syzbot

==================================================================
BUG: KCSAN: data-race in __nf_conncount_add / nft_connlimit_eval

read-write to 0xffff8881197aee18 of 4 bytes by interrupt on cpu 0:
 __nf_conncount_add+0xa68/0xb30 net/netfilter/nf_conncount.c:196
 nf_conncount_add+0x35/0x50 net/netfilter/nf_conncount.c:210
 nft_connlimit_do_eval net/netfilter/nft_connlimit.c:46 [inline]
 nft_connlimit_eval+0x14a/0x210 net/netfilter/nft_connlimit.c:185
 expr_call_ops_eval net/netfilter/nf_tables_core.c:237 [inline]
 nft_do_chain+0x1e2/0xc90 net/netfilter/nf_tables_core.c:285
 nft_do_chain_inet+0x1eb/0x220 net/netfilter/nft_chain_filter.c:161
 nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline]
 nf_hook_slow+0x75/0x180 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:272 [inline]
 NF_HOOK include/linux/netfilter.h:315 [inline]
 ipv6_rcv+0x10e/0x150 net/ipv6/ip6_input.c:309
 __netif_receive_skb_one_core net/core/dev.c:5977 [inline]
 __netif_receive_skb+0x9e/0x270 net/core/dev.c:6090
 process_backlog+0x229/0x420 net/core/dev.c:6442
 __napi_poll+0x66/0x3a0 net/core/dev.c:7414
 napi_poll net/core/dev.c:7478 [inline]
 net_rx_action+0x391/0x830 net/core/dev.c:7605
 handle_softirqs+0xb7/0x290 kernel/softirq.c:579
 do_softirq+0x5d/0x90 kernel/softirq.c:480
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:407
 __raw_read_unlock_bh include/linux/rwlock_api_smp.h:257 [inline]
 _raw_read_unlock_bh+0x1b/0x30 kernel/locking/spinlock.c:284
 wg_socket_send_skb_to_peer+0x111/0x130 drivers/net/wireguard/socket.c:184
 wg_packet_create_data_done drivers/net/wireguard/send.c:251 [inline]
 wg_packet_tx_worker+0x12d/0x330 drivers/net/wireguard/send.c:276
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0x4cb/0x9d0 kernel/workqueue.c:3321
 worker_thread+0x582/0x770 kernel/workqueue.c:3402
 kthread+0x486/0x510 kernel/kthread.c:464
 ret_from_fork+0xda/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read to 0xffff8881197aee18 of 4 bytes by task 3407 on cpu 1:
 nft_connlimit_do_eval net/netfilter/nft_connlimit.c:51 [inline]
 nft_connlimit_eval+0x177/0x210 net/netfilter/nft_connlimit.c:185
 expr_call_ops_eval net/netfilter/nf_tables_core.c:237 [inline]
 nft_do_chain+0x1e2/0xc90 net/netfilter/nf_tables_core.c:285
 nft_do_chain_inet+0x1eb/0x220 net/netfilter/nft_chain_filter.c:161
 nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline]
 nf_hook_slow+0x75/0x180 net/netfilter/core.c:623
 nf_hook_slow_list+0xed/0x200 net/netfilter/core.c:660
 NF_HOOK_LIST include/linux/netfilter.h:353 [inline]
 ip6_sublist_rcv+0x9f2/0xa10 net/ipv6/ip6_input.c:317
 ipv6_list_rcv+0x267/0x2a0 net/ipv6/ip6_input.c:353
 __netif_receive_skb_list_ptype net/core/dev.c:6020 [inline]
 __netif_receive_skb_list_core+0x3b0/0x500 net/core/dev.c:6067
 __netif_receive_skb_list net/core/dev.c:6119 [inline]
 netif_receive_skb_list_internal+0x487/0x600 net/core/dev.c:6210
 gro_normal_list include/net/gro.h:532 [inline]
 napi_complete_done+0x1a3/0x410 net/core/dev.c:6580
 wg_packet_rx_poll+0x1107/0x1160 drivers/net/wireguard/receive.c:488
 __napi_poll+0x66/0x3a0 net/core/dev.c:7414
 napi_threaded_poll_loop+0x18a/0x4a0 net/core/dev.c:7534
 napi_threaded_poll+0xda/0x160 net/core/dev.c:7561
 kthread+0x486/0x510 kernel/kthread.c:464
 ret_from_fork+0xda/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

value changed: 0x00000027 -> 0x00000028

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 3407 Comm: napi/wg2-0 Not tainted 6.16.0-rc7-syzkaller-00105-g2942242dde89 #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
==================================================================