syzbot

==================================================================
BUG: KCSAN: data-race in shmem_fallocate / shmem_writeout

write to 0xffffc900001c3cb0 of 8 bytes by task 10453 on cpu 0:
 shmem_fallocate+0x724/0x920 mm/shmem.c:3807
 vfs_fallocate+0x3b6/0x400 fs/open.c:339
 ioctl_preallocate fs/ioctl.c:289 [inline]
 file_ioctl+0x4e3/0x5c0 fs/ioctl.c:-1
 do_vfs_ioctl+0x7c9/0xe70 fs/ioctl.c:576
 __do_sys_ioctl fs/ioctl.c:595 [inline]
 __se_sys_ioctl+0x82/0x140 fs/ioctl.c:583
 __x64_sys_ioctl+0x43/0x50 fs/ioctl.c:583
 x64_sys_call+0x14b0/0x3000 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc0/0x2a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffc900001c3cb0 of 8 bytes by task 10447 on cpu 1:
 shmem_writeout+0x2c1/0x920 mm/shmem.c:1626
 writeout mm/vmscan.c:649 [inline]
 pageout mm/vmscan.c:698 [inline]
 shrink_folio_list+0x1e75/0x2710 mm/vmscan.c:1418
 evict_folios+0x2a4e/0x35b0 mm/vmscan.c:4711
 try_to_shrink_lruvec+0x5f6/0x960 mm/vmscan.c:4874
 lru_gen_shrink_lruvec mm/vmscan.c:5023 [inline]
 shrink_lruvec+0x24e/0x1bc0 mm/vmscan.c:5784
 shrink_node_memcgs mm/vmscan.c:6020 [inline]
 shrink_node+0x68e/0x2000 mm/vmscan.c:6061
 shrink_zones mm/vmscan.c:6300 [inline]
 do_try_to_free_pages+0x404/0xcc0 mm/vmscan.c:6362
 try_to_free_mem_cgroup_pages+0x222/0x470 mm/vmscan.c:6690
 try_charge_memcg+0x37e/0xa10 mm/memcontrol.c:2388
 obj_cgroup_charge_pages+0xa6/0x150 mm/memcontrol.c:2823
 __memcg_kmem_charge_page+0x9e/0x170 mm/memcontrol.c:2867
 __alloc_frozen_pages_noprof+0x18a/0x350 mm/page_alloc.c:5257
 alloc_pages_mpol+0xb3/0x260 mm/mempolicy.c:2486
 alloc_frozen_pages_noprof mm/mempolicy.c:2557 [inline]
 alloc_pages_noprof+0x8f/0x130 mm/mempolicy.c:2577
 vm_area_alloc_pages mm/vmalloc.c:3718 [inline]
 __vmalloc_area_node mm/vmalloc.c:3863 [inline]
 __vmalloc_node_range_noprof+0xa46/0x12b0 mm/vmalloc.c:4051
 __kvmalloc_node_noprof+0x471/0x680 mm/slub.c:7164
 ip_set_alloc+0x24/0x30 net/netfilter/ipset/ip_set_core.c:261
 hash_netiface_create+0x282/0x740 net/netfilter/ipset/ip_set_hash_gen.h:1568
 ip_set_create+0x3cf/0x970 net/netfilter/ipset/ip_set_core.c:1109
 nfnetlink_rcv_msg+0x509/0x5d0 net/netfilter/nfnetlink.c:302
 netlink_rcv_skb+0x123/0x220 net/netlink/af_netlink.c:2550
 nfnetlink_rcv+0x167/0x1720 net/netfilter/nfnetlink.c:669
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x5c0/0x690 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x5c8/0x6f0 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg+0x145/0x170 net/socket.c:742
 ____sys_sendmsg+0x31e/0x4a0 net/socket.c:2592
 ___sys_sendmsg+0x195/0x1e0 net/socket.c:2646
 __sys_sendmsg net/socket.c:2678 [inline]
 __do_sys_sendmsg net/socket.c:2683 [inline]
 __se_sys_sendmsg net/socket.c:2681 [inline]
 __x64_sys_sendmsg+0xd4/0x160 net/socket.c:2681
 x64_sys_call+0x17ba/0x3000 arch/x86/include/generated/asm/syscalls_64.h:47
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc0/0x2a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x0000000000000d95 -> 0x0000000000000d96

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 10447 Comm: syz.1.2189 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================
syz.1.2189 (10447) used greatest stack depth: 5624 bytes left