syzbot

==================================================================
BUG: KCSAN: data-race in __bpf_get_stackid / __bpf_get_stackid

write to 0xffff888112e03ed8 of 4 bytes by task 37 on cpu 1:
 __bpf_get_stackid+0x76b/0x800 kernel/bpf/stackmap.c:291
 ____bpf_get_stackid kernel/bpf/stackmap.c:324 [inline]
 bpf_get_stackid+0xee/0x120 kernel/bpf/stackmap.c:300
 ____bpf_get_stackid_raw_tp kernel/trace/bpf_trace.c:1811 [inline]
 bpf_get_stackid_raw_tp+0xf6/0x120 kernel/trace/bpf_trace.c:1800
 bpf_prog_e6fc920cfeff8120+0x2a/0x32
 bpf_dispatcher_nop_func include/linux/bpf.h:1322 [inline]
 __bpf_prog_run include/linux/filter.h:718 [inline]
 bpf_prog_run include/linux/filter.h:725 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2258 [inline]
 bpf_trace_run3+0x10f/0x1d0 kernel/trace/bpf_trace.c:2300
 __traceiter_kmem_cache_free+0x38/0x60 include/trace/events/kmem.h:114
 __do_trace_kmem_cache_free include/trace/events/kmem.h:114 [inline]
 trace_kmem_cache_free include/trace/events/kmem.h:114 [inline]
 kmem_cache_free+0x257/0x300 mm/slub.c:4744
 kfree_skbmem net/core/skbuff.c:-1 [inline]
 __kfree_skb+0x109/0x150 net/core/skbuff.c:1167
 consume_skb+0x49/0x150 net/core/skbuff.c:1398
 netlink_broadcast_filtered+0xb25/0xc00 net/netlink/af_netlink.c:1524
 nlmsg_multicast_filtered include/net/netlink.h:1151 [inline]
 genlmsg_multicast_netns_filtered include/net/genetlink.h:495 [inline]
 genlmsg_multicast_netns include/net/genetlink.h:512 [inline]
 team_nl_send_multicast+0xa5/0xd0 drivers/net/team/team_core.c:2841
 team_nl_send_port_list_get+0x4d8/0x4f0 drivers/net/team/team_core.c:2793
 team_nl_send_event_port_get drivers/net/team/team_core.c:2855 [inline]
 __team_port_change_send+0x176/0x240 drivers/net/team/team_core.c:2913
 __team_port_change_check drivers/net/team/team_core.c:2945 [inline]
 team_port_change_check drivers/net/team/team_core.c:2967 [inline]
 team_device_event+0xe9/0x5c0 drivers/net/team/team_core.c:2992
 notifier_call_chain kernel/notifier.c:85 [inline]
 raw_notifier_call_chain+0x6c/0x1b0 kernel/notifier.c:453
 call_netdevice_notifiers_info+0xae/0x100 net/core/dev.c:2230
 call_netdevice_notifiers_extack net/core/dev.c:2268 [inline]
 call_netdevice_notifiers net/core/dev.c:2282 [inline]
 dev_close_many+0x170/0x240 net/core/dev.c:1785
 unregister_netdevice_many_notify+0x441/0x1690 net/core/dev.c:12047
 unregister_netdevice_many net/core/dev.c:12140 [inline]
 default_device_exit_batch+0x50c/0x560 net/core/dev.c:12644
 ops_exit_list net/core/net_namespace.c:206 [inline]
 ops_undo_list+0x2bd/0x410 net/core/net_namespace.c:253
 cleanup_net+0x2de/0x4d0 net/core/net_namespace.c:686
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0x4cb/0x9d0 kernel/workqueue.c:3321
 worker_thread+0x582/0x770 kernel/workqueue.c:3402
 kthread+0x489/0x510 kernel/kthread.c:464
 ret_from_fork+0xda/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read to 0xffff888112e03ed8 of 4 bytes by task 19910 on cpu 0:
 __bpf_get_stackid+0x287/0x800 kernel/bpf/stackmap.c:249
 ____bpf_get_stackid kernel/bpf/stackmap.c:324 [inline]
 bpf_get_stackid+0xee/0x120 kernel/bpf/stackmap.c:300
 ____bpf_get_stackid_raw_tp kernel/trace/bpf_trace.c:1811 [inline]
 bpf_get_stackid_raw_tp+0xf6/0x120 kernel/trace/bpf_trace.c:1800
 bpf_prog_e6fc920cfeff8120+0x2a/0x32
 bpf_dispatcher_nop_func include/linux/bpf.h:1322 [inline]
 __bpf_prog_run include/linux/filter.h:718 [inline]
 bpf_prog_run include/linux/filter.h:725 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2258 [inline]
 bpf_trace_run3+0x10f/0x1d0 kernel/trace/bpf_trace.c:2300
 __traceiter_kmem_cache_free+0x38/0x60 include/trace/events/kmem.h:114
 __do_trace_kmem_cache_free include/trace/events/kmem.h:114 [inline]
 trace_kmem_cache_free include/trace/events/kmem.h:114 [inline]
 kmem_cache_free+0x257/0x300 mm/slub.c:4744
 kfree_skbmem net/core/skbuff.c:-1 [inline]
 __kfree_skb+0x109/0x150 net/core/skbuff.c:1167
 consume_skb+0x49/0x150 net/core/skbuff.c:1398
 nlmon_xmit+0x4f/0x60 drivers/net/nlmon.c:15
 __netdev_start_xmit include/linux/netdevice.h:5215 [inline]
 netdev_start_xmit include/linux/netdevice.h:5224 [inline]
 xmit_one net/core/dev.c:3830 [inline]
 dev_hard_start_xmit+0x125/0x3e0 net/core/dev.c:3846
 __dev_queue_xmit+0x10b9/0x1fb0 net/core/dev.c:4713
 dev_queue_xmit include/linux/netdevice.h:3355 [inline]
 __netlink_deliver_tap_skb net/netlink/af_netlink.c:307 [inline]
 __netlink_deliver_tap+0x3c3/0x500 net/netlink/af_netlink.c:325
 netlink_deliver_tap net/netlink/af_netlink.c:338 [inline]
 __netlink_sendskb net/netlink/af_netlink.c:1256 [inline]
 netlink_sendskb+0x126/0x150 net/netlink/af_netlink.c:1265
 netlink_unicast+0x28a/0x670 net/netlink/af_netlink.c:1354
 nlmsg_unicast include/net/netlink.h:1184 [inline]
 netlink_ack+0x4c8/0x500 net/netlink/af_netlink.c:2496
 netlink_rcv_skb+0x192/0x220 net/netlink/af_netlink.c:2540
 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
 netlink_unicast+0x5a1/0x670 net/netlink/af_netlink.c:1339
 netlink_sendmsg+0x58b/0x6b0 net/netlink/af_netlink.c:1883
 sock_sendmsg_nosec net/socket.c:712 [inline]
 __sock_sendmsg+0x145/0x180 net/socket.c:727
 __sys_sendto+0x268/0x330 net/socket.c:2180
 __do_sys_sendto net/socket.c:2187 [inline]
 __se_sys_sendto net/socket.c:2183 [inline]
 __x64_sys_sendto+0x76/0x90 net/socket.c:2183
 x64_sys_call+0x2eb6/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:45
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0xc5c0d247 -> 0xa228a751

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 19910 Comm: syz.7.4934 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
==================================================================