loop2: detected capacity change from 0 to 512 ================================================================== BUG: KCSAN: data-race in __bpf_get_stackid / __bpf_get_stackid write to 0xffff888158b5b248 of 4 bytes by interrupt on cpu 0: __bpf_get_stackid+0x76b/0x800 kernel/bpf/stackmap.c:291 ____bpf_get_stackid kernel/bpf/stackmap.c:324 [inline] bpf_get_stackid+0xef/0x120 kernel/bpf/stackmap.c:300 ____bpf_get_stackid_raw_tp kernel/trace/bpf_trace.c:1628 [inline] bpf_get_stackid_raw_tp+0xf6/0x120 kernel/trace/bpf_trace.c:1617 bpf_prog_53f0063d4d7f65ce+0x2a/0x32 bpf_dispatcher_nop_func include/linux/bpf.h:1350 [inline] __bpf_prog_run include/linux/filter.h:721 [inline] bpf_prog_run include/linux/filter.h:728 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2075 [inline] bpf_trace_run2+0x107/0x1c0 kernel/trace/bpf_trace.c:2116 __do_trace_kfree include/trace/events/kmem.h:97 [inline] trace_kfree include/trace/events/kmem.h:97 [inline] kfree+0x351/0x400 mm/slub.c:6836 vlan_group_free net/8021q/vlan_core.c:135 [inline] vlan_info_free net/8021q/vlan_core.c:140 [inline] vlan_info_rcu_free+0xee/0x160 net/8021q/vlan_core.c:146 rcu_do_batch kernel/rcu/tree.c:2605 [inline] rcu_core+0x5d7/0xc60 kernel/rcu/tree.c:2857 rcu_core_si+0xd/0x20 kernel/rcu/tree.c:2874 handle_softirqs+0xba/0x290 kernel/softirq.c:622 do_softirq+0x5d/0x90 kernel/softirq.c:523 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450 local_bh_enable include/linux/bottom_half.h:33 [inline] srcu_invoke_callbacks+0x16c/0x250 kernel/rcu/srcutree.c:1818 process_one_work kernel/workqueue.c:3263 [inline] process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3346 worker_thread+0x582/0x770 kernel/workqueue.c:3427 kthread+0x489/0x510 kernel/kthread.c:463 ret_from_fork+0x13f/0x270 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 read to 0xffff888158b5b248 of 4 bytes by task 16378 on cpu 1: __bpf_get_stackid+0x287/0x800 kernel/bpf/stackmap.c:249 ____bpf_get_stackid kernel/bpf/stackmap.c:324 [inline] bpf_get_stackid+0xef/0x120 kernel/bpf/stackmap.c:300 ____bpf_get_stackid_raw_tp kernel/trace/bpf_trace.c:1628 [inline] bpf_get_stackid_raw_tp+0xf6/0x120 kernel/trace/bpf_trace.c:1617 bpf_prog_53f0063d4d7f65ce+0x2a/0x32 bpf_dispatcher_nop_func include/linux/bpf.h:1350 [inline] __bpf_prog_run include/linux/filter.h:721 [inline] bpf_prog_run include/linux/filter.h:728 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2075 [inline] bpf_trace_run2+0x107/0x1c0 kernel/trace/bpf_trace.c:2116 __do_trace_kfree include/trace/events/kmem.h:97 [inline] trace_kfree include/trace/events/kmem.h:97 [inline] kfree+0x351/0x400 mm/slub.c:6836 vfs_parse_fs_qstr fs/fs_context.c:188 [inline] vfs_parse_fs_string include/linux/fs_context.h:142 [inline] vfs_parse_monolithic_sep+0x1af/0x220 fs/fs_context.c:227 generic_parse_monolithic+0x24/0x30 fs/fs_context.c:255 parse_monolithic_mount_data+0x46/0x60 fs/fs_context.c:720 do_new_mount+0x216/0x6a0 fs/namespace.c:3708 path_mount+0x4ab/0xb80 fs/namespace.c:4022 do_mount fs/namespace.c:4035 [inline] __do_sys_mount fs/namespace.c:4224 [inline] __se_sys_mount+0x28c/0x2e0 fs/namespace.c:4201 __x64_sys_mount+0x67/0x80 fs/namespace.c:4201 x64_sys_call+0x2cca/0x3000 arch/x86/include/generated/asm/syscalls_64.h:166 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd8/0x2a0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f value changed: 0xf5250d87 -> 0x81ed89f9 Reported by Kernel Concurrency Sanitizer on: CPU: 1 UID: 0 PID: 16378 Comm: syz.2.4498 Tainted: G W syzkaller #0 PREEMPT(voluntary) Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 ================================================================== EXT4-fs: Ignoring removed nomblk_io_submit option EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem EXT4-fs (loop2): invalid journal inode EXT4-fs (loop2): can't get journal size EXT4-fs (loop2): 1 truncate cleaned up EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.