bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
==================================================================
BUG: KCSAN: data-race in __nf_conncount_add / nft_connlimit_eval

read-write to 0xffff88810fac8698 of 4 bytes by interrupt on cpu 1:
 __nf_conncount_add+0xa68/0xb30 net/netfilter/nf_conncount.c:196
 nf_conncount_add+0x35/0x50 net/netfilter/nf_conncount.c:210
 nft_connlimit_do_eval net/netfilter/nft_connlimit.c:46 [inline]
 nft_connlimit_eval+0x14a/0x210 net/netfilter/nft_connlimit.c:185
 expr_call_ops_eval net/netfilter/nf_tables_core.c:237 [inline]
 nft_do_chain+0x1e2/0xc90 net/netfilter/nf_tables_core.c:285
 nft_do_chain_inet+0x1eb/0x220 net/netfilter/nft_chain_filter.c:161
 nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline]
 nf_hook_slow+0x75/0x180 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:272 [inline]
 NF_HOOK include/linux/netfilter.h:315 [inline]
 ipv6_rcv+0x10e/0x150 net/ipv6/ip6_input.c:309
 __netif_receive_skb_one_core net/core/dev.c:5977 [inline]
 __netif_receive_skb+0x9e/0x270 net/core/dev.c:6090
 process_backlog+0x229/0x420 net/core/dev.c:6442
 __napi_poll+0x63/0x3a0 net/core/dev.c:7414
 napi_poll net/core/dev.c:7478 [inline]
 net_rx_action+0x391/0x830 net/core/dev.c:7605
 handle_softirqs+0xba/0x290 kernel/softirq.c:579
 do_softirq+0x5d/0x90 kernel/softirq.c:480
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:407
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 fpregs_unlock arch/x86/include/asm/fpu/api.h:77 [inline]
 kernel_fpu_end+0x9d/0xd0 arch/x86/kernel/fpu/core.c:476
 blake2s_compress+0x5f/0xd0 arch/x86/lib/crypto/blake2s-glue.c:46
 blake2s_update+0xa3/0x160 lib/crypto/blake2s.c:32
 hmac+0x1fd/0x270 drivers/net/wireguard/noise.c:332
 kdf drivers/net/wireguard/noise.c:367 [inline]
 message_ephemeral+0x165/0x1d0 drivers/net/wireguard/noise.c:493
 wg_noise_handshake_create_initiation+0x1ac/0x5a0 drivers/net/wireguard/noise.c:545
 wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:34 [inline]
 wg_packet_handshake_send_worker+0xb2/0x160 drivers/net/wireguard/send.c:51
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3321
 worker_thread+0x582/0x770 kernel/workqueue.c:3402
 kthread+0x486/0x510 kernel/kthread.c:464
 ret_from_fork+0xdd/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read to 0xffff88810fac8698 of 4 bytes by interrupt on cpu 0:
 nft_connlimit_do_eval net/netfilter/nft_connlimit.c:51 [inline]
 nft_connlimit_eval+0x177/0x210 net/netfilter/nft_connlimit.c:185
 expr_call_ops_eval net/netfilter/nf_tables_core.c:237 [inline]
 nft_do_chain+0x1e2/0xc90 net/netfilter/nf_tables_core.c:285
 nft_do_chain_inet+0x1eb/0x220 net/netfilter/nft_chain_filter.c:161
 nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline]
 nf_hook_slow+0x75/0x180 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:272 [inline]
 NF_HOOK include/linux/netfilter.h:315 [inline]
 ipv6_rcv+0x10e/0x150 net/ipv6/ip6_input.c:309
 __netif_receive_skb_one_core net/core/dev.c:5977 [inline]
 __netif_receive_skb+0x9e/0x270 net/core/dev.c:6090
 process_backlog+0x229/0x420 net/core/dev.c:6442
 __napi_poll+0x63/0x3a0 net/core/dev.c:7414
 napi_poll net/core/dev.c:7478 [inline]
 net_rx_action+0x391/0x830 net/core/dev.c:7605
 handle_softirqs+0xba/0x290 kernel/softirq.c:579
 do_softirq+0x5d/0x90 kernel/softirq.c:480
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:407
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:820 [inline]
 nsim_dev_trap_report_work+0x52b/0x630 drivers/net/netdevsim/dev.c:851
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3321
 worker_thread+0x582/0x770 kernel/workqueue.c:3402
 kthread+0x486/0x510 kernel/kthread.c:464
 ret_from_fork+0xdd/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

value changed: 0x0005ea41 -> 0x0005ea42

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 1449 Comm: kworker/u8:6 Not tainted 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: events_unbound nsim_dev_trap_report_work
==================================================================
net_ratelimit: 59096 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
==================================================================
BUG: KCSAN: data-race in __nf_conncount_add / nft_connlimit_eval

read-write to 0xffff88810fac8698 of 4 bytes by interrupt on cpu 1:
 __nf_conncount_add+0xa68/0xb30 net/netfilter/nf_conncount.c:196
 nf_conncount_add+0x35/0x50 net/netfilter/nf_conncount.c:210
 nft_connlimit_do_eval net/netfilter/nft_connlimit.c:46 [inline]
 nft_connlimit_eval+0x14a/0x210 net/netfilter/nft_connlimit.c:185
 expr_call_ops_eval net/netfilter/nf_tables_core.c:237 [inline]
 nft_do_chain+0x1e2/0xc90 net/netfilter/nf_tables_core.c:285
 nft_do_chain_inet+0x1eb/0x220 net/netfilter/nft_chain_filter.c:161
 nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline]
 nf_hook_slow+0x75/0x180 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:272 [inline]
 NF_HOOK include/linux/netfilter.h:315 [inline]
 br_nf_pre_routing_ipv6+0x269/0x2b0 net/bridge/br_netfilter_ipv6.c:184
 br_nf_pre_routing+0x52b/0xbd0 net/bridge/br_netfilter_hooks.c:508
 nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:283 [inline]
 br_handle_frame+0x4f7/0x9e0 net/bridge/br_input.c:434
 __netif_receive_skb_core+0xaaa/0x2410 net/core/dev.c:5863
 __netif_receive_skb_one_core net/core/dev.c:5975 [inline]
 __netif_receive_skb+0x59/0x270 net/core/dev.c:6090
 process_backlog+0x229/0x420 net/core/dev.c:6442
 __napi_poll+0x63/0x3a0 net/core/dev.c:7414
 napi_poll net/core/dev.c:7478 [inline]
 net_rx_action+0x391/0x830 net/core/dev.c:7605
 handle_softirqs+0xba/0x290 kernel/softirq.c:579
 do_softirq+0x5d/0x90 kernel/softirq.c:480
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:407
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 batadv_nc_purge_paths+0x22b/0x270 net/batman-adv/network-coding.c:471
 batadv_nc_worker+0x3d8/0xae0 net/batman-adv/network-coding.c:720
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3321
 worker_thread+0x582/0x770 kernel/workqueue.c:3402
 kthread+0x486/0x510 kernel/kthread.c:464
 ret_from_fork+0xdd/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read to 0xffff88810fac8698 of 4 bytes by interrupt on cpu 0:
 nft_connlimit_do_eval net/netfilter/nft_connlimit.c:51 [inline]
 nft_connlimit_eval+0x177/0x210 net/netfilter/nft_connlimit.c:185
 expr_call_ops_eval net/netfilter/nf_tables_core.c:237 [inline]
 nft_do_chain+0x1e2/0xc90 net/netfilter/nf_tables_core.c:285
 nft_do_chain_inet+0x1eb/0x220 net/netfilter/nft_chain_filter.c:161
 nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline]
 nf_hook_slow+0x75/0x180 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:272 [inline]
 NF_HOOK include/linux/netfilter.h:315 [inline]
 br_nf_pre_routing_ipv6+0x269/0x2b0 net/bridge/br_netfilter_ipv6.c:184
 br_nf_pre_routing+0x52b/0xbd0 net/bridge/br_netfilter_hooks.c:508
 nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:283 [inline]
 br_handle_frame+0x4f7/0x9e0 net/bridge/br_input.c:434
 __netif_receive_skb_core+0xaaa/0x2410 net/core/dev.c:5863
 __netif_receive_skb_one_core net/core/dev.c:5975 [inline]
 __netif_receive_skb+0x59/0x270 net/core/dev.c:6090
 process_backlog+0x229/0x420 net/core/dev.c:6442
 __napi_poll+0x63/0x3a0 net/core/dev.c:7414
 napi_poll net/core/dev.c:7478 [inline]
 net_rx_action+0x391/0x830 net/core/dev.c:7605
 handle_softirqs+0xba/0x290 kernel/softirq.c:579
 run_ksoftirqd+0x1c/0x30 kernel/softirq.c:968
 smpboot_thread_fn+0x32b/0x530 kernel/smpboot.c:164
 kthread+0x486/0x510 kernel/kthread.c:464
 ret_from_fork+0xdd/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

value changed: 0x0007a3d1 -> 0x0007a3d2

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 14 Comm: ksoftirqd/0 Not tainted 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
==================================================================
net_ratelimit: 57872 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)