================================================================== BUG: KCSAN: data-race in __refill_stock / drain_all_stock read-write to 0xffff888237d2b950 of 4 bytes by task 6593 on cpu 1: __refill_stock+0x8a/0xc0 mm/memcontrol.c:2390 refill_stock mm/memcontrol.c:2401 [inline] obj_cgroup_uncharge_pages+0x126/0x200 mm/memcontrol.c:3281 __memcg_kmem_uncharge_page+0x53/0x110 mm/memcontrol.c:3354 free_pages_prepare mm/page_alloc.c:1098 [inline] free_unref_page_prepare+0x61/0x2c0 mm/page_alloc.c:2347 free_unref_page+0x34/0x180 mm/page_alloc.c:2487 vfree+0x211/0x390 mm/vmalloc.c:3324 __vmalloc_area_node mm/vmalloc.c:3685 [inline] __vmalloc_node_range+0xe16/0xee0 mm/vmalloc.c:3802 kvmalloc_node+0x121/0x170 mm/util.c:659 kvmalloc include/linux/slab.h:766 [inline] xt_alloc_table_info+0x3d/0x80 net/netfilter/x_tables.c:1193 do_replace net/ipv6/netfilter/ip6_tables.c:1139 [inline] do_ip6t_set_ctl+0x63f/0x1800 net/ipv6/netfilter/ip6_tables.c:1636 nf_setsockopt+0x195/0x1b0 net/netfilter/nf_sockopt.c:101 ipv6_setsockopt+0x126/0x140 net/ipv6/ipv6_sockglue.c:999 dccp_setsockopt+0xe1/0xc40 net/dccp/proto.c:579 sock_common_setsockopt+0x64/0x80 net/core/sock.c:3727 do_sock_setsockopt net/socket.c:2311 [inline] __sys_setsockopt+0x1d8/0x250 net/socket.c:2334 __do_sys_setsockopt net/socket.c:2343 [inline] __se_sys_setsockopt net/socket.c:2340 [inline] __x64_sys_setsockopt+0x66/0x80 net/socket.c:2340 do_syscall_64+0xd3/0x1d0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 read to 0xffff888237d2b950 of 4 bytes by task 6589 on cpu 0: drain_all_stock+0xd3/0x2e0 mm/memcontrol.c:2431 try_charge_memcg+0x6bb/0xd10 mm/memcontrol.c:2791 try_charge mm/memcontrol.c:2931 [inline] charge_memcg mm/memcontrol.c:7284 [inline] mem_cgroup_swapin_charge_folio+0x107/0x1a0 mm/memcontrol.c:7369 __read_swap_cache_async+0x2b9/0x520 mm/swap_state.c:514 swap_cluster_readahead+0x276/0x3f0 mm/swap_state.c:678 swapin_readahead+0xe2/0x7a0 mm/swap_state.c:904 do_swap_page+0x3bb/0x15f0 mm/memory.c:4048 handle_pte_fault mm/memory.c:5303 [inline] __handle_mm_fault mm/memory.c:5441 [inline] handle_mm_fault+0x7fa/0x27e0 mm/memory.c:5606 do_user_addr_fault arch/x86/mm/fault.c:1362 [inline] handle_page_fault arch/x86/mm/fault.c:1505 [inline] exc_page_fault+0x3eb/0x6d0 arch/x86/mm/fault.c:1563 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 value changed: 0x00000002 -> 0x0000001f Reported by Kernel Concurrency Sanitizer on: CPU: 0 PID: 6589 Comm: syz-executor.1 Tainted: G W 6.9.0-rc1-syzkaller-00061-g8d025e2092e2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 ================================================================== syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 CPU: 1 PID: 6589 Comm: syz-executor.1 Tainted: G W 6.9.0-rc1-syzkaller-00061-g8d025e2092e2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xf2/0x150 lib/dump_stack.c:114 dump_stack+0x15/0x20 lib/dump_stack.c:123 dump_header+0x83/0x2d0 mm/oom_kill.c:462 oom_kill_process+0x33e/0x4c0 mm/oom_kill.c:1036 out_of_memory+0x9cb/0xc00 mm/oom_kill.c:1174 mem_cgroup_out_of_memory+0x13e/0x190 mm/memcontrol.c:1817 mem_cgroup_oom mm/memcontrol.c:2047 [inline] try_charge_memcg+0x752/0xd10 mm/memcontrol.c:2831 try_charge mm/memcontrol.c:2931 [inline] charge_memcg mm/memcontrol.c:7284 [inline] mem_cgroup_swapin_charge_folio+0x107/0x1a0 mm/memcontrol.c:7369 __read_swap_cache_async+0x2b9/0x520 mm/swap_state.c:514 swap_cluster_readahead+0x276/0x3f0 mm/swap_state.c:678 swapin_readahead+0xe2/0x7a0 mm/swap_state.c:904 do_swap_page+0x3bb/0x15f0 mm/memory.c:4048 handle_pte_fault mm/memory.c:5303 [inline] __handle_mm_fault mm/memory.c:5441 [inline] handle_mm_fault+0x7fa/0x27e0 mm/memory.c:5606 do_user_addr_fault arch/x86/mm/fault.c:1362 [inline] handle_page_fault arch/x86/mm/fault.c:1505 [inline] exc_page_fault+0x3eb/0x6d0 arch/x86/mm/fault.c:1563 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 RIP: 0033:0x7f5b503f5da4 Code: 01 00 00 69 3d 11 d9 c9 00 e8 03 00 00 48 8d 1d f2 41 17 00 e8 9d 5f 04 00 eb 0f 0f 1f 00 48 81 c3 d0 00 00 00 48 39 eb 74 be <80> 7b 20 00 74 ee 8b 43 0c 85 c0 74 e7 48 89 df e8 f7 ee ff ff eb RSP: 002b:00007ffc52bb56c0 EFLAGS: 00010206 RAX: 0000000000000000 RBX: 00007f5b50569f80 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000055559077f788 RBP: 00007f5b5056b980 R08: 0000000000000000 R09: 00007f5b505480b0 R10: 0000000000000000 R11: 0000000000000293 R12: 000000000020d93a R13: ffffffffffffffff R14: 00007f5b4ffbe000 R15: 000000000020d5f9 memory: usage 307200kB, limit 307200kB, failcnt 3565 memory+swap: usage 307692kB, limit 9007199254740988kB, failcnt 0 kmem: usage 307192kB, limit 9007199254740988kB, failcnt 0 Memory cgroup stats for /syz1: cache 0 rss 36864 shmem 0 mapped_file 0 dirty 0 writeback 0 workingset_refault_anon 997 workingset_refault_file 185 swap 471040 swapcached 36864 pgpgin 544500 pgpgout 544490 pgfault 1002572 pgmajfault 558 inactive_anon 40960 active_anon 0 inactive_file 0 active_file 0 unevictable 0 hierarchical_memory_limit 314572800 hierarchical_memsw_limit 9223372036854771712 total_cache 0 total_rss 36864 total_shmem 0 total_mapped_file 0 total_dirty 0 total_writeback 0 total_workingset_refault_anon 997 total_workingset_refault_file 185 total_swap 471040 total_swapcached 36864 total_pgpgin 544519 total_pgpgout 544509 total_pgfault 1002606 total_pgmajfault 559 total_inactive_anon 40960 total_active_anon 0 total_inactive_file 0 total_active_file 0 total_unevictable 0 oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=6589,uid=0 Memory cgroup out of memory: Killed process 6589 (syz-executor.1) total-vm:48492kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000