syzbot

EXT4-fs error (device loop2): ext4_dirty_inode:6495: inode #15: comm syz.2.332: mark_inode_dirty error
loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
==================================================================
BUG: KCSAN: data-race in memcpy_and_pad / string

read to 0xffff88813dd045f0 of 1 bytes by interrupt on cpu 1:
 string_nocheck lib/vsprintf.c:655 [inline]
 string+0x15f/0x220 lib/vsprintf.c:737
 vsnprintf+0x532/0x860 lib/vsprintf.c:2948
 vscnprintf+0x41/0x90 lib/vsprintf.c:3013
 printk_sprint+0x30/0x2e0 kernel/printk/printk.c:2222
 vprintk_store+0x57b/0x910 kernel/printk/printk.c:2364
 vprintk_emit+0x1a4/0x600 kernel/printk/printk.c:2455
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2494
 vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
 _printk+0x79/0xa0 kernel/printk/printk.c:2504
 print_daily_error_info+0x210/0x300 fs/ext4/super.c:3704
 call_timer_fn+0x3b/0x2a0 kernel/time/timer.c:1748
 expire_timers kernel/time/timer.c:1799 [inline]
 __run_timers kernel/time/timer.c:2373 [inline]
 __run_timer_base+0x426/0x620 kernel/time/timer.c:2385
 run_timer_base kernel/time/timer.c:2394 [inline]
 run_timer_softirq+0x31/0x70 kernel/time/timer.c:2404
 handle_softirqs+0xb9/0x2a0 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x39/0xc0 kernel/softirq.c:723
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0x74/0x80 arch/x86/kernel/apic/apic.c:1056
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 kcsan_setup_watchpoint+0x404/0x410 kernel/kcsan/core.c:705
 try_to_unmap+0x8f/0x210 mm/rmap.c:2388
 shrink_folio_list+0x12f7/0x2820 mm/vmscan.c:1375
 reclaim_folio_list+0x9f/0x220 mm/vmscan.c:2205
 reclaim_pages+0x21e/0x280 mm/vmscan.c:2242
 madvise_cold_or_pageout_pte_range+0xd6a/0xdc0 mm/madvise.c:561
 walk_pmd_range mm/pagewalk.c:149 [inline]
 walk_pud_range mm/pagewalk.c:240 [inline]
 walk_p4d_range mm/pagewalk.c:281 [inline]
 walk_pgd_range+0xa76/0x1520 mm/pagewalk.c:322
 __walk_page_range+0xdd/0x340 mm/pagewalk.c:430
 walk_page_range_vma_unsafe+0x2cd/0x320 mm/pagewalk.c:734
 walk_page_range_vma+0x56/0x70 mm/pagewalk.c:744
 madvise_vma_behavior+0x1d11/0x20c0 mm/madvise.c:-1
 madvise_walk_vmas mm/madvise.c:1719 [inline]
 madvise_do_behavior+0x5de/0xa10 mm/madvise.c:1935
 do_madvise+0x10e/0x190 mm/madvise.c:2028
 __do_sys_madvise mm/madvise.c:2037 [inline]
 __se_sys_madvise mm/madvise.c:2035 [inline]
 __x64_sys_madvise+0x63/0x80 mm/madvise.c:2035
 x64_sys_call+0x1eff/0x3020 arch/x86/include/generated/asm/syscalls_64.h:29
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x370 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

write to 0xffff88813dd045f0 of 16 bytes by task 4942 on cpu 0:
 memcpy_and_pad+0x5a/0x80 lib/string_helpers.c:1009
 ext4_update_super+0x790/0xba0 fs/ext4/super.c:6259
 ext4_commit_super+0x40/0x280 fs/ext4/super.c:6288
 ext4_handle_error+0x452/0x550 fs/ext4/super.c:719
 __ext4_error_inode+0x1bb/0x3f0 fs/ext4/super.c:865
 __ext4_mark_inode_dirty+0xbd/0x400 fs/ext4/inode.c:6469
 ext4_dirty_inode+0x92/0xc0 fs/ext4/inode.c:6495
 __mark_inode_dirty+0x16f/0x7d0 fs/fs-writeback.c:2609
 mark_inode_dirty_sync include/linux/fs.h:2217 [inline]
 dquot_free_space include/linux/quotaops.h:380 [inline]
 dquot_free_block include/linux/quotaops.h:390 [inline]
 ext4_mb_clear_bb fs/ext4/mballoc.c:6668 [inline]
 ext4_free_blocks+0xeba/0x14a0 fs/ext4/mballoc.c:6788
 ext4_xattr_release_block+0x38d/0x550 fs/ext4/xattr.c:1317
 ext4_xattr_delete_inode+0x6fd/0x7a0 fs/ext4/xattr.c:2992
 ext4_evict_inode+0xac1/0xe40 fs/ext4/inode.c:282
 evict+0x2af/0x510 fs/inode.c:846
 iput_final fs/inode.c:1966 [inline]
 iput+0x41a/0x580 fs/inode.c:2015
 ext4_process_orphan+0x1a9/0x1c0 fs/ext4/orphan.c:358
 ext4_orphan_cleanup+0x6a8/0xa00 fs/ext4/orphan.c:472
 __ext4_fill_super fs/ext4/super.c:5693 [inline]
 ext4_fill_super+0x3414/0x37c0 fs/ext4/super.c:5816
 get_tree_bdev_flags+0x291/0x300 fs/super.c:1694
 get_tree_bdev+0x1f/0x30 fs/super.c:1717
 ext4_get_tree+0x1c/0x30 fs/ext4/super.c:5848
 vfs_get_tree+0x57/0x1d0 fs/super.c:1754
 fc_mount fs/namespace.c:1193 [inline]
 do_new_mount_fc fs/namespace.c:3763 [inline]
 do_new_mount+0x288/0x8d0 fs/namespace.c:3839
 path_mount+0x4d0/0xbc0 fs/namespace.c:4159
 do_mount fs/namespace.c:4172 [inline]
 __do_sys_mount fs/namespace.c:4361 [inline]
 __se_sys_mount+0x28c/0x2e0 fs/namespace.c:4338
 __x64_sys_mount+0x67/0x80 fs/namespace.c:4338
 x64_sys_call+0x2d61/0x3020 arch/x86/include/generated/asm/syscalls_64.h:166
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x370 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 4942 Comm: syz.2.332 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
==================================================================
EXT4-fs error (device loop2): ext4_do_update_inode:5602: inode #15: comm syz.2.332: corrupted inode contents
loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
EXT4-fs error (device loop2): ext4_xattr_delete_inode:2999: inode #15: comm syz.2.332: mark_inode_dirty error
loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
EXT4-fs error (device loop2): ext4_xattr_delete_inode:3002: inode #15: comm syz.2.332: mark inode dirty (error -117)
loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
EXT4-fs warning (device loop2): ext4_evict_inode:285: xattr delete (err -117)
EXT4-fs (loop2): 1 orphan inode deleted
EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.