syzbot

==================================================================
BUG: KCSAN: data-race in file_write_and_wait_range / xas_set_mark

write to 0xffff88811a14cb14 of 4 bytes by task 3514 on cpu 0:
 xa_mark_set lib/xarray.c:71 [inline]
 xas_set_mark+0x12b/0x140 lib/xarray.c:900
 tag_pages_for_writeback+0xc2/0x290 mm/page-writeback.c:2392
 writeback_iter+0x340/0x820 mm/page-writeback.c:2529
 mpage_writepages+0x87/0x1250 fs/mpage.c:669
 fat_writepages+0x24/0x30 fs/fat/inode.c:200
 do_writepages+0x1c6/0x310 mm/page-writeback.c:2598
 filemap_writeback mm/filemap.c:386 [inline]
 filemap_fdatawrite_range mm/filemap.c:411 [inline]
 file_write_and_wait_range+0x156/0x2c0 mm/filemap.c:785
 __generic_file_fsync+0x46/0x160 fs/libfs.c:1540
 fat_file_fsync+0x49/0x100 fs/fat/file.c:191
 vfs_fsync_range+0x10d/0x130 fs/sync.c:188
 generic_write_sync include/linux/fs.h:2617 [inline]
 generic_file_write_iter+0x1b8/0x2f0 mm/filemap.c:4447
 iter_file_splice_write+0x66b/0xa20 fs/splice.c:738
 do_splice_from fs/splice.c:938 [inline]
 direct_splice_actor+0x156/0x2a0 fs/splice.c:1161
 splice_direct_to_actor+0x312/0x680 fs/splice.c:1105
 do_splice_direct_actor fs/splice.c:1204 [inline]
 do_splice_direct+0xda/0x150 fs/splice.c:1230
 do_sendfile+0x380/0x650 fs/read_write.c:1370
 __do_sys_sendfile64 fs/read_write.c:1431 [inline]
 __se_sys_sendfile64 fs/read_write.c:1417 [inline]
 __x64_sys_sendfile64+0x105/0x150 fs/read_write.c:1417
 x64_sys_call+0x2db1/0x3000 arch/x86/include/generated/asm/syscalls_64.h:41
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd8/0x2a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff88811a14cb14 of 4 bytes by task 3509 on cpu 1:
 xa_marked include/linux/xarray.h:424 [inline]
 mapping_tagged include/linux/fs.h:507 [inline]
 filemap_writeback mm/filemap.c:382 [inline]
 filemap_fdatawrite_range mm/filemap.c:411 [inline]
 file_write_and_wait_range+0x10e/0x2c0 mm/filemap.c:785
 __generic_file_fsync+0x46/0x160 fs/libfs.c:1540
 fat_file_fsync+0x49/0x100 fs/fat/file.c:191
 vfs_fsync_range+0x10d/0x130 fs/sync.c:188
 generic_write_sync include/linux/fs.h:2617 [inline]
 generic_file_write_iter+0x1b8/0x2f0 mm/filemap.c:4447
 iter_file_splice_write+0x66b/0xa20 fs/splice.c:738
 do_splice_from fs/splice.c:938 [inline]
 direct_splice_actor+0x156/0x2a0 fs/splice.c:1161
 splice_direct_to_actor+0x312/0x680 fs/splice.c:1105
 do_splice_direct_actor fs/splice.c:1204 [inline]
 do_splice_direct+0xda/0x150 fs/splice.c:1230
 do_sendfile+0x380/0x650 fs/read_write.c:1370
 __do_sys_sendfile64 fs/read_write.c:1431 [inline]
 __se_sys_sendfile64 fs/read_write.c:1417 [inline]
 __x64_sys_sendfile64+0x105/0x150 fs/read_write.c:1417
 x64_sys_call+0x2db1/0x3000 arch/x86/include/generated/asm/syscalls_64.h:41
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd8/0x2a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x02000021 -> 0x04000021

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 3509 Comm: ÿ Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================
ÿ: attempt to access beyond end of device
loop3: rw=2049, sector=128, nr_sectors = 1 limit=128
Buffer I/O error on dev loop3, logical block 128, lost async page write