================================================================== BUG: KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64 read-write to 0xffffffff86e07a00 of 8 bytes by interrupt on cpu 1: tick_do_update_jiffies64+0x113/0x1c0 kernel/time/tick-sched.c:118 tick_sched_do_timer kernel/time/tick-sched.c:253 [inline] tick_nohz_handler+0x8d/0x3d0 kernel/time/tick-sched.c:312 __run_hrtimer kernel/time/hrtimer.c:1930 [inline] __hrtimer_run_queues+0x276/0x4f0 kernel/time/hrtimer.c:1994 hrtimer_interrupt+0x261/0x850 kernel/time/hrtimer.c:2113 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline] __sysvec_apic_timer_interrupt+0x5f/0x1c0 arch/x86/kernel/apic/apic.c:1067 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline] sysvec_apic_timer_interrupt+0x32/0x80 arch/x86/kernel/apic/apic.c:1061 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 is_atomic kernel/kcsan/core.c:249 [inline] should_watch kernel/kcsan/core.c:277 [inline] check_access kernel/kcsan/core.c:752 [inline] __tsan_read8+0xe8/0x190 kernel/kcsan/core.c:1025 blk_account_io_done+0x185/0x320 block/blk-mq.c:1084 __blk_mq_end_request_acct block/blk-mq.c:1156 [inline] __blk_mq_end_request+0x19d/0x370 block/blk-mq.c:1162 scsi_end_request+0x29c/0x4c0 drivers/scsi/scsi_lib.c:680 scsi_io_completion+0x7f/0x1d0 drivers/scsi/scsi_lib.c:1088 scsi_finish_command+0x1c7/0x1e0 drivers/scsi/scsi.c:198 scsi_complete+0x155/0x4f0 drivers/scsi/scsi_lib.c:1568 blk_complete_reqs block/blk-mq.c:1253 [inline] blk_done_softirq+0x77/0xb0 block/blk-mq.c:1258 handle_softirqs+0xb9/0x280 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0x42/0xd0 kernel/softirq.c:735 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline] sysvec_apic_timer_interrupt+0x74/0x80 arch/x86/kernel/apic/apic.c:1061 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 preempt_schedule_irq+0x28/0x50 kernel/sched/core.c:7512 raw_irqentry_exit_cond_resched+0x4b/0x60 kernel/entry/common.c:142 irqentry_exit_to_kernel_mode_preempt+0x2b/0x40 include/linux/irq-entry-common.h:476 irqentry_exit_to_kernel_mode include/linux/irq-entry-common.h:547 [inline] irqentry_exit+0x7d/0x5b0 kernel/entry/common.c:164 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:688 native_irq_enable arch/x86/include/asm/irqflags.h:-1 [inline] arch_local_irq_enable arch/x86/include/asm/irqflags.h:119 [inline] do_user_addr_fault+0x12a/0x1050 arch/x86/mm/fault.c:1279 handle_page_fault arch/x86/mm/fault.c:1474 [inline] exc_page_fault+0x62/0xa0 arch/x86/mm/fault.c:1527 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618 read to 0xffffffff86e07a00 of 8 bytes by task 8453 on cpu 0: mem_cgroup_flush_stats_ratelimited+0x29/0x50 mm/memcontrol.c:743 count_shadow_nodes+0x6a/0x250 mm/workingset.c:692 do_shrink_slab+0x63/0x660 mm/shrinker.c:382 shrink_slab_memcg mm/shrinker.c:553 [inline] shrink_slab+0x545/0x8f0 mm/shrinker.c:631 shrink_node_memcgs mm/vmscan.c:6173 [inline] shrink_node+0x6d4/0x20a0 mm/vmscan.c:6215 shrink_zones mm/vmscan.c:6454 [inline] do_try_to_free_pages+0x408/0xc90 mm/vmscan.c:6516 try_to_free_mem_cgroup_pages+0x201/0x420 mm/vmscan.c:6838 try_charge_memcg+0x373/0xa10 mm/memcontrol.c:2618 charge_memcg+0x6d/0x120 mm/memcontrol.c:5006 __mem_cgroup_charge+0x28/0xb0 mm/memcontrol.c:5023 mem_cgroup_charge include/linux/memcontrol.h:644 [inline] filemap_add_folio+0x110/0x350 mm/filemap.c:960 page_cache_ra_unbounded+0x20e/0x420 mm/readahead.c:282 do_page_cache_ra mm/readahead.c:334 [inline] page_cache_ra_order+0x153/0x220 mm/readahead.c:538 do_sync_mmap_readahead+0x33d/0x350 mm/filemap.c:3406 filemap_fault+0x369/0xb70 mm/filemap.c:3555 __do_fault mm/memory.c:5458 [inline] do_shared_fault mm/memory.c:5957 [inline] do_fault mm/memory.c:6031 [inline] do_pte_missing mm/memory.c:4550 [inline] handle_pte_fault mm/memory.c:6411 [inline] __handle_mm_fault mm/memory.c:6549 [inline] handle_mm_fault+0x1a24/0x2e70 mm/memory.c:6718 do_user_addr_fault+0x62f/0x1050 arch/x86/mm/fault.c:1334 handle_page_fault arch/x86/mm/fault.c:1474 [inline] exc_page_fault+0x62/0xa0 arch/x86/mm/fault.c:1527 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618 value changed: 0x00000000ffffcee1 -> 0x00000000ffffcee2 Reported by Kernel Concurrency Sanitizer on: CPU: 0 UID: 0 PID: 8453 Comm: syz.3.1171 Tainted: G W syzkaller #0 PREEMPT(full) Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 ==================================================================