syzbot

==================================================================
BUG: KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64

read-write to 0xffffffff868099c0 of 8 bytes by interrupt on cpu 1:
 tick_do_update_jiffies64+0x113/0x1c0 kernel/time/tick-sched.c:118
 tick_sched_do_timer kernel/time/tick-sched.c:232 [inline]
 tick_nohz_handler+0x7f/0x2d0 kernel/time/tick-sched.c:290
 __run_hrtimer kernel/time/hrtimer.c:1777 [inline]
 __hrtimer_run_queues+0x20f/0x5a0 kernel/time/hrtimer.c:1841
 hrtimer_interrupt+0x21a/0x460 kernel/time/hrtimer.c:1903
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1041 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1d0 arch/x86/kernel/apic/apic.c:1058
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline]
 sysvec_apic_timer_interrupt+0x6f/0x80 arch/x86/kernel/apic/apic.c:1052
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 __sanitizer_cov_trace_const_cmp8+0x0/0x90 kernel/kcov.c:316
 __pte_needs_invert arch/x86/include/asm/pgtable-invert.h:18 [inline]
 protnone_mask arch/x86/include/asm/pgtable-invert.h:24 [inline]
 pmd_pfn arch/x86/include/asm/pgtable.h:273 [inline]
 pte_lockptr include/linux/mm.h:3032 [inline]
 pte_offset_map_rw_nolock+0x155/0x1f0 mm/pgtable-generic.c:328
 handle_pte_fault mm/memory.c:6180 [inline]
 __handle_mm_fault mm/memory.c:6336 [inline]
 handle_mm_fault+0x62f/0x2be0 mm/memory.c:6505
 faultin_page mm/gup.c:1126 [inline]
 __get_user_pages+0x102a/0x1ed0 mm/gup.c:1428
 populate_vma_page_range mm/gup.c:1860 [inline]
 __mm_populate+0x243/0x3a0 mm/gup.c:1963
 mm_populate include/linux/mm.h:3471 [inline]
 vm_mmap_pgoff+0x232/0x2e0 mm/util.c:586
 ksys_mmap_pgoff+0xc2/0x310 mm/mmap.c:604
 x64_sys_call+0x14a3/0x3000 arch/x86/include/generated/asm/syscalls_64.h:10
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffffff868099c0 of 8 bytes by task 3325 on cpu 0:
 mem_cgroup_flush_stats_ratelimited+0x29/0x70 mm/memcontrol.c:635
 count_shadow_nodes+0x6a/0x230 mm/workingset.c:678
 do_shrink_slab+0x63/0x680 mm/shrinker.c:384
 shrink_slab_memcg mm/shrinker.c:550 [inline]
 shrink_slab+0x448/0x760 mm/shrinker.c:628
 shrink_node_memcgs mm/vmscan.c:6056 [inline]
 shrink_node+0x6c3/0x2120 mm/vmscan.c:6095
 shrink_zones mm/vmscan.c:6339 [inline]
 do_try_to_free_pages+0x3f6/0xcd0 mm/vmscan.c:6401
 try_to_free_mem_cgroup_pages+0x1ab/0x410 mm/vmscan.c:6729
 try_charge_memcg+0x383/0xa10 mm/memcontrol.c:2356
 try_charge mm/memcontrol.c:2498 [inline]
 charge_memcg+0x51/0xc0 mm/memcontrol.c:4701
 __mem_cgroup_charge+0x28/0xb0 mm/memcontrol.c:4718
 mem_cgroup_charge include/linux/memcontrol.h:662 [inline]
 filemap_add_folio+0x111/0x360 mm/filemap.c:971
 __filemap_get_folio+0x31e/0x650 mm/filemap.c:2022
 filemap_fault+0x447/0xb60 mm/filemap.c:3499
 __do_fault+0xbc/0x200 mm/memory.c:5281
 do_read_fault mm/memory.c:5716 [inline]
 do_fault mm/memory.c:5850 [inline]
 do_pte_missing mm/memory.c:4362 [inline]
 handle_pte_fault mm/memory.c:6195 [inline]
 __handle_mm_fault mm/memory.c:6336 [inline]
 handle_mm_fault+0xf78/0x2be0 mm/memory.c:6505
 do_user_addr_fault+0x630/0x1080 arch/x86/mm/fault.c:1336
 handle_page_fault arch/x86/mm/fault.c:1476 [inline]
 exc_page_fault+0x62/0xa0 arch/x86/mm/fault.c:1532
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618

value changed: 0x00000000ffff9921 -> 0x00000000ffff9922

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 3325 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
==================================================================
EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.