syzbot

==================================================================
BUG: KCSAN: data-race in wq_worker_tick / wq_worker_tick

read-write to 0xffff888100838cb8 of 8 bytes by interrupt on cpu 0:
 wq_worker_tick+0x60/0x230 kernel/workqueue.c:1474
 sched_tick+0xd7/0x220 kernel/sched/core.c:5546
 update_process_times+0x15f/0x190 kernel/time/timer.c:2479
 tick_sched_handle kernel/time/tick-sched.c:298 [inline]
 tick_nohz_handler+0x276/0x3d0 kernel/time/tick-sched.c:319
 __run_hrtimer kernel/time/hrtimer.c:1777 [inline]
 __hrtimer_run_queues+0x20f/0x5a0 kernel/time/hrtimer.c:1841
 hrtimer_interrupt+0x21a/0x460 kernel/time/hrtimer.c:1903
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1045 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1d0 arch/x86/kernel/apic/apic.c:1062
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0x6f/0x80 arch/x86/kernel/apic/apic.c:1056
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 finish_task_switch+0x83/0x2a0 kernel/sched/core.c:5114
 context_switch kernel/sched/core.c:5259 [inline]
 __schedule+0x85f/0xcd0 kernel/sched/core.c:6863
 __schedule_loop kernel/sched/core.c:6945 [inline]
 schedule+0x5f/0xd0 kernel/sched/core.c:6960
 schedule_timeout+0xb7/0x170 kernel/time/sleep_timeout.c:99
 do_wait_for_common kernel/sched/completion.c:100 [inline]
 __wait_for_common kernel/sched/completion.c:121 [inline]
 wait_for_common+0xfa/0x1e0 kernel/sched/completion.c:132
 io_ring_exit_work+0x252/0x530 io_uring/io_uring.c:3042
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3340
 worker_thread+0x582/0x770 kernel/workqueue.c:3421
 kthread+0x489/0x510 kernel/kthread.c:463
 ret_from_fork+0x149/0x290 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

read-write to 0xffff888100838cb8 of 8 bytes by interrupt on cpu 1:
 wq_worker_tick+0x60/0x230 kernel/workqueue.c:1474
 sched_tick+0xd7/0x220 kernel/sched/core.c:5546
 update_process_times+0x15f/0x190 kernel/time/timer.c:2479
 tick_sched_handle kernel/time/tick-sched.c:298 [inline]
 tick_nohz_handler+0x276/0x3d0 kernel/time/tick-sched.c:319
 __run_hrtimer kernel/time/hrtimer.c:1777 [inline]
 __hrtimer_run_queues+0x20f/0x5a0 kernel/time/hrtimer.c:1841
 hrtimer_interrupt+0x21a/0x460 kernel/time/hrtimer.c:1903
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1045 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1d0 arch/x86/kernel/apic/apic.c:1062
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0x32/0x80 arch/x86/kernel/apic/apic.c:1056
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 __preempt_count_dec_and_test arch/x86/include/asm/preempt.h:95 [inline]
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
 _raw_spin_unlock_irqrestore+0x3c/0x60 kernel/locking/spinlock.c:194
 io_ring_ctx_ref_free+0x1c/0x30 io_uring/io_uring.c:217
 percpu_ref_put_many include/linux/percpu-refcount.h:335 [inline]
 percpu_ref_put include/linux/percpu-refcount.h:351 [inline]
 percpu_ref_call_confirm_rcu lib/percpu-refcount.c:164 [inline]
 percpu_ref_switch_to_atomic_rcu+0x34f/0x360 lib/percpu-refcount.c:206
 rcu_do_batch kernel/rcu/tree.c:2605 [inline]
 rcu_core+0x544/0xc40 kernel/rcu/tree.c:2857
 rcu_core_si+0xd/0x20 kernel/rcu/tree.c:2874
 handle_softirqs+0xba/0x290 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x3a/0xc0 kernel/softirq.c:723
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0x74/0x80 arch/x86/kernel/apic/apic.c:1056
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 check_kcov_mode kernel/kcov.c:183 [inline]
 __sanitizer_cov_trace_pc+0x31/0x70 kernel/kcov.c:217
 io_free_alloc_caches+0x9/0x70 io_uring/io_uring.c:275
 io_ring_ctx_free+0x7a/0x3d0 io_uring/io_uring.c:2852
 io_ring_exit_work+0x506/0x530 io_uring/io_uring.c:3081
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3340
 worker_thread+0x582/0x770 kernel/workqueue.c:3421
 kthread+0x489/0x510 kernel/kthread.c:463
 ret_from_fork+0x149/0x290 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

value changed: 0x000000000019c990 -> 0x000000000019f0a0

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 37 Comm: kworker/u8:2 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: iou_exit io_ring_exit_work
==================================================================