==================================================================
BUG: KCSAN: data-race in blk_mq_free_request / blk_mq_free_request

write to 0xffffe8ffffc17080 of 8 bytes by interrupt on cpu 1:
 blk_mq_free_request+0x17d/0x340 block/blk-mq.c:523
 blk_put_request+0x11/0x20 block/blk-core.c:631
 sg_rq_end_io+0x386/0x750 drivers/scsi/sg.c:1392
 __blk_mq_end_request+0x224/0x230 block/blk-mq.c:556
 scsi_end_request+0x28c/0x440 drivers/scsi/scsi_lib.c:576
 scsi_io_completion+0xd0/0x10c0 drivers/scsi/scsi_lib.c:938
 scsi_finish_command+0x1ba/0x1d0 drivers/scsi/scsi.c:207
 scsi_complete+0x1aa/0x1e0 drivers/scsi/scsi_lib.c:1432
 blk_complete_reqs block/blk-mq.c:577 [inline]
 blk_done_softirq+0x69/0x90 block/blk-mq.c:582
 __do_softirq+0x12c/0x26e kernel/softirq.c:558
 invoke_softirq kernel/softirq.c:432 [inline]
 __irq_exit_rcu kernel/softirq.c:636 [inline]
 irq_exit_rcu+0x4e/0xa0 kernel/softirq.c:648
 common_interrupt+0x78/0x90 arch/x86/kernel/irq.c:240
 asm_common_interrupt+0x1e/0x40
 kcsan_setup_watchpoint+0x94/0x3f0 kernel/kcsan/core.c:437
 vm_normal_page+0x7f/0x1b0 mm/memory.c:647
 zap_pte_range+0x23a/0xe20 mm/memory.c:1335
 zap_pmd_range mm/memory.c:1481 [inline]
 zap_pud_range mm/memory.c:1510 [inline]
 zap_p4d_range mm/memory.c:1531 [inline]
 unmap_page_range+0x2dc/0x3d0 mm/memory.c:1552
 unmap_single_vma+0x157/0x210 mm/memory.c:1597
 unmap_vmas+0xd0/0x180 mm/memory.c:1629
 exit_mmap+0x23d/0x470 mm/mmap.c:3171
 __mmput+0x27/0x1d0 kernel/fork.c:1115
 mmput+0x3d/0x50 kernel/fork.c:1136
 exit_mm+0x2ec/0x3e0 kernel/exit.c:501
 do_exit+0x3ef/0x14a0 kernel/exit.c:812
 do_group_exit+0x19b/0x1a0 kernel/exit.c:922
 __do_sys_exit_group+0xb/0x10 kernel/exit.c:933
 __se_sys_exit_group+0x5/0x10 kernel/exit.c:931
 __x64_sys_exit_group+0x16/0x20 kernel/exit.c:931
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

read to 0xffffe8ffffc17080 of 8 bytes by task 14800 on cpu 0:
 blk_mq_free_request+0x16a/0x340 block/blk-mq.c:523
 blk_put_request+0x11/0x20 block/blk-core.c:631
 sg_finish_rem_req drivers/scsi/sg.c:1832 [inline]
 sg_common_write+0xf64/0x1480 drivers/scsi/sg.c:810
 sg_write+0x7a7/0x8e0 drivers/scsi/sg.c:710
 do_loop_readv_writev fs/read_write.c:753 [inline]
 do_iter_write+0x445/0x5c0 fs/read_write.c:857
 vfs_writev fs/read_write.c:928 [inline]
 do_writev+0x210/0x440 fs/read_write.c:971
 __do_sys_writev fs/read_write.c:1044 [inline]
 __se_sys_writev fs/read_write.c:1041 [inline]
 __x64_sys_writev+0x41/0x50 fs/read_write.c:1041
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0x000000000000058d -> 0x000000000000058e

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 14800 Comm: syz-executor.4 Not tainted 5.14.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================