==================================================================
BUG: KCSAN: data-race in find_next_bit / rcu_report_exp_cpu_mult

write to 0xffffffff85c7d080 of 8 bytes by task 18266 on cpu 0:
 rcu_report_exp_cpu_mult+0x4f/0xa0 kernel/rcu/tree_exp.h:244
 rcu_report_exp_rdp+0x6c/0x90 kernel/rcu/tree_exp.h:254
 rcu_preempt_deferred_qs_irqrestore+0x3bb/0x580 kernel/rcu/tree_plugin.h:464
 rcu_preempt_deferred_qs+0xae/0xf0 kernel/rcu/tree_plugin.h:574
 rcu_note_context_switch+0xa5/0x760 kernel/rcu/tree_plugin.h:317
 __schedule+0xa4/0x690 kernel/sched/core.c:4019
 preempt_schedule_common+0x37/0x90 kernel/sched/core.c:4236
 preempt_schedule+0x30/0x40 kernel/sched/core.c:4261
 ___preempt_schedule+0x16/0x18 arch/x86/entry/thunk_64.S:50
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:161 [inline]
 _raw_spin_unlock_irqrestore+0x7e/0x80 kernel/locking/spinlock.c:191
 rcu_preempt_deferred_qs_irqrestore+0x307/0x580 kernel/rcu/tree_plugin.h:523
 rcu_read_unlock_special kernel/rcu/tree_plugin.h:644 [inline]
 __rcu_read_unlock+0x16a/0x3d0 kernel/rcu/tree_plugin.h:383
 rcu_read_unlock include/linux/rcupdate.h:670 [inline]
 nf_hook include/linux/netfilter.h:264 [inline]
 __ip_local_out+0x204/0x2b0 net/ipv4/ip_output.c:114
 ip_local_out+0x31/0x90 net/ipv4/ip_output.c:123
 ip_send_skb+0x35/0xb0 net/ipv4/ip_output.c:1562
 ip_push_pending_frames+0x5b/0x80 net/ipv4/ip_output.c:1582
 raw_sendmsg+0xe98/0x1cd0 net/ipv4/raw.c:672
 inet_sendmsg+0x6d/0x90 net/ipv4/af_inet.c:807
 sock_sendmsg_nosec net/socket.c:639 [inline]
 sock_sendmsg+0x9f/0xc0 net/socket.c:659
 kernel_sendmsg+0x4d/0x70 net/socket.c:679
 sock_no_sendpage+0xda/0x110 net/core/sock.c:2740
 inet_sendpage+0xe7/0x100 net/ipv4/af_inet.c:822
 kernel_sendpage+0x7b/0xc0 net/socket.c:3776
 sock_sendpage+0x6c/0x90 net/socket.c:937
 pipe_to_sendpage+0x102/0x1a0 fs/splice.c:458
 splice_from_pipe_feed fs/splice.c:512 [inline]
 __splice_from_pipe+0x295/0x4a0 fs/splice.c:636
 splice_from_pipe+0xbb/0x100 fs/splice.c:671
 generic_splice_sendpage+0x45/0x60 fs/splice.c:844
 do_splice_from fs/splice.c:863 [inline]
 do_splice+0x6db/0xc40 fs/splice.c:1170
 __do_sys_splice fs/splice.c:1447 [inline]
 __se_sys_splice fs/splice.c:1427 [inline]
 __x64_sys_splice+0x20a/0x220 fs/splice.c:1427
 do_syscall_64+0xcc/0x3a0 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

read to 0xffffffff85c7d080 of 8 bytes by task 18074 on cpu 1:
 _find_next_bit lib/find_bit.c:39 [inline]
 find_next_bit+0x57/0xe0 lib/find_bit.c:70
 sync_rcu_exp_select_node_cpus+0x28e/0x510 kernel/rcu/tree_exp.h:375
 sync_rcu_exp_select_cpus+0x30c/0x590 kernel/rcu/tree_exp.h:439
 rcu_exp_sel_wait_wake kernel/rcu/tree_exp.h:575 [inline]
 wait_rcu_exp_gp+0x25/0x40 kernel/rcu/tree_exp.h:589
 process_one_work+0x3d4/0x890 kernel/workqueue.c:2264
 worker_thread+0xa0/0x800 kernel/workqueue.c:2410
 kthread+0x1d4/0x200 drivers/block/aoe/aoecmd.c:1253
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 18074 Comm: kworker/1:7 Not tainted 5.5.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: rcu_gp wait_rcu_exp_gp
==================================================================