syzbot

==================================================================
BUG: KCSAN: data-race in sg_fill_request_table / sg_rq_end_io

write to 0xffff88810c48a111 of 1 bytes by interrupt on cpu 1:
 sg_rq_end_io+0x1a2/0x740 drivers/scsi/sg.c:1348
 __blk_mq_end_request+0x27e/0x380 block/blk-mq.c:1150
 scsi_end_request+0x29c/0x4c0 drivers/scsi/scsi_lib.c:670
 scsi_io_completion+0x7f/0x200 drivers/scsi/scsi_lib.c:1078
 scsi_finish_command+0x1c7/0x1e0 drivers/scsi/scsi.c:198
 scsi_complete+0xc3/0x1e0 drivers/scsi/scsi_lib.c:1547
 blk_complete_reqs block/blk-mq.c:1235 [inline]
 blk_done_softirq+0x77/0xb0 block/blk-mq.c:1240
 handle_softirqs+0xba/0x290 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x3a/0xc0 kernel/softirq.c:723
 common_interrupt+0x83/0x90 arch/x86/kernel/irq.c:318
 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:688
 rol32 include/linux/bitops.h:126 [inline]
 jhash2 include/linux/jhash.h:139 [inline]
 hash_stack lib/stackdepot.c:563 [inline]
 stack_depot_save_flags+0x16d/0xb80 lib/stackdepot.c:664
 stack_depot_save+0xe/0x20 lib/stackdepot.c:739
 ref_tracker_alloc+0x115/0x2f0 lib/ref_tracker.c:278
 __netns_tracker_alloc include/net/net_namespace.h:362 [inline]
 sk_alloc+0x329/0x360 net/core/sock.c:2311
 __netlink_create net/netlink/af_netlink.c:628 [inline]
 __netlink_kernel_create+0xe9/0x560 net/netlink/af_netlink.c:2020
 netlink_kernel_create include/linux/netlink.h:62 [inline]
 nl_fib_lookup_init net/ipv4/fib_frontend.c:1439 [inline]
 fib_net_init+0x136/0x210 net/ipv4/fib_frontend.c:1645
 ops_init+0x22a/0x2e0 net/core/net_namespace.c:137
 setup_net+0x83/0x210 net/core/net_namespace.c:445
 copy_net_ns+0x28c/0x3b0 net/core/net_namespace.c:580
 create_new_namespaces+0x20e/0x3d0 kernel/nsproxy.c:110
 copy_namespaces+0x1ad/0x210 kernel/nsproxy.c:175
 copy_process+0xd32/0x2000 kernel/fork.c:2184
 kernel_clone+0x16c/0x5c0 kernel/fork.c:2609
 __do_sys_clone kernel/fork.c:2750 [inline]
 __se_sys_clone kernel/fork.c:2734 [inline]
 __x64_sys_clone+0xe6/0x120 kernel/fork.c:2734
 x64_sys_call+0x119c/0x3000 arch/x86/include/generated/asm/syscalls_64.h:57
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff88810c48a111 of 1 bytes by task 15712 on cpu 0:
 sg_fill_request_table+0x65/0x1e0 drivers/scsi/sg.c:865
 sg_ioctl_common drivers/scsi/sg.c:1082 [inline]
 sg_ioctl+0x6b1/0x1360 drivers/scsi/sg.c:1156
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl+0xce/0x140 fs/ioctl.c:583
 __x64_sys_ioctl+0x43/0x50 fs/ioctl.c:583
 x64_sys_call+0x1816/0x3000 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00 -> 0x01

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 15712 Comm: syz.5.3898 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
==================================================================