================================================================== BUG: KCSAN: data-race in drain_all_stock / drain_stock write to 0xffff888237c283a8 of 8 bytes by task 1824 on cpu 0: drain_stock+0x88/0x110 mm/memcontrol.c:2209 __refill_stock mm/memcontrol.c:2245 [inline] refill_stock+0x85/0x130 mm/memcontrol.c:2260 try_charge_memcg+0x7bb/0xa40 mm/memcontrol.c:2711 obj_cgroup_charge_pages mm/memcontrol.c:3040 [inline] obj_cgroup_charge+0x171/0x2b0 mm/memcontrol.c:3330 memcg_slab_pre_alloc_hook mm/slab.h:496 [inline] slab_pre_alloc_hook mm/slab.h:705 [inline] slab_alloc mm/slab.c:3278 [inline] __kmem_cache_alloc_lru mm/slab.c:3471 [inline] kmem_cache_alloc+0x92/0x2f0 mm/slab.c:3491 sk_prot_alloc+0x41/0x180 net/core/sock.c:2024 sk_alloc+0x2f/0x340 net/core/sock.c:2083 inet_create+0x3f7/0x720 net/ipv4/af_inet.c:319 __sock_create+0x2cc/0x4e0 net/socket.c:1515 sock_create net/socket.c:1566 [inline] __sys_socket_create net/socket.c:1603 [inline] __sys_socket+0x9c/0x220 net/socket.c:1636 __do_sys_socket net/socket.c:1649 [inline] __se_sys_socket net/socket.c:1647 [inline] __x64_sys_socket+0x3b/0x50 net/socket.c:1647 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd read to 0xffff888237c283a8 of 8 bytes by task 21683 on cpu 1: drain_all_stock+0xcc/0x310 mm/memcontrol.c:2289 try_charge_memcg+0x63a/0xa40 mm/memcontrol.c:2635 obj_cgroup_charge_pages mm/memcontrol.c:3040 [inline] obj_cgroup_charge+0x171/0x2b0 mm/memcontrol.c:3330 memcg_slab_pre_alloc_hook mm/slab.h:496 [inline] slab_pre_alloc_hook mm/slab.h:705 [inline] slab_alloc_node mm/slab.c:3194 [inline] kmem_cache_alloc_node+0x9c/0x2b0 mm/slab.c:3583 alloc_task_struct_node kernel/fork.c:172 [inline] dup_task_struct+0x5b/0x2a0 kernel/fork.c:969 copy_process+0x3cb/0x20e0 kernel/fork.c:2085 kernel_clone+0x163/0x5c0 kernel/fork.c:2671 __do_sys_clone kernel/fork.c:2805 [inline] __se_sys_clone kernel/fork.c:2789 [inline] __x64_sys_clone+0xc3/0xf0 kernel/fork.c:2789 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd value changed: 0xffff88813b2c6000 -> 0xffff88813b1b0000 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 21683 Comm: syz-executor.0 Not tainted 6.0.0-syzkaller-07362-g62e6e5940c0c-dirty #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 ================================================================== syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 CPU: 0 PID: 21683 Comm: syz-executor.0 Not tainted 6.0.0-syzkaller-07362-g62e6e5940c0c-dirty #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd6/0x122 lib/dump_stack.c:106 dump_stack+0x11/0x12 lib/dump_stack.c:113 dump_header+0x98/0x410 mm/oom_kill.c:460 oom_kill_process+0x100/0x550 mm/oom_kill.c:1037 out_of_memory+0x620/0x880 mm/oom_kill.c:1175 mem_cgroup_out_of_memory mm/memcontrol.c:1652 [inline] mem_cgroup_oom+0x475/0x4f0 mm/memcontrol.c:1882 try_charge_memcg+0x790/0xa40 mm/memcontrol.c:2675 obj_cgroup_charge_pages mm/memcontrol.c:3040 [inline] __memcg_kmem_charge_page+0x2e4/0x480 mm/memcontrol.c:3066 __alloc_pages+0x1c1/0x340 mm/page_alloc.c:5566 alloc_pages+0x3f1/0x4f0 __pte_alloc_one include/asm-generic/pgalloc.h:63 [inline] pte_alloc_one+0x29/0xb0 arch/x86/mm/pgtable.c:33 __pte_alloc+0x2f/0x1f0 mm/memory.c:468 do_anonymous_page+0x799/0xa20 mm/memory.c:4052 handle_pte_fault mm/memory.c:4915 [inline] __handle_mm_fault mm/memory.c:5059 [inline] handle_mm_fault+0x8a0/0xa90 mm/memory.c:5157 do_user_addr_fault+0x4a1/0x980 arch/x86/mm/fault.c:1407 handle_page_fault arch/x86/mm/fault.c:1498 [inline] exc_page_fault+0x60/0x160 arch/x86/mm/fault.c:1554 asm_exc_page_fault+0x22/0x30 arch/x86/include/asm/idtentry.h:570 RIP: 0033:0x7f624fadd02b Code: 48 85 c0 74 1b 48 83 f8 01 0f 85 5a 03 00 00 0f b7 44 24 18 66 c1 c0 08 0f b7 c0 48 89 44 24 18 48 8b 44 24 10 0f b7 54 24 18 <66> 89 10 e9 70 fe ff ff 48 83 7c 24 08 08 0f 85 09 03 00 00 48 8b RSP: 002b:00007ffd5c9151b0 EFLAGS: 00010246 RAX: 0000000020000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 000000000000000a RSI: 0000000000000000 RDI: 00005555560262e8 RBP: 00007ffd5c9152a8 R08: 0000000000000000 R09: 0000000000000000 R10: 00007ffd5c9152d0 R11: 0000000000000246 R12: 0000000000245af8 R13: 00007ffd5c9152d0 R14: 00007f624fc5f050 R15: 0000000000000032 memory: usage 307200kB, limit 307200kB, failcnt 36322 swap: usage 0kB, limit 9007199254740988kB, failcnt 0 Memory cgroup stats for /syz0: anon 106496 file 4206592 kernel 310259712 kernel_stack 49152 pagetables 73728 percpu 10893984 sock 0 vmalloc 0 shmem 4202496 file_mapped 73728 file_dirty 0 file_writeback 0 swapcached 0 inactive_anon 110592 active_anon 4198400 inactive_file 0 active_file 4096 unevictable 0 slab_reclaimable 20032 slab_unreclaimable 299173648 slab 299193680 workingset_refault_anon 0 workingset_refault_file 97 workingset_activate_anon 0 workingset_activate_file 1 oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=21683,uid=0 Memory cgroup out of memory: Killed process 21683 (syz-executor.0) total-vm:42688kB, anon-rss:452kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000