syzbot

bridge0: received packet on veth0_to_bridge with own address as source address (addr:06:1e:09:d5:08:de, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
==================================================================
BUG: KCSAN: data-race in batadv_bla_tx / batadv_bla_tx

write to 0xffff88811549b9a0 of 8 bytes by interrupt on cpu 0:
 batadv_bla_update_own_backbone_gw net/batman-adv/bridge_loop_avoidance.c:577 [inline]
 batadv_bla_tx+0x7b4/0xc40 net/batman-adv/bridge_loop_avoidance.c:2106
 batadv_interface_tx+0x314/0xaf0 net/batman-adv/soft-interface.c:240
 __netdev_start_xmit include/linux/netdevice.h:4928 [inline]
 netdev_start_xmit include/linux/netdevice.h:4937 [inline]
 xmit_one net/core/dev.c:3588 [inline]
 dev_hard_start_xmit+0x119/0x3f0 net/core/dev.c:3604
 __dev_queue_xmit+0xfba/0x2040 net/core/dev.c:4432
 dev_queue_xmit include/linux/netdevice.h:3094 [inline]
 br_dev_queue_push_xmit+0x425/0x4e0 net/bridge/br_forward.c:53
 NF_HOOK include/linux/netfilter.h:314 [inline]
 br_forward_finish+0x90/0x160 net/bridge/br_forward.c:66
 br_nf_forward_finish+0x6b1/0x720 net/bridge/br_netfilter_hooks.c:690
 NF_HOOK include/linux/netfilter.h:314 [inline]
 br_nf_forward_arp net/bridge/br_netfilter_hooks.c:780 [inline]
 br_nf_forward+0xae2/0xe70 net/bridge/br_netfilter_hooks.c:803
 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]
 nf_hook_slow+0x86/0x1b0 net/netfilter/core.c:626
 nf_hook include/linux/netfilter.h:269 [inline]
 NF_HOOK include/linux/netfilter.h:312 [inline]
 __br_forward+0x27d/0x360 net/bridge/br_forward.c:115
 deliver_clone net/bridge/br_forward.c:131 [inline]
 maybe_deliver+0x1c0/0x260 net/bridge/br_forward.c:190
 br_flood+0x246/0x470 net/bridge/br_forward.c:236
 br_handle_frame_finish+0xcfb/0xe70 net/bridge/br_input.c:215
 nf_hook_bridge_pre net/bridge/br_input.c:299 [inline]
 br_handle_frame+0x5a0/0x9a0 net/bridge/br_input.c:424
 __netif_receive_skb_core+0xb00/0x2310 net/core/dev.c:5564
 __netif_receive_skb_one_core net/core/dev.c:5668 [inline]
 __netif_receive_skb+0x5a/0x280 net/core/dev.c:5783
 process_backlog+0x22e/0x440 net/core/dev.c:6115
 __napi_poll+0x63/0x3c0 net/core/dev.c:6779
 napi_poll net/core/dev.c:6848 [inline]
 net_rx_action+0x3a1/0x7f0 net/core/dev.c:6970
 handle_softirqs+0xbf/0x280 kernel/softirq.c:554
 do_softirq+0x5e/0x90 kernel/softirq.c:455
 __local_bh_enable_ip+0x6e/0x70 kernel/softirq.c:382
 __raw_write_unlock_bh include/linux/rwlock_api_smp.h:281 [inline]
 _raw_write_unlock_bh+0x1f/0x30 kernel/locking/spinlock.c:366
 neigh_periodic_work+0x55a/0x600 net/core/neighbour.c:1019
 process_one_work kernel/workqueue.c:3229 [inline]
 process_scheduled_works+0x483/0x9a0 kernel/workqueue.c:3310
 worker_thread+0x51d/0x6f0 kernel/workqueue.c:3391
 kthread+0x1d1/0x210 kernel/kthread.c:389
 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

write to 0xffff88811549b9a0 of 8 bytes by interrupt on cpu 1:
 batadv_bla_update_own_backbone_gw net/batman-adv/bridge_loop_avoidance.c:577 [inline]
 batadv_bla_tx+0x7b4/0xc40 net/batman-adv/bridge_loop_avoidance.c:2106
 batadv_interface_tx+0x314/0xaf0 net/batman-adv/soft-interface.c:240
 __netdev_start_xmit include/linux/netdevice.h:4928 [inline]
 netdev_start_xmit include/linux/netdevice.h:4937 [inline]
 xmit_one net/core/dev.c:3588 [inline]
 dev_hard_start_xmit+0x119/0x3f0 net/core/dev.c:3604
 __dev_queue_xmit+0xfba/0x2040 net/core/dev.c:4432
 dev_queue_xmit include/linux/netdevice.h:3094 [inline]
 br_dev_queue_push_xmit+0x425/0x4e0 net/bridge/br_forward.c:53
 br_nf_dev_queue_xmit+0x41a/0xc40
 NF_HOOK include/linux/netfilter.h:314 [inline]
 br_nf_post_routing+0x86a/0x930 net/bridge/br_netfilter_hooks.c:994
 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]
 nf_hook_slow+0x86/0x1b0 net/netfilter/core.c:626
 nf_hook include/linux/netfilter.h:269 [inline]
 NF_HOOK include/linux/netfilter.h:312 [inline]
 br_forward_finish+0x120/0x160 net/bridge/br_forward.c:66
 br_nf_forward_finish+0x6b1/0x720 net/bridge/br_netfilter_hooks.c:690
 NF_HOOK include/linux/netfilter.h:314 [inline]
 br_nf_forward_ip+0x5c2/0x5d0 net/bridge/br_netfilter_hooks.c:744
 br_nf_forward+0x5a7/0xe70 net/bridge/br_netfilter_hooks.c:801
 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]
 nf_hook_slow+0x86/0x1b0 net/netfilter/core.c:626
 nf_hook include/linux/netfilter.h:269 [inline]
 NF_HOOK include/linux/netfilter.h:312 [inline]
 __br_forward+0x27d/0x360 net/bridge/br_forward.c:115
 deliver_clone net/bridge/br_forward.c:131 [inline]
 maybe_deliver+0x1c0/0x260 net/bridge/br_forward.c:190
 br_flood+0x246/0x470 net/bridge/br_forward.c:236
 br_handle_frame_finish+0xcfb/0xe70 net/bridge/br_input.c:215
 br_nf_hook_thresh+0x1e5/0x220
 br_nf_pre_routing_finish_ipv6+0x575/0x5a0
 NF_HOOK include/linux/netfilter.h:314 [inline]
 br_nf_pre_routing_ipv6+0x1f6/0x2a0 net/bridge/br_netfilter_ipv6.c:184
 br_nf_pre_routing+0x517/0xbc0 net/bridge/br_netfilter_hooks.c:533
 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:277 [inline]
 br_handle_frame+0x4dd/0x9a0 net/bridge/br_input.c:424
 __netif_receive_skb_core+0xb00/0x2310 net/core/dev.c:5564
 __netif_receive_skb_one_core net/core/dev.c:5668 [inline]
 __netif_receive_skb+0x5a/0x280 net/core/dev.c:5783
 process_backlog+0x22e/0x440 net/core/dev.c:6115
 __napi_poll+0x63/0x3c0 net/core/dev.c:6779
 napi_poll net/core/dev.c:6848 [inline]
 net_rx_action+0x3a1/0x7f0 net/core/dev.c:6970
 handle_softirqs+0xbf/0x280 kernel/softirq.c:554
 run_ksoftirqd+0x1c/0x30 kernel/softirq.c:927
 smpboot_thread_fn+0x31c/0x4c0 kernel/smpboot.c:164
 kthread+0x1d1/0x210 kernel/kthread.c:389
 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

value changed: 0x0000000100001c2e -> 0x0000000100001c2f

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Tainted: G        W          6.12.0-rc5-syzkaller-00299-g11066801dd4b #0
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
==================================================================
net_ratelimit: 19368 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:06:1e:09:d5:08:de, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:06:1e:09:d5:08:de, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)