syzbot

 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd0/0x1a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f73ef26e969
==================================================================
BUG: KCSAN: data-race in data_push_tail / vsnprintf

write to 0xffffffff88e2b2df of 32 bytes by task 7776 on cpu 1:
 vsnprintf+0x2ce/0x890 lib/vsprintf.c:2804
 vscnprintf+0x41/0x90 lib/vsprintf.c:2917
 printk_sprint+0x30/0x2d0 kernel/printk/printk.c:2216
 vprintk_store+0x599/0x860 kernel/printk/printk.c:2336
 vprintk_emit+0x178/0x650 kernel/printk/printk.c:2426
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2465
 vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
 _printk+0x79/0xa0 kernel/printk/printk.c:2475
 set_capacity_and_notify+0x14c/0x1f0 block/genhd.c:93
 loop_set_size+0x2e/0x70 drivers/block/loop.c:210
 loop_configure+0x7ec/0x970 drivers/block/loop.c:1067
 lo_ioctl+0x559/0x15d0 drivers/block/loop.c:-1
 blkdev_ioctl+0x352/0x440 block/ioctl.c:704
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:906 [inline]
 __se_sys_ioctl+0xcb/0x140 fs/ioctl.c:892
 __x64_sys_ioctl+0x43/0x50 fs/ioctl.c:892
 x64_sys_call+0x19a8/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd0/0x1a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffffff88e2b2e0 of 8 bytes by task 7773 on cpu 0:
 data_make_reusable kernel/printk/printk_ringbuffer.c:594 [inline]
 data_push_tail+0xfd/0x420 kernel/printk/printk_ringbuffer.c:679
 data_alloc+0xbf/0x2b0 kernel/printk/printk_ringbuffer.c:1054
 prb_reserve+0x808/0xaf0 kernel/printk/printk_ringbuffer.c:1669
 vprintk_store+0x56d/0x860 kernel/printk/printk.c:2326
 vprintk_emit+0x178/0x650 kernel/printk/printk.c:2426
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2465
 vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
 _printk+0x79/0xa0 kernel/printk/printk.c:2475
 show_ip+0x27/0x40 arch/x86/kernel/dumpstack.c:142
 show_iret_regs+0x12/0x40 arch/x86/kernel/dumpstack.c:149
 __show_regs+0x2a/0x440 arch/x86/kernel/process_64.c:76
 show_regs_if_on_stack arch/x86/kernel/dumpstack.c:167 [inline]
 show_trace_log_lvl+0x423/0x560 arch/x86/kernel/dumpstack.c:300
 __dump_stack+0x1d/0x30 lib/dump_stack.c:94
 dump_stack_lvl+0xe8/0x140 lib/dump_stack.c:120
 dump_stack+0x15/0x1b lib/dump_stack.c:129
 fail_dump lib/fault-inject.c:73 [inline]
 should_fail_ex+0x265/0x280 lib/fault-inject.c:174
 should_failslab+0x8c/0xb0 mm/failslab.c:46
 slab_pre_alloc_hook mm/slub.c:4100 [inline]
 slab_alloc_node mm/slub.c:4176 [inline]
 kmem_cache_alloc_node_noprof+0x57/0x320 mm/slub.c:4248
 __alloc_skb+0x101/0x320 net/core/skbuff.c:658
 alloc_skb include/linux/skbuff.h:1340 [inline]
 alloc_skb_with_frags+0x7d/0x470 net/core/skbuff.c:6639
 sock_alloc_send_pskb+0x43a/0x4f0 net/core/sock.c:2954
 tun_alloc_skb drivers/net/tun.c:1461 [inline]
 tun_get_user+0x8c0/0x24d0 drivers/net/tun.c:1782
 tun_chr_write_iter+0x15e/0x210 drivers/net/tun.c:1984
 new_sync_write fs/read_write.c:591 [inline]
 vfs_write+0x49d/0x8d0 fs/read_write.c:684
 ksys_write+0xda/0x1a0 fs/read_write.c:736
 __do_sys_write fs/read_write.c:747 [inline]
 __se_sys_write fs/read_write.c:744 [inline]
 __x64_sys_write+0x40/0x50 fs/read_write.c:744
 x64_sys_call+0x2cdd/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:2
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd0/0x1a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00000000ffffe660 -> 0x2064657463657465

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 7773 Comm: syz.0.1493 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
==================================================================
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f73ed8b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f73ef496080 RCX: 00007f73ef26e969
RDX: 0000000000000012 RSI: 00002000000005c0 RDI: 0000000000000006
RBP: 00007f73ed8b6090 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 0000000000000000 R14: 00007f73ef496080 R15: 00007ffcab9e5b28
 </TASK>
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	ff c3                	inc    %ebx
   2:	66 2e 0f 1f 84 00 00 	cs nopw 0x0(%rax,%rax,1)
   9:	00 00 00
   c:	0f 1f 40 00          	nopl   0x0(%rax)
  10:	48 89 f8             	mov    %rdi,%rax
  13:	48 89 f7             	mov    %rsi,%rdi
  16:	48 89 d6             	mov    %rdx,%rsi
  19:	48 89 ca             	mov    %rcx,%rdx
  1c:	4d 89 c2             	mov    %r8,%r10
  1f:	4d 89 c8             	mov    %r9,%r8
  22:	4c 8b 4c 24 08       	mov    0x8(%rsp),%r9
  27:	0f 05                	syscall
* 29:	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax <-- trapping instruction
  2f:	73 01                	jae    0x32
  31:	c3                   	ret
  32:	48 c7 c1 a8 ff ff ff 	mov    $0xffffffffffffffa8,%rcx
  39:	f7 d8                	neg    %eax
  3b:	64 89 01             	mov    %eax,%fs:(%rcx)
  3e:	48                   	rex.W