syzbot

==================================================================
BUG: KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64

read-write to 0xffffffff868099c0 of 8 bytes by interrupt on cpu 0:
 tick_do_update_jiffies64+0x113/0x1c0 kernel/time/tick-sched.c:118
 tick_sched_do_timer kernel/time/tick-sched.c:232 [inline]
 tick_nohz_handler+0x7f/0x2d0 kernel/time/tick-sched.c:290
 __run_hrtimer kernel/time/hrtimer.c:1761 [inline]
 __hrtimer_run_queues+0x20c/0x5a0 kernel/time/hrtimer.c:1825
 hrtimer_interrupt+0x21a/0x460 kernel/time/hrtimer.c:1887
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1039 [inline]
 __sysvec_apic_timer_interrupt+0x5c/0x1d0 arch/x86/kernel/apic/apic.c:1056
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 sysvec_apic_timer_interrupt+0x6f/0x80 arch/x86/kernel/apic/apic.c:1050
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
 is_atomic kernel/kcsan/core.c:249 [inline]
 should_watch kernel/kcsan/core.c:277 [inline]
 check_access kernel/kcsan/core.c:752 [inline]
 __tsan_read4+0xe9/0x190 kernel/kcsan/core.c:1024
 shrink_node_memcgs mm/vmscan.c:6058 [inline]
 shrink_node+0x6f5/0x2120 mm/vmscan.c:6092
 shrink_zones mm/vmscan.c:6336 [inline]
 do_try_to_free_pages+0x3f6/0xcd0 mm/vmscan.c:6398
 try_to_free_mem_cgroup_pages+0x1ab/0x410 mm/vmscan.c:6726
 try_charge_memcg+0x358/0x9e0 mm/memcontrol.c:2357
 try_charge mm/memcontrol.c:2499 [inline]
 charge_memcg+0x51/0xc0 mm/memcontrol.c:4702
 __mem_cgroup_charge+0x28/0xb0 mm/memcontrol.c:4719
 mem_cgroup_charge include/linux/memcontrol.h:654 [inline]
 filemap_add_folio+0x4e/0x1b0 mm/filemap.c:964
 __filemap_get_folio+0x31e/0x6b0 mm/filemap.c:1991
 filemap_fault+0x41f/0xb40 mm/filemap.c:3455
 __do_fault+0xb9/0x200 mm/memory.c:5152
 do_read_fault mm/memory.c:5573 [inline]
 do_fault mm/memory.c:5707 [inline]
 do_pte_missing mm/memory.c:4234 [inline]
 handle_pte_fault mm/memory.c:6052 [inline]
 __handle_mm_fault mm/memory.c:6195 [inline]
 handle_mm_fault+0xf78/0x2c20 mm/memory.c:6364
 faultin_page mm/gup.c:1144 [inline]
 __get_user_pages+0x102e/0x1fa0 mm/gup.c:1446
 __get_user_pages_locked mm/gup.c:1712 [inline]
 get_dump_page+0xb5/0x250 mm/gup.c:2212
 dump_user_range+0x145/0x8f0 fs/coredump.c:1364
 elf_core_dump+0x1e00/0x1f90 fs/binfmt_elf.c:2085
 coredump_write+0xb0d/0xe30 fs/coredump.c:1049
 vfs_coredump+0x142f/0x20c0 fs/coredump.c:1168
 get_signal+0xd85/0xf70 kernel/signal.c:3019
 arch_do_signal_or_restart+0x96/0x480 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:40 [inline]
 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
 irqentry_exit_to_user_mode+0x5e/0xa0 kernel/entry/common.c:73
 irqentry_exit+0x12/0x50 kernel/entry/common.c:177
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623

read to 0xffffffff868099c0 of 8 bytes by task 6704 on cpu 1:
 mem_cgroup_flush_stats_ratelimited+0x29/0x70 mm/memcontrol.c:634
 count_shadow_nodes+0x6a/0x230 mm/workingset.c:678
 do_shrink_slab+0x60/0x680 mm/shrinker.c:384
 shrink_slab_memcg mm/shrinker.c:550 [inline]
 shrink_slab+0x448/0x760 mm/shrinker.c:628
 shrink_node_memcgs mm/vmscan.c:6053 [inline]
 shrink_node+0x6c3/0x2120 mm/vmscan.c:6092
 shrink_zones mm/vmscan.c:6336 [inline]
 do_try_to_free_pages+0x3f6/0xcd0 mm/vmscan.c:6398
 try_to_free_mem_cgroup_pages+0x1ab/0x410 mm/vmscan.c:6726
 try_charge_memcg+0x358/0x9e0 mm/memcontrol.c:2357
 try_charge mm/memcontrol.c:2499 [inline]
 charge_memcg+0x51/0xc0 mm/memcontrol.c:4702
 __mem_cgroup_charge+0x28/0xb0 mm/memcontrol.c:4719
 mem_cgroup_charge include/linux/memcontrol.h:654 [inline]
 filemap_add_folio+0x4e/0x1b0 mm/filemap.c:964
 __filemap_get_folio+0x31e/0x6b0 mm/filemap.c:1991
 filemap_fault+0x41f/0xb40 mm/filemap.c:3455
 __do_fault+0xb9/0x200 mm/memory.c:5152
 do_read_fault mm/memory.c:5573 [inline]
 do_fault mm/memory.c:5707 [inline]
 do_pte_missing mm/memory.c:4234 [inline]
 handle_pte_fault mm/memory.c:6052 [inline]
 __handle_mm_fault mm/memory.c:6195 [inline]
 handle_mm_fault+0xf78/0x2c20 mm/memory.c:6364
 faultin_page mm/gup.c:1144 [inline]
 __get_user_pages+0x102e/0x1fa0 mm/gup.c:1446
 __get_user_pages_locked mm/gup.c:1712 [inline]
 get_dump_page+0xb5/0x250 mm/gup.c:2212
 dump_user_range+0x145/0x8f0 fs/coredump.c:1364
 elf_core_dump+0x1e00/0x1f90 fs/binfmt_elf.c:2085
 coredump_write+0xb0d/0xe30 fs/coredump.c:1049
 vfs_coredump+0x142f/0x20c0 fs/coredump.c:1168
 get_signal+0xd85/0xf70 kernel/signal.c:3019
 arch_do_signal_or_restart+0x96/0x480 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:40 [inline]
 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
 irqentry_exit_to_user_mode+0x5e/0xa0 kernel/entry/common.c:73
 irqentry_exit+0x12/0x50 kernel/entry/common.c:177
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623

value changed: 0x00000000ffffb44d -> 0x00000000ffffb44e

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 6704 Comm: syz.6.924 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
==================================================================