BUG: KCSAN: data-race in batadv_bla_tx / batadv_bla_tx
write to 0xffff888117ccb720 of 8 bytes by interrupt on cpu 1:
batadv_bla_update_own_backbone_gw net/batman-adv/bridge_loop_avoidance.c:577 [inline]
batadv_bla_tx+0x7b4/0xc40 net/batman-adv/bridge_loop_avoidance.c:2105
batadv_interface_tx+0x34a/0xb30 net/batman-adv/soft-interface.c:240
__netdev_start_xmit include/linux/netdevice.h:5151 [inline]
netdev_start_xmit include/linux/netdevice.h:5160 [inline]
xmit_one net/core/dev.c:3800 [inline]
dev_hard_start_xmit+0x119/0x3f0 net/core/dev.c:3816
__dev_queue_xmit+0x100a/0x2090 net/core/dev.c:4652
dev_queue_xmit include/linux/netdevice.h:3313 [inline]
br_dev_queue_push_xmit+0x444/0x500 net/bridge/br_forward.c:53
NF_HOOK include/linux/netfilter.h:314 [inline]
br_forward_finish+0x90/0x160 net/bridge/br_forward.c:66
br_nf_forward_finish+0x6b1/0x720 net/bridge/br_netfilter_hooks.c:665
NF_HOOK include/linux/netfilter.h:314 [inline]
br_nf_forward_arp net/bridge/br_netfilter_hooks.c:755 [inline]
br_nf_forward+0xae2/0xe70 net/bridge/br_netfilter_hooks.c:778
nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]
nf_hook_slow+0x86/0x1b0 net/netfilter/core.c:626
nf_hook include/linux/netfilter.h:269 [inline]
NF_HOOK include/linux/netfilter.h:312 [inline]
__br_forward+0x27d/0x360 net/bridge/br_forward.c:115
deliver_clone net/bridge/br_forward.c:131 [inline]
maybe_deliver+0x1c0/0x260 net/bridge/br_forward.c:190
br_flood+0x246/0x490 net/bridge/br_forward.c:237
br_handle_frame_finish+0xd19/0xe90 net/bridge/br_input.c:220
nf_hook_bridge_pre net/bridge/br_input.c:304 [inline]
br_handle_frame+0x5af/0x9b0 net/bridge/br_input.c:433
__netif_receive_skb_core+0xb1a/0x2350 net/core/dev.c:5790
__netif_receive_skb_one_core net/core/dev.c:5894 [inline]
__netif_receive_skb+0x5a/0x280 net/core/dev.c:6009
process_backlog+0x22e/0x440 net/core/dev.c:6357
__napi_poll+0x63/0x3c0 net/core/dev.c:7191
napi_poll net/core/dev.c:7260 [inline]
net_rx_action+0x3a1/0x7f0 net/core/dev.c:7382
handle_softirqs+0xbf/0x280 kernel/softirq.c:561
do_softirq+0x5e/0x90 kernel/softirq.c:462
__local_bh_enable_ip+0x6e/0x70 kernel/softirq.c:389
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
spin_unlock_bh include/linux/spinlock.h:396 [inline]
__batadv_dat_purge net/batman-adv/distributed-arp-table.c:185 [inline]
batadv_dat_purge+0x1e0/0x260 net/batman-adv/distributed-arp-table.c:204
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0x4db/0xa20 kernel/workqueue.c:3319
worker_thread+0x51d/0x6f0 kernel/workqueue.c:3400
kthread+0x4ae/0x520 kernel/kthread.c:464
ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
write to 0xffff888117ccb720 of 8 bytes by interrupt on cpu 0:
batadv_bla_update_own_backbone_gw net/batman-adv/bridge_loop_avoidance.c:577 [inline]
batadv_bla_tx+0x7b4/0xc40 net/batman-adv/bridge_loop_avoidance.c:2105
batadv_interface_tx+0x34a/0xb30 net/batman-adv/soft-interface.c:240
__netdev_start_xmit include/linux/netdevice.h:5151 [inline]
netdev_start_xmit include/linux/netdevice.h:5160 [inline]
xmit_one net/core/dev.c:3800 [inline]
dev_hard_start_xmit+0x119/0x3f0 net/core/dev.c:3816
__dev_queue_xmit+0x100a/0x2090 net/core/dev.c:4652
dev_queue_xmit include/linux/netdevice.h:3313 [inline]
br_dev_queue_push_xmit+0x444/0x500 net/bridge/br_forward.c:53
NF_HOOK include/linux/netfilter.h:314 [inline]
br_forward_finish+0x90/0x160 net/bridge/br_forward.c:66
br_nf_forward_finish+0x6b1/0x720 net/bridge/br_netfilter_hooks.c:665
NF_HOOK include/linux/netfilter.h:314 [inline]
br_nf_forward_arp net/bridge/br_netfilter_hooks.c:755 [inline]
br_nf_forward+0xae2/0xe70 net/bridge/br_netfilter_hooks.c:778
nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]
nf_hook_slow+0x86/0x1b0 net/netfilter/core.c:626
nf_hook include/linux/netfilter.h:269 [inline]
NF_HOOK include/linux/netfilter.h:312 [inline]
__br_forward+0x27d/0x360 net/bridge/br_forward.c:115
deliver_clone net/bridge/br_forward.c:131 [inline]
maybe_deliver+0x1c0/0x260 net/bridge/br_forward.c:190
br_flood+0x246/0x490 net/bridge/br_forward.c:237
br_handle_frame_finish+0xd19/0xe90 net/bridge/br_input.c:220
nf_hook_bridge_pre net/bridge/br_input.c:304 [inline]
br_handle_frame+0x5af/0x9b0 net/bridge/br_input.c:433
__netif_receive_skb_core+0xb1a/0x2350 net/core/dev.c:5790
__netif_receive_skb_one_core net/core/dev.c:5894 [inline]
__netif_receive_skb+0x5a/0x280 net/core/dev.c:6009
process_backlog+0x22e/0x440 net/core/dev.c:6357
__napi_poll+0x63/0x3c0 net/core/dev.c:7191
napi_poll net/core/dev.c:7260 [inline]
net_rx_action+0x3a1/0x7f0 net/core/dev.c:7382
handle_softirqs+0xbf/0x280 kernel/softirq.c:561
do_softirq+0x5e/0x90 kernel/softirq.c:462
__local_bh_enable_ip+0x6e/0x70 kernel/softirq.c:389
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
spin_unlock_bh include/linux/spinlock.h:396 [inline]
nsim_dev_trap_report drivers/net/netdevsim/dev.c:820 [inline]
nsim_dev_trap_report_work+0x522/0x620 drivers/net/netdevsim/dev.c:851
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0x4db/0xa20 kernel/workqueue.c:3319
worker_thread+0x51d/0x6f0 kernel/workqueue.c:3400
kthread+0x4ae/0x520 kernel/kthread.c:464
ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
value changed: 0x0000000100002106 -> 0x0000000100002107
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 51 Comm: kworker/u8:3 Not tainted 6.14.0-rc6-syzkaller-00202-ga29967be967e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: events_unbound nsim_dev_trap_report_work
==================================================================
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)