syz.7.3579: attempt to access beyond end of device
loop7: rw=0, sector=2071, nr_sectors = 1 limit=128
Buffer I/O error on dev loop7, logical block 2071, async page read
syz.7.3579: attempt to access beyond end of device
loop7: rw=0, sector=2072, nr_sectors = 1 limit=128
==================================================================
BUG: KCSAN: data-race in data_push_tail / vsnprintf

write to 0xffffffff88e588a0 of 11 bytes by task 14637 on cpu 1:
 vsnprintf+0x2ce/0x890 lib/vsprintf.c:2826
 vscnprintf+0x41/0x90 lib/vsprintf.c:2939
 printk_sprint+0x30/0x2d0 kernel/printk/printk.c:2216
 vprintk_store+0x599/0x860 kernel/printk/printk.c:2336
 vprintk_emit+0x178/0x650 kernel/printk/printk.c:2426
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2465
 vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
 _printk+0x79/0xa0 kernel/printk/printk.c:2475
 chnl_net_open+0x4ed/0x560 net/caif/chnl_net.c:-1
 __dev_open+0x2d5/0x530 net/core/dev.c:1683
 __dev_change_flags+0x163/0x400 net/core/dev.c:9458
 netif_change_flags+0x5a/0xd0 net/core/dev.c:9521
 do_setlink+0x9d2/0x2810 net/core/rtnetlink.c:3141
 rtnl_group_changelink net/core/rtnetlink.c:3773 [inline]
 __rtnl_newlink net/core/rtnetlink.c:3927 [inline]
 rtnl_newlink+0xd8b/0x12d0 net/core/rtnetlink.c:4055
 rtnetlink_rcv_msg+0x5fe/0x6d0 net/core/rtnetlink.c:6944
 netlink_rcv_skb+0x120/0x220 net/netlink/af_netlink.c:2534
 rtnetlink_rcv+0x1c/0x30 net/core/rtnetlink.c:6971
 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
 netlink_unicast+0x5a1/0x670 net/netlink/af_netlink.c:1339
 netlink_sendmsg+0x58b/0x6b0 net/netlink/af_netlink.c:1883
 sock_sendmsg_nosec net/socket.c:712 [inline]
 __sock_sendmsg+0x142/0x180 net/socket.c:727
 ____sys_sendmsg+0x31e/0x4e0 net/socket.c:2566
 ___sys_sendmsg+0x17b/0x1d0 net/socket.c:2620
 __sys_sendmsg net/socket.c:2652 [inline]
 __do_sys_sendmsg net/socket.c:2657 [inline]
 __se_sys_sendmsg net/socket.c:2655 [inline]
 __x64_sys_sendmsg+0xd4/0x160 net/socket.c:2655
 x64_sys_call+0x2999/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:47
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffffff88e588a0 of 8 bytes by task 14639 on cpu 0:
 data_make_reusable kernel/printk/printk_ringbuffer.c:594 [inline]
 data_push_tail+0xfd/0x420 kernel/printk/printk_ringbuffer.c:679
 data_alloc+0xbf/0x2b0 kernel/printk/printk_ringbuffer.c:1054
 prb_reserve+0x808/0xaf0 kernel/printk/printk_ringbuffer.c:1669
 vprintk_store+0x56d/0x860 kernel/printk/printk.c:2326
 vprintk_emit+0x178/0x650 kernel/printk/printk.c:2426
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2465
 vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
 _printk+0x79/0xa0 kernel/printk/printk.c:2475
 bio_check_eod block/blk-core.c:563 [inline]
 submit_bio_noacct+0x808/0x8f0 block/blk-core.c:796
 submit_bio+0x227/0x240 block/blk-core.c:916
 submit_bh_wbc+0x2e0/0x320 fs/buffer.c:2831
 submit_bh fs/buffer.c:2836 [inline]
 block_read_full_folio+0x658/0x6a0 fs/buffer.c:2468
 do_mpage_readpage+0xcf4/0xe20 fs/mpage.c:314
 mpage_read_folio+0x93/0x110 fs/mpage.c:389
 fat_read_folio+0x1c/0x30 fs/fat/inode.c:204
 filemap_read_folio+0x2e/0x110 mm/filemap.c:2412
 filemap_fault+0x568/0xb40 mm/filemap.c:3504
 __do_fault+0xb9/0x200 mm/memory.c:5189
 do_read_fault mm/memory.c:5610 [inline]
 do_fault mm/memory.c:5744 [inline]
 do_pte_missing mm/memory.c:4251 [inline]
 handle_pte_fault mm/memory.c:6089 [inline]
 __handle_mm_fault mm/memory.c:6232 [inline]
 handle_mm_fault+0xf78/0x2be0 mm/memory.c:6401
 do_user_addr_fault+0x3fe/0x1090 arch/x86/mm/fault.c:1387
 handle_page_fault arch/x86/mm/fault.c:1476 [inline]
 exc_page_fault+0x62/0xa0 arch/x86/mm/fault.c:1532
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
 fault_in_readable+0xad/0x170 mm/gup.c:-1
 fault_in_iov_iter_readable+0x129/0x210 lib/iov_iter.c:94
 generic_perform_write+0x3cf/0x490 mm/filemap.c:4161
 __generic_file_write_iter+0xec/0x120 mm/filemap.c:4226
 generic_file_write_iter+0x8d/0x2f0 mm/filemap.c:4255
 new_sync_write fs/read_write.c:593 [inline]
 vfs_write+0x49d/0x8e0 fs/read_write.c:686
 ksys_write+0xda/0x1a0 fs/read_write.c:738
 __do_sys_write fs/read_write.c:749 [inline]
 __se_sys_write fs/read_write.c:746 [inline]
 __x64_sys_write+0x40/0x50 fs/read_write.c:746
 x64_sys_call+0x2cdd/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:2
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x0000000100000399 -> 0x74656e5f6c6e6863

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 14639 Comm: syz.7.3579 Not tainted 6.16.0-rc1-syzkaller-00005-g488ef3560196 #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
==================================================================
Buffer I/O error on dev loop7, logical block 2072, async page read
Buffer I/O error on dev loop7, logical block 2065, async page read
Buffer I/O error on dev loop7, logical block 2066, async page read