syzbot

 sign-in | mailing list | source | docs
🐞 Open [1432]
Subsystems
🐞 Fixed [6954]
🐞 Invalid [18138]
Missing Backports [223]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KCSAN: data-race in sg_fill_request_table / sg_rq_end_io (2)

Status: auto-obsoleted due to no activity on 2026/01/29 22:38
Subsystems: scsi
[Documentation on labels]
Reported-by: syzbot+46cc212ee1e7a4a4e019@syzkaller.appspotmail.com
First crash: 126d, last: 88d
✨ AI Jobs (1)
ID Workflow Result Correct Bug Created Started Finished Revision Error
76514458-30e0-4046-ada8-ab4d94928f2b assessment-kcsan 💥 KCSAN: data-race in sg_fill_request_table / sg_rq_end_io (2) 2026/01/10 01:56 2026/01/10 01:56 2026/01/10 02:16 7519916073b761ced56a7b15fdeeb4674e8dc125 Error 429, Message: You exceeded your current quota, please check your plan and billing details. For more information on this error, head to: https://ai.google.dev/gemini-api/docs/rate-limits. To monitor your current usage, head to: https://ai.dev/rate-limit. * Quota exceeded for metric: generativelanguage.googleapis.com/generate_requests_per_model_per_day, limit: 0, Status: RESOURCE_EXHAUSTED, Details: [map[@type:type.googleapis.com/google.rpc.Help links:[map[description:Learn more about Gemini API quotas url:https://ai.google.dev/gemini-api/docs/rate-limits]]] map[@type:type.googleapis.com/google.rpc.QuotaFailure violations:[map[quotaId:GenerateRequestsPerDayPerProjectPerModel quotaMetric:generativelanguage.googleapis.com/generate_requests_per_model_per_day]]] map[@type:type.googleapis.com/google.rpc.DebugInfo detail:[ORIGINAL ERROR] generic::resource_exhausted: You exceeded your current quota, please check your plan and billing details. For more information on this error, head to: https://ai.google.dev/gemini-api/docs/rate-limits. To monitor your current usage, head to: https://ai.dev/rate-limit. * Quota exceeded for metric: generativelanguage.googleapis.com/generate_requests_per_model_per_day, limit: 0 [google.rpc.error_details_ext] { message: "You exceeded your current quota, please check your plan and billing details. For more information on this error, head to: https://ai.google.dev/gemini-api/docs/rate-limits. To monitor your current usage, head to: https://ai.dev/rate-limit. \n* Quota exceeded for metric: generativelanguage.googleapis.com/generate_requests_per_model_per_day, limit: 0" details { type_url: "type.googleapis.com/language_labs.genai.debug.GeminiApiDebugInfo" value: "RM\nK\nEgenerativelanguage.googleapis.com/generate_requests_per_model_per_day\030\000\"\000" } details { [type.googleapis.com/google.rpc.Help] { links { description: "Learn more about Gemini API quotas" url: "https://ai.google.dev/gemini-api/docs/rate-limits" } } } details { [type.googleapis.com/google.rpc.QuotaFailure] { violations { quota_metric: "generativelanguage.googleapis.com/generate_requests_per_model_per_day" quota_id: "GenerateRequestsPerDayPerProjectPerModel" } } } }]]
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in sg_fill_request_table / sg_rq_end_io scsi 6 2 269d 280d 0/29 auto-obsoleted due to no activity on 2025/08/02 18:09

Sample crash report:
==================================================================
BUG: KCSAN: data-race in sg_fill_request_table / sg_rq_end_io

write to 0xffff88811588c111 of 1 bytes by interrupt on cpu 1:
 sg_rq_end_io+0x1a2/0x740 drivers/scsi/sg.c:1348
 __blk_mq_end_request+0x27e/0x380 block/blk-mq.c:1158
 scsi_end_request+0x29c/0x4c0 drivers/scsi/scsi_lib.c:670
 scsi_io_completion+0x7f/0x1d0 drivers/scsi/scsi_lib.c:1078
 scsi_finish_command+0x1c7/0x1e0 drivers/scsi/scsi.c:198
 scsi_complete+0xc3/0x1e0 drivers/scsi/scsi_lib.c:1547
 blk_complete_reqs block/blk-mq.c:1243 [inline]
 blk_done_softirq+0x77/0xb0 block/blk-mq.c:1248
 handle_softirqs+0xba/0x290 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x3a/0xc0 kernel/softirq.c:723
 common_interrupt+0x83/0x90 arch/x86/kernel/irq.c:319
 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:688
 __sanitizer_cov_trace_pc+0x8/0x70 kernel/kcov.c:213
 xas_load+0x413/0x430 lib/xarray.c:-1
 xas_find+0xf1/0x3e0 lib/xarray.c:1406
 xas_next_entry include/linux/xarray.h:-1 [inline]
 next_uptodate_folio+0x85f/0x890 mm/filemap.c:3684
 filemap_map_pages+0xca/0xe50 mm/filemap.c:3867
 do_fault_around mm/memory.c:5674 [inline]
 do_read_fault mm/memory.c:5707 [inline]
 do_fault mm/memory.c:5850 [inline]
 do_pte_missing mm/memory.c:4362 [inline]
 handle_pte_fault mm/memory.c:6234 [inline]
 __handle_mm_fault mm/memory.c:6366 [inline]
 handle_mm_fault+0x1355/0x2be0 mm/memory.c:6535
 faultin_page mm/gup.c:1126 [inline]
 __get_user_pages+0x102a/0x1ed0 mm/gup.c:1428
 populate_vma_page_range mm/gup.c:1860 [inline]
 __mm_populate+0x243/0x3a0 mm/gup.c:1963
 mm_populate include/linux/mm.h:3455 [inline]
 vm_mmap_pgoff+0x232/0x2e0 mm/util.c:586
 ksys_mmap_pgoff+0xc2/0x310 mm/mmap.c:604
 x64_sys_call+0x16bb/0x3000 arch/x86/include/generated/asm/syscalls_64.h:10
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd8/0x2a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff88811588c111 of 1 bytes by task 16419 on cpu 0:
 sg_fill_request_table+0x65/0x1e0 drivers/scsi/sg.c:865
 sg_ioctl_common drivers/scsi/sg.c:1082 [inline]
 sg_ioctl+0x6b1/0x1360 drivers/scsi/sg.c:1156
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl+0xce/0x140 fs/ioctl.c:583
 __x64_sys_ioctl+0x43/0x50 fs/ioctl.c:583
 x64_sys_call+0x14b0/0x3000 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd8/0x2a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00 -> 0x01

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 16419 Comm: syz.7.4029 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================
SELinux:  policydb version 0 does not match my version range 15-35
SELinux: failed to load policy

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/12/04 22:37 upstream 559e608c4655 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in sg_fill_request_table / sg_rq_end_io
2025/10/28 03:38 upstream fd57572253bc fd2207e7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in sg_fill_request_table / sg_rq_end_io
* Struck through repros no longer work on HEAD.