syzbot

==================================================================
BUG: KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64

read-write to 0xffffffff86809a00 of 8 bytes by interrupt on cpu 1:
 tick_do_update_jiffies64+0x113/0x1c0 kernel/time/tick-sched.c:118
 tick_sched_do_timer kernel/time/tick-sched.c:253 [inline]
 tick_nohz_handler+0x8d/0x3d0 kernel/time/tick-sched.c:312
 __run_hrtimer kernel/time/hrtimer.c:1777 [inline]
 __hrtimer_run_queues+0x20f/0x5a0 kernel/time/hrtimer.c:1841
 hrtimer_interrupt+0x21a/0x460 kernel/time/hrtimer.c:1903
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1045 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1d0 arch/x86/kernel/apic/apic.c:1062
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0x6f/0x80 arch/x86/kernel/apic/apic.c:1056
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 __rcu_read_unlock+0x37/0x70 kernel/rcu/tree_plugin.h:435
 rcu_read_unlock include/linux/rcupdate.h:899 [inline]
 percpu_ref_get_many include/linux/percpu-refcount.h:209 [inline]
 percpu_ref_get include/linux/percpu-refcount.h:222 [inline]
 obj_cgroup_get include/linux/memcontrol.h:781 [inline]
 __memcg_kmem_charge_page+0xc4/0x170 mm/memcontrol.c:2869
 __alloc_frozen_pages_noprof+0x18f/0x360 mm/page_alloc.c:5227
 __alloc_pages_noprof+0x9/0x20 mm/page_alloc.c:5244
 __alloc_pages_node_noprof include/linux/gfp.h:285 [inline]
 alloc_pages_node_noprof include/linux/gfp.h:312 [inline]
 bpf_ringbuf_area_alloc kernel/bpf/ringbuf.c:127 [inline]
 bpf_ringbuf_alloc+0x1ef/0x400 kernel/bpf/ringbuf.c:175
 ringbuf_map_alloc+0x1ca/0x230 kernel/bpf/ringbuf.c:218
 map_create+0x862/0xda0 kernel/bpf/syscall.c:1514
 __sys_bpf+0x54e/0x7c0 kernel/bpf/syscall.c:6146
 __do_sys_bpf kernel/bpf/syscall.c:6274 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:6272 [inline]
 __x64_sys_bpf+0x41/0x50 kernel/bpf/syscall.c:6272
 x64_sys_call+0x28e1/0x3000 arch/x86/include/generated/asm/syscalls_64.h:322
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xca/0x2b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffffff86809a00 of 8 bytes by task 25411 on cpu 0:
 mem_cgroup_flush_stats_ratelimited+0x29/0x70 mm/memcontrol.c:636
 count_shadow_nodes+0x6a/0x230 mm/workingset.c:678
 do_shrink_slab+0x63/0x680 mm/shrinker.c:384
 shrink_slab_memcg mm/shrinker.c:550 [inline]
 shrink_slab+0x4f5/0x840 mm/shrinker.c:628
 shrink_node_memcgs mm/vmscan.c:6022 [inline]
 shrink_node+0x6a9/0x2010 mm/vmscan.c:6061
 shrink_zones mm/vmscan.c:6300 [inline]
 do_try_to_free_pages+0x3f6/0xcd0 mm/vmscan.c:6362
 try_to_free_mem_cgroup_pages+0x1ab/0x410 mm/vmscan.c:6690
 try_charge_memcg+0x383/0xa10 mm/memcontrol.c:2388
 obj_cgroup_charge_pages+0xa6/0x150 mm/memcontrol.c:2823
 obj_cgroup_charge_account+0x73/0x1a0 mm/memcontrol.c:3126
 __memcg_slab_post_alloc_hook+0x397/0x530 mm/memcontrol.c:3212
 memcg_slab_post_alloc_hook mm/slub.c:2338 [inline]
 slab_post_alloc_hook mm/slub.c:4964 [inline]
 slab_alloc_node mm/slub.c:5263 [inline]
 kmem_cache_alloc_noprof+0x2c5/0x4b0 mm/slub.c:5270
 alloc_buffer_head+0x35/0x1f0 fs/buffer.c:3025
 folio_alloc_buffers+0x14a/0x310 fs/buffer.c:935
 create_empty_buffers+0x2c/0x200 fs/buffer.c:1691
 folio_create_buffers fs/buffer.c:1802 [inline]
 __block_write_begin_int+0x1d4/0xf90 fs/buffer.c:2126
 block_page_mkwrite+0x1a8/0x3d0 fs/buffer.c:2639
 ext4_page_mkwrite+0x859/0xb90 fs/ext4/inode.c:6689
 do_page_mkwrite mm/memory.c:3528 [inline]
 do_shared_fault mm/memory.c:5831 [inline]
 do_fault mm/memory.c:5893 [inline]
 do_pte_missing mm/memory.c:4401 [inline]
 handle_pte_fault mm/memory.c:6273 [inline]
 __handle_mm_fault mm/memory.c:6411 [inline]
 handle_mm_fault+0x1601/0x2c60 mm/memory.c:6580
 do_user_addr_fault+0x3fe/0x1080 arch/x86/mm/fault.c:1387
 handle_page_fault arch/x86/mm/fault.c:1476 [inline]
 exc_page_fault+0x62/0xa0 arch/x86/mm/fault.c:1532
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618

value changed: 0x000000010000413b -> 0x000000010000413c

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 25411 Comm: syz.4.6833 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================