syzbot

==================================================================
BUG: KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64

read-write to 0xffffffff86809a00 of 8 bytes by interrupt on cpu 1:
 tick_do_update_jiffies64+0x113/0x1c0 kernel/time/tick-sched.c:118
 tick_sched_do_timer kernel/time/tick-sched.c:253 [inline]
 tick_nohz_handler+0x8d/0x3d0 kernel/time/tick-sched.c:312
 __run_hrtimer kernel/time/hrtimer.c:1777 [inline]
 __hrtimer_run_queues+0x20f/0x5a0 kernel/time/hrtimer.c:1841
 hrtimer_interrupt+0x21a/0x460 kernel/time/hrtimer.c:1903
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1045 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1d0 arch/x86/kernel/apic/apic.c:1062
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0x6f/0x80 arch/x86/kernel/apic/apic.c:1056
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 __preempt_count_dec_and_test arch/x86/include/asm/preempt.h:95 [inline]
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
 _raw_spin_unlock_irqrestore+0x3c/0x60 kernel/locking/spinlock.c:194
 unlock_hrtimer_base kernel/time/hrtimer.c:1013 [inline]
 hrtimer_start_range_ns+0x6e2/0x740 kernel/time/hrtimer.c:1325
 hrtimer_start_expires include/linux/hrtimer.h:273 [inline]
 hrtimer_sleeper_start_expires kernel/time/hrtimer.c:2039 [inline]
 do_nanosleep+0x79/0x330 kernel/time/hrtimer.c:2113
 hrtimer_nanosleep+0x1b8/0x360 kernel/time/hrtimer.c:2163
 common_nsleep+0x62/0x80 kernel/time/posix-timers.c:1352
 __do_sys_clock_nanosleep kernel/time/posix-timers.c:1398 [inline]
 __se_sys_clock_nanosleep+0x21a/0x250 kernel/time/posix-timers.c:1375
 __x64_sys_clock_nanosleep+0x55/0x70 kernel/time/posix-timers.c:1375
 x64_sys_call+0x2734/0x3000 arch/x86/include/generated/asm/syscalls_64.h:231
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xca/0x2b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffffff86809a00 of 8 bytes by task 6439 on cpu 0:
 mem_cgroup_flush_stats_ratelimited+0x29/0x70 mm/memcontrol.c:636
 count_shadow_nodes+0x6a/0x230 mm/workingset.c:678
 do_shrink_slab+0x63/0x680 mm/shrinker.c:384
 shrink_slab_memcg mm/shrinker.c:550 [inline]
 shrink_slab+0x4f5/0x840 mm/shrinker.c:628
 shrink_node_memcgs mm/vmscan.c:6022 [inline]
 shrink_node+0x6a9/0x2010 mm/vmscan.c:6061
 shrink_zones mm/vmscan.c:6300 [inline]
 do_try_to_free_pages+0x3f6/0xcd0 mm/vmscan.c:6362
 try_to_free_mem_cgroup_pages+0x1ab/0x410 mm/vmscan.c:6690
 try_charge_memcg+0x383/0xa10 mm/memcontrol.c:2388
 obj_cgroup_charge_pages+0xa6/0x150 mm/memcontrol.c:2823
 __memcg_kmem_charge_page+0x9f/0x170 mm/memcontrol.c:2867
 __alloc_frozen_pages_noprof+0x18f/0x360 mm/page_alloc.c:5227
 alloc_pages_mpol+0xb3/0x260 mm/mempolicy.c:2486
 alloc_frozen_pages_noprof mm/mempolicy.c:2557 [inline]
 alloc_pages_noprof+0x90/0x130 mm/mempolicy.c:2577
 vm_area_alloc_pages mm/vmalloc.c:3718 [inline]
 __vmalloc_area_node mm/vmalloc.c:3863 [inline]
 __vmalloc_node_range_noprof+0xa7b/0x1310 mm/vmalloc.c:4051
 __kvmalloc_node_noprof+0x492/0x6b0 mm/slub.c:7164
 ip_set_alloc+0x24/0x30 net/netfilter/ipset/ip_set_core.c:261
 hash_netiface_create+0x282/0x740 net/netfilter/ipset/ip_set_hash_gen.h:1568
 ip_set_create+0x3cc/0x970 net/netfilter/ipset/ip_set_core.c:1109
 nfnetlink_rcv_msg+0x4c6/0x590 net/netfilter/nfnetlink.c:302
 netlink_rcv_skb+0x123/0x220 net/netlink/af_netlink.c:2550
 nfnetlink_rcv+0x167/0x16c0 net/netfilter/nfnetlink.c:669
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x5c0/0x690 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x58b/0x6b0 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg+0x145/0x180 net/socket.c:742
 ____sys_sendmsg+0x31e/0x4a0 net/socket.c:2592
 ___sys_sendmsg+0x17b/0x1d0 net/socket.c:2646
 __sys_sendmsg net/socket.c:2678 [inline]
 __do_sys_sendmsg net/socket.c:2683 [inline]
 __se_sys_sendmsg net/socket.c:2681 [inline]
 __x64_sys_sendmsg+0xd4/0x160 net/socket.c:2681
 x64_sys_call+0x17ba/0x3000 arch/x86/include/generated/asm/syscalls_64.h:47
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xca/0x2b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00000000ffffba27 -> 0x00000000ffffba28

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 6439 Comm: syz.1.929 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================