================================================================== BUG: KCSAN: data-race in batadv_bla_tx / batadv_bla_tx write to 0xffff88811a225720 of 8 bytes by interrupt on cpu 0: batadv_bla_update_own_backbone_gw net/batman-adv/bridge_loop_avoidance.c:577 [inline] batadv_bla_tx+0x7a6/0xc30 net/batman-adv/bridge_loop_avoidance.c:2105 batadv_interface_tx+0x35c/0xb30 net/batman-adv/mesh-interface.c:227 __netdev_start_xmit include/linux/netdevice.h:5222 [inline] netdev_start_xmit include/linux/netdevice.h:5231 [inline] xmit_one net/core/dev.c:3839 [inline] dev_hard_start_xmit+0x122/0x3e0 net/core/dev.c:3855 __dev_queue_xmit+0x10f9/0x2000 net/core/dev.c:4725 dev_queue_xmit include/linux/netdevice.h:3361 [inline] br_dev_queue_push_xmit+0x42d/0x4e0 net/bridge/br_forward.c:53 br_nf_dev_queue_xmit+0x412/0xc50 net/bridge/br_netfilter_hooks.c:-1 NF_HOOK include/linux/netfilter.h:318 [inline] br_nf_post_routing+0x887/0x950 net/bridge/br_netfilter_hooks.c:966 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline] nf_hook_slow+0x75/0x180 net/netfilter/core.c:623 nf_hook include/linux/netfilter.h:273 [inline] NF_HOOK include/linux/netfilter.h:316 [inline] br_forward_finish+0x116/0x160 net/bridge/br_forward.c:66 br_nf_hook_thresh net/bridge/br_netfilter_hooks.c:-1 [inline] br_nf_forward_finish+0x6c1/0x740 net/bridge/br_netfilter_hooks.c:662 NF_HOOK include/linux/netfilter.h:318 [inline] br_nf_forward_ip+0x5c1/0x5e0 net/bridge/br_netfilter_hooks.c:716 br_nf_forward+0x5a2/0xe90 net/bridge/br_netfilter_hooks.c:773 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline] nf_hook_slow+0x75/0x180 net/netfilter/core.c:623 nf_hook include/linux/netfilter.h:273 [inline] NF_HOOK include/linux/netfilter.h:316 [inline] __br_forward+0x275/0x350 net/bridge/br_forward.c:115 deliver_clone net/bridge/br_forward.c:131 [inline] maybe_deliver+0x1ae/0x250 net/bridge/br_forward.c:190 br_flood+0x21f/0x460 net/bridge/br_forward.c:237 br_handle_frame_finish+0xdd3/0xf50 net/bridge/br_input.c:221 br_nf_hook_thresh+0x1eb/0x220 net/bridge/br_netfilter_hooks.c:-1 br_nf_pre_routing_finish_ipv6+0x4c6/0x570 net/bridge/br_netfilter_ipv6.c:-1 NF_HOOK include/linux/netfilter.h:318 [inline] br_nf_pre_routing_ipv6+0x1fa/0x2b0 net/bridge/br_netfilter_ipv6.c:184 br_nf_pre_routing+0x52b/0xbd0 net/bridge/br_netfilter_hooks.c:508 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline] nf_hook_bridge_pre net/bridge/br_input.c:283 [inline] br_handle_frame+0x4f7/0x9e0 net/bridge/br_input.c:434 __netif_receive_skb_core+0xad3/0x23b0 net/core/dev.c:5878 __netif_receive_skb_one_core net/core/dev.c:5989 [inline] __netif_receive_skb+0x59/0x270 net/core/dev.c:6104 process_backlog+0x229/0x420 net/core/dev.c:6456 __napi_poll+0x63/0x310 net/core/dev.c:7506 napi_poll net/core/dev.c:7569 [inline] net_rx_action+0x391/0x830 net/core/dev.c:7696 handle_softirqs+0xb7/0x290 kernel/softirq.c:579 do_softirq+0x5d/0x90 kernel/softirq.c:480 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:407 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline] _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396 [inline] nsim_dev_trap_report drivers/net/netdevsim/dev.c:835 [inline] nsim_dev_trap_report_work+0x52b/0x630 drivers/net/netdevsim/dev.c:866 process_one_work kernel/workqueue.c:3236 [inline] process_scheduled_works+0x4cb/0x9d0 kernel/workqueue.c:3319 worker_thread+0x582/0x770 kernel/workqueue.c:3400 kthread+0x489/0x510 kernel/kthread.c:463 ret_from_fork+0x11f/0x1b0 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 write to 0xffff88811a225720 of 8 bytes by interrupt on cpu 1: batadv_bla_update_own_backbone_gw net/batman-adv/bridge_loop_avoidance.c:577 [inline] batadv_bla_tx+0x7a6/0xc30 net/batman-adv/bridge_loop_avoidance.c:2105 batadv_interface_tx+0x35c/0xb30 net/batman-adv/mesh-interface.c:227 __netdev_start_xmit include/linux/netdevice.h:5222 [inline] netdev_start_xmit include/linux/netdevice.h:5231 [inline] xmit_one net/core/dev.c:3839 [inline] dev_hard_start_xmit+0x122/0x3e0 net/core/dev.c:3855 __dev_queue_xmit+0x10f9/0x2000 net/core/dev.c:4725 dev_queue_xmit include/linux/netdevice.h:3361 [inline] br_dev_queue_push_xmit+0x42d/0x4e0 net/bridge/br_forward.c:53 NF_HOOK include/linux/netfilter.h:318 [inline] br_forward_finish+0x89/0x160 net/bridge/br_forward.c:66 br_nf_hook_thresh net/bridge/br_netfilter_hooks.c:-1 [inline] br_nf_forward_finish+0x6c1/0x740 net/bridge/br_netfilter_hooks.c:662 NF_HOOK include/linux/netfilter.h:318 [inline] br_nf_forward_arp net/bridge/br_netfilter_hooks.c:752 [inline] br_nf_forward+0xae3/0xe90 net/bridge/br_netfilter_hooks.c:775 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline] nf_hook_slow+0x75/0x180 net/netfilter/core.c:623 nf_hook include/linux/netfilter.h:273 [inline] NF_HOOK include/linux/netfilter.h:316 [inline] __br_forward+0x275/0x350 net/bridge/br_forward.c:115 deliver_clone net/bridge/br_forward.c:131 [inline] maybe_deliver+0x1ae/0x250 net/bridge/br_forward.c:190 br_flood+0x21f/0x460 net/bridge/br_forward.c:237 br_handle_frame_finish+0xdd3/0xf50 net/bridge/br_input.c:221 nf_hook_bridge_pre net/bridge/br_input.c:305 [inline] br_handle_frame+0x5d1/0x9e0 net/bridge/br_input.c:434 __netif_receive_skb_core+0xad3/0x23b0 net/core/dev.c:5878 __netif_receive_skb_one_core net/core/dev.c:5989 [inline] __netif_receive_skb+0x59/0x270 net/core/dev.c:6104 process_backlog+0x229/0x420 net/core/dev.c:6456 __napi_poll+0x63/0x310 net/core/dev.c:7506 napi_poll net/core/dev.c:7569 [inline] net_rx_action+0x391/0x830 net/core/dev.c:7696 handle_softirqs+0xb7/0x290 kernel/softirq.c:579 __do_softirq kernel/softirq.c:613 [inline] invoke_softirq kernel/softirq.c:453 [inline] __irq_exit_rcu+0x3a/0xc0 kernel/softirq.c:680 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline] sysvec_apic_timer_interrupt+0x74/0x80 arch/x86/kernel/apic/apic.c:1050 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 clear_page_erms+0xd/0x20 arch/x86/lib/clear_page_64.S:52 clear_page arch/x86/include/asm/page_64.h:54 [inline] clear_highpage_kasan_tagged include/linux/highmem.h:248 [inline] kernel_init_pages mm/page_alloc.c:1228 [inline] post_alloc_hook mm/page_alloc.c:1849 [inline] prep_new_page mm/page_alloc.c:1859 [inline] alloc_pages_bulk_noprof+0x310/0x540 mm/page_alloc.c:5084 alloc_pages_bulk_mempolicy_noprof+0x2e3/0xb00 mm/mempolicy.c:2724 vm_area_alloc_pages mm/vmalloc.c:3616 [inline] __vmalloc_area_node mm/vmalloc.c:3720 [inline] __vmalloc_node_range_noprof+0x52b/0xe00 mm/vmalloc.c:3893 __vmalloc_node_noprof mm/vmalloc.c:3956 [inline] __vmalloc_noprof+0x83/0xc0 mm/vmalloc.c:3970 pcpu_mem_zalloc mm/percpu.c:512 [inline] pcpu_alloc_chunk mm/percpu.c:1456 [inline] pcpu_create_chunk+0x278/0x680 mm/percpu-vm.c:338 pcpu_alloc_noprof+0x6b6/0x1250 mm/percpu.c:1838 bpf_map_alloc_percpu+0xb3/0x200 kernel/bpf/syscall.c:558 prealloc_init+0x19f/0x490 kernel/bpf/hashtab.c:336 htab_map_alloc+0x4ba/0x6d0 kernel/bpf/hashtab.c:561 map_create+0x843/0xca0 kernel/bpf/syscall.c:1480 __sys_bpf+0x545/0x7b0 kernel/bpf/syscall.c:6011 __do_sys_bpf kernel/bpf/syscall.c:6139 [inline] __se_sys_bpf kernel/bpf/syscall.c:6137 [inline] __x64_sys_bpf+0x41/0x50 kernel/bpf/syscall.c:6137 x64_sys_call+0x2aea/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:322 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f value changed: 0x00000000ffffda7b -> 0x00000000ffffda7c Reported by Kernel Concurrency Sanitizer on: CPU: 1 UID: 0 PID: 15503 Comm: ’ Tainted: G W syzkaller #0 PREEMPT(voluntary) Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 ==================================================================