syzbot

syz.4.2314: attempt to access beyond end of device
loop4: rw=1, sector=297, nr_sectors = 8 limit=128
==================================================================
BUG: KCSAN: data-race in xas_clear_mark / xas_find_marked

read-write to 0xffff88811a9d5220 of 8 bytes by task 3584 on cpu 1:
 instrument_read_write include/linux/instrumented.h:56 [inline]
 __instrument_read_write_bitop include/asm-generic/bitops/instrumented-non-atomic.h:84 [inline]
 ___test_and_clear_bit include/asm-generic/bitops/instrumented-non-atomic.h:114 [inline]
 node_clear_mark lib/xarray.c:102 [inline]
 xas_clear_mark+0x91/0x180 lib/xarray.c:922
 __folio_start_writeback+0x257/0x370 mm/page-writeback.c:3009
 mpage_write_folio fs/mpage.c:621 [inline]
 mpage_writepages+0xd5e/0x1310 fs/mpage.c:670
 fat_writepages+0x24/0x30 fs/fat/inode.c:200
 do_writepages+0x1c6/0x310 mm/page-writeback.c:2554
 __writeback_single_inode+0x80/0x860 fs/fs-writeback.c:1750
 writeback_sb_inodes+0x4fe/0xaf0 fs/fs-writeback.c:2042
 __writeback_inodes_wb+0x94/0x1a0 fs/fs-writeback.c:2118
 wb_writeback+0x272/0x5d0 fs/fs-writeback.c:2229
 wb_check_start_all fs/fs-writeback.c:2355 [inline]
 wb_do_writeback fs/fs-writeback.c:2381 [inline]
 wb_workfn+0x4fd/0x970 fs/fs-writeback.c:2414
 process_one_work kernel/workqueue.c:3275 [inline]
 process_scheduled_works+0x4de/0x9e0 kernel/workqueue.c:3358
 worker_thread+0x581/0x770 kernel/workqueue.c:3439
 kthread+0x22a/0x280 kernel/kthread.c:467
 ret_from_fork+0x150/0x360 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read to 0xffff88811a9d5220 of 8 bytes by task 13361 on cpu 0:
 xas_find_chunk include/linux/xarray.h:1752 [inline]
 xas_find_marked+0x213/0x620 lib/xarray.c:1510
 find_get_entry mm/filemap.c:2064 [inline]
 filemap_get_folios_tag+0xfa/0x510 mm/filemap.c:2332
 writeback_get_folio mm/page-writeback.c:2411 [inline]
 writeback_iter+0x4bb/0x830 mm/page-writeback.c:2512
 mpage_writepages+0x759/0x1310 fs/mpage.c:669
 fat_writepages+0x24/0x30 fs/fat/inode.c:200
 do_writepages+0x1c6/0x310 mm/page-writeback.c:2554
 filemap_writeback mm/filemap.c:387 [inline]
 filemap_flush_range+0x105/0x140 mm/filemap.c:436
 generic_fadvise+0x338/0x460 mm/fadvise.c:114
 vfs_fadvise mm/fadvise.c:184 [inline]
 ksys_fadvise64_64 mm/fadvise.c:197 [inline]
 __do_sys_fadvise64 mm/fadvise.c:209 [inline]
 __se_sys_fadvise64 mm/fadvise.c:207 [inline]
 __x64_sys_fadvise64+0xcb/0x110 mm/fadvise.c:207
 x64_sys_call+0x242b/0x3020 arch/x86/include/generated/asm/syscalls_64.h:222
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x370 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x000fffffc0000000 -> 0x000fffff00000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 13361 Comm: syz.4.2314 Tainted: G        W           syzkaller #0 PREEMPT(full) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
==================================================================