==================================================================
BUG: KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64

read-write to 0xffffffff868099c0 of 8 bytes by interrupt on cpu 1:
 tick_do_update_jiffies64+0x113/0x1c0 kernel/time/tick-sched.c:118
 tick_sched_do_timer kernel/time/tick-sched.c:232 [inline]
 tick_nohz_handler+0x7f/0x2d0 kernel/time/tick-sched.c:290
 __run_hrtimer kernel/time/hrtimer.c:1761 [inline]
 __hrtimer_run_queues+0x20c/0x5a0 kernel/time/hrtimer.c:1825
 hrtimer_interrupt+0x21a/0x460 kernel/time/hrtimer.c:1887
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1039 [inline]
 __sysvec_apic_timer_interrupt+0x5c/0x1d0 arch/x86/kernel/apic/apic.c:1056
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 sysvec_apic_timer_interrupt+0x6f/0x80 arch/x86/kernel/apic/apic.c:1050
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
 finish_task_switch+0xb6/0x2b0 kernel/sched/core.c:5225
 context_switch kernel/sched/core.c:5360 [inline]
 __schedule+0x6b9/0xb30 kernel/sched/core.c:6961
 preempt_schedule_common kernel/sched/core.c:7145 [inline]
 __cond_resched+0x4e/0x90 kernel/sched/core.c:7490
 might_resched include/linux/kernel.h:61 [inline]
 might_alloc include/linux/sched/mm.h:321 [inline]
 prepare_alloc_pages mm/page_alloc.c:4916 [inline]
 __alloc_frozen_pages_noprof+0xf5/0x360 mm/page_alloc.c:5137
 alloc_pages_mpol+0xb3/0x250 mm/mempolicy.c:2416
 folio_alloc_mpol_noprof mm/mempolicy.c:2435 [inline]
 vma_alloc_folio_noprof+0x1aa/0x300 mm/mempolicy.c:2470
 folio_prealloc mm/memory.c:-1 [inline]
 wp_page_copy mm/memory.c:3552 [inline]
 do_wp_page+0x5db/0x24e0 mm/memory.c:4013
 handle_pte_fault mm/memory.c:6068 [inline]
 __handle_mm_fault mm/memory.c:6195 [inline]
 handle_mm_fault+0x77d/0x2c20 mm/memory.c:6364
 do_user_addr_fault+0x3fe/0x1090 arch/x86/mm/fault.c:1387
 handle_page_fault arch/x86/mm/fault.c:1476 [inline]
 exc_page_fault+0x62/0xa0 arch/x86/mm/fault.c:1532
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
 rep_movs_alternative+0x4a/0x90 arch/x86/lib/copy_user_64.S:68
 copy_user_generic arch/x86/include/asm/uaccess_64.h:126 [inline]
 raw_copy_to_user arch/x86/include/asm/uaccess_64.h:147 [inline]
 copy_to_user_iter lib/iov_iter.c:25 [inline]
 iterate_ubuf include/linux/iov_iter.h:30 [inline]
 iterate_and_advance2 include/linux/iov_iter.h:300 [inline]
 iterate_and_advance include/linux/iov_iter.h:328 [inline]
 _copy_to_iter+0x13e/0xe30 lib/iov_iter.c:185
 copy_to_iter include/linux/uio.h:220 [inline]
 simple_copy_to_iter net/core/datagram.c:521 [inline]
 __skb_datagram_iter+0x2f4/0x690 net/core/datagram.c:435
 skb_copy_datagram_iter+0x3d/0x110 net/core/datagram.c:535
 skb_copy_datagram_msg include/linux/skbuff.h:4144 [inline]
 unix_stream_read_actor+0x43/0x70 net/unix/af_unix.c:3135
 unix_stream_read_generic+0x6b1/0x1580 net/unix/af_unix.c:3058
 unix_stream_recvmsg+0xc3/0xf0 net/unix/af_unix.c:3172
 sock_recvmsg_nosec net/socket.c:1065 [inline]
 sock_recvmsg+0x136/0x170 net/socket.c:1087
 ____sys_recvmsg+0xf5/0x280 net/socket.c:2834
 ___sys_recvmsg+0x11f/0x370 net/socket.c:2876
 __sys_recvmsg net/socket.c:2909 [inline]
 __do_sys_recvmsg net/socket.c:2915 [inline]
 __se_sys_recvmsg net/socket.c:2912 [inline]
 __x64_sys_recvmsg+0xd1/0x160 net/socket.c:2912
 x64_sys_call+0x2b42/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:48
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffffff868099c0 of 8 bytes by task 3694 on cpu 0:
 mem_cgroup_flush_stats_ratelimited+0x29/0x70 mm/memcontrol.c:634
 count_shadow_nodes+0x6a/0x230 mm/workingset.c:678
 do_shrink_slab+0x60/0x680 mm/shrinker.c:384
 shrink_slab_memcg mm/shrinker.c:550 [inline]
 shrink_slab+0x448/0x760 mm/shrinker.c:628
 shrink_node_memcgs mm/vmscan.c:6053 [inline]
 shrink_node+0x6c3/0x2120 mm/vmscan.c:6092
 shrink_zones mm/vmscan.c:6336 [inline]
 do_try_to_free_pages+0x3f6/0xcd0 mm/vmscan.c:6398
 try_to_free_mem_cgroup_pages+0x1ab/0x410 mm/vmscan.c:6726
 try_charge_memcg+0x358/0x9e0 mm/memcontrol.c:2357
 try_charge mm/memcontrol.c:2499 [inline]
 charge_memcg+0x51/0xc0 mm/memcontrol.c:4702
 mem_cgroup_swapin_charge_folio+0xcc/0x150 mm/memcontrol.c:4788
 __read_swap_cache_async+0x1df/0x350 mm/swap_state.c:441
 swap_cluster_readahead+0x277/0x3e0 mm/swap_state.c:613
 swapin_readahead+0xde/0x6f0 mm/swap_state.c:811
 do_swap_page+0x301/0x2430 mm/memory.c:4586
 handle_pte_fault mm/memory.c:6055 [inline]
 __handle_mm_fault mm/memory.c:6195 [inline]
 handle_mm_fault+0x9a5/0x2c20 mm/memory.c:6364
 do_user_addr_fault+0x636/0x1090 arch/x86/mm/fault.c:1336
 handle_page_fault arch/x86/mm/fault.c:1476 [inline]
 exc_page_fault+0x62/0xa0 arch/x86/mm/fault.c:1532
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623

value changed: 0x00000000ffffbd2f -> 0x00000000ffffbd30

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 3694 Comm: syz-executor Not tainted 6.16.0-syzkaller-11105-ga6923c06a3b2 #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
==================================================================