syzbot

==================================================================
BUG: KCSAN: data-race in copy_folio_from_iter_atomic / copy_folio_from_iter_atomic

write to 0xffff8881222e16b3 of 3 bytes by task 16033 on cpu 0:
 memcpy_from_iter lib/iov_iter.c:73 [inline]
 iterate_bvec include/linux/iov_iter.h:123 [inline]
 iterate_and_advance2 include/linux/iov_iter.h:304 [inline]
 iterate_and_advance include/linux/iov_iter.h:328 [inline]
 __copy_from_iter lib/iov_iter.c:249 [inline]
 copy_folio_from_iter_atomic+0x7fc/0x1170 lib/iov_iter.c:479
 generic_perform_write+0x2c2/0x490 mm/filemap.c:4130
 ext4_buffered_write_iter+0x1ee/0x3c0 fs/ext4/file.c:299
 ext4_file_write_iter+0x383/0xf00 fs/ext4/file.c:-1
 iter_file_splice_write+0x5ef/0x970 fs/splice.c:738
 do_splice_from fs/splice.c:935 [inline]
 direct_splice_actor+0x153/0x2a0 fs/splice.c:1158
 splice_direct_to_actor+0x30f/0x680 fs/splice.c:1102
 do_splice_direct_actor fs/splice.c:1201 [inline]
 do_splice_direct+0xda/0x150 fs/splice.c:1227
 do_sendfile+0x380/0x650 fs/read_write.c:1370
 __do_sys_sendfile64 fs/read_write.c:1431 [inline]
 __se_sys_sendfile64 fs/read_write.c:1417 [inline]
 __x64_sys_sendfile64+0x105/0x150 fs/read_write.c:1417
 x64_sys_call+0xb39/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:41
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff8881222e1400 of 1024 bytes by task 51 on cpu 1:
 memcpy_from_iter lib/iov_iter.c:73 [inline]
 iterate_bvec include/linux/iov_iter.h:123 [inline]
 iterate_and_advance2 include/linux/iov_iter.h:304 [inline]
 iterate_and_advance include/linux/iov_iter.h:328 [inline]
 __copy_from_iter lib/iov_iter.c:249 [inline]
 copy_folio_from_iter_atomic+0x7fc/0x1170 lib/iov_iter.c:479
 generic_perform_write+0x2c2/0x490 mm/filemap.c:4130
 shmem_file_write_iter+0xc5/0xf0 mm/shmem.c:3463
 lo_rw_aio+0x6ed/0x7a0 include/linux/fs.h:-1
 do_req_filebacked drivers/block/loop.c:-1 [inline]
 loop_handle_cmd drivers/block/loop.c:1889 [inline]
 loop_process_work+0x52d/0xa60 drivers/block/loop.c:1924
 loop_workfn+0x31/0x40 drivers/block/loop.c:1948
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3321
 worker_thread+0x582/0x770 kernel/workqueue.c:3402
 kthread+0x486/0x510 kernel/kthread.c:464
 ret_from_fork+0xda/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 51 Comm: kworker/u8:3 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: loop2 loop_workfn
==================================================================
netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
bridge_slave_1: left allmulticast mode
bridge_slave_1: left promiscuous mode
bridge0: port 2(bridge_slave_1) entered disabled state
bridge_slave_0: left allmulticast mode
bridge_slave_0: left promiscuous mode
bridge0: port 1(bridge_slave_0) entered disabled state
bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
bond0 (unregistering): Released all slaves
hsr_slave_0: left promiscuous mode
hsr_slave_1: left promiscuous mode
batman_adv: batadv0: Interface deactivated: batadv_slave_0
batman_adv: batadv0: Removing interface: batadv_slave_0
batman_adv: batadv0: Interface deactivated: batadv_slave_1
batman_adv: batadv0: Removing interface: batadv_slave_1
veth1_macvtap: left promiscuous mode
veth0_macvtap: left promiscuous mode
veth1_vlan: left promiscuous mode
veth0_vlan: left promiscuous mode
team0 (unregistering): Port device team_slave_1 removed
team0 (unregistering): Port device team_slave_0 removed