==================================================================
BUG: KCSAN: data-race in __neigh_event_send / ip_finish_output2

read to 0xffff8880ae8dd485 of 1 bytes by interrupt on cpu 1:
 neigh_output include/net/neighbour.h:508 [inline]
 ip_finish_output2+0x381/0xea0 net/ipv4/ip_output.c:228
 __ip_finish_output net/ipv4/ip_output.c:308 [inline]
 __ip_finish_output+0x23a/0x490 net/ipv4/ip_output.c:290
 ip_finish_output+0x41/0x160 net/ipv4/ip_output.c:318
 NF_HOOK_COND include/linux/netfilter.h:296 [inline]
 ip_output+0xfe/0x230 net/ipv4/ip_output.c:432
 dst_output include/net/dst.h:436 [inline]
 ip_local_out+0x74/0x90 net/ipv4/ip_output.c:125
 __ip_queue_xmit+0x3a8/0xa40 net/ipv4/ip_output.c:532
 sctp_v4_xmit+0xf4/0x110 net/sctp/protocol.c:976
 sctp_packet_transmit+0x111e/0x1800 net/sctp/output.c:629
 sctp_outq_flush_transports net/sctp/outqueue.c:1146 [inline]
 sctp_outq_flush+0x1e9/0x14c0 net/sctp/outqueue.c:1194
 sctp_outq_uncork+0x64/0x80 net/sctp/outqueue.c:757
 sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1786 [inline]
 sctp_side_effects net/sctp/sm_sideeffect.c:1189 [inline]
 sctp_do_sm+0x37f/0x2f10 net/sctp/sm_sideeffect.c:1160
 sctp_generate_heartbeat_event+0x137/0x200 net/sctp/sm_sideeffect.c:391
 call_timer_fn+0x5f/0x2f0 kernel/time/timer.c:1404
 expire_timers kernel/time/timer.c:1449 [inline]
 __run_timers kernel/time/timer.c:1773 [inline]
 __run_timers kernel/time/timer.c:1740 [inline]
 run_timer_softirq+0xc0c/0xcd0 kernel/time/timer.c:1786
 __do_softirq+0x115/0x33f kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:373 [inline]
 irq_exit+0xbb/0xe0 kernel/softirq.c:413
 exiting_irq arch/x86/include/asm/apic.h:536 [inline]
 smp_apic_timer_interrupt+0xe6/0x280 arch/x86/kernel/apic/apic.c:1137
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:829
 arch_local_irq_restore arch/x86/include/asm/paravirt.h:752 [inline]
 kcsan_setup_watchpoint+0x1d4/0x460 kernel/kcsan/core.c:429
 check_access kernel/kcsan/core.c:459 [inline]
 __tsan_read4+0xc6/0x100 kernel/kcsan/core.c:588
 __tlb_remove_page_size+0x7e/0x1d0 mm/mmu_gather.c:82
 __tlb_remove_page include/asm-generic/tlb.h:414 [inline]
 zap_pte_range mm/memory.c:1083 [inline]
 zap_pmd_range mm/memory.c:1184 [inline]
 zap_pud_range mm/memory.c:1213 [inline]
 zap_p4d_range mm/memory.c:1234 [inline]
 unmap_page_range+0xb8e/0x1940 mm/memory.c:1255
 unmap_single_vma+0x144/0x200 mm/memory.c:1300
 unmap_vmas+0xda/0x1a0 mm/memory.c:1332
 exit_mmap+0x13e/0x300 mm/mmap.c:3140
 __mmput kernel/fork.c:1082 [inline]
 mmput+0xea/0x280 kernel/fork.c:1103
 exit_mm kernel/exit.c:485 [inline]
 do_exit+0x4ac/0x18c0 kernel/exit.c:784
 do_group_exit+0xb4/0x1c0 kernel/exit.c:895
 get_signal+0x2a2/0x1320 kernel/signal.c:2734
 do_signal+0x2f/0x6c0 arch/x86/kernel/signal.c:815
 exit_to_usermode_loop+0x250/0x2c0 arch/x86/entry/common.c:160
 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:278 [inline]
 do_syscall_64+0x384/0x3a0 arch/x86/entry/common.c:304
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

write to 0xffff8880ae8dd485 of 1 bytes by interrupt on cpu 0:
 __neigh_event_send+0x185/0x9f0 net/core/neighbour.c:1128
 neigh_event_send include/net/neighbour.h:445 [inline]
 neigh_resolve_output+0x385/0x4c0 net/core/neighbour.c:1474
 neigh_output include/net/neighbour.h:511 [inline]
 ip_finish_output2+0x408/0xea0 net/ipv4/ip_output.c:228
 __ip_finish_output net/ipv4/ip_output.c:308 [inline]
 __ip_finish_output+0x23a/0x490 net/ipv4/ip_output.c:290
 ip_finish_output+0x41/0x160 net/ipv4/ip_output.c:318
 NF_HOOK_COND include/linux/netfilter.h:296 [inline]
 ip_output+0xfe/0x230 net/ipv4/ip_output.c:432
 dst_output include/net/dst.h:436 [inline]
 ip_local_out+0x74/0x90 net/ipv4/ip_output.c:125
 ip_send_skb+0x35/0xb0 net/ipv4/ip_output.c:1562
 ip_push_pending_frames+0x5b/0x80 net/ipv4/ip_output.c:1582
 icmp_push_reply+0x1cb/0x230 net/ipv4/icmp.c:390
 __icmp_send+0x875/0xab0 net/ipv4/icmp.c:740
 ipv4_send_dest_unreach net/ipv4/route.c:1220 [inline]
 ipv4_link_failure+0x22d/0x400 net/ipv4/route.c:1227
 dst_link_failure include/net/dst.h:419 [inline]
 arp_error_report+0x72/0x90 net/ipv4/arp.c:293
 neigh_invalidate+0x1b2/0x320 net/core/neighbour.c:996
 neigh_timer_handler+0x884/0x940 net/core/neighbour.c:1082
 call_timer_fn+0x5f/0x2f0 kernel/time/timer.c:1404
 expire_timers kernel/time/timer.c:1449 [inline]
 __run_timers kernel/time/timer.c:1773 [inline]
 __run_timers kernel/time/timer.c:1740 [inline]
 run_timer_softirq+0xc0c/0xcd0 kernel/time/timer.c:1786
 __do_softirq+0x115/0x33f kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:373 [inline]
 irq_exit+0xbb/0xe0 kernel/softirq.c:413
 exiting_irq arch/x86/include/asm/apic.h:536 [inline]
 smp_apic_timer_interrupt+0xe6/0x280 arch/x86/kernel/apic/apic.c:1137
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:829
 scsi_setup_scsi_cmnd drivers/scsi/scsi_lib.c:1190 [inline]
 scsi_setup_cmnd drivers/scsi/scsi_lib.c:1227 [inline]
 scsi_mq_prep_fn drivers/scsi/scsi_lib.c:1603 [inline]
 scsi_queue_rq+0x1230/0x1800 drivers/scsi/scsi_lib.c:1671
 blk_mq_dispatch_rq_list+0xbe9/0xe40 block/blk-mq.c:1238
 blk_mq_do_dispatch_sched+0x11d/0x260 block/blk-mq-sched.c:115
 blk_mq_sched_dispatch_requests+0x2b4/0x380 block/blk-mq-sched.c:211
 __blk_mq_run_hw_queue+0xb7/0x160 block/blk-mq.c:1368
 blk_mq_run_work_fn+0x57/0x70 block/blk-mq.c:1597
 process_one_work+0x3d4/0x890 kernel/workqueue.c:2264
 worker_thread+0xa0/0x800 kernel/workqueue.c:2410
 kthread+0x1d4/0x200 drivers/block/aoe/aoecmd.c:1253
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 2499 Comm: kworker/0:1H Not tainted 5.5.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: kblockd blk_mq_run_work_fn
==================================================================