syzbot

==================================================================
BUG: KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64

read-write to 0xffffffff86c07a00 of 8 bytes by interrupt on cpu 0:
 tick_do_update_jiffies64+0x113/0x1c0 kernel/time/tick-sched.c:118
 tick_sched_do_timer kernel/time/tick-sched.c:253 [inline]
 tick_nohz_handler+0x8d/0x3d0 kernel/time/tick-sched.c:312
 __run_hrtimer kernel/time/hrtimer.c:1930 [inline]
 __hrtimer_run_queues+0x276/0x4f0 kernel/time/hrtimer.c:1994
 hrtimer_interrupt+0x261/0x850 kernel/time/hrtimer.c:2113
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1c0 arch/x86/kernel/apic/apic.c:1067
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline]
 sysvec_apic_timer_interrupt+0x6f/0x80 arch/x86/kernel/apic/apic.c:1061
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 check_kcov_mode kernel/kcov.c:185 [inline]
 write_comp_data kernel/kcov.c:246 [inline]
 __sanitizer_cov_trace_const_cmp8+0x36/0x90 kernel/kcov.c:321
 copy_msghdr_from_user net/socket.c:2628 [inline]
 recvmsg_copy_msghdr net/socket.c:2884 [inline]
 ___sys_recvmsg+0xb7/0x3b0 net/socket.c:2956
 do_recvmmsg+0x1ef/0x560 net/socket.c:3055
 __sys_recvmmsg net/socket.c:3129 [inline]
 __do_sys_recvmmsg net/socket.c:3152 [inline]
 __se_sys_recvmmsg net/socket.c:3145 [inline]
 __x64_sys_recvmmsg+0xe5/0x170 net/socket.c:3145
 x64_sys_call+0x80f/0x3020 arch/x86/include/generated/asm/syscalls_64.h:300
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffffff86c07a00 of 8 bytes by task 3303 on cpu 1:
 mem_cgroup_flush_stats_ratelimited+0x29/0x50 mm/memcontrol.c:743
 count_shadow_nodes+0x6a/0x250 mm/workingset.c:692
 do_shrink_slab+0x63/0x660 mm/shrinker.c:382
 shrink_slab_memcg mm/shrinker.c:553 [inline]
 shrink_slab+0x545/0x8f0 mm/shrinker.c:631
 shrink_node_memcgs mm/vmscan.c:6173 [inline]
 shrink_node+0x6d4/0x20a0 mm/vmscan.c:6215
 shrink_zones mm/vmscan.c:6454 [inline]
 do_try_to_free_pages+0x408/0xc90 mm/vmscan.c:6516
 try_to_free_mem_cgroup_pages+0x201/0x420 mm/vmscan.c:6838
 try_charge_memcg+0x373/0xa10 mm/memcontrol.c:2627
 charge_memcg+0x6d/0x120 mm/memcontrol.c:5015
 __mem_cgroup_charge+0x28/0xb0 mm/memcontrol.c:5032
 mem_cgroup_charge include/linux/memcontrol.h:644 [inline]
 filemap_add_folio+0x110/0x350 mm/filemap.c:960
 page_cache_ra_unbounded+0x20e/0x420 mm/readahead.c:282
 do_page_cache_ra mm/readahead.c:334 [inline]
 page_cache_ra_order+0x153/0x220 mm/readahead.c:538
 do_sync_mmap_readahead+0x33d/0x350 mm/filemap.c:3406
 filemap_fault+0x369/0xb70 mm/filemap.c:3555
 __do_fault mm/memory.c:5458 [inline]
 do_read_fault mm/memory.c:5893 [inline]
 do_fault mm/memory.c:6027 [inline]
 do_pte_missing mm/memory.c:4550 [inline]
 handle_pte_fault mm/memory.c:6411 [inline]
 __handle_mm_fault mm/memory.c:6549 [inline]
 handle_mm_fault+0x16cd/0x2e70 mm/memory.c:6718
 do_user_addr_fault+0x62f/0x1050 arch/x86/mm/fault.c:1334
 handle_page_fault arch/x86/mm/fault.c:1474 [inline]
 exc_page_fault+0x62/0xa0 arch/x86/mm/fault.c:1527
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618

value changed: 0x00000000ffffa0e3 -> 0x00000000ffffa0e4

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 3303 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
==================================================================