syzbot

==================================================================
BUG: KCSAN: data-race in __htab_map_lookup_elem / bpf_lru_pop_free

write to 0xffff88811bb8dbe8 of 4 bytes by task 27295 on cpu 1:
 __local_list_add_pending kernel/bpf/bpf_lru_list.c:350 [inline]
 bpf_common_lru_pop_free kernel/bpf/bpf_lru_list.c:449 [inline]
 bpf_lru_pop_free+0xbea/0xcc0 kernel/bpf/bpf_lru_list.c:496
 prealloc_lru_pop kernel/bpf/hashtab.c:299 [inline]
 __htab_lru_percpu_map_update_elem+0xea/0x690 kernel/bpf/hashtab.c:1346
 bpf_percpu_hash_update+0x61/0xa0 kernel/bpf/hashtab.c:2400
 bpf_map_update_value+0x36b/0x570 kernel/bpf/syscall.c:270
 generic_map_update_batch+0x3eb/0x540 kernel/bpf/syscall.c:2038
 bpf_map_do_batch+0x25c/0x380 kernel/bpf/syscall.c:5647
 __sys_bpf+0x5f8/0x7c0 kernel/bpf/syscall.c:-1
 __do_sys_bpf kernel/bpf/syscall.c:6274 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:6272 [inline]
 __x64_sys_bpf+0x41/0x50 kernel/bpf/syscall.c:6272
 x64_sys_call+0x28e1/0x3000 arch/x86/include/generated/asm/syscalls_64.h:322
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd8/0x2a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff88811bb8dbe8 of 4 bytes by task 27297 on cpu 0:
 lookup_nulls_elem_raw kernel/bpf/hashtab.c:639 [inline]
 __htab_map_lookup_elem+0xab/0x150 kernel/bpf/hashtab.c:668
 htab_lru_percpu_map_lookup_elem+0x20/0xb0 kernel/bpf/hashtab.c:2334
 bpf_prog_1908f35e458ae2da+0x48/0x50
 bpf_dispatcher_nop_func include/linux/bpf.h:1376 [inline]
 __bpf_prog_run include/linux/filter.h:723 [inline]
 bpf_prog_run include/linux/filter.h:730 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2075 [inline]
 bpf_trace_run2+0x107/0x1d0 kernel/trace/bpf_trace.c:2116
 __traceiter_kfree+0x2e/0x50 include/trace/events/kmem.h:97
 __do_trace_kfree include/trace/events/kmem.h:97 [inline]
 trace_kfree include/trace/events/kmem.h:97 [inline]
 kfree+0x353/0x3c0 mm/slub.c:6858
 security_sk_free+0x38/0x80 security/security.c:4410
 sk_prot_free net/core/sock.c:2277 [inline]
 __sk_destruct+0x3cd/0x500 net/core/sock.c:2384
 sk_destruct net/core/sock.c:2412 [inline]
 __sk_free+0x227/0x270 net/core/sock.c:2423
 sk_free net/core/sock.c:2434 [inline]
 sock_put include/net/sock.h:1998 [inline]
 sk_common_release+0x180/0x230 net/core/sock.c:4007
 udp_lib_close+0x15/0x20 include/net/udp.h:325
 inet_release+0xce/0xf0 net/ipv4/af_inet.c:437
 inet6_release+0x3e/0x60 net/ipv6/af_inet6.c:487
 __sock_release net/socket.c:662 [inline]
 sock_release+0x4b/0xe0 net/socket.c:690
 udp_sock_create6+0x387/0x3d0 net/ipv6/ip6_udp_tunnel.c:70
 udp_sock_create include/net/udp_tunnel.h:62 [inline]
 fou_create net/ipv4/fou_core.c:576 [inline]
 fou_nl_add_doit+0xd8/0x410 net/ipv4/fou_core.c:761
 genl_family_rcv_msg_doit+0x143/0x1b0 net/netlink/genetlink.c:1115
 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
 genl_rcv_msg+0x422/0x460 net/netlink/genetlink.c:1210
 netlink_rcv_skb+0x123/0x220 net/netlink/af_netlink.c:2550
 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x5c0/0x690 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x58b/0x6b0 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg+0x145/0x180 net/socket.c:742
 ____sys_sendmsg+0x31e/0x4a0 net/socket.c:2592
 ___sys_sendmsg+0x17b/0x1d0 net/socket.c:2646
 __sys_sendmsg net/socket.c:2678 [inline]
 __do_sys_sendmsg net/socket.c:2683 [inline]
 __se_sys_sendmsg net/socket.c:2681 [inline]
 __x64_sys_sendmsg+0xd4/0x160 net/socket.c:2681
 x64_sys_call+0x17ba/0x3000 arch/x86/include/generated/asm/syscalls_64.h:47
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd8/0x2a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x5b943cac -> 0x1c099ce7

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 27297 Comm: syz.4.6235 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================