================================================================== BUG: KCSAN: data-race in data_alloc / prb_reserve write to 0xffffffff86883d08 of 8 bytes by task 24323 on cpu 0: data_alloc+0x27d/0x2b0 kernel/printk/printk_ringbuffer.c:1096 prb_reserve+0x808/0xaf0 kernel/printk/printk_ringbuffer.c:1669 vprintk_store+0x56d/0x860 kernel/printk/printk.c:2299 vprintk_emit+0x10d/0x580 kernel/printk/printk.c:2399 vprintk_default+0x26/0x30 kernel/printk/printk.c:2438 vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82 _printk+0x79/0xa0 kernel/printk/printk.c:2448 _fat_msg+0xa4/0xd0 fs/fat/misc.c:62 __fat_fs_error+0x178/0x1d0 fs/fat/misc.c:31 fat_ent_read+0x55d/0x5c0 fs/fat/fatent.c:359 fat_get_cluster+0x4b2/0x7b0 fs/fat/cache.c:266 fat_bmap_cluster fs/fat/cache.c:299 [inline] fat_get_mapped_cluster+0xe4/0x240 fs/fat/cache.c:320 fat_bmap+0x254/0x280 fs/fat/cache.c:384 __fat_get_block fs/fat/inode.c:128 [inline] fat_get_block+0xd3/0x5e0 fs/fat/inode.c:189 do_mpage_readpage+0x52c/0xe20 fs/mpage.c:222 mpage_readahead+0x196/0x2b0 fs/mpage.c:371 fat_readahead+0x1c/0x30 fs/fat/inode.c:209 read_pages+0xa3/0x480 mm/readahead.c:163 page_cache_ra_unbounded+0x34e/0x450 mm/readahead.c:302 do_page_cache_ra mm/readahead.c:332 [inline] page_cache_ra_order+0x145/0x220 mm/readahead.c:535 do_sync_mmap_readahead+0x315/0x320 mm/filemap.c:3322 filemap_fault+0x333/0xb60 mm/filemap.c:3471 __do_fault+0xbc/0x200 mm/memory.c:5280 do_read_fault mm/memory.c:5698 [inline] do_fault mm/memory.c:5832 [inline] do_pte_missing mm/memory.c:4361 [inline] handle_pte_fault mm/memory.c:6177 [inline] __handle_mm_fault mm/memory.c:6318 [inline] handle_mm_fault+0xf78/0x2be0 mm/memory.c:6487 faultin_page mm/gup.c:1126 [inline] __get_user_pages+0x102a/0x1ed0 mm/gup.c:1428 populate_vma_page_range mm/gup.c:1860 [inline] __mm_populate+0x243/0x3a0 mm/gup.c:1963 mm_populate include/linux/mm.h:3466 [inline] vm_mmap_pgoff+0x232/0x2e0 mm/util.c:585 ksys_mmap_pgoff+0x268/0x310 mm/mmap.c:604 x64_sys_call+0x14a3/0x3000 arch/x86/include/generated/asm/syscalls_64.h:10 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f read to 0xffffffff86883d08 of 8 bytes by task 24345 on cpu 1: desc_read kernel/printk/printk_ringbuffer.c:482 [inline] desc_push_tail kernel/printk/printk_ringbuffer.c:778 [inline] desc_reserve kernel/printk/printk_ringbuffer.c:924 [inline] prb_reserve+0x221/0xaf0 kernel/printk/printk_ringbuffer.c:1619 vprintk_store+0x56d/0x860 kernel/printk/printk.c:2299 vprintk_emit+0x10d/0x580 kernel/printk/printk.c:2399 vprintk_default+0x26/0x30 kernel/printk/printk.c:2438 vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82 _printk+0x79/0xa0 kernel/printk/printk.c:2448 parse_opts net/9p/client.c:190 [inline] p9_client_create+0x4d1/0xbc0 net/9p/client.c:1000 v9fs_session_init+0xf7/0xde0 fs/9p/v9fs.c:410 v9fs_mount+0x67/0x5c0 fs/9p/vfs_super.c:122 legacy_get_tree+0x78/0xd0 fs/fs_context.c:663 vfs_get_tree+0x57/0x1d0 fs/super.c:1751 fc_mount fs/namespace.c:1208 [inline] do_new_mount_fc fs/namespace.c:3651 [inline] do_new_mount+0x24d/0x660 fs/namespace.c:3727 path_mount+0x4a5/0xb70 fs/namespace.c:4037 do_mount fs/namespace.c:4050 [inline] __do_sys_mount fs/namespace.c:4238 [inline] __se_sys_mount+0x28c/0x2e0 fs/namespace.c:4215 __x64_sys_mount+0x67/0x80 fs/namespace.c:4215 x64_sys_call+0x2b51/0x3000 arch/x86/include/generated/asm/syscalls_64.h:166 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f value changed: 0x000000000001b838 -> 0x00000000000b6920 Reported by Kernel Concurrency Sanitizer on: CPU: 1 UID: 0 PID: 24345 Comm: syz.1.5363 Not tainted syzkaller #0 PREEMPT(voluntary) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 ================================================================== 9pnet: Could not find request transport: ÿÿ· FAULT_INJECTION: forcing a failure. name fail_page_alloc, interval 1, probability 0, space 0, times 0 CPU: 0 UID: 0 PID: 24345 Comm: syz.1.5363 Not tainted syzkaller #0 PREEMPT(voluntary) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 Call Trace: __dump_stack+0x1d/0x30 lib/dump_stack.c:94 dump_stack_lvl+0xe8/0x140 lib/dump_stack.c:120 dump_stack+0x15/0x1b lib/dump_stack.c:129 fail_dump lib/fault-inject.c:73 [inline] should_fail_ex+0x265/0x280 lib/fault-inject.c:174 should_fail_alloc_page+0xf2/0x100 mm/fail_page_alloc.c:44 prepare_alloc_pages mm/page_alloc.c:4958 [inline] __alloc_frozen_pages_noprof+0xff/0x360 mm/page_alloc.c:5172 alloc_pages_mpol+0xb3/0x260 mm/mempolicy.c:2416 alloc_frozen_pages_noprof mm/mempolicy.c:2487 [inline] alloc_pages_noprof+0x90/0x130 mm/mempolicy.c:2507 pagetable_alloc_noprof include/linux/mm.h:2975 [inline] __pte_alloc_one_noprof include/asm-generic/pgalloc.h:75 [inline] pte_alloc_one+0x1e/0xd0 arch/x86/mm/pgtable.c:18 __pte_alloc+0x32/0x290 mm/memory.c:452 do_anonymous_page mm/memory.c:5150 [inline] do_pte_missing mm/memory.c:4359 [inline] handle_pte_fault mm/memory.c:6177 [inline] __handle_mm_fault mm/memory.c:6318 [inline] handle_mm_fault+0x1c18/0x2be0 mm/memory.c:6487 do_user_addr_fault+0x630/0x1080 arch/x86/mm/fault.c:1336 handle_page_fault arch/x86/mm/fault.c:1476 [inline] exc_page_fault+0x62/0xa0 arch/x86/mm/fault.c:1532 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 RIP: 0033:0x7f5576810ca6 Code: f0 72 6e 48 63 cd 48 01 c1 49 39 4f 08 72 4c 8d 4d ff 85 ed 74 33 66 0f 1f 44 00 00 48 39 f0 72 1b 4d 8b 07 49 89 c1 49 29 f1 <47> 0f b6 0c 08 45 84 c9 74 08 45 88 0c 00 49 8b 47 10 48 83 c0 01 RSP: 002b:00007f55753ae4a0 EFLAGS: 00010246 RAX: 0000000000000001 RBX: 00007f55753ae540 RCX: 0000000000000101 RDX: 0000000000000030 RSI: 0000000000000001 RDI: 00007f55753ae5e0 RBP: 0000000000000102 R08: 00007f556cf6e000 R09: 0000000000000000 R10: 0000000000000000 R11: 00007f55753ae550 R12: 0000000000000001 R13: 00007f55769edb80 R14: 0000000000000000 R15: 00007f55753ae5e0 Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF loop1: detected capacity change from 0 to 1024 EXT4-fs: Ignoring removed nobh option EXT4-fs: Ignoring removed bh option EXT4-fs (loop1): stripe (8) is not aligned with cluster size (16), stripe is disabled EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.