syzbot

==================================================================
BUG: KCSAN: data-race in mem_cgroup_flush_stats / tick_do_update_jiffies64

read-write to 0xffffffff85a079c0 of 8 bytes by interrupt on cpu 1:
 tick_do_update_jiffies64+0x112/0x1b0 kernel/time/tick-sched.c:118
 tick_sched_do_timer kernel/time/tick-sched.c:211 [inline]
 tick_nohz_highres_handler+0x7b/0x2c0 kernel/time/tick-sched.c:1509
 __run_hrtimer kernel/time/hrtimer.c:1688 [inline]
 __hrtimer_run_queues+0x217/0x700 kernel/time/hrtimer.c:1752
 hrtimer_interrupt+0x20d/0x7b0 kernel/time/hrtimer.c:1814
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1065 [inline]
 __sysvec_apic_timer_interrupt+0x52/0x190 arch/x86/kernel/apic/apic.c:1082
 sysvec_apic_timer_interrupt+0x68/0x80 arch/x86/kernel/apic/apic.c:1076
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:649
 __tsan_unaligned_volatile_read4+0x0/0x190 kernel/kcsan/core.c:753
 __rcu_read_unlock+0x4d/0x70 kernel/rcu/tree_plugin.h:425
 rcu_read_unlock include/linux/rcupdate.h:779 [inline]
 batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:412 [inline]
 batadv_nc_worker+0x376/0xac0 net/batman-adv/network-coding.c:719
 process_one_work kernel/workqueue.c:2627 [inline]
 process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2700
 worker_thread+0x525/0x730 kernel/workqueue.c:2781
 kthread+0x1d7/0x210 kernel/kthread.c:388
 ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242

read to 0xffffffff85a079c0 of 8 bytes by task 5159 on cpu 0:
 do_flush_stats mm/memcontrol.c:656 [inline]
 mem_cgroup_flush_stats+0x5d/0xd0 mm/memcontrol.c:667
 prepare_scan_control mm/vmscan.c:2225 [inline]
 shrink_node+0x304/0x15c0 mm/vmscan.c:5875
 shrink_zones mm/vmscan.c:6116 [inline]
 do_try_to_free_pages+0x43d/0xce0 mm/vmscan.c:6178
 try_to_free_mem_cgroup_pages+0x1e2/0x480 mm/vmscan.c:6493
 try_charge_memcg+0x280/0xd30 mm/memcontrol.c:2742
 try_charge mm/memcontrol.c:2884 [inline]
 charge_memcg mm/memcontrol.c:7210 [inline]
 mem_cgroup_swapin_charge_folio+0x107/0x190 mm/memcontrol.c:7295
 __read_swap_cache_async+0x2f6/0x550 mm/swap_state.c:490
 swap_cluster_readahead+0x452/0x4c0 mm/swap_state.c:674
 swapin_readahead+0xe9/0x7f0 mm/swap_state.c:878
 do_swap_page+0x4a0/0x1670 mm/memory.c:3884
 handle_pte_fault mm/memory.c:5042 [inline]
 __handle_mm_fault mm/memory.c:5180 [inline]
 handle_mm_fault+0xa36/0x2dd0 mm/memory.c:5345
 do_user_addr_fault arch/x86/mm/fault.c:1364 [inline]
 handle_page_fault arch/x86/mm/fault.c:1505 [inline]
 exc_page_fault+0x3ff/0x6c0 arch/x86/mm/fault.c:1561
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570

value changed: 0x000000010004f9a3 -> 0x000000010004f9a4

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 5159 Comm: syz-executor.5 Not tainted 6.7.0-rc7-syzkaller-00041-gf016f7547aee #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
==================================================================
syz-executor.5 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
CPU: 0 PID: 5159 Comm: syz-executor.5 Not tainted 6.7.0-rc7-syzkaller-00041-gf016f7547aee #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xda/0x130 lib/dump_stack.c:106
 dump_stack+0x15/0x20 lib/dump_stack.c:113
 dump_header+0x82/0x2d0 mm/oom_kill.c:460
 oom_kill_process+0x33a/0x4c0 mm/oom_kill.c:1031
 out_of_memory+0x9ca/0xbf0 mm/oom_kill.c:1169
 mem_cgroup_out_of_memory+0x139/0x190 mm/memcontrol.c:1791
 mem_cgroup_oom mm/memcontrol.c:2021 [inline]
 try_charge_memcg+0x75c/0xd30 mm/memcontrol.c:2790
 try_charge mm/memcontrol.c:2884 [inline]
 charge_memcg mm/memcontrol.c:7210 [inline]
 mem_cgroup_swapin_charge_folio+0x107/0x190 mm/memcontrol.c:7295
 __read_swap_cache_async+0x2f6/0x550 mm/swap_state.c:490
 swap_cluster_readahead+0x452/0x4c0 mm/swap_state.c:674
 swapin_readahead+0xe9/0x7f0 mm/swap_state.c:878
 do_swap_page+0x4a0/0x1670 mm/memory.c:3884
 handle_pte_fault mm/memory.c:5042 [inline]
 __handle_mm_fault mm/memory.c:5180 [inline]
 handle_mm_fault+0xa36/0x2dd0 mm/memory.c:5345
 do_user_addr_fault arch/x86/mm/fault.c:1364 [inline]
 handle_page_fault arch/x86/mm/fault.c:1505 [inline]
 exc_page_fault+0x3ff/0x6c0 arch/x86/mm/fault.c:1561
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
RIP: 0033:0x7fb1e33694e7
Code: 08 85 c9 0f 85 6c 0b 00 00 4c 89 4c 24 60 31 c0 b9 40 42 0f 00 ba 81 00 00 00 bf ca 00 00 00 c7 06 01 00 00 00 e8 e9 67 04 00 <83> 05 9a 74 16 00 01 4c 8b 4c 24 60 80 bc 24 28 01 00 00 00 0f b6
RSP: 002b:00007ffeccbf08c0 EFLAGS: 00010207
RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00007fb1e33afce9
RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fb1e34cef88
RBP: 0000000000000048 R08: 00007fb1e34cef8c R09: 00007fb1e34cef8c
R10: 00007fb1e2f330c0 R11: 0000000000000246 R12: 00007fb1e34cef80
R13: 0000000000000f69 R14: 0000000000000000 R15: 00007fb1e34cef80
 </TASK>
memory: usage 307176kB, limit 307200kB, failcnt 200069
memory+swap: usage 309768kB, limit 9007199254740988kB, failcnt 0
kmem: usage 307132kB, limit 9007199254740988kB, failcnt 0
Memory cgroup stats for /syz5:
cache 12288
rss 28672
shmem 0
mapped_file 0
dirty 0
writeback 0
workingset_refault_anon 105125
workingset_refault_file 36
swap 2654208
swapcached 24576
pgpgin 874362
pgpgout 874352
pgfault 1330121
pgmajfault 71248
inactive_anon 28672
active_anon 0
inactive_file 0
active_file 12288
unevictable 0
hierarchical_memory_limit 314572800
hierarchical_memsw_limit 9223372036854771712
total_cache 12288
total_rss 28672
total_shmem 0
total_mapped_file 0
total_dirty 0
total_writeback 0
total_workingset_refault_anon 105125
total_workingset_refault_file 36
total_swap 2654208
total_swapcached 24576
total_pgpgin 874362
total_pgpgout 874352
total_pgfault 1330121
total_pgmajfault 71248
total_inactive_anon 28672
total_active_anon 0
total_inactive_file 0
total_active_file 12288
total_unevictable 0
oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=5159,uid=0
Memory cgroup out of memory: Killed process 5159 (syz-executor.5) total-vm:46304kB, anon-rss:376kB, file-rss:8960kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:1000