syzbot

==================================================================
BUG: KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64

read-write to 0xffffffff86c09a00 of 8 bytes by interrupt on cpu 0:
 tick_do_update_jiffies64+0x113/0x1c0 kernel/time/tick-sched.c:118
 tick_sched_do_timer kernel/time/tick-sched.c:253 [inline]
 tick_nohz_handler+0x8d/0x3d0 kernel/time/tick-sched.c:312
 __run_hrtimer kernel/time/hrtimer.c:1785 [inline]
 __hrtimer_run_queues+0x218/0x4f0 kernel/time/hrtimer.c:1849
 hrtimer_interrupt+0x269/0x810 kernel/time/hrtimer.c:1911
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1045 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1f0 arch/x86/kernel/apic/apic.c:1062
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0x6f/0x80 arch/x86/kernel/apic/apic.c:1056
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 kcsan_setup_watchpoint+0x404/0x410 kernel/kcsan/core.c:705
 should_zap_cows mm/memory.c:1570 [inline]
 should_zap_folio mm/memory.c:1582 [inline]
 zap_present_ptes mm/memory.c:1709 [inline]
 do_zap_pte_range mm/memory.c:1827 [inline]
 zap_pte_range mm/memory.c:1929 [inline]
 zap_pmd_range mm/memory.c:2021 [inline]
 zap_pud_range mm/memory.c:2049 [inline]
 zap_p4d_range mm/memory.c:2070 [inline]
 unmap_page_range+0x9bb/0x2e80 mm/memory.c:2091
 unmap_single_vma mm/memory.c:2133 [inline]
 unmap_vmas+0x2ba/0x420 mm/memory.c:2171
 exit_mmap+0x1ab/0x620 mm/mmap.c:1302
 __mmput+0x28/0x1c0 kernel/fork.c:1174
 mmput+0x40/0x50 kernel/fork.c:1197
 exit_mm+0xe3/0x180 kernel/exit.c:581
 do_exit+0x3fa/0x15a0 kernel/exit.c:959
 do_group_exit+0x138/0x140 kernel/exit.c:1112
 __do_sys_exit_group kernel/exit.c:1123 [inline]
 __se_sys_exit_group kernel/exit.c:1121 [inline]
 __x64_sys_exit_group+0x1f/0x20 kernel/exit.c:1121
 x64_sys_call+0x3008/0x3020 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x370 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffffff86c09a00 of 8 bytes by task 3322 on cpu 1:
 mem_cgroup_flush_stats_ratelimited+0x29/0x70 mm/memcontrol.c:638
 count_shadow_nodes+0x6a/0x230 mm/workingset.c:678
 do_shrink_slab+0x63/0x6a0 mm/shrinker.c:384
 shrink_slab_memcg mm/shrinker.c:550 [inline]
 shrink_slab+0x538/0x880 mm/shrinker.c:628
 shrink_node_memcgs mm/vmscan.c:6022 [inline]
 shrink_node+0x6bc/0x2130 mm/vmscan.c:6061
 shrink_zones mm/vmscan.c:6300 [inline]
 do_try_to_free_pages+0x408/0xc80 mm/vmscan.c:6362
 try_to_free_mem_cgroup_pages+0x1f5/0x470 mm/vmscan.c:6683
 try_charge_memcg+0x37e/0xa10 mm/memcontrol.c:2414
 try_charge mm/memcontrol.c:2556 [inline]
 charge_memcg mm/memcontrol.c:4744 [inline]
 mem_cgroup_swapin_charge_folio+0x103/0x1f0 mm/memcontrol.c:4830
 __swap_cache_prepare_and_add+0x386/0x530 mm/swap_state.c:517
 swap_cache_alloc_folio+0xa2/0x120 mm/swap_state.c:575
 swap_cluster_readahead+0x26e/0x3d0 mm/swap_state.c:749
 swapin_readahead+0xde/0x840 mm/swap_state.c:924
 do_swap_page+0x309/0x2210 mm/memory.c:4801
 handle_pte_fault mm/memory.c:6319 [inline]
 __handle_mm_fault mm/memory.c:6454 [inline]
 handle_mm_fault+0xb40/0x3020 mm/memory.c:6623
 do_user_addr_fault+0x62f/0x1050 arch/x86/mm/fault.c:1334
 handle_page_fault arch/x86/mm/fault.c:1474 [inline]
 exc_page_fault+0x62/0xa0 arch/x86/mm/fault.c:1527
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618

value changed: 0x00000000ffffb18f -> 0x00000000ffffb190

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 3322 Comm: syz-executor Tainted: G        W           syzkaller #0 PREEMPT(full) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
==================================================================