bridge0: received packet on veth0_to_bridge with own address as source address (addr:0a:2b:d5:fe:be:11, vlan:0)
==================================================================
BUG: KCSAN: data-race in wq_worker_tick / wq_worker_tick

read-write to 0xffff8881000738b8 of 8 bytes by interrupt on cpu 0:
 wq_worker_tick+0x60/0x230 kernel/workqueue.c:1474
 sched_tick+0xd7/0x220 kernel/sched/core.c:5546
 update_process_times+0x15f/0x190 kernel/time/timer.c:2479
 tick_sched_handle kernel/time/tick-sched.c:298 [inline]
 tick_nohz_handler+0x276/0x3d0 kernel/time/tick-sched.c:319
 __run_hrtimer kernel/time/hrtimer.c:1777 [inline]
 __hrtimer_run_queues+0x20f/0x5a0 kernel/time/hrtimer.c:1841
 hrtimer_interrupt+0x21a/0x460 kernel/time/hrtimer.c:1903
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1045 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1d0 arch/x86/kernel/apic/apic.c:1062
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0x32/0x80 arch/x86/kernel/apic/apic.c:1056
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 kcsan_setup_watchpoint+0x406/0x420 kernel/kcsan/core.c:705
 ip6t_do_table+0x75b/0xbd0 net/ipv6/netfilter/ip6_tables.c:321
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0x78/0x180 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK include/linux/netfilter.h:316 [inline]
 br_nf_pre_routing_ipv6+0x269/0x2b0 net/bridge/br_netfilter_ipv6.c:184
 br_nf_pre_routing+0x52b/0xbd0 net/bridge/br_netfilter_hooks.c:508
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:291 [inline]
 br_handle_frame+0x4f0/0x9e0 net/bridge/br_input.c:442
 __netif_receive_skb_core+0x5df/0x1920 net/core/dev.c:6026
 __netif_receive_skb_one_core net/core/dev.c:6137 [inline]
 __netif_receive_skb+0x59/0x270 net/core/dev.c:6252
 process_backlog+0x228/0x420 net/core/dev.c:6604
 __napi_poll+0x5f/0x300 net/core/dev.c:7668
 napi_poll net/core/dev.c:7731 [inline]
 net_rx_action+0x425/0x8c0 net/core/dev.c:7883
 handle_softirqs+0xba/0x290 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:890 [inline]
 nsim_dev_trap_report_work+0x52b/0x630 drivers/net/netdevsim/dev.c:921
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3340
 worker_thread+0x582/0x770 kernel/workqueue.c:3421
 kthread+0x489/0x510 kernel/kthread.c:463
 ret_from_fork+0x149/0x290 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

read-write to 0xffff8881000738b8 of 8 bytes by interrupt on cpu 1:
 wq_worker_tick+0x60/0x230 kernel/workqueue.c:1474
 sched_tick+0xd7/0x220 kernel/sched/core.c:5546
 update_process_times+0x15f/0x190 kernel/time/timer.c:2479
 tick_sched_handle kernel/time/tick-sched.c:298 [inline]
 tick_nohz_handler+0x276/0x3d0 kernel/time/tick-sched.c:319
 __run_hrtimer kernel/time/hrtimer.c:1777 [inline]
 __hrtimer_run_queues+0x20f/0x5a0 kernel/time/hrtimer.c:1841
 hrtimer_interrupt+0x21a/0x460 kernel/time/hrtimer.c:1903
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1045 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1d0 arch/x86/kernel/apic/apic.c:1062
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0x32/0x80 arch/x86/kernel/apic/apic.c:1056
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 __tsan_read8+0x4/0x190 kernel/kcsan/core.c:1025
 xt_get_this_cpu_counter include/linux/netfilter/x_tables.h:426 [inline]
 ip6t_do_table+0x72e/0xbd0 net/ipv6/netfilter/ip6_tables.c:320
 ip6table_mangle_hook+0x163/0x340 net/ipv6/netfilter/ip6table_mangle.c:73
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0x78/0x180 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK include/linux/netfilter.h:316 [inline]
 br_nf_post_routing+0x850/0x950 net/bridge/br_netfilter_hooks.c:966
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0x78/0x180 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK include/linux/netfilter.h:316 [inline]
 br_forward_finish+0x116/0x160 net/bridge/br_forward.c:66
 br_nf_hook_thresh net/bridge/br_netfilter_hooks.c:-1 [inline]
 br_nf_forward_finish+0x6c1/0x740 net/bridge/br_netfilter_hooks.c:662
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_nf_forward_ip+0x5c1/0x5e0 net/bridge/br_netfilter_hooks.c:716
 br_nf_forward+0x5a2/0xe90 net/bridge/br_netfilter_hooks.c:773
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0x78/0x180 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK include/linux/netfilter.h:316 [inline]
 __br_forward+0x24c/0x330 net/bridge/br_forward.c:115
 br_flood+0x30f/0x460 net/bridge/br_forward.c:-1
 br_handle_frame_finish+0xd96/0xfc0 net/bridge/br_input.c:229
 br_nf_hook_thresh+0x1eb/0x220 net/bridge/br_netfilter_hooks.c:-1
 br_nf_pre_routing_finish_ipv6+0x4d1/0x570 net/bridge/br_netfilter_ipv6.c:-1
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_nf_pre_routing_ipv6+0x1fa/0x2b0 net/bridge/br_netfilter_ipv6.c:184
 br_nf_pre_routing+0x52b/0xbd0 net/bridge/br_netfilter_hooks.c:508
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:291 [inline]
 br_handle_frame+0x4f0/0x9e0 net/bridge/br_input.c:442
 __netif_receive_skb_core+0x5df/0x1920 net/core/dev.c:6026
 __netif_receive_skb_one_core net/core/dev.c:6137 [inline]
 __netif_receive_skb+0x59/0x270 net/core/dev.c:6252
 process_backlog+0x228/0x420 net/core/dev.c:6604
 __napi_poll+0x5f/0x300 net/core/dev.c:7668
 napi_poll net/core/dev.c:7731 [inline]
 net_rx_action+0x425/0x8c0 net/core/dev.c:7883
 handle_softirqs+0xba/0x290 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 __alloc_skb+0x476/0x4b0 net/core/skbuff.c:674
 alloc_skb include/linux/skbuff.h:1383 [inline]
 nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:818 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:875 [inline]
 nsim_dev_trap_report_work+0x18a/0x630 drivers/net/netdevsim/dev.c:921
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3340
 worker_thread+0x582/0x770 kernel/workqueue.c:3421
 kthread+0x489/0x510 kernel/kthread.c:463
 ret_from_fork+0x149/0x290 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

value changed: 0x000000000237eea0 -> 0x00000000023815b0

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 1873 Comm: kworker/u8:12 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: events_unbound nsim_dev_trap_report_work
==================================================================
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0a:2b:d5:fe:be:11, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0a:2b:d5:fe:be:11, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0a:2b:d5:fe:be:11, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0a:2b:d5:fe:be:11, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0a:2b:d5:fe:be:11, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0a:2b:d5:fe:be:11, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0a:2b:d5:fe:be:11, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0a:2b:d5:fe:be:11, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0a:2b:d5:fe:be:11, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:0a:2b:d5:fe:be:11, vlan:0)