syzbot

==================================================================
BUG: KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64

read-write to 0xffffffff86c09a00 of 8 bytes by interrupt on cpu 1:
 tick_do_update_jiffies64+0x113/0x1c0 kernel/time/tick-sched.c:118
 tick_sched_do_timer kernel/time/tick-sched.c:253 [inline]
 tick_nohz_handler+0x8d/0x3d0 kernel/time/tick-sched.c:312
 __run_hrtimer kernel/time/hrtimer.c:1785 [inline]
 __hrtimer_run_queues+0x218/0x4f0 kernel/time/hrtimer.c:1849
 hrtimer_interrupt+0x269/0x810 kernel/time/hrtimer.c:1911
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1045 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1f0 arch/x86/kernel/apic/apic.c:1062
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0x6f/0x80 arch/x86/kernel/apic/apic.c:1056
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 __preempt_count_dec_and_test arch/x86/include/asm/preempt.h:95 [inline]
 __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:188 [inline]
 _raw_spin_unlock_irq+0x12/0x30 kernel/locking/spinlock.c:202
 spin_unlock_irq include/linux/spinlock.h:401 [inline]
 evict_folios+0x299a/0x35c0 mm/vmscan.c:4713
 try_to_shrink_lruvec+0x81b/0xbf0 mm/vmscan.c:4881
 lru_gen_shrink_lruvec mm/vmscan.c:5030 [inline]
 shrink_lruvec+0x255/0x1c60 mm/vmscan.c:5784
 shrink_node_memcgs mm/vmscan.c:6020 [inline]
 shrink_node+0x67a/0x2130 mm/vmscan.c:6061
 shrink_zones mm/vmscan.c:6300 [inline]
 do_try_to_free_pages+0x408/0xc80 mm/vmscan.c:6362
 try_to_free_mem_cgroup_pages+0x1f5/0x470 mm/vmscan.c:6683
 try_charge_memcg+0x37e/0xa10 mm/memcontrol.c:2414
 obj_cgroup_charge_pages+0x23/0xc0 mm/memcontrol.c:2857
 __memcg_kmem_charge_page+0x9e/0x170 mm/memcontrol.c:2901
 __alloc_frozen_pages_noprof+0x18a/0x360 mm/page_alloc.c:5267
 alloc_pages_mpol+0xb3/0x260 mm/mempolicy.c:2484
 alloc_frozen_pages_noprof mm/mempolicy.c:2555 [inline]
 alloc_pages_noprof+0x8f/0x130 mm/mempolicy.c:2575
 vm_area_alloc_pages mm/vmalloc.c:3731 [inline]
 __vmalloc_area_node mm/vmalloc.c:3876 [inline]
 __vmalloc_node_range_noprof+0xa46/0x12b0 mm/vmalloc.c:4064
 __kvmalloc_node_noprof+0x3d4/0x650 mm/slub.c:6758
 futex_hash_allocate+0x190/0x9d0 kernel/futex/core.c:1812
 futex_hash_prctl+0xd8/0xf0 kernel/futex/core.c:1958
 __do_sys_prctl kernel/sys.c:2884 [inline]
 __se_sys_prctl+0xa3d/0x13f0 kernel/sys.c:2533
 __x64_sys_prctl+0x67/0x80 kernel/sys.c:2533
 x64_sys_call+0x2533/0x3020 arch/x86/include/generated/asm/syscalls_64.h:158
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x370 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffffff86c09a00 of 8 bytes by task 13568 on cpu 0:
 mem_cgroup_flush_stats_ratelimited+0x29/0x70 mm/memcontrol.c:638
 count_shadow_nodes+0x6a/0x230 mm/workingset.c:678
 do_shrink_slab+0x63/0x6a0 mm/shrinker.c:384
 shrink_slab_memcg mm/shrinker.c:550 [inline]
 shrink_slab+0x538/0x880 mm/shrinker.c:628
 shrink_node_memcgs mm/vmscan.c:6022 [inline]
 shrink_node+0x6bc/0x2130 mm/vmscan.c:6061
 shrink_zones mm/vmscan.c:6300 [inline]
 do_try_to_free_pages+0x408/0xc80 mm/vmscan.c:6362
 try_to_free_mem_cgroup_pages+0x1f5/0x470 mm/vmscan.c:6683
 try_charge_memcg+0x37e/0xa10 mm/memcontrol.c:2414
 try_charge mm/memcontrol.c:2556 [inline]
 charge_memcg mm/memcontrol.c:4744 [inline]
 mem_cgroup_swapin_charge_folio+0x103/0x1f0 mm/memcontrol.c:4830
 __swap_cache_prepare_and_add+0x386/0x530 mm/swap_state.c:517
 swap_cache_alloc_folio+0xa2/0x120 mm/swap_state.c:575
 swap_cluster_readahead+0x36b/0x3d0 mm/swap_state.c:768
 shmem_swapin_cluster mm/shmem.c:1785 [inline]
 shmem_swapin_folio+0x951/0x1360 mm/shmem.c:2349
 shmem_get_folio_gfp+0x278/0xd60 mm/shmem.c:2500
 shmem_get_folio mm/shmem.c:2673 [inline]
 shmem_file_read_iter+0x10d/0x540 mm/shmem.c:3388
 lo_rw_aio+0x67d/0x730 drivers/block/loop.c:-1
 do_req_filebacked drivers/block/loop.c:-1 [inline]
 loop_handle_cmd drivers/block/loop.c:1925 [inline]
 loop_process_work+0x56c/0xac0 drivers/block/loop.c:1960
 loop_rootcg_workfn+0x22/0x30 drivers/block/loop.c:1991
 process_one_work kernel/workqueue.c:3275 [inline]
 process_scheduled_works+0x4de/0x9e0 kernel/workqueue.c:3358
 worker_thread+0x581/0x770 kernel/workqueue.c:3439
 kthread+0x22a/0x280 kernel/kthread.c:467
 ret_from_fork+0x150/0x360 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

value changed: 0x00000000fffffedd -> 0x00000000fffffede

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 13568 Comm: kworker/u8:14 Tainted: G        W           syzkaller #0 PREEMPT(full) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Workqueue: loop0 loop_rootcg_workfn
==================================================================