syzbot

loop1: detected capacity change from 0 to 128
==================================================================
BUG: KCSAN: data-race in __xa_set_mark / xas_find_marked

write to 0xffff888119166c14 of 4 bytes by task 19715 on cpu 1:
 xa_mark_set lib/xarray.c:71 [inline]
 xas_set_mark lib/xarray.c:900 [inline]
 __xa_set_mark+0x172/0x1a0 lib/xarray.c:2082
 __folio_mark_dirty+0x3af/0x4d0 mm/page-writeback.c:2742
 mark_buffer_dirty+0x11e/0x210 fs/buffer.c:1206
 block_commit_write fs/buffer.c:2218 [inline]
 block_write_end+0x12d/0x210 fs/buffer.c:2294
 generic_write_end+0x56/0x150 fs/buffer.c:2308
 fat_write_end+0x4f/0x160 fs/fat/inode.c:244
 generic_perform_write+0x312/0x490 mm/filemap.c:4196
 __generic_file_write_iter+0x9e/0x120 mm/filemap.c:4292
 generic_file_write_iter+0x8d/0x2f0 mm/filemap.c:4318
 iter_file_splice_write+0x666/0x9e0 fs/splice.c:738
 do_splice_from fs/splice.c:935 [inline]
 direct_splice_actor+0x153/0x2a0 fs/splice.c:1158
 splice_direct_to_actor+0x30f/0x680 fs/splice.c:1102
 do_splice_direct_actor fs/splice.c:1201 [inline]
 do_splice_direct+0xda/0x150 fs/splice.c:1227
 do_sendfile+0x380/0x650 fs/read_write.c:1370
 __do_sys_sendfile64 fs/read_write.c:1431 [inline]
 __se_sys_sendfile64 fs/read_write.c:1417 [inline]
 __x64_sys_sendfile64+0x105/0x150 fs/read_write.c:1417
 x64_sys_call+0x2bb0/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:41
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff888119166c14 of 4 bytes by task 19696 on cpu 0:
 xa_marked include/linux/xarray.h:424 [inline]
 xas_find_marked+0x5dc/0x620 lib/xarray.c:1483
 find_get_entry+0x5d/0x380 mm/filemap.c:2039
 filemap_get_folios_tag+0x92/0x210 mm/filemap.c:2307
 __filemap_fdatawait_range mm/filemap.c:530 [inline]
 file_write_and_wait_range+0x1ea/0x2c0 mm/filemap.c:798
 __generic_file_fsync+0x46/0x140 fs/libfs.c:1539
 fat_file_fsync+0x49/0x100 fs/fat/file.c:191
 vfs_fsync_range+0x10d/0x130 fs/sync.c:187
 generic_write_sync include/linux/fs.h:3042 [inline]
 generic_file_write_iter+0x1b8/0x2f0 mm/filemap.c:4322
 iter_file_splice_write+0x666/0x9e0 fs/splice.c:738
 do_splice_from fs/splice.c:935 [inline]
 direct_splice_actor+0x153/0x2a0 fs/splice.c:1158
 splice_direct_to_actor+0x30f/0x680 fs/splice.c:1102
 do_splice_direct_actor fs/splice.c:1201 [inline]
 do_splice_direct+0xda/0x150 fs/splice.c:1227
 do_sendfile+0x380/0x650 fs/read_write.c:1370
 __do_sys_sendfile64 fs/read_write.c:1431 [inline]
 __se_sys_sendfile64 fs/read_write.c:1417 [inline]
 __x64_sys_sendfile64+0x105/0x150 fs/read_write.c:1417
 x64_sys_call+0x2bb0/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:41
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x04000021 -> 0x0e000021

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 19696 Comm: syz.1.3777 Not tainted 6.17.0-rc1-syzkaller-00224-g8d561baae505 #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
==================================================================