==================================================================
BUG: KCSAN: data-race in do_sys_poll / pollwake

write to 0xffffc90001393bd0 of 4 bytes by interrupt on cpu 1:
 __pollwake fs/select.c:195 [inline]
 pollwake+0xc1/0x110 fs/select.c:215
 __wake_up_common kernel/sched/wait.c:89 [inline]
 __wake_up_common_lock kernel/sched/wait.c:106 [inline]
 __wake_up+0x65/0xb0 kernel/sched/wait.c:127
 bpf_ringbuf_notify+0x22/0x30 kernel/bpf/ringbuf.c:155
 irq_work_single kernel/irq_work.c:221 [inline]
 irq_work_run_list kernel/irq_work.c:252 [inline]
 irq_work_run+0xe1/0x2d0 kernel/irq_work.c:261
 __sysvec_irq_work+0x23/0x1a0 arch/x86/kernel/irq_work.c:22
 instr_sysvec_irq_work arch/x86/kernel/irq_work.c:17 [inline]
 sysvec_irq_work+0x66/0x80 arch/x86/kernel/irq_work.c:17
 asm_sysvec_irq_work+0x1a/0x20 arch/x86/include/asm/idtentry.h:738
 native_apic_mem_write arch/x86/include/asm/apic.h:101 [inline]
 __default_send_IPI_shortcut arch/x86/kernel/apic/ipi.c:167 [inline]
 default_send_IPI_self+0x38/0x80 arch/x86/kernel/apic/ipi.c:248
 __apic_send_IPI_self arch/x86/include/asm/apic.h:455 [inline]
 arch_irq_work_raise+0x48/0x50 arch/x86/kernel/irq_work.c:31
 irq_work_raise kernel/irq_work.c:84 [inline]
 __irq_work_queue_local+0x82/0x1d0 kernel/irq_work.c:112
 irq_work_queue+0x85/0x120 kernel/irq_work.c:124
 bpf_ringbuf_commit kernel/bpf/ringbuf.c:-1 [inline]
 ____bpf_ringbuf_discard kernel/bpf/ringbuf.c:525 [inline]
 bpf_ringbuf_discard+0xcd/0xf0 kernel/bpf/ringbuf.c:523
 bpf_prog_fe0ed97373b08409+0x47/0x4b
 bpf_dispatcher_nop_func include/linux/bpf.h:1316 [inline]
 __bpf_prog_run include/linux/filter.h:718 [inline]
 bpf_prog_run include/linux/filter.h:725 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2363 [inline]
 bpf_trace_run3+0x10e/0x1d0 kernel/trace/bpf_trace.c:2405
 __traceiter_kmem_cache_free+0x33/0x50 include/trace/events/kmem.h:114
 __do_trace_kmem_cache_free include/trace/events/kmem.h:114 [inline]
 trace_kmem_cache_free include/trace/events/kmem.h:114 [inline]
 kmem_cache_free+0x243/0x2e0 mm/slub.c:4747
 skb_kfree_head net/core/skbuff.c:1056 [inline]
 skb_free_head net/core/skbuff.c:1070 [inline]
 skb_release_data+0x554/0x630 net/core/skbuff.c:1097
 skb_release_all net/core/skbuff.c:1162 [inline]
 __kfree_skb+0x42/0x150 net/core/skbuff.c:1176
 sk_skb_reason_drop+0xba/0x290 net/core/skbuff.c:1214
 kfree_skb_reason include/linux/skbuff.h:1279 [inline]
 br_dev_xmit+0xa5d/0xc20 net/bridge/br_device.c:45
 __netdev_start_xmit include/linux/netdevice.h:5203 [inline]
 netdev_start_xmit include/linux/netdevice.h:5212 [inline]
 xmit_one net/core/dev.c:3774 [inline]
 dev_hard_start_xmit+0x12e/0x400 net/core/dev.c:3790
 __dev_queue_xmit+0x101a/0x20b0 net/core/dev.c:4627
 dev_queue_xmit include/linux/netdevice.h:3350 [inline]
 __bpf_tx_skb net/core/filter.c:2143 [inline]
 __bpf_redirect_common net/core/filter.c:2187 [inline]
 __bpf_redirect+0x84e/0x970 net/core/filter.c:2194
 ____bpf_clone_redirect net/core/filter.c:2468 [inline]
 bpf_clone_redirect+0x190/0x200 net/core/filter.c:2438
 bpf_prog_7b3be28ae4e3ccd4+0x5b/0x60
 bpf_dispatcher_nop_func include/linux/bpf.h:1316 [inline]
 __bpf_prog_run include/linux/filter.h:718 [inline]
 bpf_prog_run include/linux/filter.h:725 [inline]
 bpf_test_run+0x1e7/0x4a0 net/bpf/test_run.c:434
 bpf_prog_test_run_skb+0x857/0xbe0 net/bpf/test_run.c:1093
 bpf_prog_test_run+0x20e/0x3a0 kernel/bpf/syscall.c:4427
 __sys_bpf+0x440/0x800 kernel/bpf/syscall.c:5852
 __do_sys_bpf kernel/bpf/syscall.c:5941 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5939 [inline]
 __x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5939
 x64_sys_call+0x23da/0x2e10 arch/x86/include/generated/asm/syscalls_64.h:322
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffc90001393bd0 of 4 bytes by task 5202 on cpu 0:
 poll_schedule_timeout fs/select.c:240 [inline]
 do_poll fs/select.c:958 [inline]
 do_sys_poll+0x9f1/0xc80 fs/select.c:1009
 __do_sys_ppoll fs/select.c:1115 [inline]
 __se_sys_ppoll+0x1b5/0x1f0 fs/select.c:1095
 __x64_sys_ppoll+0x67/0x80 fs/select.c:1095
 x64_sys_call+0x2c89/0x2e10 arch/x86/include/generated/asm/syscalls_64.h:272
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00000000 -> 0x00000001

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 5202 Comm: syz.0.786 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
==================================================================