syzbot

==================================================================
BUG: KCSAN: data-race in __mod_memcg_state / mem_cgroup_css_rstat_flush

write to 0xffffe8ffffd43640 of 4 bytes by task 19055 on cpu 0:
 mem_cgroup_css_rstat_flush+0x4ea/0x540 mm/memcontrol.c:5848
 cgroup_rstat_flush_locked+0x848/0x980 kernel/cgroup/rstat.c:245
 cgroup_rstat_flush+0x26/0x40 kernel/cgroup/rstat.c:277
 do_flush_stats mm/memcontrol.c:745 [inline]
 mem_cgroup_flush_stats+0xb2/0xc0 mm/memcontrol.c:766
 prepare_scan_control mm/vmscan.c:2234 [inline]
 shrink_node+0x2f2/0x15a0 mm/vmscan.c:5906
 shrink_zones mm/vmscan.c:6152 [inline]
 do_try_to_free_pages+0x3cc/0xca0 mm/vmscan.c:6214
 try_to_free_mem_cgroup_pages+0x1eb/0x4e0 mm/vmscan.c:6529
 try_charge_memcg+0x279/0xd10 mm/memcontrol.c:2783
 try_charge mm/memcontrol.c:2931 [inline]
 charge_memcg mm/memcontrol.c:7284 [inline]
 mem_cgroup_swapin_charge_folio+0x107/0x1a0 mm/memcontrol.c:7369
 __read_swap_cache_async+0x2b9/0x520 mm/swap_state.c:514
 swap_cluster_readahead+0x276/0x3f0 mm/swap_state.c:678
 swapin_readahead+0xe2/0x7a0 mm/swap_state.c:904
 do_swap_page+0x3bb/0x15f0 mm/memory.c:4048
 handle_pte_fault mm/memory.c:5303 [inline]
 __handle_mm_fault mm/memory.c:5441 [inline]
 handle_mm_fault+0x7fa/0x27e0 mm/memory.c:5606
 do_user_addr_fault arch/x86/mm/fault.c:1362 [inline]
 handle_page_fault arch/x86/mm/fault.c:1505 [inline]
 exc_page_fault+0x3eb/0x6d0 arch/x86/mm/fault.c:1563
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623

read-write to 0xffffe8ffffd43640 of 4 bytes by task 19056 on cpu 1:
 memcg_rstat_updated mm/memcontrol.c:725 [inline]
 __mod_memcg_state+0x10c/0x170 mm/memcontrol.c:824
 mod_memcg_state include/linux/memcontrol.h:1002 [inline]
 mod_memcg_page_state include/linux/memcontrol.h:1017 [inline]
 __vmalloc_area_node mm/vmalloc.c:3645 [inline]
 __vmalloc_node_range+0xa98/0xee0 mm/vmalloc.c:3818
 kvmalloc_node+0x121/0x170 mm/util.c:659
 kvmalloc include/linux/slab.h:766 [inline]
 kvzalloc include/linux/slab.h:774 [inline]
 ip_set_alloc+0x1f/0x30 net/netfilter/ipset/ip_set_core.c:255
 hash_netiface_create+0x277/0x740 net/netfilter/ipset/ip_set_hash_gen.h:1568
 ip_set_create+0x359/0x8a0 net/netfilter/ipset/ip_set_core.c:1103
 nfnetlink_rcv_msg+0x4a9/0x570 net/netfilter/nfnetlink.c:302
 netlink_rcv_skb+0x12c/0x230 net/netlink/af_netlink.c:2559
 nfnetlink_rcv+0x170/0x13e0 net/netfilter/nfnetlink.c:659
 netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]
 netlink_unicast+0x58d/0x660 net/netlink/af_netlink.c:1361
 netlink_sendmsg+0x5d3/0x6e0 net/netlink/af_netlink.c:1905
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg+0x140/0x180 net/socket.c:745
 ____sys_sendmsg+0x312/0x410 net/socket.c:2584
 ___sys_sendmsg net/socket.c:2638 [inline]
 __sys_sendmsg+0x1e9/0x280 net/socket.c:2667
 __do_sys_sendmsg net/socket.c:2676 [inline]
 __se_sys_sendmsg net/socket.c:2674 [inline]
 __x64_sys_sendmsg+0x46/0x50 net/socket.c:2674
 x64_sys_call+0xae9/0x2d30 arch/x86/include/generated/asm/syscalls_64.h:47
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1d0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00000003 -> 0x00000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 19056 Comm: syz-executor.1 Not tainted 6.9.0-rc5-syzkaller-00296-g5eb4573ea63d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
==================================================================
syz-executor.1 (19056) used greatest stack depth: 8216 bytes left