==================================================================
BUG: KCSAN: data-race in do_select / pollwake

read to 0xffffc900018b79e0 of 4 bytes by task 4317 on cpu 1:
 poll_schedule_timeout fs/select.c:240 [inline]
 do_select+0xe48/0xf50 fs/select.c:603
 core_sys_select+0x3d7/0x6e0 fs/select.c:677
 do_pselect fs/select.c:759 [inline]
 __do_sys_pselect6 fs/select.c:802 [inline]
 __se_sys_pselect6+0x216/0x280 fs/select.c:793
 __x64_sys_pselect6+0x78/0x90 fs/select.c:793
 x64_sys_call+0x1caa/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:271
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

write to 0xffffc900018b79e0 of 4 bytes by interrupt on cpu 0:
 __pollwake fs/select.c:195 [inline]
 pollwake+0xb6/0x100 fs/select.c:215
 __wake_up_common kernel/sched/wait.c:89 [inline]
 __wake_up_common_lock kernel/sched/wait.c:106 [inline]
 __wake_up+0x66/0xb0 kernel/sched/wait.c:127
 bpf_ringbuf_notify+0x22/0x30 kernel/bpf/ringbuf.c:155
 irq_work_single kernel/irq_work.c:221 [inline]
 irq_work_run_list kernel/irq_work.c:252 [inline]
 irq_work_run+0xe2/0x2d0 kernel/irq_work.c:261
 __sysvec_irq_work+0x22/0x170 arch/x86/kernel/irq_work.c:22
 instr_sysvec_irq_work arch/x86/kernel/irq_work.c:17 [inline]
 sysvec_irq_work+0x66/0x80 arch/x86/kernel/irq_work.c:17
 asm_sysvec_irq_work+0x1a/0x20 arch/x86/include/asm/idtentry.h:738
 __wrmsrq arch/x86/include/asm/msr.h:80 [inline]
 native_write_msr arch/x86/include/asm/msr.h:137 [inline]
 wrmsrq arch/x86/include/asm/msr.h:199 [inline]
 native_apic_msr_write+0x3d/0x60 arch/x86/include/asm/apic.h:212
 apic_write arch/x86/include/asm/apic.h:405 [inline]
 x2apic_send_IPI_self+0x10/0x20 arch/x86/kernel/apic/x2apic_phys.c:107
 __apic_send_IPI_self arch/x86/include/asm/apic.h:455 [inline]
 arch_irq_work_raise+0x46/0x50 arch/x86/kernel/irq_work.c:31
 irq_work_raise kernel/irq_work.c:84 [inline]
 __irq_work_queue_local+0x10f/0x2c0 kernel/irq_work.c:112
 irq_work_queue+0x70/0x100 kernel/irq_work.c:124
 bpf_ringbuf_commit kernel/bpf/ringbuf.c:-1 [inline]
 ____bpf_ringbuf_discard kernel/bpf/ringbuf.c:525 [inline]
 bpf_ringbuf_discard+0xd3/0xf0 kernel/bpf/ringbuf.c:523
 bpf_prog_fe0ed97373b08409+0x4b/0x4f
 bpf_dispatcher_nop_func include/linux/bpf.h:1322 [inline]
 __bpf_prog_run include/linux/filter.h:718 [inline]
 bpf_prog_run include/linux/filter.h:725 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2258 [inline]
 bpf_trace_run3+0x10f/0x1d0 kernel/trace/bpf_trace.c:2300
 __traceiter_kmem_cache_free+0x38/0x60 include/trace/events/kmem.h:114
 __do_trace_kmem_cache_free include/trace/events/kmem.h:114 [inline]
 trace_kmem_cache_free include/trace/events/kmem.h:114 [inline]
 kmem_cache_free+0x257/0x300 mm/slub.c:4744
 kfree_skbmem net/core/skbuff.c:-1 [inline]
 __kfree_skb+0x109/0x150 net/core/skbuff.c:1167
 consume_skb+0x49/0x150 net/core/skbuff.c:1398
 netlink_broadcast_filtered+0xb25/0xc00 net/netlink/af_netlink.c:1524
 nlmsg_multicast_filtered include/net/netlink.h:1151 [inline]
 nlmsg_multicast include/net/netlink.h:1170 [inline]
 nlmsg_notify+0xcf/0x170 net/netlink/af_netlink.c:2577
 rtnl_notify+0x76/0x90 net/core/rtnetlink.c:958
 inet6_rt_notify+0x116/0x190 net/ipv6/route.c:6349
 fib6_add_rt2node+0xc31/0x1720 net/ipv6/ip6_fib.c:1282
 fib6_add+0x5b9/0xe00 net/ipv6/ip6_fib.c:1535
 __ip6_ins_rt net/ipv6/route.c:1351 [inline]
 ip6_route_add+0xc7/0x170 net/ipv6/route.c:3948
 addrconf_add_mroute net/ipv6/addrconf.c:2551 [inline]
 addrconf_add_dev+0x1c6/0x240 net/ipv6/addrconf.c:2569
 addrconf_dev_config net/ipv6/addrconf.c:3477 [inline]
 addrconf_init_auto_addrs+0x4d2/0x730 net/ipv6/addrconf.c:3571
 addrconf_notify+0x72c/0x930 net/ipv6/addrconf.c:3744
 notifier_call_chain kernel/notifier.c:85 [inline]
 raw_notifier_call_chain+0x6c/0x1b0 kernel/notifier.c:453
 call_netdevice_notifiers_info+0xae/0x100 net/core/dev.c:2230
 call_netdevice_notifiers_extack net/core/dev.c:2268 [inline]
 call_netdevice_notifiers net/core/dev.c:2282 [inline]
 __dev_notify_flags+0xff/0x1a0 net/core/dev.c:-1
 netif_change_flags+0xac/0xd0 net/core/dev.c:9526
 do_setlink+0x9d2/0x2810 net/core/rtnetlink.c:3141
 rtnl_changelink net/core/rtnetlink.c:3759 [inline]
 __rtnl_newlink net/core/rtnetlink.c:3918 [inline]
 rtnl_newlink+0xe75/0x12d0 net/core/rtnetlink.c:4055
 rtnetlink_rcv_msg+0x5fe/0x6d0 net/core/rtnetlink.c:6944
 netlink_rcv_skb+0x120/0x220 net/netlink/af_netlink.c:2534
 rtnetlink_rcv+0x1c/0x30 net/core/rtnetlink.c:6971
 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
 netlink_unicast+0x5a1/0x670 net/netlink/af_netlink.c:1339
 netlink_sendmsg+0x58b/0x6b0 net/netlink/af_netlink.c:1883
 sock_sendmsg_nosec net/socket.c:712 [inline]
 __sock_sendmsg+0x145/0x180 net/socket.c:727
 __sys_sendto+0x268/0x330 net/socket.c:2180
 __do_sys_sendto net/socket.c:2187 [inline]
 __se_sys_sendto net/socket.c:2183 [inline]
 __x64_sys_sendto+0x76/0x90 net/socket.c:2183
 x64_sys_call+0x2eb6/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:45
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00000001 -> 0x00000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 4149 Comm: syz-executor Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
==================================================================