==================================================================
BUG: KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish

read-write to 0xffff88810384a178 of 8 bytes by interrupt on cpu 0:
 br_handle_frame_finish+0xd4f/0xef0 net/bridge/br_input.c:189
 br_nf_hook_thresh+0x1ed/0x220
 br_nf_pre_routing_finish_ipv6+0x50f/0x540
 NF_HOOK include/linux/netfilter.h:303 [inline]
 br_nf_pre_routing_ipv6+0x1e3/0x2a0 net/bridge/br_netfilter_ipv6.c:178
 br_nf_pre_routing+0x526/0xba0 net/bridge/br_netfilter_hooks.c:508
 nf_hook_entry_hookfn include/linux/netfilter.h:143 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:272 [inline]
 br_handle_frame+0x4c7/0x8e0 net/bridge/br_input.c:416
 __netif_receive_skb_core+0x9e8/0x1e80 net/core/dev.c:5385
 __netif_receive_skb_one_core net/core/dev.c:5489 [inline]
 __netif_receive_skb+0x57/0x1b0 net/core/dev.c:5605
 process_backlog+0x21f/0x380 net/core/dev.c:5933
 __napi_poll+0x60/0x3b0 net/core/dev.c:6496
 napi_poll net/core/dev.c:6563 [inline]
 net_rx_action+0x32b/0x750 net/core/dev.c:6696
 __do_softirq+0xc1/0x265 kernel/softirq.c:571
 run_ksoftirqd+0x17/0x20 kernel/softirq.c:939
 smpboot_thread_fn+0x30a/0x4a0 kernel/smpboot.c:164
 kthread+0x1d7/0x210 kernel/kthread.c:379
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308

read-write to 0xffff88810384a178 of 8 bytes by interrupt on cpu 1:
 br_handle_frame_finish+0xd4f/0xef0 net/bridge/br_input.c:189
 br_nf_hook_thresh+0x1ed/0x220
 br_nf_pre_routing_finish_ipv6+0x50f/0x540
 NF_HOOK include/linux/netfilter.h:303 [inline]
 br_nf_pre_routing_ipv6+0x1e3/0x2a0 net/bridge/br_netfilter_ipv6.c:178
 br_nf_pre_routing+0x526/0xba0 net/bridge/br_netfilter_hooks.c:508
 nf_hook_entry_hookfn include/linux/netfilter.h:143 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:272 [inline]
 br_handle_frame+0x4c7/0x8e0 net/bridge/br_input.c:416
 __netif_receive_skb_core+0x9e8/0x1e80 net/core/dev.c:5385
 __netif_receive_skb_one_core net/core/dev.c:5489 [inline]
 __netif_receive_skb+0x57/0x1b0 net/core/dev.c:5605
 process_backlog+0x21f/0x380 net/core/dev.c:5933
 __napi_poll+0x60/0x3b0 net/core/dev.c:6496
 napi_poll net/core/dev.c:6563 [inline]
 net_rx_action+0x32b/0x750 net/core/dev.c:6696
 __do_softirq+0xc1/0x265 kernel/softirq.c:571
 do_softirq+0x7e/0xb0 kernel/softirq.c:472
 __local_bh_enable_ip+0x64/0x70 kernel/softirq.c:396
 local_bh_enable+0x1f/0x20 include/linux/bottom_half.h:33
 rcu_read_unlock_bh include/linux/rcupdate.h:843 [inline]
 __dev_queue_xmit+0xabb/0x1d10 net/core/dev.c:4271
 dev_queue_xmit include/linux/netdevice.h:3085 [inline]
 neigh_hh_output include/net/neighbour.h:528 [inline]
 neigh_output include/net/neighbour.h:542 [inline]
 ip_finish_output2+0x700/0x840 net/ipv4/ip_output.c:229
 ip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:317
 NF_HOOK_COND include/linux/netfilter.h:292 [inline]
 ip_output+0xe5/0x1b0 net/ipv4/ip_output.c:431
 dst_output include/net/dst.h:458 [inline]
 ip_local_out net/ipv4/ip_output.c:126 [inline]
 __ip_queue_xmit+0xa4d/0xa70 net/ipv4/ip_output.c:533
 ip_queue_xmit+0x38/0x40 net/ipv4/ip_output.c:547
 __tcp_transmit_skb+0x1194/0x16e0 net/ipv4/tcp_output.c:1399
 tcp_transmit_skb net/ipv4/tcp_output.c:1417 [inline]
 tcp_write_xmit+0x13ff/0x2fd0 net/ipv4/tcp_output.c:2693
 __tcp_push_pending_frames+0x6a/0x1a0 net/ipv4/tcp_output.c:2877
 tcp_push+0x320/0x330 net/ipv4/tcp.c:733
 tcp_sendmsg_locked+0x1cf8/0x2120 net/ipv4/tcp.c:1459
 tcp_sendmsg+0x30/0x50 net/ipv4/tcp.c:1487
 inet_sendmsg+0x63/0x80 net/ipv4/af_inet.c:825
 sock_sendmsg_nosec net/socket.c:724 [inline]
 sock_sendmsg net/socket.c:747 [inline]
 sock_write_iter+0x1aa/0x230 net/socket.c:1140
 call_write_iter include/linux/fs.h:1868 [inline]
 new_sync_write fs/read_write.c:491 [inline]
 vfs_write+0x47b/0x780 fs/read_write.c:584
 ksys_write+0xeb/0x1a0 fs/read_write.c:637
 __do_sys_write fs/read_write.c:649 [inline]
 __se_sys_write fs/read_write.c:646 [inline]
 __x64_sys_write+0x42/0x50 fs/read_write.c:646
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

value changed: 0x0000000000003984 -> 0x0000000000003985

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 3163 Comm: syz-fuzzer Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
==================================================================
==================================================================
BUG: KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish

read-write to 0xffff88810384a178 of 8 bytes by interrupt on cpu 0:
 br_handle_frame_finish+0xd4f/0xef0 net/bridge/br_input.c:189
 br_nf_hook_thresh+0x1ed/0x220
 br_nf_pre_routing_finish_ipv6+0x50f/0x540
 NF_HOOK include/linux/netfilter.h:303 [inline]
 br_nf_pre_routing_ipv6+0x1e3/0x2a0 net/bridge/br_netfilter_ipv6.c:178
 br_nf_pre_routing+0x526/0xba0 net/bridge/br_netfilter_hooks.c:508
 nf_hook_entry_hookfn include/linux/netfilter.h:143 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:272 [inline]
 br_handle_frame+0x4c7/0x8e0 net/bridge/br_input.c:416
 __netif_receive_skb_core+0x9e8/0x1e80 net/core/dev.c:5385
 __netif_receive_skb_one_core net/core/dev.c:5489 [inline]
 __netif_receive_skb+0x57/0x1b0 net/core/dev.c:5605
 process_backlog+0x21f/0x380 net/core/dev.c:5933
 __napi_poll+0x60/0x3b0 net/core/dev.c:6496
 napi_poll net/core/dev.c:6563 [inline]
 net_rx_action+0x32b/0x750 net/core/dev.c:6696
 __do_softirq+0xc1/0x265 kernel/softirq.c:571
 run_ksoftirqd+0x17/0x20 kernel/softirq.c:939
 smpboot_thread_fn+0x30a/0x4a0 kernel/smpboot.c:164
 kthread+0x1d7/0x210 kernel/kthread.c:379
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308

read-write to 0xffff88810384a178 of 8 bytes by interrupt on cpu 1:
 br_handle_frame_finish+0xd4f/0xef0 net/bridge/br_input.c:189
 br_nf_hook_thresh+0x1ed/0x220
 br_nf_pre_routing_finish_ipv6+0x50f/0x540
 NF_HOOK include/linux/netfilter.h:303 [inline]
 br_nf_pre_routing_ipv6+0x1e3/0x2a0 net/bridge/br_netfilter_ipv6.c:178
 br_nf_pre_routing+0x526/0xba0 net/bridge/br_netfilter_hooks.c:508
 nf_hook_entry_hookfn include/linux/netfilter.h:143 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:272 [inline]
 br_handle_frame+0x4c7/0x8e0 net/bridge/br_input.c:416
 __netif_receive_skb_core+0x9e8/0x1e80 net/core/dev.c:5385
 __netif_receive_skb_one_core net/core/dev.c:5489 [inline]
 __netif_receive_skb+0x57/0x1b0 net/core/dev.c:5605
 process_backlog+0x21f/0x380 net/core/dev.c:5933
 __napi_poll+0x60/0x3b0 net/core/dev.c:6496
 napi_poll net/core/dev.c:6563 [inline]
 net_rx_action+0x32b/0x750 net/core/dev.c:6696
 __do_softirq+0xc1/0x265 kernel/softirq.c:571
 run_ksoftirqd+0x17/0x20 kernel/softirq.c:939
 smpboot_thread_fn+0x30a/0x4a0 kernel/smpboot.c:164
 kthread+0x1d7/0x210 kernel/kthread.c:379
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308

value changed: 0x0000000000014dcc -> 0x0000000000014dcd

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 19 Comm: ksoftirqd/1 Not tainted 6.4.0-rc3-syzkaller-00291-g4e893b5aa4ac #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
==================================================================