syzbot

==================================================================
BUG: KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64

read-write to 0xffffffff86809a00 of 8 bytes by interrupt on cpu 0:
 tick_do_update_jiffies64+0x113/0x1c0 kernel/time/tick-sched.c:118
 tick_sched_do_timer kernel/time/tick-sched.c:253 [inline]
 tick_nohz_handler+0x8d/0x3d0 kernel/time/tick-sched.c:312
 __run_hrtimer kernel/time/hrtimer.c:1777 [inline]
 __hrtimer_run_queues+0x20f/0x5a0 kernel/time/hrtimer.c:1841
 hrtimer_interrupt+0x21a/0x460 kernel/time/hrtimer.c:1903
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1045 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1d0 arch/x86/kernel/apic/apic.c:1062
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0x6f/0x80 arch/x86/kernel/apic/apic.c:1056
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 native_save_fl arch/x86/include/asm/irqflags.h:26 [inline]
 arch_local_save_flags arch/x86/include/asm/irqflags.h:109 [inline]
 arch_local_irq_save arch/x86/include/asm/irqflags.h:127 [inline]
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]
 _raw_spin_lock_irqsave+0x1f/0xb0 kernel/locking/spinlock.c:162
 cgroup_file_notify+0x22/0x110 kernel/cgroup/cgroup.c:4693
 __memcg_memory_event mm/memcontrol.c:-1 [inline]
 try_charge_memcg+0x324/0xa10 mm/memcontrol.c:2384
 try_charge mm/memcontrol.c:2530 [inline]
 charge_memcg+0x51/0xc0 mm/memcontrol.c:4728
 __mem_cgroup_charge+0x28/0xb0 mm/memcontrol.c:4745
 mem_cgroup_charge include/linux/memcontrol.h:663 [inline]
 shmem_alloc_and_add_folio mm/shmem.c:1942 [inline]
 shmem_get_folio_gfp+0x470/0xd50 mm/shmem.c:2556
 shmem_get_folio mm/shmem.c:2662 [inline]
 shmem_write_begin+0xfc/0x1f0 mm/shmem.c:3315
 generic_perform_write+0x184/0x490 mm/filemap.c:4314
 shmem_file_write_iter+0xc5/0xf0 mm/shmem.c:3490
 __kernel_write_iter+0x2d6/0x540 fs/read_write.c:619
 dump_emit_page fs/coredump.c:1298 [inline]
 dump_user_range+0x61e/0x8f0 fs/coredump.c:1372
 elf_core_dump+0x1de7/0x1f80 fs/binfmt_elf.c:2111
 coredump_write+0xacf/0xdf0 fs/coredump.c:1049
 do_coredump fs/coredump.c:1126 [inline]
 vfs_coredump+0x24f7/0x2e60 fs/coredump.c:1200
 get_signal+0xd84/0xf70 kernel/signal.c:3019
 arch_do_signal_or_restart+0x96/0x450 arch/x86/kernel/signal.c:337
 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:75 [inline]
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
 irqentry_exit_to_user_mode_prepare include/linux/irq-entry-common.h:270 [inline]
 irqentry_exit_to_user_mode include/linux/irq-entry-common.h:339 [inline]
 irqentry_exit+0xf9/0x560 kernel/entry/common.c:196
 exc_general_protection+0x15b/0x1e0 arch/x86/kernel/traps.c:913
 asm_exc_general_protection+0x26/0x30 arch/x86/include/asm/idtentry.h:612

read to 0xffffffff86809a00 of 8 bytes by task 19696 on cpu 1:
 mem_cgroup_flush_stats_ratelimited+0x29/0x70 mm/memcontrol.c:636
 count_shadow_nodes+0x6a/0x230 mm/workingset.c:678
 do_shrink_slab+0x63/0x680 mm/shrinker.c:384
 shrink_slab_memcg mm/shrinker.c:550 [inline]
 shrink_slab+0x4f5/0x840 mm/shrinker.c:628
 shrink_node_memcgs mm/vmscan.c:6022 [inline]
 shrink_node+0x6a9/0x2010 mm/vmscan.c:6061
 shrink_zones mm/vmscan.c:6300 [inline]
 do_try_to_free_pages+0x3f6/0xcd0 mm/vmscan.c:6362
 try_to_free_mem_cgroup_pages+0x1ab/0x410 mm/vmscan.c:6690
 try_charge_memcg+0x383/0xa10 mm/memcontrol.c:2388
 try_charge mm/memcontrol.c:2530 [inline]
 charge_memcg+0x51/0xc0 mm/memcontrol.c:4728
 __mem_cgroup_charge+0x28/0xb0 mm/memcontrol.c:4745
 mem_cgroup_charge include/linux/memcontrol.h:663 [inline]
 shmem_alloc_and_add_folio mm/shmem.c:1942 [inline]
 shmem_get_folio_gfp+0x470/0xd50 mm/shmem.c:2556
 shmem_get_folio mm/shmem.c:2662 [inline]
 shmem_write_begin+0xfc/0x1f0 mm/shmem.c:3315
 generic_perform_write+0x184/0x490 mm/filemap.c:4314
 shmem_file_write_iter+0xc5/0xf0 mm/shmem.c:3490
 __kernel_write_iter+0x2d6/0x540 fs/read_write.c:619
 dump_emit_page fs/coredump.c:1298 [inline]
 dump_user_range+0x61e/0x8f0 fs/coredump.c:1372
 elf_core_dump+0x1de7/0x1f80 fs/binfmt_elf.c:2111
 coredump_write+0xacf/0xdf0 fs/coredump.c:1049
 do_coredump fs/coredump.c:1126 [inline]
 vfs_coredump+0x24f7/0x2e60 fs/coredump.c:1200
 get_signal+0xd84/0xf70 kernel/signal.c:3019
 arch_do_signal_or_restart+0x96/0x450 arch/x86/kernel/signal.c:337
 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:75 [inline]
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
 irqentry_exit_to_user_mode_prepare include/linux/irq-entry-common.h:270 [inline]
 irqentry_exit_to_user_mode include/linux/irq-entry-common.h:339 [inline]
 irqentry_exit+0xf9/0x560 kernel/entry/common.c:196
 exc_general_protection+0x15b/0x1e0 arch/x86/kernel/traps.c:913
 asm_exc_general_protection+0x26/0x30 arch/x86/include/asm/idtentry.h:612

value changed: 0x0000000100001b5b -> 0x0000000100001b5c

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 19696 Comm: syz.5.6060 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================