================================================================== BUG: KCSAN: data-race in __percpu_ref_switch_mode / percpu_ref_switch_to_atomic_rcu write to 0xffff888143951650 of 8 bytes by interrupt on cpu 1: percpu_ref_call_confirm_rcu lib/percpu-refcount.c:156 [inline] percpu_ref_switch_to_atomic_rcu+0x188/0x360 lib/percpu-refcount.c:205 rcu_do_batch kernel/rcu/tree.c:2506 [inline] rcu_core+0x7f7/0xeb0 kernel/rcu/tree.c:2741 rcu_core_si+0x9/0x10 kernel/rcu/tree.c:2754 __do_softirq+0x158/0x2de kernel/softirq.c:558 __irq_exit_rcu kernel/softirq.c:637 [inline] irq_exit_rcu+0x37/0x70 kernel/softirq.c:649 sysvec_apic_timer_interrupt+0x8d/0xb0 arch/x86/kernel/apic/apic.c:1097 asm_sysvec_apic_timer_interrupt+0x12/0x20 radix_tree_iter_replace+0x0/0x40 lib/radix-tree.c:886 idr_alloc_u32 lib/idr.c:52 [inline] idr_alloc_cyclic+0x1e4/0x2f0 lib/idr.c:125 __kernfs_new_node+0xb4/0x340 fs/kernfs/dir.c:591 kernfs_new_node fs/kernfs/dir.c:647 [inline] kernfs_create_dir_ns+0x5e/0x140 fs/kernfs/dir.c:984 sysfs_create_dir_ns+0xa3/0x1a0 fs/sysfs/dir.c:59 create_dir lib/kobject.c:89 [inline] kobject_add_internal+0x456/0x840 lib/kobject.c:255 kobject_add_varg lib/kobject.c:390 [inline] kobject_init_and_add+0x14a/0x1f0 lib/kobject.c:473 netdev_queue_add_kobject net/core/net-sysfs.c:1665 [inline] netdev_queue_update_kobjects+0x136/0x330 net/core/net-sysfs.c:1710 register_queue_kobjects net/core/net-sysfs.c:1771 [inline] netdev_register_kobject+0x1ba/0x230 net/core/net-sysfs.c:2014 register_netdevice+0xba5/0x10b0 net/core/dev.c:10336 __ip_tunnel_create+0x1c5/0x260 net/ipv4/ip_tunnel.c:267 ip_tunnel_init_net+0x19a/0x3e0 net/ipv4/ip_tunnel.c:1070 ipgre_init_net+0x2c/0x30 net/ipv4/ip_gre.c:1023 ops_init+0x1e7/0x230 net/core/net_namespace.c:140 setup_net+0x1fb/0x740 net/core/net_namespace.c:326 copy_net_ns+0x2a9/0x450 net/core/net_namespace.c:470 create_new_namespaces+0x231/0x560 kernel/nsproxy.c:110 copy_namespaces+0x116/0x160 kernel/nsproxy.c:178 copy_process+0x1583/0x2fd0 kernel/fork.c:2194 kernel_clone+0x15c/0x6a0 kernel/fork.c:2582 __do_sys_clone3 kernel/fork.c:2857 [inline] __se_sys_clone3+0x1b5/0x1f0 kernel/fork.c:2841 __x64_sys_clone3+0x2d/0x40 kernel/fork.c:2841 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae read to 0xffff888143951650 of 8 bytes by task 667 on cpu 0: __percpu_ref_switch_mode+0xd9/0x3a0 lib/percpu-refcount.c:275 percpu_ref_resurrect+0xcb/0x110 lib/percpu-refcount.c:473 io_refs_resurrect fs/io_uring.c:1274 [inline] io_ctx_quiesce+0xe0/0x212 fs/io_uring.c:10922 __io_uring_register fs/io_uring.c:10950 [inline] __do_sys_io_uring_register+0x37f/0xf2e fs/io_uring.c:11088 __se_sys_io_uring_register fs/io_uring.c:11068 [inline] __x64_sys_io_uring_register+0x4f/0x60 fs/io_uring.c:11068 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae value changed: 0xffffffff819ca6e0 -> 0x0000000000000000 Reported by Kernel Concurrency Sanitizer on: CPU: 0 PID: 667 Comm: syz-executor.4 Not tainted 5.16.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ==================================================================