syzbot

==================================================================
BUG: KCSAN: data-race in file_write_and_wait_range / xas_set_mark

write to 0xffff8881079f65cc of 4 bytes by task 6985 on cpu 0:
 xa_mark_set lib/xarray.c:71 [inline]
 xas_set_mark+0x12b/0x140 lib/xarray.c:900
 tag_pages_for_writeback+0xe3/0x2e0 mm/page-writeback.c:2392
 ext4_do_writepages+0x6a8/0x2800 fs/ext4/inode.c:2861
 ext4_writepages+0x18f/0x320 fs/ext4/inode.c:3026
 do_writepages+0x1c6/0x310 mm/page-writeback.c:2598
 filemap_writeback mm/filemap.c:387 [inline]
 filemap_fdatawrite_range mm/filemap.c:412 [inline]
 file_write_and_wait_range+0x178/0x2f0 mm/filemap.c:786
 generic_buffers_fsync_noflush+0x45/0x130 fs/buffer.c:609
 ext4_fsync_nojournal fs/ext4/fsync.c:88 [inline]
 ext4_sync_file+0x1aa/0x680 fs/ext4/fsync.c:147
 vfs_fsync_range+0x10d/0x130 fs/sync.c:188
 generic_write_sync include/linux/fs.h:2616 [inline]
 ext4_buffered_write_iter+0x34f/0x3c0 fs/ext4/file.c:305
 ext4_file_write_iter+0x380/0xf70 fs/ext4/file.c:-1
 iter_file_splice_write+0x6bc/0xa80 fs/splice.c:738
 do_splice_from fs/splice.c:938 [inline]
 direct_splice_actor+0x156/0x2a0 fs/splice.c:1161
 splice_direct_to_actor+0x311/0x670 fs/splice.c:1105
 do_splice_direct_actor fs/splice.c:1204 [inline]
 do_splice_direct+0x119/0x1a0 fs/splice.c:1230
 do_sendfile+0x380/0x650 fs/read_write.c:1370
 __do_sys_sendfile64 fs/read_write.c:1431 [inline]
 __se_sys_sendfile64 fs/read_write.c:1417 [inline]
 __x64_sys_sendfile64+0x105/0x150 fs/read_write.c:1417
 x64_sys_call+0x2db1/0x3000 arch/x86/include/generated/asm/syscalls_64.h:41
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc0/0x2a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff8881079f65cc of 4 bytes by task 7002 on cpu 1:
 xa_marked include/linux/xarray.h:424 [inline]
 mapping_tagged include/linux/fs.h:507 [inline]
 filemap_writeback mm/filemap.c:383 [inline]
 filemap_fdatawrite_range mm/filemap.c:412 [inline]
 file_write_and_wait_range+0x130/0x2f0 mm/filemap.c:786
 generic_buffers_fsync_noflush+0x45/0x130 fs/buffer.c:609
 ext4_fsync_nojournal fs/ext4/fsync.c:88 [inline]
 ext4_sync_file+0x1aa/0x680 fs/ext4/fsync.c:147
 vfs_fsync_range+0x10d/0x130 fs/sync.c:188
 generic_write_sync include/linux/fs.h:2616 [inline]
 ext4_buffered_write_iter+0x34f/0x3c0 fs/ext4/file.c:305
 ext4_file_write_iter+0x380/0xf70 fs/ext4/file.c:-1
 iter_file_splice_write+0x6bc/0xa80 fs/splice.c:738
 do_splice_from fs/splice.c:938 [inline]
 direct_splice_actor+0x156/0x2a0 fs/splice.c:1161
 splice_direct_to_actor+0x311/0x670 fs/splice.c:1105
 do_splice_direct_actor fs/splice.c:1204 [inline]
 do_splice_direct+0x119/0x1a0 fs/splice.c:1230
 do_sendfile+0x380/0x650 fs/read_write.c:1370
 __do_sys_sendfile64 fs/read_write.c:1431 [inline]
 __se_sys_sendfile64 fs/read_write.c:1417 [inline]
 __x64_sys_sendfile64+0x105/0x150 fs/read_write.c:1417
 x64_sys_call+0x2db1/0x3000 arch/x86/include/generated/asm/syscalls_64.h:41
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc0/0x2a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x02000021 -> 0x04000021

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 7002 Comm: syz.4.1299 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================
==================================================================
BUG: KCSAN: data-race in xas_find_marked / xas_set_mark

write to 0xffff8881079f65cc of 4 bytes by task 6985 on cpu 0:
 xa_mark_set lib/xarray.c:71 [inline]
 xas_set_mark+0x12b/0x140 lib/xarray.c:900
 __folio_start_writeback+0x17b/0x370 mm/page-writeback.c:3038
 ext4_bio_write_folio+0x5ad/0x9f0 fs/ext4/page-io.c:583
 mpage_submit_folio fs/ext4/inode.c:2087 [inline]
 mpage_process_page_bufs+0x4a1/0x620 fs/ext4/inode.c:2198
 mpage_prepare_extent_to_map+0x7d4/0xc50 fs/ext4/inode.c:2737
 ext4_do_writepages+0x9f6/0x2800 fs/ext4/inode.c:2930
 ext4_writepages+0x18f/0x320 fs/ext4/inode.c:3026
 do_writepages+0x1c6/0x310 mm/page-writeback.c:2598
 filemap_writeback mm/filemap.c:387 [inline]
 filemap_fdatawrite_range mm/filemap.c:412 [inline]
 file_write_and_wait_range+0x178/0x2f0 mm/filemap.c:786
 generic_buffers_fsync_noflush+0x45/0x130 fs/buffer.c:609
 ext4_fsync_nojournal fs/ext4/fsync.c:88 [inline]
 ext4_sync_file+0x1aa/0x680 fs/ext4/fsync.c:147
 vfs_fsync_range+0x10d/0x130 fs/sync.c:188
 generic_write_sync include/linux/fs.h:2616 [inline]
 ext4_buffered_write_iter+0x34f/0x3c0 fs/ext4/file.c:305
 ext4_file_write_iter+0x380/0xf70 fs/ext4/file.c:-1
 iter_file_splice_write+0x6bc/0xa80 fs/splice.c:738
 do_splice_from fs/splice.c:938 [inline]
 direct_splice_actor+0x156/0x2a0 fs/splice.c:1161
 splice_direct_to_actor+0x311/0x670 fs/splice.c:1105
 do_splice_direct_actor fs/splice.c:1204 [inline]
 do_splice_direct+0x119/0x1a0 fs/splice.c:1230
 do_sendfile+0x380/0x650 fs/read_write.c:1370
 __do_sys_sendfile64 fs/read_write.c:1431 [inline]
 __se_sys_sendfile64 fs/read_write.c:1417 [inline]
 __x64_sys_sendfile64+0x105/0x150 fs/read_write.c:1417
 x64_sys_call+0x2db1/0x3000 arch/x86/include/generated/asm/syscalls_64.h:41
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc0/0x2a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff8881079f65cc of 4 bytes by task 7002 on cpu 1:
 xa_marked include/linux/xarray.h:424 [inline]
 xas_find_marked+0x5d7/0x620 lib/xarray.c:1483
 find_get_entry+0x5d/0x380 mm/filemap.c:2064
 filemap_get_folios_tag+0xb6/0x230 mm/filemap.c:2332
 mpage_prepare_extent_to_map+0x328/0xc50 fs/ext4/inode.c:2639
 ext4_do_writepages+0x6fe/0x2800 fs/ext4/inode.c:2878
 ext4_writepages+0x18f/0x320 fs/ext4/inode.c:3026
 do_writepages+0x1c6/0x310 mm/page-writeback.c:2598
 filemap_writeback mm/filemap.c:387 [inline]
 filemap_fdatawrite_range mm/filemap.c:412 [inline]
 file_write_and_wait_range+0x178/0x2f0 mm/filemap.c:786
 generic_buffers_fsync_noflush+0x45/0x130 fs/buffer.c:609
 ext4_fsync_nojournal fs/ext4/fsync.c:88 [inline]
 ext4_sync_file+0x1aa/0x680 fs/ext4/fsync.c:147
 vfs_fsync_range+0x10d/0x130 fs/sync.c:188
 generic_write_sync include/linux/fs.h:2616 [inline]
 ext4_buffered_write_iter+0x34f/0x3c0 fs/ext4/file.c:305
 ext4_file_write_iter+0x380/0xf70 fs/ext4/file.c:-1
 iter_file_splice_write+0x6bc/0xa80 fs/splice.c:738
 do_splice_from fs/splice.c:938 [inline]
 direct_splice_actor+0x156/0x2a0 fs/splice.c:1161
 splice_direct_to_actor+0x311/0x670 fs/splice.c:1105
 do_splice_direct_actor fs/splice.c:1204 [inline]
 do_splice_direct+0x119/0x1a0 fs/splice.c:1230
 do_sendfile+0x380/0x650 fs/read_write.c:1370
 __do_sys_sendfile64 fs/read_write.c:1431 [inline]
 __se_sys_sendfile64 fs/read_write.c:1417 [inline]
 __x64_sys_sendfile64+0x105/0x150 fs/read_write.c:1417
 x64_sys_call+0x2db1/0x3000 arch/x86/include/generated/asm/syscalls_64.h:41
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc0/0x2a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x0a000021 -> 0x04000021

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 7002 Comm: syz.4.1299 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================
==================================================================
BUG: KCSAN: data-race in ext4_do_writepages / xas_set_mark

write to 0xffff8881079f65cc of 4 bytes by task 6985 on cpu 1:
 xa_mark_set lib/xarray.c:71 [inline]
 xas_set_mark+0x12b/0x140 lib/xarray.c:900
 __folio_start_writeback+0x17b/0x370 mm/page-writeback.c:3038
 ext4_bio_write_folio+0x5ad/0x9f0 fs/ext4/page-io.c:583
 mpage_submit_folio fs/ext4/inode.c:2087 [inline]
 mpage_process_page_bufs+0x4a1/0x620 fs/ext4/inode.c:2198
 mpage_prepare_extent_to_map+0x7d4/0xc50 fs/ext4/inode.c:2737
 ext4_do_writepages+0x9f6/0x2800 fs/ext4/inode.c:2930
 ext4_writepages+0x18f/0x320 fs/ext4/inode.c:3026
 do_writepages+0x1c6/0x310 mm/page-writeback.c:2598
 filemap_writeback mm/filemap.c:387 [inline]
 filemap_fdatawrite_range mm/filemap.c:412 [inline]
 file_write_and_wait_range+0x178/0x2f0 mm/filemap.c:786
 generic_buffers_fsync_noflush+0x45/0x130 fs/buffer.c:609
 ext4_fsync_nojournal fs/ext4/fsync.c:88 [inline]
 ext4_sync_file+0x1aa/0x680 fs/ext4/fsync.c:147
 vfs_fsync_range+0x10d/0x130 fs/sync.c:188
 generic_write_sync include/linux/fs.h:2616 [inline]
 ext4_buffered_write_iter+0x34f/0x3c0 fs/ext4/file.c:305
 ext4_file_write_iter+0x380/0xf70 fs/ext4/file.c:-1
 iter_file_splice_write+0x6bc/0xa80 fs/splice.c:738
 do_splice_from fs/splice.c:938 [inline]
 direct_splice_actor+0x156/0x2a0 fs/splice.c:1161
 splice_direct_to_actor+0x311/0x670 fs/splice.c:1105
 do_splice_direct_actor fs/splice.c:1204 [inline]
 do_splice_direct+0x119/0x1a0 fs/splice.c:1230
 do_sendfile+0x380/0x650 fs/read_write.c:1370
 __do_sys_sendfile64 fs/read_write.c:1431 [inline]
 __se_sys_sendfile64 fs/read_write.c:1417 [inline]
 __x64_sys_sendfile64+0x105/0x150 fs/read_write.c:1417
 x64_sys_call+0x2db1/0x3000 arch/x86/include/generated/asm/syscalls_64.h:41
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc0/0x2a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff8881079f65cc of 4 bytes by task 7002 on cpu 0:
 xa_marked include/linux/xarray.h:424 [inline]
 mapping_tagged include/linux/fs.h:507 [inline]
 ext4_do_writepages+0xf6/0x2800 fs/ext4/inode.c:2780
 ext4_writepages+0x18f/0x320 fs/ext4/inode.c:3026
 do_writepages+0x1c6/0x310 mm/page-writeback.c:2598
 filemap_writeback mm/filemap.c:387 [inline]
 filemap_fdatawrite_range mm/filemap.c:412 [inline]
 file_write_and_wait_range+0x178/0x2f0 mm/filemap.c:786
 generic_buffers_fsync_noflush+0x45/0x130 fs/buffer.c:609
 ext4_fsync_nojournal fs/ext4/fsync.c:88 [inline]
 ext4_sync_file+0x1aa/0x680 fs/ext4/fsync.c:147
 vfs_fsync_range+0x10d/0x130 fs/sync.c:188
 generic_write_sync include/linux/fs.h:2616 [inline]
 ext4_buffered_write_iter+0x34f/0x3c0 fs/ext4/file.c:305
 ext4_file_write_iter+0x380/0xf70 fs/ext4/file.c:-1
 iter_file_splice_write+0x6bc/0xa80 fs/splice.c:738
 do_splice_from fs/splice.c:938 [inline]
 direct_splice_actor+0x156/0x2a0 fs/splice.c:1161
 splice_direct_to_actor+0x311/0x670 fs/splice.c:1105
 do_splice_direct_actor fs/splice.c:1204 [inline]
 do_splice_direct+0x119/0x1a0 fs/splice.c:1230
 do_sendfile+0x380/0x650 fs/read_write.c:1370
 __do_sys_sendfile64 fs/read_write.c:1431 [inline]
 __se_sys_sendfile64 fs/read_write.c:1417 [inline]
 __x64_sys_sendfile64+0x105/0x150 fs/read_write.c:1417
 x64_sys_call+0x2db1/0x3000 arch/x86/include/generated/asm/syscalls_64.h:41
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc0/0x2a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x0a000021 -> 0x04000021

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 7002 Comm: syz.4.1299 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================
syz.4.1299 (7002) used greatest stack depth: 9080 bytes left