==================================================================
BUG: KCSAN: data-race in kick_pool / wq_worker_running

read-write to 0xffff888237d2a8a4 of 4 bytes by task 7878 on cpu 1:
 wq_worker_running+0x95/0x120 kernel/workqueue.c:1419
 synchronize_rcu_expedited+0x5f8/0x770 kernel/rcu/tree_exp.h:976
 synchronize_rcu+0x35/0x2e0 kernel/rcu/tree.c:3360
 xfrm_state_gc_task+0x98/0x650 net/xfrm/xfrm_state.c:633
 process_one_work kernel/workqueue.c:3275 [inline]
 process_scheduled_works+0x4de/0x9e0 kernel/workqueue.c:3358
 worker_thread+0x581/0x770 kernel/workqueue.c:3439
 kthread+0x22a/0x280 kernel/kthread.c:467
 ret_from_fork+0x150/0x360 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read to 0xffff888237d2a8a4 of 4 bytes by task 8082 on cpu 0:
 need_more_worker kernel/workqueue.c:937 [inline]
 kick_pool+0x49/0x2d0 kernel/workqueue.c:1259
 __queue_work+0x896/0xaf0 kernel/workqueue.c:2355
 queue_work_on+0xa9/0x140 kernel/workqueue.c:2405
 queue_work include/linux/workqueue.h:669 [inline]
 schedule_work include/linux/workqueue.h:730 [inline]
 __xfrm_state_destroy net/xfrm/xfrm_state.c:807 [inline]
 xfrm_state_put include/net/xfrm.h:929 [inline]
 xfrm_state_find+0x1cc4/0x3270 net/xfrm/xfrm_state.c:1632
 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2522 [inline]
 xfrm_tmpl_resolve net/xfrm/xfrm_policy.c:2573 [inline]
 xfrm_resolve_and_create_bundle+0x592/0x1f50 net/xfrm/xfrm_policy.c:2871
 xfrm_lookup_with_ifid+0x443/0x1590 net/xfrm/xfrm_policy.c:3205
 xfrm_lookup net/xfrm/xfrm_policy.c:3336 [inline]
 xfrm_lookup_route+0x3a/0x110 net/xfrm/xfrm_policy.c:3347
 ip_route_output_flow+0xdb/0x110 net/ipv4/route.c:2939
 udp_sendmsg+0x1383/0x1590 net/ipv4/udp.c:1451
 inet_sendmsg+0xac/0xd0 net/ipv4/af_inet.c:859
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg net/socket.c:742 [inline]
 ____sys_sendmsg+0x53a/0x600 net/socket.c:2592
 ___sys_sendmsg+0x195/0x1e0 net/socket.c:2646
 __sys_sendmmsg+0x185/0x320 net/socket.c:2735
 __do_sys_sendmmsg net/socket.c:2762 [inline]
 __se_sys_sendmmsg net/socket.c:2759 [inline]
 __x64_sys_sendmmsg+0x57/0x70 net/socket.c:2759
 x64_sys_call+0x27aa/0x3020 arch/x86/include/generated/asm/syscalls_64.h:308
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x370 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00000000 -> 0x00000001

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 8082 Comm: syz.0.1629 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
==================================================================