syzbot

 sign-in | mailing list | source | docs
🐞 Open [1444]
Subsystems
🐞 Fixed [6947]
🐞 Invalid [18102]
Missing Backports [223]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KCSAN: data-race in blk_mq_start_request / bt_for_each (5)

Status: moderation: reported on 2026/02/21 19:02
Subsystems: block
[Documentation on labels]
Reported-by: syzbot+eab90419022846137ed6@syzkaller.appspotmail.com
First crash: 6d00h, last: 6d00h
✨ AI Jobs (1)
ID Workflow Result Correct Bug Created Started Finished Revision Error
9c156a31-c314-4790-834a-18fe34add3e0 assessment-kcsan Benign: ✅  Confident: ✅  KCSAN: data-race in blk_mq_start_request / bt_for_each (5) 2026/02/23 15:43 2026/02/23 15:43 2026/02/23 15:55 305c0ec5cd886e2d13738e28e1b2df9b0ec20fc9
Similar bugs (4)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in blk_mq_start_request / bt_for_each (3) block 6 1 379d 379d 0/29 auto-obsoleted due to no activity on 2025/04/10 10:24
upstream KCSAN: data-race in blk_mq_start_request / bt_for_each (4) block 6 1 176d 176d 0/29 auto-obsoleted due to no activity on 2025/10/30 17:14
upstream KCSAN: data-race in blk_mq_start_request / bt_for_each (2) block 6 3 491d 546d 0/29 auto-obsoleted due to no activity on 2024/12/18 22:35
upstream KCSAN: data-race in blk_mq_start_request / bt_for_each block 6 1 762d 762d 0/29 auto-obsoleted due to no activity on 2024/03/02 18:09

Sample crash report:
==================================================================
BUG: KCSAN: data-race in blk_mq_start_request / bt_for_each

write to 0xffff888102b82480 of 8 bytes by task 2962 on cpu 1:
 blk_mq_start_request+0x23c/0x3d0 block/blk-mq.c:1386
 scsi_queue_rq+0xe08/0x1aa0 drivers/scsi/scsi_lib.c:1895
 blk_mq_dispatch_rq_list+0x2bc/0xf90 block/blk-mq.c:2148
 __blk_mq_do_dispatch_sched block/blk-mq-sched.c:168 [inline]
 blk_mq_do_dispatch_sched block/blk-mq-sched.c:182 [inline]
 __blk_mq_sched_dispatch_requests+0x7f0/0xc70 block/blk-mq-sched.c:307
 blk_mq_sched_dispatch_requests+0x86/0x120 block/blk-mq-sched.c:329
 blk_mq_run_hw_queue+0x17e/0x220 block/blk-mq.c:2386
 blk_mq_dispatch_list+0x85e/0xa40 arch/x86/include/asm/bitops.h:-1
 blk_mq_flush_plug_list+0x2ca/0x320 block/blk-mq.c:2997
 __blk_flush_plug+0x22c/0x2b0 block/blk-core.c:1230
 blk_finish_plug+0x47/0x70 block/blk-core.c:1257
 jbd2_journal_commit_transaction+0x1b84/0x3420 fs/jbd2/commit.c:788
 kjournald2+0x22e/0x3e0 fs/jbd2/journal.c:201
 kthread+0x22a/0x280 kernel/kthread.c:467
 ret_from_fork+0x150/0x360 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read to 0xffff888102b82480 of 8 bytes by task 3152 on cpu 0:
 blk_mq_find_and_get_req block/blk-mq-tag.c:260 [inline]
 bt_iter block/blk-mq-tag.c:287 [inline]
 __sbitmap_for_each_set include/linux/sbitmap.h:269 [inline]
 sbitmap_for_each_set include/linux/sbitmap.h:290 [inline]
 bt_for_each+0x25c/0x470 block/blk-mq-tag.c:324
 blk_mq_queue_tag_busy_iter+0x1ef/0x3b0 block/blk-mq-tag.c:536
 blk_mq_timeout_work+0xc4/0x370 block/blk-mq.c:1762
 process_one_work kernel/workqueue.c:3275 [inline]
 process_scheduled_works+0x4de/0x9e0 kernel/workqueue.c:3358
 worker_thread+0x581/0x770 kernel/workqueue.c:3439
 kthread+0x22a/0x280 kernel/kthread.c:467
 ret_from_fork+0x150/0x360 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

value changed: 0xffff88810365b600 -> 0xffff888103661d40

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 3152 Comm: kworker/0:1H Tainted: G        W           syzkaller #0 PREEMPT(full) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Workqueue: kblockd blk_mq_timeout_work
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/02/21 19:02 upstream d79526b89571 6e7b5511 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in blk_mq_start_request / bt_for_each
* Struck through repros no longer work on HEAD.