syzbot

==================================================================
BUG: KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64

read-write to 0xffffffff86c09a00 of 8 bytes by interrupt on cpu 1:
 tick_do_update_jiffies64+0x113/0x1c0 kernel/time/tick-sched.c:118
 tick_sched_do_timer kernel/time/tick-sched.c:253 [inline]
 tick_nohz_handler+0x8d/0x3d0 kernel/time/tick-sched.c:312
 __run_hrtimer kernel/time/hrtimer.c:1785 [inline]
 __hrtimer_run_queues+0x218/0x4f0 kernel/time/hrtimer.c:1849
 hrtimer_interrupt+0x269/0x810 kernel/time/hrtimer.c:1911
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1045 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1f0 arch/x86/kernel/apic/apic.c:1062
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0x6f/0x80 arch/x86/kernel/apic/apic.c:1056
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 __sanitizer_cov_trace_pc+0x8/0x70 kernel/kcov.c:213
 __pkru_allows_pkey arch/x86/include/asm/pgtable.h:1610 [inline]
 arch_vma_access_permitted arch/x86/include/asm/mmu_context.h:276 [inline]
 access_error arch/x86/mm/fault.c:1079 [inline]
 do_user_addr_fault+0xb0c/0x1050 arch/x86/mm/fault.c:1367
 handle_page_fault arch/x86/mm/fault.c:1474 [inline]
 exc_page_fault+0x62/0xa0 arch/x86/mm/fault.c:1527
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618
 __put_user_4+0xd/0x20 arch/x86/lib/putuser.S:92
 mm_release+0x7d/0x190 kernel/fork.c:1477
 exit_mm_release+0x25/0x30 kernel/fork.c:1495
 exit_mm+0x37/0x180 kernel/exit.c:554
 do_exit+0x442/0x1600 kernel/exit.c:964
 do_group_exit+0xfe/0x140 kernel/exit.c:1118
 get_signal+0xe54/0xf60 kernel/signal.c:3034
 arch_do_signal_or_restart+0x96/0x450 arch/x86/kernel/signal.c:337
 __exit_to_user_mode_loop kernel/entry/common.c:64 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:98 [inline]
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
 irqentry_exit_to_user_mode_prepare include/linux/irq-entry-common.h:270 [inline]
 irqentry_exit_to_user_mode include/linux/irq-entry-common.h:339 [inline]
 irqentry_exit+0xf7/0x520 kernel/entry/common.c:219
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618

read to 0xffffffff86c09a00 of 8 bytes by task 31062 on cpu 0:
 mem_cgroup_flush_stats_ratelimited+0x29/0x70 mm/memcontrol.c:638
 count_shadow_nodes+0x6a/0x230 mm/workingset.c:678
 do_shrink_slab+0x63/0x6a0 mm/shrinker.c:384
 shrink_slab_memcg mm/shrinker.c:550 [inline]
 shrink_slab+0x538/0x880 mm/shrinker.c:628
 shrink_node_memcgs mm/vmscan.c:6022 [inline]
 shrink_node+0x6bc/0x2130 mm/vmscan.c:6061
 shrink_zones mm/vmscan.c:6300 [inline]
 do_try_to_free_pages+0x408/0xc80 mm/vmscan.c:6362
 try_to_free_mem_cgroup_pages+0x1f5/0x470 mm/vmscan.c:6683
 try_charge_memcg+0x37e/0xa10 mm/memcontrol.c:2414
 try_charge mm/memcontrol.c:2556 [inline]
 charge_memcg mm/memcontrol.c:4744 [inline]
 mem_cgroup_swapin_charge_folio+0x103/0x1f0 mm/memcontrol.c:4830
 __swap_cache_prepare_and_add+0x386/0x530 mm/swap_state.c:517
 swap_cache_alloc_folio+0xa2/0x120 mm/swap_state.c:575
 swap_cluster_readahead+0x36b/0x3d0 mm/swap_state.c:768
 swapin_readahead+0xde/0x840 mm/swap_state.c:924
 do_swap_page+0x30d/0x2220 mm/memory.c:4802
 handle_pte_fault mm/memory.c:6320 [inline]
 __handle_mm_fault mm/memory.c:6455 [inline]
 handle_mm_fault+0xb40/0x3020 mm/memory.c:6624
 do_user_addr_fault+0x62f/0x1050 arch/x86/mm/fault.c:1334
 handle_page_fault arch/x86/mm/fault.c:1474 [inline]
 exc_page_fault+0x62/0xa0 arch/x86/mm/fault.c:1527
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618

value changed: 0x000000010001e5db -> 0x000000010001e5dc

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 31062 Comm: syz-executor Tainted: G        W           syzkaller #0 PREEMPT(full) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
==================================================================