syzbot

EXT4-fs error (device loop5): ext4_free_branches:1023: inode #13: comm syz.5.3610: invalid indirect mapped block 2683928664 (level 1)
EXT4-fs (loop5): 1 truncate cleaned up
EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
EXT4-fs error (device loop5): ext4_find_dest_de:2052: inode #2: block 13: comm syz.5.3610: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0
__nla_validate_parse: 2 callbacks suppressed
==================================================================
BUG: KCSAN: data-race in data_alloc / prb_reserve

write to 0xffffffff8686acf0 of 8 bytes by task 14291 on cpu 0:
 data_alloc+0x27d/0x2b0 kernel/printk/printk_ringbuffer.c:1096
 prb_reserve+0x808/0xaf0 kernel/printk/printk_ringbuffer.c:1669
 vprintk_store+0x56d/0x860 kernel/printk/printk.c:2326
 vprintk_emit+0x178/0x650 kernel/printk/printk.c:2426
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2465
 vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
 _printk+0x79/0xa0 kernel/printk/printk.c:2475
 isofs_fill_super+0x1199/0x1270 fs/isofs/inode.c:908
 get_tree_bdev_flags+0x291/0x300 fs/super.c:1692
 get_tree_bdev+0x1f/0x30 fs/super.c:1715
 isofs_get_tree+0x1c/0x30 fs/isofs/inode.c:1533
 vfs_get_tree+0x54/0x1d0 fs/super.c:1815
 do_new_mount+0x207/0x5e0 fs/namespace.c:3805
 path_mount+0x4a4/0xb20 fs/namespace.c:4120
 do_mount fs/namespace.c:4133 [inline]
 __do_sys_mount fs/namespace.c:4344 [inline]
 __se_sys_mount+0x28f/0x2e0 fs/namespace.c:4321
 __x64_sys_mount+0x67/0x80 fs/namespace.c:4321
 x64_sys_call+0x2b4d/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:166
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffffff8686acf0 of 8 bytes by task 14285 on cpu 1:
 desc_read kernel/printk/printk_ringbuffer.c:482 [inline]
 desc_push_tail kernel/printk/printk_ringbuffer.c:778 [inline]
 desc_reserve kernel/printk/printk_ringbuffer.c:924 [inline]
 prb_reserve+0x221/0xaf0 kernel/printk/printk_ringbuffer.c:1619
 vprintk_store+0x56d/0x860 kernel/printk/printk.c:2326
 vprintk_emit+0x178/0x650 kernel/printk/printk.c:2426
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2465
 vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
 _printk+0x79/0xa0 kernel/printk/printk.c:2475
 __nla_validate_parse+0x1738/0x1d00 lib/nlattr.c:647
 __nla_parse+0x40/0x60 lib/nlattr.c:732
 __nlmsg_parse include/net/netlink.h:789 [inline]
 nlmsg_parse_deprecated include/net/netlink.h:830 [inline]
 xfrm_user_rcv_msg+0x3b1/0x660 net/xfrm/xfrm_user.c:3484
 netlink_rcv_skb+0x120/0x220 net/netlink/af_netlink.c:2552
 xfrm_netlink_rcv+0x48/0x60 net/xfrm/xfrm_user.c:3523
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x5c0/0x690 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x58b/0x6b0 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg+0x142/0x180 net/socket.c:729
 ____sys_sendmsg+0x31e/0x4e0 net/socket.c:2614
 ___sys_sendmsg+0x17b/0x1d0 net/socket.c:2668
 __sys_sendmsg net/socket.c:2700 [inline]
 __do_sys_sendmsg net/socket.c:2705 [inline]
 __se_sys_sendmsg net/socket.c:2703 [inline]
 __x64_sys_sendmsg+0xd4/0x160 net/socket.c:2703
 x64_sys_call+0x191e/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:47
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0xfffffffffffc8b08 -> 0x00000000000626b8

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 14285 Comm: syz.5.3610 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
==================================================================
netlink: 60 bytes leftover after parsing attributes in process `syz.5.3610'.