==================================================================
BUG: KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit

write to 0xffff88812ffc9170 of 8 bytes by interrupt on cpu 0:
 ip_tunnel_xmit+0x7a6/0x11c0 net/ipv4/ip_tunnel.c:756
 sit_tunnel_xmit__ net/ipv6/sit.c:1058 [inline]
 sit_tunnel_xmit+0x3c2/0x11f0 net/ipv6/sit.c:1074
 __netdev_start_xmit include/linux/netdevice.h:4944 [inline]
 netdev_start_xmit include/linux/netdevice.h:4958 [inline]
 xmit_one+0xf9/0x270 net/core/dev.c:3654
 dev_hard_start_xmit net/core/dev.c:3670 [inline]
 __dev_queue_xmit+0xd44/0x1300 net/core/dev.c:4245
 dev_queue_xmit+0x13/0x20 net/core/dev.c:4278
 neigh_connected_output+0x264/0x290 net/core/neighbour.c:1524
 neigh_output include/net/neighbour.h:510 [inline]
 ip_finish_output2+0x874/0xb10 net/ipv4/ip_output.c:230
 __ip_finish_output net/ipv4/ip_output.c:252 [inline]
 ip_finish_output+0x2fa/0x490 net/ipv4/ip_output.c:318
 NF_HOOK_COND include/linux/netfilter.h:290 [inline]
 ip_output+0xf6/0x1a0 net/ipv4/ip_output.c:432
 dst_output include/net/dst.h:448 [inline]
 ip_local_out+0x167/0x230 net/ipv4/ip_output.c:126
 __ip_queue_xmit+0x97f/0x9a0 net/ipv4/ip_output.c:533
 ip_queue_xmit+0x34/0x40 net/ipv4/ip_output.c:547
 __tcp_transmit_skb+0x141a/0x19f0 net/ipv4/tcp_output.c:1405
 tcp_transmit_skb net/ipv4/tcp_output.c:1423 [inline]
 tcp_xmit_probe_skb net/ipv4/tcp_output.c:4009 [inline]
 tcp_write_wakeup+0x28f/0x810 net/ipv4/tcp_output.c:4061
 tcp_send_probe0+0x2c/0x2b0 net/ipv4/tcp_output.c:4077
 tcp_probe_timer net/ipv4/tcp_timer.c:398 [inline]
 tcp_write_timer_handler+0x394/0x530 net/ipv4/tcp_timer.c:626
 tcp_write_timer+0xb9/0x180 net/ipv4/tcp_timer.c:642
 call_timer_fn+0x2e/0x1d0 kernel/time/timer.c:1431
 expire_timers+0x135/0x250 kernel/time/timer.c:1476
 __run_timers+0x358/0x420 kernel/time/timer.c:1745
 run_timer_softirq+0x19/0x30 kernel/time/timer.c:1758
 __do_softirq+0x12c/0x275 kernel/softirq.c:559
 invoke_softirq kernel/softirq.c:433 [inline]
 __irq_exit_rcu+0xa5/0xb0 kernel/softirq.c:637
 sysvec_apic_timer_interrupt+0x69/0x80 arch/x86/kernel/apic/apic.c:1100
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632
 should_watch kernel/kcsan/core.c:269 [inline]
 check_access kernel/kcsan/core.c:632 [inline]
 __tsan_read2+0x150/0x180 kernel/kcsan/core.c:843
 tlb_flush_pte_range include/asm-generic/tlb.h:524 [inline]
 zap_pte_range+0x39c/0xe20 mm/memory.c:1256
 zap_pmd_range mm/memory.c:1374 [inline]
 zap_pud_range mm/memory.c:1403 [inline]
 zap_p4d_range mm/memory.c:1424 [inline]
 unmap_page_range+0x2dc/0x3d0 mm/memory.c:1445
 unmap_single_vma+0x157/0x210 mm/memory.c:1490
 unmap_vmas+0xc0/0x170 mm/memory.c:1522
 exit_mmap+0x1be/0x400 mm/mmap.c:3224
 __mmput+0x27/0x1c0 kernel/fork.c:1096
 mmput+0x3d/0x50 kernel/fork.c:1117
 exit_mm+0x360/0x450 kernel/exit.c:502
 do_exit+0x3ff/0x1560 kernel/exit.c:813
 do_group_exit+0xce/0x1a0 kernel/exit.c:923
 get_signal+0xfc3/0x1610 kernel/signal.c:2818
 arch_do_signal_or_restart+0x2a/0x220 arch/x86/kernel/signal.c:789
 handle_signal_work kernel/entry/common.c:147 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
 exit_to_user_mode_prepare+0x109/0x190 kernel/entry/common.c:208
 __syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline]
 syscall_exit_to_user_mode+0x20/0x40 kernel/entry/common.c:301
 do_syscall_64+0x56/0x90 arch/x86/entry/common.c:57
 entry_SYSCALL_64_after_hwframe+0x44/0xae

read to 0xffff88812ffc9170 of 8 bytes by interrupt on cpu 1:
 ip_tunnel_xmit+0x794/0x11c0 net/ipv4/ip_tunnel.c:756
 sit_tunnel_xmit__ net/ipv6/sit.c:1058 [inline]
 sit_tunnel_xmit+0x3c2/0x11f0 net/ipv6/sit.c:1074
 __netdev_start_xmit include/linux/netdevice.h:4944 [inline]
 netdev_start_xmit include/linux/netdevice.h:4958 [inline]
 xmit_one+0xf9/0x270 net/core/dev.c:3654
 dev_hard_start_xmit net/core/dev.c:3670 [inline]
 __dev_queue_xmit+0xd44/0x1300 net/core/dev.c:4245
 dev_queue_xmit+0x13/0x20 net/core/dev.c:4278
 neigh_connected_output+0x264/0x290 net/core/neighbour.c:1524
 neigh_output include/net/neighbour.h:510 [inline]
 ip_finish_output2+0x874/0xb10 net/ipv4/ip_output.c:230
 __ip_finish_output net/ipv4/ip_output.c:252 [inline]
 ip_finish_output+0x2fa/0x490 net/ipv4/ip_output.c:318
 NF_HOOK_COND include/linux/netfilter.h:290 [inline]
 ip_output+0xf6/0x1a0 net/ipv4/ip_output.c:432
 dst_output include/net/dst.h:448 [inline]
 ip_local_out+0x167/0x230 net/ipv4/ip_output.c:126
 __ip_queue_xmit+0x97f/0x9a0 net/ipv4/ip_output.c:533
 ip_queue_xmit+0x34/0x40 net/ipv4/ip_output.c:547
 __tcp_transmit_skb+0x141a/0x19f0 net/ipv4/tcp_output.c:1405
 tcp_transmit_skb net/ipv4/tcp_output.c:1423 [inline]
 tcp_xmit_probe_skb net/ipv4/tcp_output.c:4009 [inline]
 tcp_write_wakeup+0x4a9/0x810 net/ipv4/tcp_output.c:4062
 tcp_send_probe0+0x2c/0x2b0 net/ipv4/tcp_output.c:4077
 tcp_probe_timer net/ipv4/tcp_timer.c:398 [inline]
 tcp_write_timer_handler+0x394/0x530 net/ipv4/tcp_timer.c:626
 tcp_write_timer+0xb9/0x180 net/ipv4/tcp_timer.c:642
 call_timer_fn+0x2e/0x1d0 kernel/time/timer.c:1431
 expire_timers+0x135/0x250 kernel/time/timer.c:1476
 __run_timers+0x358/0x420 kernel/time/timer.c:1745
 run_timer_softirq+0x19/0x30 kernel/time/timer.c:1758
 __do_softirq+0x12c/0x275 kernel/softirq.c:559
 invoke_softirq kernel/softirq.c:433 [inline]
 __irq_exit_rcu+0xa5/0xb0 kernel/softirq.c:637
 sysvec_apic_timer_interrupt+0x69/0x80 arch/x86/kernel/apic/apic.c:1100
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632
 __sanitizer_cov_trace_pc+0x4/0x60 kernel/kcov.c:193
 selinux_inode_permission+0x27/0x430 security/selinux/hooks.c:3181
 security_inode_permission+0x72/0xc0 security/security.c:1312
 inode_permission+0x91/0x290 fs/namei.c:521
 may_lookup fs/namei.c:1655 [inline]
 link_path_walk+0x17d/0x780 fs/namei.c:2211
 path_lookupat+0x7b/0x570 fs/namei.c:2420
 filename_lookup+0xff/0x390 fs/namei.c:2454
 user_path_at_empty+0x3b/0x50 fs/namei.c:2734
 do_readlinkat+0x87/0x200 fs/stat.c:425
 __do_sys_readlink fs/stat.c:458 [inline]
 __se_sys_readlink fs/stat.c:455 [inline]
 __x64_sys_readlink+0x43/0x50 fs/stat.c:455
 do_syscall_64+0x4a/0x90 arch/x86/entry/common.c:47
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 1030 Comm: systemd-udevd Not tainted 5.12.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================