==================================================================
BUG: KCSAN: data-race in do_select / pollwake

read to 0xffffc900076a7a00 of 4 bytes by task 17814 on cpu 0:
 poll_schedule_timeout fs/select.c:240 [inline]
 do_select+0xe41/0xf40 fs/select.c:603
 core_sys_select+0x3b2/0x600 fs/select.c:677
 do_pselect fs/select.c:759 [inline]
 __do_sys_pselect6 fs/select.c:802 [inline]
 __se_sys_pselect6+0x216/0x280 fs/select.c:793
 __x64_sys_pselect6+0x78/0x90 fs/select.c:793
 x64_sys_call+0x1caa/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:271
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd0/0x1a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

write to 0xffffc900076a7a00 of 4 bytes by interrupt on cpu 1:
 __pollwake fs/select.c:195 [inline]
 pollwake+0xb6/0x100 fs/select.c:215
 __wake_up_common kernel/sched/wait.c:89 [inline]
 __wake_up_common_lock kernel/sched/wait.c:106 [inline]
 __wake_up+0x63/0xb0 kernel/sched/wait.c:127
 bpf_ringbuf_notify+0x22/0x30 kernel/bpf/ringbuf.c:155
 irq_work_single kernel/irq_work.c:221 [inline]
 irq_work_run_list kernel/irq_work.c:252 [inline]
 irq_work_run+0xdf/0x2d0 kernel/irq_work.c:261
 __sysvec_irq_work+0x22/0x170 arch/x86/kernel/irq_work.c:22
 instr_sysvec_irq_work arch/x86/kernel/irq_work.c:17 [inline]
 sysvec_irq_work+0x66/0x80 arch/x86/kernel/irq_work.c:17
 asm_sysvec_irq_work+0x1a/0x20 arch/x86/include/asm/idtentry.h:738
 __wrmsr arch/x86/include/asm/msr.h:96 [inline]
 native_write_msr arch/x86/include/asm/msr.h:147 [inline]
 wrmsr arch/x86/include/asm/msr.h:256 [inline]
 native_apic_msr_write+0x3d/0x60 arch/x86/include/asm/apic.h:212
 apic_write arch/x86/include/asm/apic.h:405 [inline]
 x2apic_send_IPI_self+0x10/0x20 arch/x86/kernel/apic/x2apic_phys.c:107
 __apic_send_IPI_self arch/x86/include/asm/apic.h:455 [inline]
 arch_irq_work_raise+0x46/0x50 arch/x86/kernel/irq_work.c:31
 irq_work_raise kernel/irq_work.c:84 [inline]
 __irq_work_queue_local+0x80/0x1b0 kernel/irq_work.c:112
 irq_work_queue+0x70/0x100 kernel/irq_work.c:124
 bpf_ringbuf_commit kernel/bpf/ringbuf.c:-1 [inline]
 ____bpf_ringbuf_discard kernel/bpf/ringbuf.c:525 [inline]
 bpf_ringbuf_discard+0xd3/0xf0 kernel/bpf/ringbuf.c:523
 bpf_prog_fe0ed97373b08409+0x47/0x4b
 bpf_dispatcher_nop_func include/linux/bpf.h:1316 [inline]
 __bpf_prog_run include/linux/filter.h:718 [inline]
 bpf_prog_run include/linux/filter.h:725 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2363 [inline]
 bpf_trace_run3+0x10c/0x1d0 kernel/trace/bpf_trace.c:2405
 __traceiter_kmem_cache_free+0x35/0x60 include/trace/events/kmem.h:114
 __do_trace_kmem_cache_free include/trace/events/kmem.h:114 [inline]
 trace_kmem_cache_free include/trace/events/kmem.h:114 [inline]
 kmem_cache_free+0x246/0x2f0 mm/slub.c:4743
 kfree_skbmem net/core/skbuff.c:-1 [inline]
 __kfree_skb+0x109/0x150 net/core/skbuff.c:1177
 sk_skb_reason_drop+0xbd/0x270 net/core/skbuff.c:1214
 kfree_skb_reason include/linux/skbuff.h:1279 [inline]
 ip_rcv_core+0x388/0x690 net/ipv4/ip_input.c:550
 ip_list_rcv+0x122/0x290 net/ipv4/ip_input.c:652
 __netif_receive_skb_list_ptype net/core/dev.c:5930 [inline]
 __netif_receive_skb_list_core+0x4dc/0x500 net/core/dev.c:5977
 __netif_receive_skb_list net/core/dev.c:6029 [inline]
 netif_receive_skb_list_internal+0x487/0x600 net/core/dev.c:6120
 netif_receive_skb_list+0x31/0x200 net/core/dev.c:6172
 xdp_recv_frames net/bpf/test_run.c:280 [inline]
 xdp_test_run_batch net/bpf/test_run.c:361 [inline]
 bpf_test_run_xdp_live+0xdaf/0xfd0 net/bpf/test_run.c:390
 bpf_prog_test_run_xdp+0x4f5/0x8f0 net/bpf/test_run.c:1316
 bpf_prog_test_run+0x207/0x390 kernel/bpf/syscall.c:4427
 __sys_bpf+0x3dc/0x790 kernel/bpf/syscall.c:5852
 __do_sys_bpf kernel/bpf/syscall.c:5941 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5939 [inline]
 __x64_sys_bpf+0x41/0x50 kernel/bpf/syscall.c:5939
 x64_sys_call+0x2478/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:322
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd0/0x1a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00000001 -> 0x00000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 17835 Comm: syz.5.5175 Tainted: G        W           6.15.0-rc5-syzkaller-00300-g3ce9925823c7 #0 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
==================================================================