==================================================================
BUG: KCSAN: data-race in pfkey_send_acquire / xfrm_probe_algs

write to 0xffffffff86c929f0 of 1 bytes by task 3623 on cpu 0:
 xfrm_probe_algs+0x9f/0x2b0 net/xfrm/xfrm_algo.c:821
 pfkey_register+0xde/0x400 net/key/af_key.c:1701
 pfkey_process net/key/af_key.c:2848 [inline]
 pfkey_sendmsg+0x718/0x900 net/key/af_key.c:3699
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg+0x145/0x180 net/socket.c:742
 ____sys_sendmsg+0x31e/0x4e0 net/socket.c:2630
 ___sys_sendmsg+0x17b/0x1d0 net/socket.c:2684
 __sys_sendmsg net/socket.c:2716 [inline]
 __do_sys_sendmsg net/socket.c:2721 [inline]
 __se_sys_sendmsg net/socket.c:2719 [inline]
 __x64_sys_sendmsg+0xd4/0x160 net/socket.c:2719
 x64_sys_call+0x191e/0x3000 arch/x86/include/generated/asm/syscalls_64.h:47
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffffff86c929f0 of 1 bytes by task 3631 on cpu 1:
 count_esp_combs net/key/af_key.c:2938 [inline]
 pfkey_send_acquire+0x268/0xf90 net/key/af_key.c:3179
 km_query+0x60/0xc0 net/xfrm/xfrm_state.c:2770
 xfrm_state_find+0x24c7/0x2fa0 net/xfrm/xfrm_state.c:1558
 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2522 [inline]
 xfrm_tmpl_resolve net/xfrm/xfrm_policy.c:2573 [inline]
 xfrm_resolve_and_create_bundle+0x575/0x1f30 net/xfrm/xfrm_policy.c:2871
 xfrm_lookup_with_ifid+0x1da/0x1360 net/xfrm/xfrm_policy.c:3205
 xfrm_lookup net/xfrm/xfrm_policy.c:3336 [inline]
 xfrm_lookup_route+0x3a/0x110 net/xfrm/xfrm_policy.c:3347
 ip_route_output_flow+0xdb/0x110 net/ipv4/route.c:2934
 udp_sendmsg+0x11b0/0x13c0 net/ipv4/udp.c:1450
 inet_sendmsg+0xac/0xd0 net/ipv4/af_inet.c:853
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg+0x102/0x180 net/socket.c:742
 ____sys_sendmsg+0x345/0x4e0 net/socket.c:2630
 ___sys_sendmsg+0x17b/0x1d0 net/socket.c:2684
 __sys_sendmmsg+0x178/0x300 net/socket.c:2773
 __do_sys_sendmmsg net/socket.c:2800 [inline]
 __se_sys_sendmmsg net/socket.c:2797 [inline]
 __x64_sys_sendmmsg+0x57/0x70 net/socket.c:2797
 x64_sys_call+0x1c4a/0x3000 arch/x86/include/generated/asm/syscalls_64.h:308
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00 -> 0x01

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 3631 Comm: syz.1.51 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
==================================================================
syz.1.51 (3631) used greatest stack depth: 9864 bytes left