==================================================================
BUG: KCSAN: data-race in mark_buffer_dirty_inode / sync_mapping_buffers

write to 0xffff888106e5ddc0 of 8 bytes by task 4203 on cpu 0:
 __remove_assoc_queue fs/buffer.c:523 [inline]
 fsync_buffers_list fs/buffer.c:835 [inline]
 sync_mapping_buffers+0x424/0x7d0 fs/buffer.c:584
 fat_file_fsync+0xaa/0x100 fs/fat/file.c:195
 vfs_fsync_range+0x10d/0x130 fs/sync.c:187
 generic_write_sync include/linux/fs.h:3027 [inline]
 generic_file_write_iter+0x1b8/0x2f0 mm/filemap.c:4259
 iter_file_splice_write+0x5f2/0x970 fs/splice.c:738
 do_splice_from fs/splice.c:935 [inline]
 direct_splice_actor+0x156/0x2a0 fs/splice.c:1158
 splice_direct_to_actor+0x312/0x680 fs/splice.c:1102
 do_splice_direct_actor fs/splice.c:1201 [inline]
 do_splice_direct+0xda/0x150 fs/splice.c:1227
 do_sendfile+0x380/0x650 fs/read_write.c:1370
 __do_sys_sendfile64 fs/read_write.c:1431 [inline]
 __se_sys_sendfile64 fs/read_write.c:1417 [inline]
 __x64_sys_sendfile64+0x105/0x150 fs/read_write.c:1417
 x64_sys_call+0xb39/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:41
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff888106e5ddc0 of 8 bytes by task 4208 on cpu 1:
 mark_buffer_dirty_inode+0x95/0x1c0 fs/buffer.c:689
 fat32_ent_put+0x73/0x90 fs/fat/fatent.c:192
 fat_ent_write+0x6c/0xe0 fs/fat/fatent.c:417
 fat_free fs/fat/file.c:363 [inline]
 fat_truncate_blocks+0x353/0x550 fs/fat/file.c:394
 fat_write_failed fs/fat/inode.c:218 [inline]
 fat_write_end+0xba/0x160 fs/fat/inode.c:244
 generic_perform_write+0x312/0x490 mm/filemap.c:4133
 __generic_file_write_iter+0x9e/0x120 mm/filemap.c:4229
 generic_file_write_iter+0x8d/0x2f0 mm/filemap.c:4255
 do_iter_readv_writev+0x41e/0x4c0 fs/read_write.c:-1
 vfs_writev+0x2df/0x8b0 fs/read_write.c:1057
 do_pwritev fs/read_write.c:1153 [inline]
 __do_sys_pwritev2 fs/read_write.c:1211 [inline]
 __se_sys_pwritev2+0xfc/0x1c0 fs/read_write.c:1202
 __x64_sys_pwritev2+0x67/0x80 fs/read_write.c:1202
 x64_sys_call+0x1cea/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:329
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0xffff888106fae608 -> 0x0000000000000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 4208 Comm: syz.2.121 Not tainted 6.16.0-rc1-syzkaller-00003-gf09079bd04a9 #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
==================================================================
syz.2.121: attempt to access beyond end of device
loop2: rw=2049, sector=161, nr_sectors = 40 limit=128
syz.2.121: attempt to access beyond end of device
loop2: rw=2049, sector=209, nr_sectors = 8 limit=128