==================================================================
BUG: KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish

read-write to 0xffff8881046f0170 of 8 bytes by interrupt on cpu 0:
 br_handle_frame_finish+0xce9/0xe80 net/bridge/br_input.c:189
 br_nf_hook_thresh+0x1ee/0x220
 br_nf_pre_routing_finish_ipv6+0x504/0x530
 NF_HOOK include/linux/netfilter.h:302 [inline]
 br_nf_pre_routing_ipv6+0x1ea/0x280 net/bridge/br_netfilter_ipv6.c:237
 br_nf_pre_routing+0x522/0xbd0 net/bridge/br_netfilter_hooks.c:507
 nf_hook_entry_hookfn include/linux/netfilter.h:142 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:272 [inline]
 br_handle_frame+0x4d3/0x8f0 net/bridge/br_input.c:416
 __netif_receive_skb_core+0xa5e/0x1d10 net/core/dev.c:5376
 __netif_receive_skb_one_core net/core/dev.c:5480 [inline]
 __netif_receive_skb+0x52/0x1b0 net/core/dev.c:5596
 process_backlog+0x23f/0x3b0 net/core/dev.c:5924
 __napi_poll+0x65/0x390 net/core/dev.c:6485
 napi_poll net/core/dev.c:6552 [inline]
 net_rx_action+0x37e/0x730 net/core/dev.c:6663
 __do_softirq+0xf2/0x2c7 kernel/softirq.c:571
 run_ksoftirqd+0x1f/0x30 kernel/softirq.c:934
 smpboot_thread_fn+0x308/0x4a0 kernel/smpboot.c:164
 kthread+0x1a9/0x1e0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308

read-write to 0xffff8881046f0170 of 8 bytes by interrupt on cpu 1:
 br_handle_frame_finish+0xce9/0xe80 net/bridge/br_input.c:189
 br_nf_hook_thresh+0x1ee/0x220
 br_nf_pre_routing_finish_ipv6+0x504/0x530
 NF_HOOK include/linux/netfilter.h:302 [inline]
 br_nf_pre_routing_ipv6+0x1ea/0x280 net/bridge/br_netfilter_ipv6.c:237
 br_nf_pre_routing+0x522/0xbd0 net/bridge/br_netfilter_hooks.c:507
 nf_hook_entry_hookfn include/linux/netfilter.h:142 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:272 [inline]
 br_handle_frame+0x4d3/0x8f0 net/bridge/br_input.c:416
 __netif_receive_skb_core+0xa5e/0x1d10 net/core/dev.c:5376
 __netif_receive_skb_one_core net/core/dev.c:5480 [inline]
 __netif_receive_skb+0x52/0x1b0 net/core/dev.c:5596
 process_backlog+0x23f/0x3b0 net/core/dev.c:5924
 __napi_poll+0x65/0x390 net/core/dev.c:6485
 napi_poll net/core/dev.c:6552 [inline]
 net_rx_action+0x37e/0x730 net/core/dev.c:6663
 __do_softirq+0xf2/0x2c7 kernel/softirq.c:571
 run_ksoftirqd+0x1f/0x30 kernel/softirq.c:934
 smpboot_thread_fn+0x308/0x4a0 kernel/smpboot.c:164
 kthread+0x1a9/0x1e0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308

value changed: 0x000000000077767d -> 0x000000000077767e

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 6.2.0-rc5-syzkaller-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
==================================================================
net_ratelimit: 35933 callbacks suppressed
bridge0: received packet on bond0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bond0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bond0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bond0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bond0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
net_ratelimit: 36646 callbacks suppressed
bridge0: received packet on bond0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bond0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bond0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bond0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bond0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
==================================================================
BUG: KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish

read-write to 0xffff8881046f0170 of 8 bytes by interrupt on cpu 0:
 br_handle_frame_finish+0xce9/0xe80 net/bridge/br_input.c:189
 br_nf_hook_thresh+0x1ee/0x220
 br_nf_pre_routing_finish_ipv6+0x504/0x530
 NF_HOOK include/linux/netfilter.h:302 [inline]
 br_nf_pre_routing_ipv6+0x1ea/0x280 net/bridge/br_netfilter_ipv6.c:237
 br_nf_pre_routing+0x522/0xbd0 net/bridge/br_netfilter_hooks.c:507
 nf_hook_entry_hookfn include/linux/netfilter.h:142 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:272 [inline]
 br_handle_frame+0x4d3/0x8f0 net/bridge/br_input.c:416
 __netif_receive_skb_core+0xa5e/0x1d10 net/core/dev.c:5376
 __netif_receive_skb_one_core net/core/dev.c:5480 [inline]
 __netif_receive_skb+0x52/0x1b0 net/core/dev.c:5596
 process_backlog+0x23f/0x3b0 net/core/dev.c:5924
 __napi_poll+0x65/0x390 net/core/dev.c:6485
 napi_poll net/core/dev.c:6552 [inline]
 net_rx_action+0x37e/0x730 net/core/dev.c:6663
 __do_softirq+0xf2/0x2c7 kernel/softirq.c:571
 run_ksoftirqd+0x1f/0x30 kernel/softirq.c:934
 smpboot_thread_fn+0x308/0x4a0 kernel/smpboot.c:164
 kthread+0x1a9/0x1e0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308

read-write to 0xffff8881046f0170 of 8 bytes by interrupt on cpu 1:
 br_handle_frame_finish+0xce9/0xe80 net/bridge/br_input.c:189
 br_nf_hook_thresh+0x1ee/0x220
 br_nf_pre_routing_finish_ipv6+0x504/0x530
 NF_HOOK include/linux/netfilter.h:302 [inline]
 br_nf_pre_routing_ipv6+0x1ea/0x280 net/bridge/br_netfilter_ipv6.c:237
 br_nf_pre_routing+0x522/0xbd0 net/bridge/br_netfilter_hooks.c:507
 nf_hook_entry_hookfn include/linux/netfilter.h:142 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:272 [inline]
 br_handle_frame+0x4d3/0x8f0 net/bridge/br_input.c:416
 __netif_receive_skb_core+0xa5e/0x1d10 net/core/dev.c:5376
 __netif_receive_skb_one_core net/core/dev.c:5480 [inline]
 __netif_receive_skb+0x52/0x1b0 net/core/dev.c:5596
 process_backlog+0x23f/0x3b0 net/core/dev.c:5924
 __napi_poll+0x65/0x390 net/core/dev.c:6485
 napi_poll net/core/dev.c:6552 [inline]
 net_rx_action+0x37e/0x730 net/core/dev.c:6663
 __do_softirq+0xf2/0x2c7 kernel/softirq.c:571
 run_ksoftirqd+0x1f/0x30 kernel/softirq.c:934
 smpboot_thread_fn+0x308/0x4a0 kernel/smpboot.c:164
 kthread+0x1a9/0x1e0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308

value changed: 0x000000000078c295 -> 0x000000000078c296

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 6.2.0-rc5-syzkaller-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
==================================================================