syzbot

==================================================================
BUG: KCSAN: data-race in xfrmi_xmit / xfrmi_xmit

read-write to 0xffff888138907170 of 8 bytes by task 22475 on cpu 0:
 xfrmi_xmit+0x76e/0xb20 net/xfrm/xfrm_interface_core.c:584
 __netdev_start_xmit include/linux/netdevice.h:4889 [inline]
 netdev_start_xmit include/linux/netdevice.h:4903 [inline]
 xmit_one net/core/dev.c:3544 [inline]
 dev_hard_start_xmit+0x11b/0x3f0 net/core/dev.c:3560
 __dev_queue_xmit+0xf27/0x1e20 net/core/dev.c:4340
 dev_queue_xmit include/linux/netdevice.h:3082 [inline]
 neigh_connected_output+0x231/0x2a0 net/core/neighbour.c:1581
 neigh_output include/net/neighbour.h:542 [inline]
 ip_finish_output2+0x773/0x880 net/ipv4/ip_output.c:233
 ip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:321
 NF_HOOK_COND include/linux/netfilter.h:293 [inline]
 ip_output+0xab/0x170 net/ipv4/ip_output.c:431
 dst_output include/net/dst.h:458 [inline]
 ip_local_out+0x64/0x80 net/ipv4/ip_output.c:127
 iptunnel_xmit+0x344/0x460 net/ipv4/ip_tunnel_core.c:82
 ip_tunnel_xmit+0x1477/0x1750 net/ipv4/ip_tunnel.c:831
 __gre_xmit net/ipv4/ip_gre.c:469 [inline]
 ipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:662
 __netdev_start_xmit include/linux/netdevice.h:4889 [inline]
 netdev_start_xmit include/linux/netdevice.h:4903 [inline]
 xmit_one net/core/dev.c:3544 [inline]
 dev_hard_start_xmit+0x11b/0x3f0 net/core/dev.c:3560
 __dev_queue_xmit+0xf27/0x1e20 net/core/dev.c:4340
 dev_queue_xmit include/linux/netdevice.h:3082 [inline]
 __bpf_tx_skb net/core/filter.c:2129 [inline]
 __bpf_redirect_no_mac net/core/filter.c:2159 [inline]
 __bpf_redirect+0x723/0x9c0 net/core/filter.c:2182
 ____bpf_clone_redirect net/core/filter.c:2453 [inline]
 bpf_clone_redirect+0x16c/0x1d0 net/core/filter.c:2425
 ___bpf_prog_run+0xd7d/0x41e0 kernel/bpf/core.c:1954
 __bpf_prog_run512+0x74/0xa0 kernel/bpf/core.c:2195
 bpf_dispatcher_nop_func include/linux/bpf.h:1181 [inline]
 __bpf_prog_run include/linux/filter.h:609 [inline]
 bpf_prog_run include/linux/filter.h:616 [inline]
 bpf_test_run+0x16b/0x3f0 net/bpf/test_run.c:423
 bpf_prog_test_run_skb+0x77b/0xa00 net/bpf/test_run.c:1046
 bpf_prog_test_run+0x265/0x3d0 kernel/bpf/syscall.c:3996
 __sys_bpf+0x3af/0x780 kernel/bpf/syscall.c:5353
 __do_sys_bpf kernel/bpf/syscall.c:5439 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5437 [inline]
 __x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5437
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

read-write to 0xffff888138907170 of 8 bytes by task 22474 on cpu 1:
 xfrmi_xmit+0x76e/0xb20 net/xfrm/xfrm_interface_core.c:584
 __netdev_start_xmit include/linux/netdevice.h:4889 [inline]
 netdev_start_xmit include/linux/netdevice.h:4903 [inline]
 xmit_one net/core/dev.c:3544 [inline]
 dev_hard_start_xmit+0x11b/0x3f0 net/core/dev.c:3560
 __dev_queue_xmit+0xf27/0x1e20 net/core/dev.c:4340
 dev_queue_xmit include/linux/netdevice.h:3082 [inline]
 neigh_connected_output+0x231/0x2a0 net/core/neighbour.c:1581
 neigh_output include/net/neighbour.h:542 [inline]
 ip_finish_output2+0x773/0x880 net/ipv4/ip_output.c:233
 ip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:321
 NF_HOOK_COND include/linux/netfilter.h:293 [inline]
 ip_output+0xab/0x170 net/ipv4/ip_output.c:431
 dst_output include/net/dst.h:458 [inline]
 ip_local_out+0x64/0x80 net/ipv4/ip_output.c:127
 iptunnel_xmit+0x344/0x460 net/ipv4/ip_tunnel_core.c:82
 ip_tunnel_xmit+0x1477/0x1750 net/ipv4/ip_tunnel.c:831
 __gre_xmit net/ipv4/ip_gre.c:469 [inline]
 ipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:662
 __netdev_start_xmit include/linux/netdevice.h:4889 [inline]
 netdev_start_xmit include/linux/netdevice.h:4903 [inline]
 xmit_one net/core/dev.c:3544 [inline]
 dev_hard_start_xmit+0x11b/0x3f0 net/core/dev.c:3560
 __dev_queue_xmit+0xf27/0x1e20 net/core/dev.c:4340
 dev_queue_xmit include/linux/netdevice.h:3082 [inline]
 __bpf_tx_skb net/core/filter.c:2129 [inline]
 __bpf_redirect_no_mac net/core/filter.c:2159 [inline]
 __bpf_redirect+0x723/0x9c0 net/core/filter.c:2182
 ____bpf_clone_redirect net/core/filter.c:2453 [inline]
 bpf_clone_redirect+0x16c/0x1d0 net/core/filter.c:2425
 ___bpf_prog_run+0xd7d/0x41e0 kernel/bpf/core.c:1954
 __bpf_prog_run512+0x74/0xa0 kernel/bpf/core.c:2195
 bpf_dispatcher_nop_func include/linux/bpf.h:1181 [inline]
 __bpf_prog_run include/linux/filter.h:609 [inline]
 bpf_prog_run include/linux/filter.h:616 [inline]
 bpf_test_run+0x16b/0x3f0 net/bpf/test_run.c:423
 bpf_prog_test_run_skb+0x77b/0xa00 net/bpf/test_run.c:1046
 bpf_prog_test_run+0x265/0x3d0 kernel/bpf/syscall.c:3996
 __sys_bpf+0x3af/0x780 kernel/bpf/syscall.c:5353
 __do_sys_bpf kernel/bpf/syscall.c:5439 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5437 [inline]
 __x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5437
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

value changed: 0x0000000000002185 -> 0x0000000000002186

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 22474 Comm: syz-executor.2 Not tainted 6.6.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
==================================================================
syz-executor.2 (22474) used greatest stack depth: 9096 bytes left