syz.3.1104: attempt to access beyond end of device
loop3: rw=2049, sector=128, nr_sectors = 1 limit=128
==================================================================
BUG: KCSAN: data-race in data_push_tail / number

write to 0xffffffff88bdec93 of 1 bytes by task 7770 on cpu 0:
 number+0x7f0/0xac0 lib/vsprintf.c:551
 vsnprintf+0x6ae/0x890 lib/vsprintf.c:2807
 vscnprintf+0x42/0x90 lib/vsprintf.c:2908
 printk_sprint+0x30/0x2d0 kernel/printk/printk.c:2216
 vprintk_store+0x589/0x870 kernel/printk/printk.c:2336
 vprintk_emit+0x168/0x690 kernel/printk/printk.c:2408
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2447
 vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
 _printk+0x7a/0xa0 kernel/printk/printk.c:2457
 __ext4_grp_locked_error+0x53e/0x7b0 fs/ext4/super.c:1064
 ext4_mb_generate_buddy+0x247/0x2d0 fs/ext4/mballoc.c:1217
 ext4_mb_init_cache+0x848/0xbc0 fs/ext4/mballoc.c:1406
 ext4_mb_init_group+0x269/0x3b0 fs/ext4/mballoc.c:1562
 ext4_mb_load_buddy_gfp+0x6e0/0x750 fs/ext4/mballoc.c:1613
 ext4_mb_clear_bb fs/ext4/mballoc.c:6451 [inline]
 ext4_free_blocks+0x75c/0x14b0 fs/ext4/mballoc.c:6652
 ext4_remove_blocks fs/ext4/extents.c:2547 [inline]
 ext4_ext_rm_leaf fs/ext4/extents.c:2712 [inline]
 ext4_ext_remove_space+0x19b9/0x2910 fs/ext4/extents.c:2961
 ext4_ext_truncate+0xc4/0x150 fs/ext4/extents.c:4466
 ext4_truncate+0x776/0xb10 fs/ext4/inode.c:4217
 ext4_evict_inode+0x8b4/0xdd0 fs/ext4/inode.c:263
 evict+0x2f0/0x570 fs/inode.c:796
 iput_final fs/inode.c:1946 [inline]
 iput+0x42a/0x5b0 fs/inode.c:1972
 dentry_unlink_inode+0x24f/0x260 fs/dcache.c:440
 __dentry_kill+0x18b/0x4c0 fs/dcache.c:643
 dput+0x5c/0xd0 fs/dcache.c:885
 do_renameat2+0x749/0xa70 fs/namei.c:5228
 __do_sys_renameat2 fs/namei.c:5260 [inline]
 __se_sys_renameat2 fs/namei.c:5257 [inline]
 __x64_sys_renameat2+0x82/0xa0 fs/namei.c:5257
 x64_sys_call+0x1bf1/0x2dc0 arch/x86/include/generated/asm/syscalls_64.h:317
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffffff88bdec90 of 8 bytes by task 7740 on cpu 1:
 data_make_reusable kernel/printk/printk_ringbuffer.c:594 [inline]
 data_push_tail+0x102/0x430 kernel/printk/printk_ringbuffer.c:679
 data_alloc+0xbe/0x2c0 kernel/printk/printk_ringbuffer.c:1054
 prb_reserve+0x85e/0xb60 kernel/printk/printk_ringbuffer.c:1669
 vprintk_store+0x558/0x870 kernel/printk/printk.c:2326
 vprintk_emit+0x168/0x690 kernel/printk/printk.c:2408
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2447
 vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
 _printk+0x7a/0xa0 kernel/printk/printk.c:2457
 bio_check_eod block/blk-core.c:556 [inline]
 submit_bio_noacct+0x82e/0x930 block/blk-core.c:789
 submit_bio+0x218/0x230 block/blk-core.c:909
 submit_bh_wbc+0x2ed/0x330 fs/buffer.c:2814
 __block_write_full_folio+0x577/0x8c0 fs/buffer.c:1904
 block_write_full_folio+0x293/0x2b0
 __mpage_writepage+0xcfe/0xe10 fs/mpage.c:639
 write_cache_pages+0x62/0x100 mm/page-writeback.c:2644
 mpage_writepages+0x72/0xf0 fs/mpage.c:666
 fat_writepages+0x24/0x30 fs/fat/inode.c:199
 do_writepages+0x1d8/0x480 mm/page-writeback.c:2687
 filemap_fdatawrite_wbc mm/filemap.c:389 [inline]
 __filemap_fdatawrite_range mm/filemap.c:422 [inline]
 file_write_and_wait_range+0x168/0x2f0 mm/filemap.c:797
 __generic_file_fsync+0x46/0x140 fs/libfs.c:1525
 fat_file_fsync+0x46/0x100 fs/fat/file.c:191
 vfs_fsync_range+0x116/0x130 fs/sync.c:187
 generic_write_sync include/linux/fs.h:2970 [inline]
 generic_file_write_iter+0x1c3/0x310 mm/filemap.c:4320
 iter_file_splice_write+0x5f1/0x980 fs/splice.c:743
 do_splice_from fs/splice.c:941 [inline]
 direct_splice_actor+0x160/0x2c0 fs/splice.c:1164
 splice_direct_to_actor+0x302/0x670 fs/splice.c:1108
 do_splice_direct_actor fs/splice.c:1207 [inline]
 do_splice_direct+0xd7/0x150 fs/splice.c:1233
 do_sendfile+0x398/0x660 fs/read_write.c:1363
 __do_sys_sendfile64 fs/read_write.c:1424 [inline]
 __se_sys_sendfile64 fs/read_write.c:1410 [inline]
 __x64_sys_sendfile64+0x110/0x150 fs/read_write.c:1410
 x64_sys_call+0xfbd/0x2dc0 arch/x86/include/generated/asm/syscalls_64.h:41
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00000000ffffe34b -> 0x00000000ff207075

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 7740 Comm: syz.3.1104 Not tainted 6.14.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
==================================================================
Buffer I/O error on dev loop3, logical block 128, lost async page write