==================================================================
BUG: KCSAN: data-race in random_recv_done / virtio_read

write to 0xffff888101c808cc of 4 bytes by task 533 on cpu 0:
 request_entropy drivers/char/hw_random/virtio-rng.c:56 [inline]
 copy_data drivers/char/hw_random/virtio-rng.c:74 [inline]
 virtio_read+0x1a0/0x450 drivers/char/hw_random/virtio-rng.c:92
 rng_get_data drivers/char/hw_random/core.c:192 [inline]
 rng_dev_read+0x1b4/0x630 drivers/char/hw_random/core.c:229
 loop_rw_iter+0x257/0x350
 io_iter_do_read fs/io_uring.c:3503 [inline]
 io_read fs/io_uring.c:3558 [inline]
 io_issue_sqe+0x521e/0x55e0 fs/io_uring.c:6671
 __io_queue_sqe+0x20/0x440 fs/io_uring.c:7018
 io_queue_sqe fs/io_uring.c:7060 [inline]
 io_submit_sqe+0x77a/0x47d3 fs/io_uring.c:7263
 io_submit_sqes+0x25d/0x670 fs/io_uring.c:7369
 __do_sys_io_uring_enter fs/io_uring.c:10072 [inline]
 __se_sys_io_uring_enter+0x212/0xb00 fs/io_uring.c:10014
 __x64_sys_io_uring_enter+0x74/0x80 fs/io_uring.c:10014
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

write to 0xffff888101c808cc of 4 bytes by interrupt on cpu 1:
 random_recv_done+0x58/0x80 drivers/char/hw_random/virtio-rng.c:45
 vring_interrupt+0x15d/0x180 drivers/virtio/virtio_ring.c:2163
 __handle_irq_event_percpu+0x93/0x480 kernel/irq/handle.c:158
 handle_irq_event_percpu kernel/irq/handle.c:198 [inline]
 handle_irq_event+0x9a/0x150 kernel/irq/handle.c:215
 handle_edge_irq+0x18e/0x5f0 kernel/irq/chip.c:822
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq arch/x86/kernel/irq.c:231 [inline]
 __common_interrupt+0x60/0x100 arch/x86/kernel/irq.c:250
 common_interrupt+0x9a/0xc0 arch/x86/kernel/irq.c:240
 asm_common_interrupt+0x1e/0x40
 is_atomic kernel/kcsan/core.c:243 [inline]
 should_watch kernel/kcsan/core.c:271 [inline]
 check_access kernel/kcsan/core.c:640 [inline]
 __tsan_unaligned_write8+0x125/0x180 kernel/kcsan/core.c:864
 __tlb_remove_page_size+0x53/0x180 mm/mmu_gather.c:81
 __tlb_remove_page include/asm-generic/tlb.h:440 [inline]
 zap_pte_range+0x7ad/0x10e0 mm/memory.c:1360
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x2dc/0x3d0 mm/memory.c:1538
 unmap_single_vma+0x157/0x210 mm/memory.c:1583
 unmap_vmas+0xd0/0x180 mm/memory.c:1615
 exit_mmap+0x23d/0x470 mm/mmap.c:3170
 __mmput+0x27/0x1b0 kernel/fork.c:1113
 mmput kernel/fork.c:1134 [inline]
 copy_process+0x2513/0x2fd0 kernel/fork.c:2440
 kernel_clone+0x15c/0x6a0 kernel/fork.c:2582
 __do_sys_clone kernel/fork.c:2699 [inline]
 __se_sys_clone kernel/fork.c:2683 [inline]
 __x64_sys_clone+0xc6/0xf0 kernel/fork.c:2683
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0x00000040 -> 0x00000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 518 Comm: syz-executor.1 Tainted: G        W         5.16.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================
scsi_io_completion_action: 10 callbacks suppressed
sd 0:0:1:0: tag#6530 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s
sd 0:0:1:0: tag#6530 CDB: opcode=0xe5 (vendor)
sd 0:0:1:0: tag#6530 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c
sd 0:0:1:0: tag#6530 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d
sd 0:0:1:0: tag#6530 CDB[20]: ba
sd 0:0:1:0: tag#6531 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s
sd 0:0:1:0: tag#6531 CDB: opcode=0xe5 (vendor)
sd 0:0:1:0: tag#6531 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c
sd 0:0:1:0: tag#6531 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d
sd 0:0:1:0: tag#6531 CDB[20]: ba