syzbot

 _inline_copy_from_user include/linux/uaccess.h:170 [inline]
 _copy_from_user+0x1c/0xb0 lib/usercopy.c:18
 copy_from_user include/linux/uaccess.h:223 [inline]
 proc_do_submiturb+0x866/0x1d20 drivers/usb/core/devio.c:1676
==================================================================
BUG: KCSAN: data-race in data_push_tail / string

write to 0xffffffff88ec06a0 of 1 bytes by task 2398 on cpu 1:
 string_nocheck lib/vsprintf.c:658 [inline]
 string+0x187/0x220 lib/vsprintf.c:736
 vsnprintf+0x532/0x860 lib/vsprintf.c:2947
 vscnprintf+0x41/0x90 lib/vsprintf.c:3012
 printk_sprint+0x30/0x2d0 kernel/printk/printk.c:2192
 vprintk_store+0x568/0x830 kernel/printk/printk.c:2312
 vprintk_emit+0x15a/0x5c0 kernel/printk/printk.c:2402
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2441
 vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
 _printk+0x79/0xa0 kernel/printk/printk.c:2451
 __netdev_printk+0x310/0x370 net/core/dev.c:12911
 netdev_info+0x9b/0xd0 net/core/dev.c:12958
 bond_uninit+0x1ee/0x330 drivers/net/bonding/bond_main.c:5955
 unregister_netdevice_many_notify+0x1245/0x16d0 net/core/dev.c:12404
 unregister_netdevice_many+0x19/0x20 net/core/dev.c:12446
 ops_exit_rtnl_list net/core/net_namespace.c:187 [inline]
 ops_undo_list+0x213/0x410 net/core/net_namespace.c:248
 cleanup_net+0x2f4/0x520 net/core/net_namespace.c:696
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3340
 worker_thread+0x582/0x770 kernel/workqueue.c:3421
 kthread+0x489/0x510 kernel/kthread.c:463
 ret_from_fork+0x149/0x290 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

read to 0xffffffff88ec06a0 of 8 bytes by task 13781 on cpu 0:
 data_make_reusable kernel/printk/printk_ringbuffer.c:608 [inline]
 data_push_tail+0x100/0x470 kernel/printk/printk_ringbuffer.c:693
 data_alloc+0x11b/0x390 kernel/printk/printk_ringbuffer.c:1089
 prb_reserve+0x8d7/0xad0 kernel/printk/printk_ringbuffer.c:1724
 vprintk_store+0x53c/0x830 kernel/printk/printk.c:2302
 vprintk_emit+0x15a/0x5c0 kernel/printk/printk.c:2402
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2441
 vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
 _printk+0x79/0xa0 kernel/printk/printk.c:2451
 printk_stack_address arch/x86/kernel/dumpstack.c:70 [inline]
 __show_trace_log_lvl+0x4e3/0x560 arch/x86/kernel/dumpstack.c:282
 __dump_stack+0x1d/0x30 lib/dump_stack.c:94
 dump_stack_lvl+0x95/0xd0 lib/dump_stack.c:120
 dump_stack+0x15/0x1b lib/dump_stack.c:129
 fail_dump lib/fault-inject.c:73 [inline]
 should_fail_ex+0x265/0x280 lib/fault-inject.c:174
 should_fail+0xb/0x20 lib/fault-inject.c:184
 should_fail_usercopy+0x1a/0x20 lib/fault-inject-usercopy.c:35
 _inline_copy_from_user include/linux/uaccess.h:170 [inline]
 _copy_from_user+0x1c/0xb0 lib/usercopy.c:18
 copy_from_user include/linux/uaccess.h:223 [inline]
 proc_do_submiturb+0x866/0x1d20 drivers/usb/core/devio.c:1676
 proc_submiturb+0x7b/0xa0 drivers/usb/core/devio.c:2003
 usbdev_do_ioctl drivers/usb/core/devio.c:2703 [inline]
 usbdev_ioctl+0xcb6/0x1700 drivers/usb/core/devio.c:2827
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl+0xce/0x140 fs/ioctl.c:583
 __x64_sys_ioctl+0x43/0x50 fs/ioctl.c:583
 x64_sys_call+0x14b0/0x3000 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xca/0x2b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x0000000100003174 -> 0x52203a29676e6972

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 13781 Comm: syz.4.14730 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================
 proc_submiturb+0x7b/0xa0 drivers/usb/core/devio.c:2003
 usbdev_do_ioctl drivers/usb/core/devio.c:2703 [inline]
 usbdev_ioctl+0xcb6/0x1700 drivers/usb/core/devio.c:2827
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl+0xce/0x140 fs/ioctl.c:583
 __x64_sys_ioctl+0x43/0x50 fs/ioctl.c:583
 x64_sys_call+0x14b0/0x3000 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xca/0x2b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f7fe470f749
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f7fe316f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f7fe4965fa0 RCX: 00007f7fe470f749
RDX: 0000200000000000 RSI: 000000008038550a RDI: 0000000000000005
RBP: 00007f7fe316f090 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007f7fe4966038 R14: 00007f7fe4965fa0 R15: 00007ffc58b7d968
 </TASK>