syzbot

==================================================================
BUG: KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64

read-write to 0xffffffff868099c0 of 8 bytes by interrupt on cpu 0:
 tick_do_update_jiffies64+0x113/0x1c0 kernel/time/tick-sched.c:118
 tick_sched_do_timer kernel/time/tick-sched.c:232 [inline]
 tick_nohz_handler+0x7f/0x2d0 kernel/time/tick-sched.c:290
 __run_hrtimer kernel/time/hrtimer.c:1777 [inline]
 __hrtimer_run_queues+0x20f/0x5a0 kernel/time/hrtimer.c:1841
 hrtimer_interrupt+0x21a/0x460 kernel/time/hrtimer.c:1903
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1041 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1d0 arch/x86/kernel/apic/apic.c:1058
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline]
 sysvec_apic_timer_interrupt+0x32/0x80 arch/x86/kernel/apic/apic.c:1052
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 find_watchpoint kernel/kcsan/core.c:120 [inline]
 check_access kernel/kcsan/core.c:737 [inline]
 __tsan_read1+0x1d/0x180 kernel/kcsan/core.c:1022
 __skb_ext_copy include/linux/skbuff.h:4953 [inline]
 __copy_skb_header+0x139/0x2f0 net/core/skbuff.c:1497
 __skb_clone+0x44/0x2d0 net/core/skbuff.c:1547
 skb_clone+0x182/0x1f0 net/core/skbuff.c:2057
 __tcp_transmit_skb+0x1d8/0x1c10 net/ipv4/tcp_output.c:1474
 tcp_transmit_skb net/ipv4/tcp_output.c:1646 [inline]
 tcp_write_xmit+0x129c/0x30f0 net/ipv4/tcp_output.c:2999
 tcp_tsq_write+0x15c/0x170 net/ipv4/tcp_output.c:1241
 tcp_tsq_handler net/ipv4/tcp_output.c:1250 [inline]
 tcp_tsq_workfn+0x23b/0x300 net/ipv4/tcp_output.c:1282
 process_one_work kernel/workqueue.c:3263 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3346
 bh_worker+0x229/0x370 kernel/workqueue.c:3607
 workqueue_softirq_action+0xab/0xc0 kernel/workqueue.c:3635
 tasklet_action+0xb/0x30 kernel/softirq.c:952
 handle_softirqs+0xba/0x290 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x3a/0xc0 kernel/softirq.c:723
 common_interrupt+0x83/0x90 arch/x86/kernel/irq.c:318
 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:688
 finish_task_switch+0xb6/0x2b0 kernel/sched/core.c:5193
 context_switch kernel/sched/core.c:5328 [inline]
 __schedule+0x6b9/0xb30 kernel/sched/core.c:6929
 preempt_schedule_common kernel/sched/core.c:7113 [inline]
 __cond_resched+0x4e/0x90 kernel/sched/core.c:7458
 might_resched include/linux/kernel.h:61 [inline]
 might_alloc include/linux/sched/mm.h:321 [inline]
 slab_pre_alloc_hook mm/slub.c:4929 [inline]
 slab_alloc_node mm/slub.c:5264 [inline]
 kmem_cache_alloc_noprof+0x46/0x480 mm/slub.c:5295
 getname_flags+0x80/0x3b0 fs/namei.c:146
 getname include/linux/fs.h:2924 [inline]
 getname_maybe_null include/linux/fs.h:2931 [inline]
 vfs_fstatat+0x43/0x170 fs/stat.c:370
 __do_sys_newfstatat fs/stat.c:542 [inline]
 __se_sys_newfstatat+0x55/0x260 fs/stat.c:536
 __x64_sys_newfstatat+0x55/0x70 fs/stat.c:536
 x64_sys_call+0x135a/0x3000 arch/x86/include/generated/asm/syscalls_64.h:263
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffffff868099c0 of 8 bytes by task 22914 on cpu 1:
 mem_cgroup_flush_stats_ratelimited+0x29/0x70 mm/memcontrol.c:635
 count_shadow_nodes+0x6a/0x230 mm/workingset.c:678
 do_shrink_slab+0x63/0x680 mm/shrinker.c:384
 shrink_slab_memcg mm/shrinker.c:550 [inline]
 shrink_slab+0x448/0x760 mm/shrinker.c:628
 shrink_node_memcgs mm/vmscan.c:6056 [inline]
 shrink_node+0x6c3/0x2120 mm/vmscan.c:6095
 shrink_zones mm/vmscan.c:6339 [inline]
 do_try_to_free_pages+0x3f6/0xcd0 mm/vmscan.c:6401
 try_to_free_mem_cgroup_pages+0x1ab/0x410 mm/vmscan.c:6729
 try_charge_memcg+0x383/0xa10 mm/memcontrol.c:2356
 try_charge mm/memcontrol.c:2498 [inline]
 charge_memcg+0x51/0xc0 mm/memcontrol.c:4701
 mem_cgroup_swapin_charge_folio+0xcc/0x150 mm/memcontrol.c:4787
 __read_swap_cache_async+0x17b/0x2d0 mm/swap_state.c:481
 swap_cluster_readahead+0x262/0x3c0 mm/swap_state.c:650
 swapin_readahead+0xde/0x800 mm/swap_state.c:826
 do_swap_page+0x2ae/0x2370 mm/memory.c:4714
 handle_pte_fault mm/memory.c:6198 [inline]
 __handle_mm_fault mm/memory.c:6336 [inline]
 handle_mm_fault+0x9a5/0x2be0 mm/memory.c:6505
 do_user_addr_fault+0x630/0x1080 arch/x86/mm/fault.c:1336
 handle_page_fault arch/x86/mm/fault.c:1476 [inline]
 exc_page_fault+0x62/0xa0 arch/x86/mm/fault.c:1532
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618

value changed: 0x000000010000162d -> 0x000000010000162e

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 22914 Comm: syz.4.6517 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
==================================================================