==================================================================
BUG: KCSAN: data-race in __refill_stock / drain_all_stock

read-write to 0xffff888237c2a2f0 of 4 bytes by task 3127 on cpu 0:
 __refill_stock+0x7c/0xb0 mm/memcontrol.c:2317
 refill_stock mm/memcontrol.c:2328 [inline]
 try_charge_memcg+0x9eb/0xd20 mm/memcontrol.c:2779
 obj_cgroup_charge_pages+0xab/0x130 mm/memcontrol.c:3109
 obj_cgroup_charge+0xe9/0x140 mm/memcontrol.c:3399
 memcg_slab_pre_alloc_hook mm/slab.h:519 [inline]
 slab_pre_alloc_hook+0x112/0x180 mm/slab.h:733
 slab_alloc_node mm/slab.c:3241 [inline]
 kmem_cache_alloc_node+0x5d/0x2e0 mm/slab.c:3529
 alloc_task_struct_node kernel/fork.c:171 [inline]
 dup_task_struct+0x60/0x450 kernel/fork.c:974
 copy_process+0x396/0x2100 kernel/fork.c:2098
 kernel_clone+0x169/0x560 kernel/fork.c:2682
 __do_sys_clone kernel/fork.c:2823 [inline]
 __se_sys_clone kernel/fork.c:2807 [inline]
 __x64_sys_clone+0xdf/0x110 kernel/fork.c:2807
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

read to 0xffff888237c2a2f0 of 4 bytes by task 17282 on cpu 1:
 drain_all_stock+0xd3/0x2a0 mm/memcontrol.c:2358
 try_charge_memcg+0x6c2/0xd20 mm/memcontrol.c:2703
 obj_cgroup_charge_pages+0xab/0x130 mm/memcontrol.c:3109
 __memcg_kmem_charge_page+0x1d5/0x2c0 mm/memcontrol.c:3135
 __alloc_pages+0x1bb/0x340 mm/page_alloc.c:5609
 alloc_pages+0x3e1/0x4e0
 __pte_alloc_one include/asm-generic/pgalloc.h:63 [inline]
 pte_alloc_one+0x2d/0xc0 arch/x86/mm/pgtable.c:33
 __pte_alloc+0x33/0x1f0 mm/memory.c:421
 do_anonymous_page mm/memory.c:4034 [inline]
 handle_pte_fault mm/memory.c:4921 [inline]
 __handle_mm_fault mm/memory.c:5065 [inline]
 handle_mm_fault+0x1ce0/0x21d0 mm/memory.c:5211
 do_user_addr_fault arch/x86/mm/fault.c:1407 [inline]
 handle_page_fault arch/x86/mm/fault.c:1498 [inline]
 exc_page_fault+0x45f/0x640 arch/x86/mm/fault.c:1554
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570

value changed: 0x00000001 -> 0x0000003b

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 17282 Comm: syz-executor.3 Not tainted 6.3.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
==================================================================
syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
CPU: 1 PID: 17282 Comm: syz-executor.3 Not tainted 6.3.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xda/0x130 lib/dump_stack.c:106
 dump_stack+0x15/0x20 lib/dump_stack.c:113
 dump_header+0x95/0x3c0 mm/oom_kill.c:460
 oom_kill_process+0xe3/0x3e0 mm/oom_kill.c:1036
 out_of_memory+0x9f0/0xc30 mm/oom_kill.c:1174
 mem_cgroup_out_of_memory+0x139/0x190 mm/memcontrol.c:1720
 mem_cgroup_oom mm/memcontrol.c:1950 [inline]
 try_charge_memcg+0x759/0xd20 mm/memcontrol.c:2743
 try_charge mm/memcontrol.c:2837 [inline]
 charge_memcg+0x51/0x200 mm/memcontrol.c:6960
 __mem_cgroup_charge+0x29/0xa0 mm/memcontrol.c:6981
 mem_cgroup_charge include/linux/memcontrol.h:678 [inline]
 do_anonymous_page mm/memory.c:4070 [inline]
 handle_pte_fault mm/memory.c:4921 [inline]
 __handle_mm_fault mm/memory.c:5065 [inline]
 handle_mm_fault+0xcea/0x21d0 mm/memory.c:5211
 do_user_addr_fault arch/x86/mm/fault.c:1407 [inline]
 handle_page_fault arch/x86/mm/fault.c:1498 [inline]
 exc_page_fault+0x45f/0x640 arch/x86/mm/fault.c:1554
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
RIP: 0033:0x7f0cbc470de9
Code: 48 8b 04 24 48 85 c0 74 17 48 8b 54 24 18 48 0f ca 48 89 54 24 18 48 83 f8 01 0f 85 9b 02 00 00 48 8b 44 24 10 48 8b 54 24 18 <48> 89 10 e9 c2 fd ff ff 48 8b 44 24 10 0f b7 10 48 8b 04 24 48 85
RSP: 002b:00007fff8ab2bf50 EFLAGS: 00010246
RAX: 0000000020001140 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000020000100 RSI: 0000000000000000 RDI: 000055555612b2e8
RBP: 00007fff8ab2c048 R08: 0000000000000000 R09: 0000000000000000
R10: 00007f0cbc045910 R11: 0000000000000246 R12: 0000000000204e8c
R13: 00007fff8ab2c070 R14: 00007f0cbc5f0f80 R15: 0000000000000032
 </TASK>
memory: usage 307200kB, limit 307200kB, failcnt 9611
swap: usage 0kB, limit 9007199254740988kB, failcnt 0
Memory cgroup stats for /syz3:
anon 143360
file 114688
kernel 314314752
kernel_stack 32768
pagetables 73728
sec_pagetables 0
percpu 11058880
sock 0
vmalloc 0
shmem 114688
file_mapped 114688
file_dirty 0
file_writeback 0
swapcached 0
inactive_anon 172032
active_anon 86016
inactive_file 0
active_file 0
unevictable 0
slab_reclaimable 13480
slab_unreclaimable 303085232
slab 303098712
workingset_refault_anon 0
workingset_refault_file 4
workingset_activate_anon 0
workingset_activate_file 0
workingset_restore_anon 0
workingset_restore_file 0
workingset_nodereclaim 0
pgscan 311
pgsteal 22
pgscan_kswapd 0
pgscan_direct 311
pgscan_khugepaged 0
pgsteal_kswapd 0
pgsteal_direct 22
pgsteal_khugepaged 0
pgfault 900822
pgmajfault 9
pgrefill 326
pgactivate 2621
pgdeactivate 408
pglazyfree 0
pglazyfreed 0
oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17282,uid=0
Memory cgroup out of memory: Killed process 17282 (syz-executor.3) total-vm:46352kB, anon-rss:504kB, file-rss:8960kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000