syzbot

oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.2119,pid=14035,uid=0
Memory cgroup out of memory: Killed process 14035 (syz.2.2119) total-vm:94036kB, anon-rss:1416kB, file-rss:20804kB, shmem-rss:0kB, UID:0 pgtables:100kB oom_score_adj:1000
==================================================================
BUG: KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64

read-write to 0xffffffff86c07a00 of 8 bytes by interrupt on cpu 0:
 tick_do_update_jiffies64+0x113/0x1c0 kernel/time/tick-sched.c:118
 tick_sched_do_timer kernel/time/tick-sched.c:253 [inline]
 tick_nohz_handler+0x88/0x380 kernel/time/tick-sched.c:310
 __run_hrtimer kernel/time/hrtimer.c:2032 [inline]
 __hrtimer_run_queues+0x1f8/0x510 kernel/time/hrtimer.c:2096
 hrtimer_interrupt+0x257/0x810 kernel/time/hrtimer.c:2215
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1051 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1c0 arch/x86/kernel/apic/apic.c:1068
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1062 [inline]
 sysvec_apic_timer_interrupt+0x6f/0x80 arch/x86/kernel/apic/apic.c:1062
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:674
 kcsan_setup_watchpoint+0x3e8/0x450 kernel/kcsan/core.c:705
 ns_of_pid include/linux/pid.h:153 [inline]
 task_active_pid_ns kernel/pid.c:577 [inline]
 pid_vnr+0x3b/0x100 kernel/pid.c:556
 scm_set_cred include/net/scm.h:73 [inline]
 unix_skb_to_scm net/unix/af_unix.c:2005 [inline]
 __unix_dgram_recvmsg+0x5b6/0x860 net/unix/af_unix.c:2638
 unix_dgram_recvmsg+0x7e/0x90 net/unix/af_unix.c:2686
 sock_recvmsg_nosec+0xc2/0xf0 net/socket.c:1126
 ____sys_recvmsg+0x26f/0x280 net/socket.c:2902
 ___sys_recvmsg+0x11f/0x3a0 net/socket.c:2946
 do_recvmmsg+0x1e5/0x560 net/socket.c:3041
 __sys_recvmmsg net/socket.c:3115 [inline]
 __do_sys_recvmmsg net/socket.c:3138 [inline]
 __se_sys_recvmmsg net/socket.c:3131 [inline]
 __x64_sys_recvmmsg+0xe5/0x170 net/socket.c:3131
 x64_sys_call+0x80f/0x3020 arch/x86/include/generated/asm/syscalls_64.h:300
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x136/0x3c0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffffff86c07a00 of 8 bytes by task 22208 on cpu 1:
 mem_cgroup_flush_stats_ratelimited+0x29/0x50 mm/memcontrol.c:743
 count_shadow_nodes+0x6a/0x250 mm/workingset.c:692
 do_shrink_slab+0x61/0x650 mm/shrinker.c:382
 shrink_slab_memcg mm/shrinker.c:553 [inline]
 shrink_slab+0x53b/0x8e0 mm/shrinker.c:631
 shrink_node_memcgs mm/vmscan.c:6173 [inline]
 shrink_node+0x6d4/0x2080 mm/vmscan.c:6215
 shrink_zones mm/vmscan.c:6454 [inline]
 do_try_to_free_pages+0x408/0xc90 mm/vmscan.c:6516
 try_to_free_mem_cgroup_pages+0x201/0x420 mm/vmscan.c:6838
 try_charge_memcg+0x375/0xa00 mm/memcontrol.c:2630
 obj_cgroup_charge_pages mm/memcontrol.c:3072 [inline]
 __memcg_kmem_charge_page+0x199/0x3a0 mm/memcontrol.c:3116
 __alloc_frozen_pages_noprof+0x18a/0x350 mm/page_alloc.c:5238
 alloc_pages_mpol+0xa9/0x1d0 mm/mempolicy.c:2490
 alloc_frozen_pages_noprof mm/mempolicy.c:2561 [inline]
 alloc_pages_noprof+0x8f/0x140 mm/mempolicy.c:2581
 vm_area_alloc_pages mm/vmalloc.c:3728 [inline]
 __vmalloc_area_node mm/vmalloc.c:3878 [inline]
 __vmalloc_node_range_noprof+0xae9/0x11e0 mm/vmalloc.c:4064
 __kvmalloc_node_noprof+0x3d4/0x640 mm/slub.c:6861
 futex_hash_allocate+0x192/0x920 kernel/futex/core.c:1823
 futex_hash_prctl+0xd8/0xf0 kernel/futex/core.c:1995
 __do_sys_prctl kernel/sys.c:2885 [inline]
 __se_sys_prctl+0x4f4/0x13c0 kernel/sys.c:2534
 __x64_sys_prctl+0x67/0x80 kernel/sys.c:2534
 x64_sys_call+0x2533/0x3020 arch/x86/include/generated/asm/syscalls_64.h:158
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x136/0x3c0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x000000010001314b -> 0x000000010001314c

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 22208 Comm: syz.2.4012 Tainted: G        W           syzkaller #0 PREEMPT(lazy) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
==================================================================
syz.2.4012 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=0
CPU: 1 UID: 0 PID: 22208 Comm: syz.2.4012 Tainted: G        W           syzkaller #0 PREEMPT(lazy) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
Call Trace:
 <TASK>
 __dump_stack+0x1d/0x30 lib/dump_stack.c:94
 dump_stack_lvl+0x95/0xd0 lib/dump_stack.c:120
 dump_stack+0x15/0x1b lib/dump_stack.c:129
 dump_header+0x80/0x240 mm/oom_kill.c:464
 oom_kill_process+0x295/0x350 mm/oom_kill.c:1031
 out_of_memory+0x981/0xbc0 mm/oom_kill.c:1169
 mem_cgroup_out_of_memory mm/memcontrol.c:1907 [inline]
 mem_cgroup_oom mm/memcontrol.c:1930 [inline]
 try_charge_memcg+0x621/0xa00 mm/memcontrol.c:2672
 obj_cgroup_charge_pages mm/memcontrol.c:3072 [inline]
 __memcg_kmem_charge_page+0x199/0x3a0 mm/memcontrol.c:3116
 __alloc_frozen_pages_noprof+0x18a/0x350 mm/page_alloc.c:5238
 alloc_pages_mpol+0xa9/0x1d0 mm/mempolicy.c:2490
 alloc_frozen_pages_noprof mm/mempolicy.c:2561 [inline]
 alloc_pages_noprof+0x8f/0x140 mm/mempolicy.c:2581
 vm_area_alloc_pages mm/vmalloc.c:3728 [inline]
 __vmalloc_area_node mm/vmalloc.c:3878 [inline]
 __vmalloc_node_range_noprof+0xae9/0x11e0 mm/vmalloc.c:4064
 __kvmalloc_node_noprof+0x3d4/0x640 mm/slub.c:6861
 futex_hash_allocate+0x192/0x920 kernel/futex/core.c:1823
 futex_hash_prctl+0xd8/0xf0 kernel/futex/core.c:1995
 __do_sys_prctl kernel/sys.c:2885 [inline]
 __se_sys_prctl+0x4f4/0x13c0 kernel/sys.c:2534
 __x64_sys_prctl+0x67/0x80 kernel/sys.c:2534
 x64_sys_call+0x2533/0x3020 arch/x86/include/generated/asm/syscalls_64.h:158
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x136/0x3c0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1c44ecce59
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1c42c74028 EFLAGS: 00000246 ORIG_RAX: 000000000000009d
RAX: ffffffffffffffda RBX: 00007f1c45146450 RCX: 00007f1c44ecce59
RDX: 0000000001000000 RSI: 0000000000000001 RDI: 000000000000004e
RBP: 00007f1c44f62d6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f1c451464e8 R14: 00007f1c45146450 R15: 00007ffe53033238
 </TASK>
memory: usage 307200kB, limit 307200kB, failcnt 1999
memory+swap: usage 325344kB, limit 9007199254740988kB, failcnt 0
kmem: usage 209436kB, limit 9007199254740988kB, failcnt 0
Memory cgroup stats for /syz2:
cache 98283520
rss 1626112
shmem 98279424
mapped_file 4202496
dirty 0
writeback 0
workingset_refault_anon 2152
workingset_refault_file 2686
swap 18579456
swapcached 50556928
pgpgin 1300844
pgpgout 1276430
pgfault 1307359
pgmajfault 310
inactive_anon 37007360
active_anon 62988288
inactive_file 4096
active_file 0
unevictable 0
hierarchical_memory_limit 314572800
hierarchical_memsw_limit 9223372036854771712
total_cache 98283520
total_rss 1626112
total_shmem 98279424
total_mapped_file 4202496
total_dirty 0
total_writeback 0
total_workingset_refault_anon 2152
total_workingset_refault_file 2686
total_swap 18579456
total_swapcached 50556928
total_pgpgin 1300844
total_pgpgout 1276430
total_pgfault 1307359
total_pgmajfault 310
total_inactive_anon 37007360
total_active_anon 62988288
total_inactive_file 4096
total_active_file 0
total_unevictable 0
oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.1032,pid=8977,uid=0
Memory cgroup out of memory: Killed process 8977 (syz.2.1032) total-vm:96216kB, anon-rss:1232kB, file-rss:20804kB, shmem-rss:0kB, UID:0 pgtables:100kB oom_score_adj:1000