_restart+0xbb/0x760 arch/x86/kernel/signal.c:337
 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline]
 exit_to_user_mode_loop+0x73/0xd0 kernel/entry/common.c:75
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]
 do_syscall_64+0x13f/0xf80 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f85769560d7
Code: Unable to access opcode bytes at 0x7f85769560ad.
RSP: 002b:00007fff3b30ec70 EFLAGS: 00000202 ORIG_RAX: 0000000000000000
RAX: fffffffffffffe00 RBX: 0000555566179500 RCX: 00007f85769560d7
RDX: 0000000000000030 RSI: 00007fff3b30ed50 RDI: 00000000000000f9
RBP: 00007fff3b30ecfc R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001
R13: 00007f8576bde280 R14: 00000000000061b6 R15: 00007fff3b30ed50
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:generic_shutdown_super+0x2f6/0x300 fs/super.c:651
Code: fc ff df 80 3c 08 00 74 08 4c 89 f7 e8 b3 19 f5 ff 49 8b 16 48 81 c3 c0 03 00 00 48 c7 c7 60 7f 3b 86 48 89 de e8 8a 54 16 ff <0f> 0b 0f 1f 84 00 00 00 00 00 b8 00 00 00 00 90 90 90 90 90 90 90
RSP: 0018:ffffc90001b978d8 EFLAGS: 00010246

RAX: 0000000000000031 RBX: ffff8881013453c0 RCX: 4251db28c0548800
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
RBP: ffffc90001b97900 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffffbfff0e9fdcc R12: 0000000000000000
R13: dffffc0000000000 R14: ffffffff87c32540 R15: 1ffff11020268a8d
FS:  0000000000000000(0000) GS:ffff88826e2ef000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0144a16088 CR3: 000000010a35c000 CR4: 00000000003526b0
----------------
Code disassembly (best guess):
   0:	20 00                	and    %al,(%rax)
   2:	74 08                	je     0xc
   4:	4c 89 ef             	mov    %r13,%rdi
   7:	e8 a7 74 ee ff       	call   0xffee74b3
   c:	4d 8b 4d 00          	mov    0x0(%r13),%r9
  10:	49 81 c7 c0 03 00 00 	add    $0x3c0,%r15
  17:	48 8b 7d c8          	mov    -0x38(%rbp),%rdi
  1b:	48 89 de             	mov    %rbx,%rsi
  1e:	48 8b 55 d0          	mov    -0x30(%rbp),%rdx
  22:	48 89 d9             	mov    %rbx,%rcx
  25:	45 89 f0             	mov    %r14d,%r8d
  28:	41 57                	push   %r15
* 2a:	67 48 0f b9 3a       	ud1    (%edx),%rdi <-- trapping instruction
  2f:	48 83 c4 08          	add    $0x8,%rsp
  33:	31 c0                	xor    %eax,%eax
  35:	48 83 c4 10          	add    $0x10,%rsp
  39:	5b                   	pop    %rbx
  3a:	41 5c                	pop    %r12
  3c:	41 5d                	pop    %r13
  3e:	41 5e                	pop    %r14


Warning: Permanently added '10.128.0.168' (ED25519) to the list of known hosts.
2026/01/26 17:26:38 parsed 1 programs
[   22.851495][   T36] audit: type=1400 audit(1769448398.920:61): avc:  denied  { node_bind } for  pid=292 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   23.724258][   T36] audit: type=1400 audit(1769448399.790:62): avc:  denied  { mounton } for  pid=298 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   23.748034][   T36] audit: type=1400 audit(1769448399.820:63): avc:  denied  { mount } for  pid=298 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   23.749100][  T298] cgroup: Unknown subsys name 'net'
[   23.776614][   T36] audit: type=1400 audit(1769448399.840:64): avc:  denied  { unmount } for  pid=298 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   23.776742][  T298] cgroup: Unknown subsys name 'devices'
[   23.880196][  T298] cgroup: Unknown subsys name 'hugetlb'
[   23.885890][  T298] cgroup: Unknown subsys name 'rlimit'
[   24.030036][  T298] cpuset.memory_pressure_enabled is deprecated, use memory.pressure with CONFIG_PSI instead
[   24.053147][   T36] audit: type=1400 audit(1769448400.120:65): avc:  denied  { setattr } for  pid=298 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=189 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   24.076821][   T36] audit: type=1400 audit(1769448400.120:66): avc:  denied  { create } for  pid=298 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   24.097613][   T36] audit: type=1400 audit(1769448400.120:67): avc:  denied  { write } for  pid=298 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   24.118055][   T36] audit: type=1400 audit(1769448400.120:68): avc:  denied  { read } for  pid=298 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   24.125977][  T302] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   24.138565][   T36] audit: type=1400 audit(1769448400.120:69): avc:  denied  { sys_module } for  pid=298 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   24.167962][   T36] audit: type=1400 audit(1769448400.120:70): avc:  denied  { mounton } for  pid=298 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   24.240412][  T298] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   25.017233][  T304] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   25.065127][  T304] ------------[ cut here ]------------
[   25.070697][  T304] BUG: Dentry ffff888121dca300{i=2,n=binder-control}  still in use (1) [unmount of binder binder]
[   25.081653][  T304] WARNING: fs/dcache.c:1638 at umount_check+0xaa/0x200, CPU#1: syz-executor/304
[   25.090899][  T304] Modules linked in:
[   25.095196][  T304] CPU: 1 UID: 0 PID: 304 Comm: syz-executor Not tainted syzkaller #0 PREEMPT  2de019896396298ffdc22f242964aa93cf960186
[   25.108064][  T304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   25.118399][  T304] RIP: 0010:umount_check+0x197/0x200
[   25.123822][  T304] Code: 20 00 74 08 4c 89 ef e8 a7 74 ee ff 4d 8b 4d 00 49 81 c7 c0 03 00 00 48 8b 7d c8 48 89 de 48 8b 55 d0 48 89 d9 45 89 f0 41 57 <67> 48 0f b9 3a 48 83 c4 08 31 c0 48 83 c4 10 5b 41 5c 41 5d 41 5e
[   25.143984][  T304] RSP: 0018:ffffc90001b977c8 EFLAGS: 00010286
[   25.150972][  T304] RAX: 1ffffffff0f864a8 RBX: ffff888121dca300 RCX: ffff888121dca300
[   25.159775][  T304] RDX: 0000000000000002 RSI: ffff888121dca300 RDI: ffffffff87edb640
[   25.168596][  T304] RBP: ffffc90001b97808 R08: 0000000000000001 R09: ffffffff8688e0c0
[   25.177136][  T304] R10: 0000000000000000 R11: ffffffff8214d7d0 R12: dffffc0000000000
[   25.186113][  T304] R13: ffffffff87c32540 R14: 0000000000000001 R15: ffff8881013453c0
[   25.194753][  T304] FS:  0000000000000000(0000) GS:ffff88826e3ef000(0000) knlGS:0000000000000000
[   25.204544][  T304] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   25.211890][  T304] CR2: 00007f0144a17da0 CR3: 00000000074ae000 CR4: 00000000003526b0
[   25.220063][  T304] Call Trace:
[   25.223439][  T304]  <TASK>
[   25.226944][  T304]  d_walk+0x2b9/0x4f0
[   25.231745][  T304]  ? __cfi_umount_check+0x10/0x10
[   25.237512][  T304]  do_one_tree+0x2e/0x90
[   25.243558][  T304]  shrink_dcache_for_umount+0x92/0x140
[   25.250975][  T304]  generic_shutdown_super+0x6a/0x300
[   25.257637][  T304]  kill_anon_super+0x4b/0x1d0
[   25.263011][  T304]  binderfs_kill_super+0x45/0x60
[   25.268472][  T304]  deactivate_locked_super+0xd0/0x2b0
[   25.273910][  T304]  deactivate_super+0xb8/0xe0
[   25.278957][  T304]  cleanup_mnt+0x49e/0x530
[   25.283701][  T304]  __cleanup_mnt+0x1d/0x40
[   25.288322][  T304]  task_work_run+0x1e7/0x260
[   25.292988][  T304]  ? __cfi_task_work_run+0x10/0x10
[   25.298564][  T304]  ? nsproxy_free+0x2aa/0x300
[   25.303493][  T304]  ? switch_task_namespaces+0xbb/0x100
[   25.309208][  T304]  do_exit+0x7aa/0x2170
[   25.313610][  T304]  ? __cfi_do_exit+0x10/0x10
[   25.318295][  T304]  ? __cfi_anon_pipe_read+0x10/0x10
[   25.323529][  T304]  ? __cfi_autoremove_wake_function+0x10/0x10
[   25.329951][  T304]  ? __kasan_check_write+0x18/0x20
[   25.335459][  T304]  ? _raw_spin_lock_irq+0x92/0x120
[   25.341283][  T304]  ? __cfi__raw_spin_lock_irq+0x10/0x10
[   25.347039][  T304]  do_group_exit+0x214/0x2e0
[   25.351918][  T304]  ? __kasan_check_write+0x18/0x20
[   25.357364][  T304]  get_signal+0x12d2/0x1410
[   25.362254][  T304]  arch_do_signal_or_restart+0xbb/0x760
[   25.367967][  T304]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[   25.374564][  T304]  ? ksys_read+0x1f9/0x260
[   25.379174][  T304]  exit_to_user_mode_loop+0x73/0xd0
[   25.384805][  T304]  do_syscall_64+0x13f/0xf80
[   25.389692][  T304]  ? clear_bhb_loop+0x50/0xa0
[   25.394745][  T304]  ? clear_bhb_loop+0x50/0xa0
[   25.399598][  T304]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   25.406043][  T304] RIP: 0033:0x7f85769560d7
[   25.410627][  T304] Code: Unable to access opcode bytes at 0x7f85769560ad.
[   25.418860][  T304] RSP: 002b:00007fff3b30ec70 EFLAGS: 00000202 ORIG_RAX: 0000000000000000
[   25.427741][  T304] RAX: fffffffffffffe00 RBX: 0000555566179500 RCX: 00007f85769560d7
[   25.435903][  T304] RDX: 0000000000000030 RSI: 00007fff3b30ed50 RDI: 00000000000000f9
[   25.444319][  T304] RBP: 00007fff3b30ecfc R08: 0000000000000000 R09: 0000000000000000
[   25.452787][  T304] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001
[   25.461618][  T304] R13: 00007f8576bde280 R14: 00000000000061b6 R15: 00007fff3b30ed50
[   25.469967][  T304]  </TASK>
[   25.473596][  T304] ---[ end trace 0000000000000000 ]---
[   25.479591][  T304] VFS: Busy inodes after unmount of binder (binder)
[   25.479801][  T304] ------------[ cut here ]------------
[   25.492803][  T304] kernel BUG at fs/super.c:653!
[   25.493343][  T308] ------------[ cut here ]------------
[   25.498718][  T304] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[   25.503439][  T308] BUG: Dentry ffff888121d4b000{i=2,n=binder-control}  still in use (1) [unmount of binder binder]
[   25.509882][  T304] CPU: 0 UID: 0 PID: 304 Comm: syz-executor Tainted: G        W           syzkaller #0 PREEMPT  2de019896396298ffdc22f242964aa93cf960186
[   25.509908][  T304] Tainted: [W]=WARN
[   25.509914][  T304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   25.509924][  T304] RIP: 0010:generic_shutdown_super+0x2f6/0x300
[   25.521030][  T308] WARNING: fs/dcache.c:1638 at umount_check+0xaa/0x200, CPU#1: syz-executor/308
[   25.535632][  T304] Code: fc ff df 80 3c 08 00 74 08 4c 89 f7 e8 b3 19 f5 ff 49 8b 16 48 81 c3 c0 03 00 00 48 c7 c7 60 7f 3b 86 48 89 de e8 8a 54 16 ff <0f> 0b 0f 1f 84 00 00 00 00 00 b8 00 00 00 00 90 90 90 90 90 90 90
[   25.535660][  T304] RSP: 0018:ffffc90001b978d8 EFLAGS: 00010246
[   25.535676][  T304] RAX: 0000000000000031 RBX: ffff8881013453c0 RCX: 4251db28c0548800
[   25.535688][  T304] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[   25.539707][  T308] Modules linked in:
[   25.550082][  T304] RBP: ffffc90001b97900 R08: 0000000000000003 R09: 0000000000000004
[   25.550108][  T304] R10: dffffc0000000000 R11: fffffbfff0e9fdcc R12: 0000000000000000
[   25.550118][  T304] R13: dffffc0000000000 R14: ffffffff87c32540 R15: 1ffff11020268a8d
[   25.550127][  T304] FS:  0000000000000000(0000) GS:ffff88826e2ef000(0000) knlGS:0000000000000000
[   25.550140][  T304] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   25.550149][  T304] CR2: 00007f0144a16088 CR3: 00000001097dc000 CR4: 00000000003526b0
[   25.550162][  T304] Call Trace:
[   25.550169][  T304]  <TASK>
[   25.550177][  T304]  kill_anon_super+0x4b/0x1d0
[   25.550200][  T304]  binderfs_kill_super+0x45/0x60
[   25.557449][  T308] 
[   25.557472][  T308] CPU: 1 UID: 10999 PID: 308 Comm: syz-executor Tainted: G        W           syzkaller #0 PREEMPT  2de019896396298ffdc22f242964aa93cf960186
[   25.566751][  T304]  deactivate_locked_super+0xd0/0x2b0
[   25.566794][  T304]  deactivate_super+0xb8/0xe0
[   25.566814][  T304]  cleanup_mnt+0x49e/0x530
[   25.586933][  T308] Tainted: [W]=WARN
[   25.593212][  T304]  __cleanup_mnt+0x1d/0x40
[   25.593255][  T304]  task_work_run+0x1e7/0x260
[   25.601454][  T308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   25.609383][  T304]  ? __cfi_task_work_run+0x10/0x10
[   25.609412][  T304]  ? nsproxy_free+0x2aa/0x300
[   25.613295][  T308] RIP: 0010:umount_check+0x197/0x200
[   25.621511][  T304]  ? switch_task_namespaces+0xbb/0x100
[   25.621534][  T304]  do_exit+0x7aa/0x2170
[   25.630239][  T308] Code: 20 00 74 08 4c 89 ef e8 a7 74 ee ff 4d 8b 4d 00 49 81 c7 c0 03 00 00 48 8b 7d c8 48 89 de 48 8b 55 d0 48 89 d9 45 89 f0 41 57 <67> 48 0f b9 3a 48 83 c4 08 31 c0 48 83 c4 10 5b 41 5c 41 5d 41 5e
[   25.638870][  T304]  ? __cfi_do_exit+0x10/0x10
[   25.638908][  T304]  ? __cfi_anon_pipe_read+0x10/0x10
[   25.638926][  T304]  ? __cfi_autoremove_wake_function+0x10/0x10
[   25.648128][  T308] RSP: 0018:ffffc900013479e8 EFLAGS: 00010286
[   25.655255][  T304]  ? __kasan_check_write+0x18/0x20
[   25.655296][  T304]  ? _raw_spin_lock_irq+0x92/0x120
[   25.655314][  T304]  ? __cfi__raw_spin_lock_irq+0x10/0x10
[   25.663513][  T308] 
[   25.666871][  T304]  do_group_exit+0x214/0x2e0
[   25.670100][  T308] RAX: 1ffffffff0f864a8 RBX: ffff888121d4b000 RCX: ffff888121d4b000
[   25.675530][  T304]  ? __kasan_check_write+0x18/0x20
[   25.681758][  T308] RDX: 0000000000000002 RSI: ffff888121d4b000 RDI: ffffffff87edb640
[   25.684133][  T304]  get_signal+0x12d2/0x1410
[   25.699342][  T308] RBP: ffffc90001347a28 R08: 0000000000000001 R09: ffffffff8688e0c0
[   25.705302][  T304]  arch_do_signal_or_restart+0xbb/0x760
[   25.710075][  T308] R10: 0000000000000000 R11: ffffffff8214d7d0 R12: dffffc0000000000
[   25.714526][  T304]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[   25.718666][  T308] R13: ffffffff87c32540 R14: 0000000000000001 R15: ffff88812d96d3c0
[   25.723271][  T304]  ? ksys_read+0x1f9/0x260
[   25.728410][  T308] FS:  0000000000000000(0000) GS:ffff88826e3ef000(0000) knlGS:0000000000000000
[   25.741246][  T304]  exit_to_user_mode_loop+0x73/0xd0
[   25.741286][  T304]  do_syscall_64+0x13f/0xf80
[   25.747214][  T308] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   25.747232][  T308] CR2: 00007f0144a17da0 CR3: 00000000074ae000 CR4: 00000000003526b0
[   25.747246][  T308] Call Trace:
[   25.747253][  T308]  <TASK>
[   25.747261][  T308]  d_walk+0x2b9/0x4f0
[   25.747280][  T308]  ? __cfi_umount_check+0x10/0x10
[   25.752576][  T304]  ? clear_bhb_loop+0x50/0xa0
[   25.752606][  T304]  ? clear_bhb_loop+0x50/0xa0
[   25.752623][  T304]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   25.759209][  T308]  do_one_tree+0x2e/0x90
[   25.765094][  T304] RIP: 0033:0x7f85769560d7
[   25.769996][  T308]  shrink_dcache_for_umount+0x92/0x140
[   25.792824][  T304] Code: Unable to access opcode bytes at 0x7f85769560ad.
[   25.792842][  T304] RSP: 002b:00007fff3b30ec70 EFLAGS: 00000202 ORIG_RAX: 0000000000000000
[   25.792859][  T304] RAX: fffffffffffffe00 RBX: 0000555566179500 RCX: 00007f85769560d7
[   25.792871][  T304] RDX: 0000000000000030 RSI: 00007fff3b30ed50 RDI: 00000000000000f9
[   25.798104][  T308]  generic_shutdown_super+0x6a/0x300
[   25.804148][  T304] RBP: 00007fff3b30ecfc R08: 0000000000000000 R09: 0000000000000000
[   25.804159][  T304] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001
[   25.804168][  T304] R13: 00007f8576bde280 R14: 00000000000061b6 R15: 00007fff3b30ed50
[   25.804183][  T304]  </TASK>
[   25.810877][  T308]  kill_anon_super+0x4b/0x1d0
[   25.817102][  T304] Modules linked in:
[   25.822309][  T308]  binderfs_kill_super+0x45/0x60
[   25.827623][  T304] ---[ end trace 0000000000000000 ]---
[   25.833118][  T308]  deactivate_locked_super+0xd0/0x2b0
[   25.838683][  T304] RIP: 0010:generic_shutdown_super+0x2f6/0x300
[   25.840070][  T308]  deactivate_super+0xb8/0xe0
[   25.848486][  T304] Code: fc ff df 80 3c 08 00 74 08 4c 89 f7 e8 b3 19 f5 ff 49 8b 16 48 81 c3 c0 03 00 00 48 c7 c7 60 7f 3b 86 48 89 de e8 8a 54 16 ff <0f> 0b 0f 1f 84 00 00 00 00 00 b8 00 00 00 00 90 90 90 90 90 90 90
[   25.853487][  T308]  cleanup_mnt+0x49e/0x530
[   25.861692][  T304] RSP: 0018:ffffc90001b978d8 EFLAGS: 00010246
[   25.866255][  T308]  __cleanup_mnt+0x1d/0x40
[   25.874732][  T304] 
[   25.880087][  T308]  task_work_run+0x1e7/0x260
[   25.889012][  T304] RAX: 0000000000000031 RBX: ffff8881013453c0 RCX: 4251db28c0548800
[   25.895075][  T308]  ? __cfi_task_work_run+0x10/0x10
[   25.903598][  T304] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[   25.907793][  T308]  ? nsproxy_free+0x2aa/0x300
[   25.917461][  T304] RBP: ffffc90001b97900 R08: 0000000000000003 R09: 0000000000000004
[   25.922588][  T308]  ? switch_task_namespaces+0xbb/0x100
[   25.927260][  T304] R10: dffffc0000000000 R11: fffffbfff0e9fdcc R12: 0000000000000000
[   25.933844][  T308]  do_exit+0x7aa/0x2170
[   25.933867][  T308]  ? __cfi_do_exit+0x10/0x10
[   25.941833][  T304] R13: dffffc0000000000 R14: ffffffff87c32540 R15: 1ffff11020268a8d
[   25.945100][  T308]  ? __kasan_check_write+0x18/0x20
[   25.948102][  T304] FS:  0000000000000000(0000) GS:ffff88826e2ef000(0000) knlGS:0000000000000000
[   25.952085][  T308]  ? __cfi__raw_spin_lock_irq+0x10/0x10
[   25.957072][  T304] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   25.961771][  T308]  ? __kasan_check_write+0x18/0x20
[   25.966422][  T304] CR2: 00007f0144a16088 CR3: 000000010a35c000 CR4: 00000000003526b0
[   25.972316][  T308]  ? zap_other_threads+0x334/0x370
[   25.972335][  T308]  do_group_exit+0x214/0x2e0
[   25.977316][  T304] Kernel panic - not syncing: Fatal exception
[   25.982213][  T304] Kernel Offset: disabled


syzkaller build log:
go env (err=<nil>)
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build3369241678=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.24.4'
GOWORK=''
PKG_CONFIG='pkg-config'

git status (err=<nil>)
HEAD detached at a4c52dd6fa1
nothing to commit, working tree clean


tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=a4c52dd6fa17ba8bb0a3d6a08de46c61035f693c -X github.com/google/syzkaller/prog.gitRevisionDate=20260126-093024"  ./sys/syz-sysgen | grep -q false || go install -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=a4c52dd6fa17ba8bb0a3d6a08de46c61035f693c -X github.com/google/syzkaller/prog.gitRevisionDate=20260126-093024"  ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=a4c52dd6fa17ba8bb0a3d6a08de46c61035f693c -X github.com/google/syzkaller/prog.gitRevisionDate=20260126-093024"  -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
	-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include   -DGOOS_linux=1 -DGOARCH_amd64=1 \
	-DHOSTGOOS_linux=1 -DGIT_REVISION=\"a4c52dd6fa17ba8bb0a3d6a08de46c61035f693c\"
/usr/bin/ld: /tmp/ccNhNxcs.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x386): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./tools/check-syzos.sh 2>/dev/null