================================================================== BUG: KCSAN: data-race in __mod_timer / expire_timers write to 0xffff888237d1b688 of 8 bytes by interrupt on cpu 1: expire_timers+0x17f/0x250 kernel/time/timer.c:1472 __run_timers+0x358/0x420 kernel/time/timer.c:1745 run_timer_softirq+0x19/0x30 kernel/time/timer.c:1758 __do_softirq+0x12c/0x275 kernel/softirq.c:559 invoke_softirq kernel/softirq.c:433 [inline] __irq_exit_rcu+0xa5/0xb0 kernel/softirq.c:637 sysvec_apic_timer_interrupt+0x69/0x80 arch/x86/kernel/apic/apic.c:1100 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:647 _raw_spin_unlock_irqrestore+0x34/0x40 kernel/locking/spinlock.c:192 spin_unlock_irqrestore include/linux/spinlock.h:409 [inline] unlock_page_lruvec_irqrestore include/linux/memcontrol.h:1516 [inline] __pagevec_lru_add+0x24b/0x2b0 mm/swap.c:1064 lru_cache_add mm/swap.c:475 [inline] lru_cache_add_inactive_or_unevictable+0x156/0x270 mm/swap.c:506 wp_page_copy+0x7f8/0x10c0 mm/memory.c:2953 do_wp_page+0x5a8/0xba0 include/linux/spinlock_api_smp.h:152 handle_pte_fault mm/memory.c:4385 [inline] __handle_mm_fault mm/memory.c:4502 [inline] handle_mm_fault+0xb31/0x1a70 mm/memory.c:4600 do_user_addr_fault+0x60c/0xc00 arch/x86/mm/fault.c:1390 handle_page_fault arch/x86/mm/fault.c:1475 [inline] exc_page_fault+0x94/0x230 arch/x86/mm/fault.c:1531 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:577 read to 0xffff888237d1b688 of 8 bytes by interrupt on cpu 0: __mod_timer+0x44e/0xbe0 kernel/time/timer.c:1035 add_timer+0x38/0x50 kernel/time/timer.c:1142 __queue_delayed_work+0xec/0x150 kernel/workqueue.c:1656 mod_delayed_work_on+0x6a/0xd0 kernel/workqueue.c:1719 mod_delayed_work include/linux/workqueue.h:537 [inline] io_rsrc_node_ref_zero+0x1b6/0x1d0 fs/io_uring.c:7603 percpu_ref_put_many include/linux/percpu-refcount.h:322 [inline] percpu_ref_put include/linux/percpu-refcount.h:338 [inline] percpu_ref_call_confirm_rcu lib/percpu-refcount.c:163 [inline] percpu_ref_switch_to_atomic_rcu+0x352/0x360 lib/percpu-refcount.c:205 rcu_do_batch kernel/rcu/tree.c:2558 [inline] rcu_core+0xb95/0xd50 kernel/rcu/tree.c:2793 rcu_core_si+0x9/0x10 kernel/rcu/tree.c:2806 __do_softirq+0x12c/0x275 kernel/softirq.c:559 invoke_softirq kernel/softirq.c:433 [inline] __irq_exit_rcu+0xa5/0xb0 kernel/softirq.c:637 sysvec_apic_timer_interrupt+0x69/0x80 arch/x86/kernel/apic/apic.c:1100 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:647 check_kcov_mode kernel/kcov.c:163 [inline] write_comp_data kernel/kcov.c:218 [inline] __sanitizer_cov_trace_const_cmp8+0x2b/0x90 kernel/kcov.c:291 PageHuge+0x4e/0xc0 mm/hugetlb.c:1551 page_remove_file_rmap mm/rmap.c:1257 [inline] page_remove_rmap+0x72/0x230 mm/rmap.c:1351 zap_pte_range+0x583/0xe20 mm/memory.c:1270 zap_pmd_range mm/memory.c:1374 [inline] zap_pud_range mm/memory.c:1403 [inline] zap_p4d_range mm/memory.c:1424 [inline] unmap_page_range+0x2dc/0x3d0 mm/memory.c:1445 unmap_single_vma+0x157/0x210 mm/memory.c:1490 unmap_vmas+0xc0/0x170 mm/memory.c:1522 exit_mmap+0x1be/0x400 mm/mmap.c:3208 __mmput+0x27/0x1c0 kernel/fork.c:1096 mmput+0x3d/0x50 kernel/fork.c:1117 exit_mm+0x360/0x450 kernel/exit.c:502 do_exit+0x3ff/0x1560 kernel/exit.c:813 do_group_exit+0xce/0x1a0 kernel/exit.c:923 get_signal+0xfc3/0x1610 kernel/signal.c:2835 arch_do_signal_or_restart+0x2a/0x220 arch/x86/kernel/signal.c:789 handle_signal_work kernel/entry/common.c:147 [inline] exit_to_user_mode_loop kernel/entry/common.c:171 [inline] exit_to_user_mode_prepare+0x109/0x190 kernel/entry/common.c:208 __syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline] syscall_exit_to_user_mode+0x20/0x40 kernel/entry/common.c:301 do_syscall_64+0x56/0x90 arch/x86/entry/common.c:57 entry_SYSCALL_64_after_hwframe+0x44/0xae Reported by Kernel Concurrency Sanitizer on: CPU: 0 PID: 20971 Comm: syz-executor.0 Not tainted 5.13.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ==================================================================