syzbot

==================================================================
BUG: KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64

read-write to 0xffffffff86c07a00 of 8 bytes by interrupt on cpu 0:
 tick_do_update_jiffies64+0x113/0x1c0 kernel/time/tick-sched.c:118
 tick_sched_do_timer kernel/time/tick-sched.c:253 [inline]
 tick_nohz_handler+0x8d/0x3d0 kernel/time/tick-sched.c:312
 __run_hrtimer kernel/time/hrtimer.c:1930 [inline]
 __hrtimer_run_queues+0x276/0x4f0 kernel/time/hrtimer.c:1994
 hrtimer_interrupt+0x261/0x850 kernel/time/hrtimer.c:2113
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1c0 arch/x86/kernel/apic/apic.c:1067
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline]
 sysvec_apic_timer_interrupt+0x6f/0x80 arch/x86/kernel/apic/apic.c:1061
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 console_flush_one_record arch/x86/include/asm/irqflags.h:-1 [inline]
 console_flush_all+0x540/0x6c0 kernel/printk/printk.c:3343
 __console_flush_and_unlock kernel/printk/printk.c:3373 [inline]
 console_unlock+0xa1/0x280 kernel/printk/printk.c:3413
 vprintk_emit+0x3e4/0x600 kernel/printk/printk.c:2479
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2494
 vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
 _printk+0x79/0xa0 kernel/printk/printk.c:2504
 seq_buf_do_printk+0x113/0x1a0 lib/seq_buf.c:126
 mem_cgroup_print_oom_meminfo+0x17d/0x260 mm/memcontrol.c:1641
 dump_header+0xa2/0x240 mm/oom_kill.c:466
 oom_kill_process+0x295/0x350 mm/oom_kill.c:1031
 out_of_memory+0x97d/0xb80 mm/oom_kill.c:1169
 mem_cgroup_out_of_memory mm/memcontrol.c:1719 [inline]
 mem_cgroup_oom mm/memcontrol.c:1742 [inline]
 try_charge_memcg+0x62f/0xa10 mm/memcontrol.c:2481
 obj_cgroup_charge_pages mm/memcontrol.c:2882 [inline]
 __memcg_kmem_charge_page+0x139/0x2b0 mm/memcontrol.c:2926
 __alloc_frozen_pages_noprof+0x18a/0x350 mm/page_alloc.c:5245
 __alloc_pages_noprof mm/page_alloc.c:5262 [inline]
 alloc_pages_bulk_noprof+0x4d1/0x560 mm/page_alloc.c:5182
 alloc_pages_bulk_mempolicy_noprof+0x35b/0xeb0 mm/mempolicy.c:2798
 vm_area_alloc_pages mm/vmalloc.c:3700 [inline]
 __vmalloc_area_node mm/vmalloc.c:3878 [inline]
 __vmalloc_node_range_noprof+0x891/0x11c0 mm/vmalloc.c:4064
 __kvmalloc_node_noprof+0x3d4/0x640 mm/slub.c:6856
 futex_hash_allocate+0x190/0x9a0 kernel/futex/core.c:1815
 futex_hash_prctl+0xd8/0xf0 kernel/futex/core.c:1961
 __do_sys_prctl kernel/sys.c:2885 [inline]
 __se_sys_prctl+0x4f4/0x1400 kernel/sys.c:2534
 __x64_sys_prctl+0x67/0x80 kernel/sys.c:2534
 x64_sys_call+0x2533/0x3020 arch/x86/include/generated/asm/syscalls_64.h:158
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffffff86c07a00 of 8 bytes by task 3956 on cpu 1:
 mem_cgroup_flush_stats_ratelimited+0x29/0x50 mm/memcontrol.c:643
 count_shadow_nodes+0x6a/0x230 mm/workingset.c:685
 do_shrink_slab+0x63/0x660 mm/shrinker.c:386
 shrink_slab_memcg mm/shrinker.c:557 [inline]
 shrink_slab+0x545/0x8f0 mm/shrinker.c:635
 shrink_node_memcgs mm/vmscan.c:6034 [inline]
 shrink_node+0x6d8/0x2100 mm/vmscan.c:6076
 shrink_zones mm/vmscan.c:6315 [inline]
 do_try_to_free_pages+0x408/0xc90 mm/vmscan.c:6377
 try_to_free_mem_cgroup_pages+0x201/0x420 mm/vmscan.c:6699
 try_charge_memcg+0x373/0xa10 mm/memcontrol.c:2439
 try_charge mm/memcontrol.c:2581 [inline]
 charge_memcg mm/memcontrol.c:4804 [inline]
 mem_cgroup_swapin_charge_folio+0x103/0x1f0 mm/memcontrol.c:4890
 __swap_cache_prepare_and_add+0x69/0x4a0 mm/swap_state.c:476
 swap_cache_alloc_folio+0xa2/0x120 mm/swap_state.c:552
 swap_cluster_readahead+0x25f/0x3c0 mm/swap_state.c:726
 shmem_swapin_cluster mm/shmem.c:1788 [inline]
 shmem_swapin_folio+0x933/0x1370 mm/shmem.c:2346
 shmem_get_folio_gfp+0x278/0xd60 mm/shmem.c:2497
 shmem_get_folio mm/shmem.c:2670 [inline]
 shmem_write_begin+0xfc/0x1f0 mm/shmem.c:3323
 generic_perform_write+0x183/0x490 mm/filemap.c:4324
 shmem_file_write_iter+0xc5/0xf0 mm/shmem.c:3498
 lo_rw_aio+0x67d/0x730 drivers/block/loop.c:-1
 do_req_filebacked drivers/block/loop.c:-1 [inline]
 loop_handle_cmd drivers/block/loop.c:1925 [inline]
 loop_process_work+0x56c/0xac0 drivers/block/loop.c:1960
 loop_workfn+0x31/0x40 drivers/block/loop.c:1984
 process_one_work kernel/workqueue.c:3302 [inline]
 process_scheduled_works+0x4f0/0x9c0 kernel/workqueue.c:3385
 worker_thread+0x58a/0x780 kernel/workqueue.c:3466
 kthread+0x22a/0x280 kernel/kthread.c:436
 ret_from_fork+0x146/0x330 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

value changed: 0x00000000ffffe7a7 -> 0x00000000ffffe7a8

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 3956 Comm: kworker/u8:18 Tainted: G        W           syzkaller #0 PREEMPT(full) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
Workqueue: loop2 loop_workfn
==================================================================