syzbot

==================================================================
BUG: KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64

read-write to 0xffffffff86c07a00 of 8 bytes by interrupt on cpu 1:
 tick_do_update_jiffies64+0x113/0x1c0 kernel/time/tick-sched.c:118
 tick_sched_do_timer kernel/time/tick-sched.c:253 [inline]
 tick_nohz_handler+0x8d/0x3d0 kernel/time/tick-sched.c:312
 __run_hrtimer kernel/time/hrtimer.c:1930 [inline]
 __hrtimer_run_queues+0x276/0x4f0 kernel/time/hrtimer.c:1994
 hrtimer_interrupt+0x261/0x850 kernel/time/hrtimer.c:2113
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1c0 arch/x86/kernel/apic/apic.c:1067
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline]
 sysvec_apic_timer_interrupt+0x6f/0x80 arch/x86/kernel/apic/apic.c:1061
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 __folio_dup_file_rmap include/linux/rmap.h:502 [inline]
 folio_dup_file_rmap_pte include/linux/rmap.h:544 [inline]
 copy_present_ptes mm/memory.c:1176 [inline]
 copy_pte_range mm/memory.c:1304 [inline]
 copy_pmd_range mm/memory.c:1392 [inline]
 copy_pud_range mm/memory.c:1429 [inline]
 copy_p4d_range mm/memory.c:1453 [inline]
 copy_page_range+0xda5/0x32f0 mm/memory.c:1539
 dup_mmap+0x88f/0x10c0 mm/mmap.c:1840
 dup_mm kernel/fork.c:1534 [inline]
 copy_mm+0x119/0x370 kernel/fork.c:1586
 copy_process+0x1087/0x2370 kernel/fork.c:2264
 kernel_clone+0x1a5/0x5e0 kernel/fork.c:2721
 __do_sys_clone kernel/fork.c:2862 [inline]
 __se_sys_clone kernel/fork.c:2846 [inline]
 __x64_sys_clone+0x143/0x180 kernel/fork.c:2846
 x64_sys_call+0x1222/0x3020 arch/x86/include/generated/asm/syscalls_64.h:57
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffffff86c07a00 of 8 bytes by task 7070 on cpu 0:
 mem_cgroup_flush_stats_ratelimited+0x29/0x50 mm/memcontrol.c:743
 count_shadow_nodes+0x6a/0x250 mm/workingset.c:692
 do_shrink_slab+0x63/0x660 mm/shrinker.c:382
 shrink_slab_memcg mm/shrinker.c:553 [inline]
 shrink_slab+0x545/0x8f0 mm/shrinker.c:631
 shrink_node_memcgs mm/vmscan.c:6173 [inline]
 shrink_node+0x6d4/0x20a0 mm/vmscan.c:6215
 shrink_zones mm/vmscan.c:6454 [inline]
 do_try_to_free_pages+0x408/0xc90 mm/vmscan.c:6516
 try_to_free_mem_cgroup_pages+0x201/0x420 mm/vmscan.c:6838
 try_charge_memcg+0x373/0xa10 mm/memcontrol.c:2627
 obj_cgroup_charge_pages mm/memcontrol.c:3069 [inline]
 __memcg_kmem_charge_page+0x1ce/0x3d0 mm/memcontrol.c:3113
 __alloc_frozen_pages_noprof+0x18a/0x350 mm/page_alloc.c:5243
 alloc_pages_mpol+0xb3/0x260 mm/mempolicy.c:2490
 alloc_frozen_pages_noprof mm/mempolicy.c:2561 [inline]
 alloc_pages_noprof+0x8f/0x140 mm/mempolicy.c:2581
 vm_area_alloc_pages mm/vmalloc.c:3728 [inline]
 __vmalloc_area_node mm/vmalloc.c:3878 [inline]
 __vmalloc_node_range_noprof+0xaed/0x11c0 mm/vmalloc.c:4064
 __bpf_map_area_alloc kernel/bpf/syscall.c:404 [inline]
 bpf_map_area_alloc+0xfa/0x140 kernel/bpf/syscall.c:411
 bloom_map_alloc+0x1b8/0x2c0 kernel/bpf/bloom_filter.c:146
 map_create+0x862/0xda0 kernel/bpf/syscall.c:1500
 __sys_bpf+0x5c8/0x7e0 kernel/bpf/syscall.c:6230
 __do_sys_bpf kernel/bpf/syscall.c:6361 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:6359 [inline]
 __x64_sys_bpf+0x41/0x50 kernel/bpf/syscall.c:6359
 x64_sys_call+0x10cb/0x3020 arch/x86/include/generated/asm/syscalls_64.h:322
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00000000ffffbdb9 -> 0x00000000ffffbdba

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 7070 Comm: syz.1.944 Tainted: G        W           syzkaller #0 PREEMPT(full) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
==================================================================