syzbot

==================================================================
BUG: KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64

read-write to 0xffffffff868099c0 of 8 bytes by interrupt on cpu 0:
 tick_do_update_jiffies64+0x112/0x1b0 kernel/time/tick-sched.c:118
 tick_sched_do_timer kernel/time/tick-sched.c:232 [inline]
 tick_nohz_handler+0x7c/0x2d0 kernel/time/tick-sched.c:290
 __run_hrtimer kernel/time/hrtimer.c:1791 [inline]
 __hrtimer_run_queues+0x221/0x5f0 kernel/time/hrtimer.c:1855
 hrtimer_interrupt+0x235/0x4a0 kernel/time/hrtimer.c:1917
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1038 [inline]
 __sysvec_apic_timer_interrupt+0x5c/0x1d0 arch/x86/kernel/apic/apic.c:1055
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0x6e/0x80 arch/x86/kernel/apic/apic.c:1049
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
 __sanitizer_cov_trace_const_cmp4+0x0/0x90 kernel/kcov.c:309
 number+0x5c/0xac0 lib/vsprintf.c:458
 vsnprintf+0x6b0/0x8a0 lib/vsprintf.c:2814
 add_uevent_var+0xfe/0x1e0 lib/kobject_uevent.c:679
 kobject_uevent_env+0x3ef/0x550 lib/kobject_uevent.c:603
 kobject_uevent+0x1c/0x30 lib/kobject_uevent.c:656
 __kobject_del+0x8e/0x1a0 lib/kobject.c:601
 kobject_cleanup lib/kobject.c:680 [inline]
 kobject_release lib/kobject.c:720 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x126/0x180 lib/kobject.c:737
 netdev_queue_update_kobjects+0x482/0x4f0 net/core/net-sysfs.c:2052
 remove_queue_kobjects net/core/net-sysfs.c:2149 [inline]
 netdev_unregister_kobject+0xc9/0x290 net/core/net-sysfs.c:2304
 unregister_netdevice_many_notify+0x11fd/0x1600 net/core/dev.c:12009
 unregister_netdevice_many net/core/dev.c:12037 [inline]
 unregister_netdevice_queue+0x1fd/0x230 net/core/dev.c:11889
 unregister_netdevice include/linux/netdevice.h:3374 [inline]
 __tun_detach+0x7de/0xae0 drivers/net/tun.c:620
 tun_detach drivers/net/tun.c:636 [inline]
 tun_chr_close+0x58/0xf0 drivers/net/tun.c:3390
 __fput+0x2ac/0x640 fs/file_table.c:465
 ____fput+0x1c/0x30 fs/file_table.c:493
 task_work_run+0x13c/0x1b0 kernel/task_work.c:227
 get_signal+0xe81/0x1000 kernel/signal.c:2808
 arch_do_signal_or_restart+0x9a/0x4b0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x62/0x120 kernel/entry/common.c:218
 do_syscall_64+0xd6/0x1c0 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffffff868099c0 of 8 bytes by task 39 on cpu 1:
 mem_cgroup_flush_stats_ratelimited+0x29/0x70 mm/memcontrol.c:640
 count_shadow_nodes+0x6b/0x230 mm/workingset.c:680
 do_shrink_slab+0x5e/0x6a0 mm/shrinker.c:384
 shrink_slab_memcg mm/shrinker.c:550 [inline]
 shrink_slab+0x4f2/0x860 mm/shrinker.c:628
 shrink_node_memcgs mm/vmscan.c:5953 [inline]
 shrink_node+0x647/0x1da0 mm/vmscan.c:5992
 shrink_zones mm/vmscan.c:6237 [inline]
 do_try_to_free_pages+0x3c8/0xc60 mm/vmscan.c:6299
 try_to_free_mem_cgroup_pages+0x1e6/0x4a0 mm/vmscan.c:6631
 try_charge_memcg+0x2be/0x800 mm/memcontrol.c:2264
 try_charge mm/memcontrol-v1.h:19 [inline]
 charge_memcg+0x50/0xc0 mm/memcontrol.c:4497
 mem_cgroup_swapin_charge_folio+0xd0/0x150 mm/memcontrol.c:4583
 __read_swap_cache_async+0x242/0x490 mm/swap_state.c:517
 swap_cluster_readahead+0x38b/0x400 mm/swap_state.c:702
 shmem_swapin_cluster mm/shmem.c:1705 [inline]
 shmem_swapin_folio+0x775/0xef0 mm/shmem.c:2336
 shmem_get_folio_gfp+0x265/0xd30 mm/shmem.c:2478
 shmem_get_folio mm/shmem.c:2651 [inline]
 shmem_write_begin+0xa7/0x190 mm/shmem.c:3301
 generic_perform_write+0x189/0x4b0 mm/filemap.c:4114
 shmem_file_write_iter+0xc2/0xe0 mm/shmem.c:3477
 do_iter_readv_writev+0x40d/0x4b0 fs/read_write.c:-1
 vfs_iter_write+0x265/0x5c0 fs/read_write.c:979
 lo_write_bvec drivers/block/loop.c:221 [inline]
 lo_write_simple drivers/block/loop.c:242 [inline]
 do_req_filebacked drivers/block/loop.c:496 [inline]
 loop_handle_cmd drivers/block/loop.c:1943 [inline]
 loop_process_work+0xaf8/0x1240 drivers/block/loop.c:1978
 loop_rootcg_workfn+0x22/0x30 drivers/block/loop.c:2009
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0x4de/0xa20 kernel/workqueue.c:3319
 worker_thread+0x51d/0x6f0 kernel/workqueue.c:3400
 kthread+0x4ae/0x520 kernel/kthread.c:464
 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

value changed: 0x00000000ffffcf59 -> 0x00000000ffffcf5a

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 39 Comm: kworker/u8:2 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: loop2 loop_rootcg_workfn
==================================================================