syzbot

==================================================================
BUG: KCSAN: data-race in batadv_bla_tx / batadv_bla_tx

write to 0xffff88810d7df220 of 8 bytes by interrupt on cpu 0:
 batadv_bla_update_own_backbone_gw net/batman-adv/bridge_loop_avoidance.c:577 [inline]
 batadv_bla_tx+0x7f4/0xc80 net/batman-adv/bridge_loop_avoidance.c:2104
 batadv_interface_tx+0x349/0xae0 net/batman-adv/mesh-interface.c:227
 __netdev_start_xmit include/linux/netdevice.h:5325 [inline]
 netdev_start_xmit include/linux/netdevice.h:5334 [inline]
 xmit_one net/core/dev.c:3888 [inline]
 dev_hard_start_xmit+0x136/0x3f0 net/core/dev.c:3904
 __dev_queue_xmit+0xd9a/0x1f20 net/core/dev.c:4854
 dev_queue_xmit include/linux/netdevice.h:3385 [inline]
 br_dev_queue_push_xmit+0x233/0x2a0 net/bridge/br_forward.c:53
 br_nf_dev_queue_xmit+0x415/0xc50 net/bridge/br_netfilter_hooks.c:-1
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_nf_post_routing+0x8c7/0x990 net/bridge/br_netfilter_hooks.c:966
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0x78/0x180 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK include/linux/netfilter.h:316 [inline]
 br_forward_finish+0x148/0x190 net/bridge/br_forward.c:66
 br_nf_hook_thresh net/bridge/br_netfilter_hooks.c:-1 [inline]
 br_nf_forward_finish+0x6ff/0x780 net/bridge/br_netfilter_hooks.c:662
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_nf_forward_ip+0x5fe/0x620 net/bridge/br_netfilter_hooks.c:716
 br_nf_forward+0x5a2/0xec0 net/bridge/br_netfilter_hooks.c:773
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0x78/0x180 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK include/linux/netfilter.h:316 [inline]
 __br_forward+0x282/0x360 net/bridge/br_forward.c:115
 deliver_clone net/bridge/br_forward.c:131 [inline]
 maybe_deliver net/bridge/br_forward.c:191 [inline]
 br_flood+0x451/0x6d0 net/bridge/br_forward.c:238
 br_handle_frame_finish+0xdd2/0xff0 net/bridge/br_input.c:229
 br_nf_hook_thresh+0x233/0x270 net/bridge/br_netfilter_hooks.c:-1
 br_nf_pre_routing_finish_ipv6+0x550/0x580 net/bridge/br_netfilter_ipv6.c:-1
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_nf_pre_routing_ipv6+0x1fa/0x2e0 net/bridge/br_netfilter_ipv6.c:184
 br_nf_pre_routing+0x56a/0xbe0 net/bridge/br_netfilter_hooks.c:508
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:291 [inline]
 br_handle_frame+0x85f/0xa60 net/bridge/br_input.c:442
 __netif_receive_skb_core+0x5b1/0x1980 net/core/dev.c:6068
 __netif_receive_skb_one_core net/core/dev.c:6179 [inline]
 __netif_receive_skb net/core/dev.c:6294 [inline]
 process_backlog+0x25b/0x670 net/core/dev.c:6645
 __napi_poll+0x61/0x330 net/core/dev.c:7709
 napi_poll net/core/dev.c:7772 [inline]
 net_rx_action+0x452/0x930 net/core/dev.c:7929
 handle_softirqs+0xb9/0x2a0 kernel/softirq.c:622
 run_ksoftirqd+0x1c/0x30 kernel/softirq.c:1063
 smpboot_thread_fn+0x32a/0x510 kernel/smpboot.c:160
 kthread+0x22a/0x280 kernel/kthread.c:436
 ret_from_fork+0x150/0x360 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

write to 0xffff88810d7df220 of 8 bytes by interrupt on cpu 1:
 batadv_bla_update_own_backbone_gw net/batman-adv/bridge_loop_avoidance.c:577 [inline]
 batadv_bla_tx+0x7f4/0xc80 net/batman-adv/bridge_loop_avoidance.c:2104
 batadv_interface_tx+0x349/0xae0 net/batman-adv/mesh-interface.c:227
 __netdev_start_xmit include/linux/netdevice.h:5325 [inline]
 netdev_start_xmit include/linux/netdevice.h:5334 [inline]
 xmit_one net/core/dev.c:3888 [inline]
 dev_hard_start_xmit+0x136/0x3f0 net/core/dev.c:3904
 __dev_queue_xmit+0xd9a/0x1f20 net/core/dev.c:4854
 dev_queue_xmit include/linux/netdevice.h:3385 [inline]
 br_dev_queue_push_xmit+0x233/0x2a0 net/bridge/br_forward.c:53
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_forward_finish+0x89/0x190 net/bridge/br_forward.c:66
 br_nf_hook_thresh net/bridge/br_netfilter_hooks.c:-1 [inline]
 br_nf_forward_finish+0x6ff/0x780 net/bridge/br_netfilter_hooks.c:662
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_nf_forward_arp net/bridge/br_netfilter_hooks.c:752 [inline]
 br_nf_forward+0xae3/0xec0 net/bridge/br_netfilter_hooks.c:775
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0x78/0x180 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK include/linux/netfilter.h:316 [inline]
 __br_forward+0x282/0x360 net/bridge/br_forward.c:115
 deliver_clone net/bridge/br_forward.c:131 [inline]
 maybe_deliver net/bridge/br_forward.c:191 [inline]
 br_flood+0x451/0x6d0 net/bridge/br_forward.c:238
 br_handle_frame_finish+0xdd2/0xff0 net/bridge/br_input.c:229
 nf_hook_bridge_pre net/bridge/br_input.c:313 [inline]
 br_handle_frame+0x452/0xa60 net/bridge/br_input.c:442
 __netif_receive_skb_core+0x5b1/0x1980 net/core/dev.c:6068
 __netif_receive_skb_one_core net/core/dev.c:6179 [inline]
 __netif_receive_skb net/core/dev.c:6294 [inline]
 process_backlog+0x25b/0x670 net/core/dev.c:6645
 __napi_poll+0x61/0x330 net/core/dev.c:7709
 napi_poll net/core/dev.c:7772 [inline]
 net_rx_action+0x452/0x930 net/core/dev.c:7929
 handle_softirqs+0xb9/0x2a0 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 rcu_read_unlock_bh include/linux/rcupdate.h:924 [inline]
 wg_pubkey_hashtable_lookup+0xe1/0x100 drivers/net/wireguard/peerlookup.c:69
 wg_noise_handshake_consume_initiation+0x33e/0x800 drivers/net/wireguard/noise.c:617
 wg_receive_handshake_packet drivers/net/wireguard/receive.c:144 [inline]
 wg_packet_handshake_receive_worker+0x3a8/0x5d0 drivers/net/wireguard/receive.c:213
 process_one_work kernel/workqueue.c:3276 [inline]
 process_scheduled_works+0x513/0xa10 kernel/workqueue.c:3359
 worker_thread+0x58a/0x780 kernel/workqueue.c:3440
 kthread+0x22a/0x280 kernel/kthread.c:436
 ret_from_fork+0x150/0x360 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

value changed: 0x00000001000163e6 -> 0x00000001000163e7

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 24607 Comm: kworker/1:15 Tainted: G        W           syzkaller #0 PREEMPT(full) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
Workqueue: wg-kex-wg1 wg_packet_handshake_receive_worker
==================================================================
net_ratelimit: 29453 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:7e:a8:7a:84:d8:77, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:7e:a8:7a:84:d8:77, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:7e:a8:7a:84:d8:77, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:7e:a8:7a:84:d8:77, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:7e:a8:7a:84:d8:77, vlan:0)
net_ratelimit: 30528 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:7e:a8:7a:84:d8:77, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:7e:a8:7a:84:d8:77, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:7e:a8:7a:84:d8:77, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:7e:a8:7a:84:d8:77, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:7e:a8:7a:84:d8:77, vlan:0)