==================================================================
BUG: KCSAN: data-race in __ep_eventpoll_poll / wakeup_source_report_event

write to 0xffff88811983b0b8 of 1 bytes by interrupt on cpu 0:
 wakeup_source_activate drivers/base/power/wakeup.c:565 [inline]
 wakeup_source_report_event+0xd6/0x280 drivers/base/power/wakeup.c:590
 __pm_stay_awake+0x34/0x70 drivers/base/power/wakeup.c:611
 ep_pm_stay_awake_rcu fs/eventpoll.c:727 [inline]
 ep_poll_callback+0x1f6/0x550 fs/eventpoll.c:1241
 __wake_up_common kernel/sched/wait.c:89 [inline]
 __wake_up_common_lock kernel/sched/wait.c:106 [inline]
 __wake_up+0x66/0xb0 kernel/sched/wait.c:127
 ep_poll_safewake fs/eventpoll.c:661 [inline]
 ep_poll_callback+0x3d6/0x550 fs/eventpoll.c:1271
 __wake_up_common kernel/sched/wait.c:89 [inline]
 __wake_up_common_lock kernel/sched/wait.c:106 [inline]
 __wake_up+0x66/0xb0 kernel/sched/wait.c:127
 bpf_ringbuf_notify+0x22/0x30 kernel/bpf/ringbuf.c:155
 irq_work_single kernel/irq_work.c:221 [inline]
 irq_work_run_list kernel/irq_work.c:252 [inline]
 irq_work_run+0xe2/0x2d0 kernel/irq_work.c:261
 __sysvec_irq_work+0x22/0x170 arch/x86/kernel/irq_work.c:22
 instr_sysvec_irq_work arch/x86/kernel/irq_work.c:17 [inline]
 sysvec_irq_work+0x66/0x80 arch/x86/kernel/irq_work.c:17
 asm_sysvec_irq_work+0x1a/0x20 arch/x86/include/asm/idtentry.h:738
 __wrmsrq arch/x86/include/asm/msr.h:80 [inline]
 native_write_msr arch/x86/include/asm/msr.h:137 [inline]
 wrmsrq arch/x86/include/asm/msr.h:199 [inline]
 native_apic_msr_write+0x3d/0x60 arch/x86/include/asm/apic.h:212
 apic_write arch/x86/include/asm/apic.h:405 [inline]
 x2apic_send_IPI_self+0x10/0x20 arch/x86/kernel/apic/x2apic_phys.c:107
 __apic_send_IPI_self arch/x86/include/asm/apic.h:455 [inline]
 arch_irq_work_raise+0x46/0x50 arch/x86/kernel/irq_work.c:31
 irq_work_raise kernel/irq_work.c:84 [inline]
 __irq_work_queue_local+0x10f/0x2c0 kernel/irq_work.c:112
 irq_work_queue+0x70/0x100 kernel/irq_work.c:124
 bpf_ringbuf_commit kernel/bpf/ringbuf.c:-1 [inline]
 ____bpf_ringbuf_discard kernel/bpf/ringbuf.c:525 [inline]
 bpf_ringbuf_discard+0xd3/0xf0 kernel/bpf/ringbuf.c:523
 bpf_prog_fe0ed97373b08409+0x4b/0x4f
 bpf_dispatcher_nop_func include/linux/bpf.h:1322 [inline]
 __bpf_prog_run include/linux/filter.h:718 [inline]
 bpf_prog_run include/linux/filter.h:725 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2258 [inline]
 bpf_trace_run3+0x10f/0x1d0 kernel/trace/bpf_trace.c:2300
 __do_trace_kmem_cache_free include/trace/events/kmem.h:114 [inline]
 trace_kmem_cache_free include/trace/events/kmem.h:114 [inline]
 kmem_cache_free+0x257/0x300 mm/slub.c:4744
 mempool_free_slab+0x1d/0x30 mm/mempool.c:566
 mempool_free+0x78/0x140 mm/mempool.c:548
 bio_free+0x153/0x1e0 block/bio.c:237
 bio_put+0x11f/0x440 block/bio.c:-1
 end_bio_bh_io_sync+0x81/0xa0 fs/buffer.c:2784
 bio_endio+0x374/0x410 block/bio.c:1645
 submit_bio_noacct+0x104/0x8f0 block/blk-core.c:881
 submit_bio+0x227/0x240 block/blk-core.c:916
 submit_bh_wbc+0x2e0/0x320 fs/buffer.c:2831
 submit_bh fs/buffer.c:2836 [inline]
 block_read_full_folio+0x3fe/0x6a0 fs/buffer.c:2454
 do_mpage_readpage+0xcf4/0xe20 fs/mpage.c:314
 mpage_read_folio+0x93/0x110 fs/mpage.c:389
 fat_read_folio+0x1c/0x30 fs/fat/inode.c:204
 filemap_read_folio+0x2e/0x110 mm/filemap.c:2412
 filemap_fault+0x568/0xb40 mm/filemap.c:3504
 __do_fault+0xb9/0x200 mm/memory.c:5169
 do_read_fault mm/memory.c:5590 [inline]
 do_fault mm/memory.c:5724 [inline]
 do_pte_missing mm/memory.c:4251 [inline]
 handle_pte_fault mm/memory.c:6069 [inline]
 __handle_mm_fault mm/memory.c:6212 [inline]
 handle_mm_fault+0xf78/0x2be0 mm/memory.c:6381
 faultin_page mm/gup.c:1186 [inline]
 __get_user_pages+0x1036/0x1fb0 mm/gup.c:1488
 populate_vma_page_range mm/gup.c:1926 [inline]
 __mm_populate+0x243/0x3a0 mm/gup.c:2029
 mm_populate include/linux/mm.h:3348 [inline]
 vm_mmap_pgoff+0x232/0x2e0 mm/util.c:584
 ksys_mmap_pgoff+0x268/0x310 mm/mmap.c:607
 x64_sys_call+0x1602/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:10
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff88811983b0b8 of 1 bytes by task 5301 on cpu 1:
 __ep_eventpoll_poll+0x1de/0x4e0 fs/eventpoll.c:956
 ep_eventpoll_poll+0x1f/0x30 fs/eventpoll.c:1030
 vfs_poll include/linux/poll.h:82 [inline]
 select_poll_one fs/select.c:480 [inline]
 do_select+0x8ee/0xf50 fs/select.c:536
 core_sys_select+0x3d7/0x6e0 fs/select.c:677
 do_pselect fs/select.c:759 [inline]
 __do_sys_pselect6 fs/select.c:802 [inline]
 __se_sys_pselect6+0x216/0x280 fs/select.c:793
 __x64_sys_pselect6+0x78/0x90 fs/select.c:793
 x64_sys_call+0x1caa/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:271
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00 -> 0x01

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 5301 Comm: syz.1.617 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
==================================================================