total_active_file 36864 total_unevictable 0 oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=14106,uid=0 Memory cgroup out of memory: Killed process 14106 (syz-executor.3) total-vm:48792kB, anon-rss:436kB, file-rss:11008kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 ================================================================== BUG: KCSAN: data-race in __mod_memcg_lruvec_state / mem_cgroup_css_rstat_flush write to 0xffffe8ffffc4eac0 of 4 bytes by task 14164 on cpu 1: mem_cgroup_css_rstat_flush+0x4ea/0x540 mm/memcontrol.c:5848 cgroup_rstat_flush_locked+0x93a/0xe20 kernel/cgroup/rstat.c:322 cgroup_rstat_flush+0x2a/0x120 kernel/cgroup/rstat.c:354 do_flush_stats mm/memcontrol.c:745 [inline] mem_cgroup_flush_stats+0xb2/0xc0 mm/memcontrol.c:766 prepare_scan_control mm/vmscan.c:2234 [inline] shrink_node+0x2f2/0x15a0 mm/vmscan.c:5906 shrink_zones mm/vmscan.c:6152 [inline] do_try_to_free_pages+0x3cc/0xca0 mm/vmscan.c:6214 try_to_free_mem_cgroup_pages+0x1eb/0x4e0 mm/vmscan.c:6529 try_charge_memcg+0x279/0xd10 mm/memcontrol.c:2783 try_charge mm/memcontrol.c:2931 [inline] charge_memcg mm/memcontrol.c:7284 [inline] mem_cgroup_swapin_charge_folio+0x107/0x1a0 mm/memcontrol.c:7369 __read_swap_cache_async+0x2b9/0x520 mm/swap_state.c:514 swap_cluster_readahead+0x276/0x3f0 mm/swap_state.c:678 swapin_readahead+0xe2/0x7a0 mm/swap_state.c:904 do_swap_page+0x3bb/0x15f0 mm/memory.c:4043 handle_pte_fault mm/memory.c:5298 [inline] __handle_mm_fault mm/memory.c:5436 [inline] handle_mm_fault+0x7fa/0x27e0 mm/memory.c:5601 do_user_addr_fault arch/x86/mm/fault.c:1383 [inline] handle_page_fault arch/x86/mm/fault.c:1475 [inline] exc_page_fault+0x2f5/0x690 arch/x86/mm/fault.c:1533 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 __get_user_8+0x11/0x20 arch/x86/lib/getuser.S:85 fetch_robust_entry kernel/futex/core.c:783 [inline] exit_robust_list+0x31/0x280 kernel/futex/core.c:811 futex_cleanup kernel/futex/core.c:1043 [inline] futex_exit_release+0xe3/0x130 kernel/futex/core.c:1144 exit_mm_release+0x1a/0x30 kernel/fork.c:1653 exit_mm+0x38/0x190 kernel/exit.c:541 do_exit+0x57e/0x1740 kernel/exit.c:864 do_group_exit+0x102/0x150 kernel/exit.c:1026 get_signal+0xf2f/0x1080 kernel/signal.c:2911 arch_do_signal_or_restart+0x95/0x4b0 arch/x86/kernel/signal.c:310 exit_to_user_mode_loop kernel/entry/common.c:111 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x59/0x130 kernel/entry/common.c:218 do_syscall_64+0xda/0x1d0 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f read-write to 0xffffe8ffffc4eac0 of 4 bytes by task 14106 on cpu 0: memcg_rstat_updated mm/memcontrol.c:725 [inline] __mod_memcg_lruvec_state+0x13a/0x1a0 mm/memcontrol.c:875 __mod_lruvec_state+0x3c/0x50 mm/memcontrol.c:897 __update_lru_size include/linux/mm_inline.h:47 [inline] update_lru_size include/linux/mm_inline.h:56 [inline] lruvec_add_folio include/linux/mm_inline.h:326 [inline] move_folios_to_lru+0x311/0x690 mm/vmscan.c:1849 shrink_inactive_list mm/vmscan.c:1929 [inline] shrink_list mm/vmscan.c:2163 [inline] shrink_lruvec+0xbd8/0x1640 mm/vmscan.c:5687 shrink_node_memcgs mm/vmscan.c:5873 [inline] shrink_node+0xa78/0x15a0 mm/vmscan.c:5908 shrink_zones mm/vmscan.c:6152 [inline] do_try_to_free_pages+0x3cc/0xca0 mm/vmscan.c:6214 try_to_free_mem_cgroup_pages+0x1eb/0x4e0 mm/vmscan.c:6529 try_charge_memcg+0x279/0xd10 mm/memcontrol.c:2783 try_charge mm/memcontrol.c:2931 [inline] charge_memcg mm/memcontrol.c:7284 [inline] mem_cgroup_swapin_charge_folio+0x107/0x1a0 mm/memcontrol.c:7369 __read_swap_cache_async+0x2b9/0x520 mm/swap_state.c:514 swap_cluster_readahead+0x276/0x3f0 mm/swap_state.c:678 swapin_readahead+0xe2/0x7a0 mm/swap_state.c:904 do_swap_page+0x3bb/0x15f0 mm/memory.c:4043 handle_pte_fault mm/memory.c:5298 [inline] __handle_mm_fault mm/memory.c:5436 [inline] handle_mm_fault+0x7fa/0x27e0 mm/memory.c:5601 do_user_addr_fault arch/x86/mm/fault.c:1332 [inline] handle_page_fault arch/x86/mm/fault.c:1475 [inline] exc_page_fault+0x3eb/0x690 arch/x86/mm/fault.c:1533 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 value changed: 0x00000009 -> 0x00000000 Reported by Kernel Concurrency Sanitizer on: CPU: 0 PID: 14106 Comm: syz-executor.3 Not tainted 6.9.0-syzkaller-08544-g4b377b4868ef #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 ==================================================================