syzbot

EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
EXT4-fs (loop3): 1 truncate cleaned up
EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
==================================================================
BUG: KCSAN: data-race in xas_clear_mark / xas_find_marked

read-write to 0xffff888134de9230 of 8 bytes by task 16270 on cpu 1:
 instrument_read_write include/linux/instrumented.h:56 [inline]
 __instrument_read_write_bitop include/asm-generic/bitops/instrumented-non-atomic.h:84 [inline]
 ___test_and_clear_bit include/asm-generic/bitops/instrumented-non-atomic.h:114 [inline]
 node_clear_mark lib/xarray.c:102 [inline]
 xas_clear_mark+0x91/0x180 lib/xarray.c:922
 __folio_start_writeback+0x270/0x370 mm/page-writeback.c:3011
 ext4_bio_write_folio+0x5ad/0x9f0 fs/ext4/page-io.c:584
 mpage_submit_folio fs/ext4/inode.c:2080 [inline]
 mpage_process_page_bufs+0x4a1/0x620 fs/ext4/inode.c:2191
 mpage_prepare_extent_to_map+0x7d4/0xc50 fs/ext4/inode.c:2730
 ext4_do_writepages+0x70f/0x2840 fs/ext4/inode.c:2871
 ext4_writepages+0x18f/0x320 fs/ext4/inode.c:3019
 do_writepages+0x1c6/0x310 mm/page-writeback.c:2554
 filemap_writeback mm/filemap.c:387 [inline]
 filemap_fdatawrite_range mm/filemap.c:412 [inline]
 file_write_and_wait_range+0x178/0x2f0 mm/filemap.c:786
 generic_buffers_fsync_noflush+0x45/0x130 fs/buffer.c:606
 ext4_fsync_nojournal fs/ext4/fsync.c:88 [inline]
 ext4_sync_file+0x1aa/0x6b0 fs/ext4/fsync.c:147
 vfs_fsync_range+0xc5/0xe0 fs/sync.c:186
 generic_write_sync include/linux/fs.h:2640 [inline]
 ext4_buffered_write_iter+0x34f/0x3c0 fs/ext4/file.c:306
 ext4_dio_write_iter fs/ext4/file.c:609 [inline]
 ext4_file_write_iter+0xbff/0xfa0 fs/ext4/file.c:717
 iter_file_splice_write+0x6c4/0xa80 fs/splice.c:736
 do_splice_from fs/splice.c:936 [inline]
 direct_splice_actor+0x156/0x2a0 fs/splice.c:1159
 splice_direct_to_actor+0x311/0x670 fs/splice.c:1103
 do_splice_direct_actor fs/splice.c:1202 [inline]
 do_splice_direct+0x119/0x1a0 fs/splice.c:1228
 do_sendfile+0x382/0x650 fs/read_write.c:1372
 __do_sys_sendfile64 fs/read_write.c:1433 [inline]
 __se_sys_sendfile64 fs/read_write.c:1419 [inline]
 __x64_sys_sendfile64+0x105/0x150 fs/read_write.c:1419
 x64_sys_call+0x2dc4/0x3020 arch/x86/include/generated/asm/syscalls_64.h:41
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x370 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff888134de9230 of 8 bytes by task 16263 on cpu 0:
 xas_find_chunk include/linux/xarray.h:1752 [inline]
 xas_find_marked+0x213/0x620 lib/xarray.c:1510
 find_get_entry mm/filemap.c:2069 [inline]
 filemap_get_folios_tag+0xfa/0x510 mm/filemap.c:2337
 mpage_prepare_extent_to_map+0x328/0xc50 fs/ext4/inode.c:2632
 ext4_do_writepages+0x70f/0x2840 fs/ext4/inode.c:2871
 ext4_writepages+0x18f/0x320 fs/ext4/inode.c:3019
 do_writepages+0x1c6/0x310 mm/page-writeback.c:2554
 filemap_writeback mm/filemap.c:387 [inline]
 filemap_fdatawrite_range mm/filemap.c:412 [inline]
 filemap_write_and_wait_range+0x166/0x370 mm/filemap.c:684
 filemap_invalidate_pages+0xd3/0x1e0 mm/filemap.c:2909
 kiocb_invalidate_pages+0x6e/0x80 mm/filemap.c:2928
 __iomap_dio_rw+0x6f4/0x14c0 fs/iomap/direct-io.c:765
 iomap_dio_rw+0x40/0x90 fs/iomap/direct-io.c:890
 ext4_dio_write_iter fs/ext4/file.c:576 [inline]
 ext4_file_write_iter+0xae2/0xfa0 fs/ext4/file.c:717
 iter_file_splice_write+0x6c4/0xa80 fs/splice.c:736
 do_splice_from fs/splice.c:936 [inline]
 direct_splice_actor+0x156/0x2a0 fs/splice.c:1159
 splice_direct_to_actor+0x311/0x670 fs/splice.c:1103
 do_splice_direct_actor fs/splice.c:1202 [inline]
 do_splice_direct+0x119/0x1a0 fs/splice.c:1228
 do_sendfile+0x382/0x650 fs/read_write.c:1372
 __do_sys_sendfile64 fs/read_write.c:1433 [inline]
 __se_sys_sendfile64 fs/read_write.c:1419 [inline]
 __x64_sys_sendfile64+0x105/0x150 fs/read_write.c:1419
 x64_sys_call+0x2dc4/0x3020 arch/x86/include/generated/asm/syscalls_64.h:41
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x370 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00000000ff800000 -> 0x00000000c0000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 16263 Comm: syz.3.3225 Tainted: G        W           syzkaller #0 PREEMPT(full) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
==================================================================