kernel: k_work_sync is modified after k_work_flush returns

[c1728p9]

Describe the bug
After a call to k_work_flush returns the k_work_sync struct may still be modified by the workq.

To Reproduce
The problem can be replicated by running the following code:

#include <zephyr/kernel.h>
#include <zephyr/logging/log.h>
#include <assert.h>
#include <string.h>

#define LOG_LEVEL 4
LOG_MODULE_REGISTER(main);

K_THREAD_STACK_DEFINE(workq_stack, 2048);
struct k_work_q workq;

void work_handler(struct k_work *item)
{
	LOG_INF("Work running");
}

void main(void)
{
	LOG_INF("Staring Test");
	k_work_queue_init(&workq);
	k_work_queue_start(&workq, workq_stack, K_THREAD_STACK_SIZEOF(workq_stack), 10, NULL);

	struct k_work work;
	struct k_work_sync sync;

	k_work_init(&work, work_handler);

	LOG_INF("Submitting work to workq");
	int ret = k_work_submit_to_queue(&workq, &work);
	assert(ret >= 0);
	k_work_flush(&work, &sync);
	LOG_INF("k_work_flush finished");

	LOG_INF("Filling k_work with 0xff");
	struct k_work work_expected;
	memset(&work_expected, 0xff, sizeof(work_expected));
	memcpy(&work, &work_expected, sizeof(work));

	LOG_INF("Filling k_work_sync with 0xff");
	struct k_work_sync sync_expected;
	memset(&sync_expected, 0xff, sizeof(sync_expected));
	memcpy(&sync, &sync_expected, sizeof(sync));

	LOG_INF("Waiting");
	k_msleep(100);

	if (memcmp(&work, &work_expected, sizeof(work)) == 0) {
		LOG_INF("No changes to k_work detected");
	} else {
		LOG_ERR("Modification to k_work detected");
		LOG_HEXDUMP_ERR(&work_expected, sizeof(work_expected), "Expected: ");
		LOG_HEXDUMP_ERR(&work, sizeof(work), "Got: ");
	}

	if (memcmp(&sync, &sync_expected, sizeof(sync)) == 0) {
		LOG_INF("No changes to k_work_sync detected");
	} else {
		LOG_ERR("Modification to k_work_sync detected");
		LOG_HEXDUMP_ERR(&sync_expected, sizeof(sync_expected), "Expected: ");
		LOG_HEXDUMP_ERR(&sync, sizeof(sync), "Got: ");
	}

	while (1)
	{
		k_msleep(1000);
	}
}

Expected behavior
The struct k_work_sync is not modified by the workq after k_work_flush returns.

Impact
It is unclear when it is safe to reuse or free k_work_sync after a call to k_work_flush.

Logs and console output
Logs from the above program running on a K64F with Zephyr v3.3.0:

*** Booting Zephyr OS build zephyr-v3.3.0 ***
[00:00:00.000,000] <inf> main: Staring Test
[00:00:00.000,000] <inf> main: Submitting work to workq
[00:00:00.000,000] <inf> main: Work running
[00:00:00.000,000] <inf> main: k_work_flush finished
[00:00:00.000,000] <inf> main: Filling k_work with 0xff
[00:00:00.000,000] <inf> main: Filling k_work_sync with 0xff
[00:00:00.000,000] <inf> main: Waiting
[00:00:00.100,000] <inf> main: No changes to k_work detected
[00:00:00.100,000] <err> main: Modification to k_work_sync detected
[00:00:00.100,000] <err> main: Expected:
                               ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff |........ ........
                               ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff |........ ........
[00:00:00.100,000] <err> main: Got:
                               ff ff ff ff ff ff ff ff  ff ff ff ff fc ff ff ff |........ ........
                               ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff |........ ........

Environment (please complete the following information):

• OS: Windows
• Toolchain: Zephyr SDK
• Commit SHA: 07c6af3 (v3.3.0)

[github-actions]

Hi @c1728p9! We appreciate you submitting your first issue for our open-source project. 🌟

Even though I'm a bot, I can assure you that the whole community is genuinely grateful for your time and effort. 🤖💙

[github-actions]

This issue has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this issue will automatically be closed in 14 days. Note, that you can always re-open a closed issue at any time.