kernel BUG in folio_clear_dirty_for

BTRFS error (device loop0): bdev /dev/loop0 errs: wr 1, rd 0, flush 0, corrupt 0, gen 0
BTRFS error (device loop0): bdev /dev/loop0 errs: wr 2, rd 0, flush 0, corrupt 0, gen 0
BTRFS error (device loop0): bdev /dev/loop0 errs: wr 3, rd 0, flush 0, corrupt 0, gen 0
BTRFS error (device loop0): bdev /dev/loop0 errs: wr 4, rd 0, flush 0, corrupt 0, gen 0
BTRFS error (device loop0): bdev /dev/loop0 errs: wr 5, rd 0, flush 0, corrupt 0, gen 0
BTRFS error (device loop0): bdev /dev/loop0 errs: wr 6, rd 0, flush 0, corrupt 0, gen 0
BTRFS error (device loop0): bdev /dev/loop0 errs: wr 7, rd 0, flush 0, corrupt 0, gen 0
BTRFS error (device loop0): bdev /dev/loop0 errs: wr 8, rd 0, flush 0, corrupt 0, gen 0
BTRFS error (device loop0): bdev /dev/loop0 errs: wr 9, rd 0, flush 0, corrupt 0, gen 0
BTRFS error (device loop0): bdev /dev/loop0 errs: wr 10, rd 0, flush 0, corrupt 0, gen 0
page: refcount:4 mapcount:0 mapping:ffff888044713108 index:0x14e pfn:0x55885
memcg:ffff888034358000
aops:btrfs_aops ino:102
flags: 0x4fff20000004038(uptodate|dirty|lru|private|node=1|zone=1|lastcpupid=0x7ff)
raw: 04fff20000004038 ffffea0001562188 ffffea0001562108 ffff888044713108
raw: 000000000000014e 0000000000000001 00000004ffffffff ffff888034358000
page dumped because: VM_BUG_ON_FOLIO(!folio_test_locked(folio))
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Movable, gfp_mask 0x152c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_MOVABLE|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 5324, tgid 5323 (syz.0.0), ts 70924079644, free_ts 70905815201
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x1f4/0x240 mm/page_alloc.c:1717
 prep_new_page mm/page_alloc.c:1725 [inline]
 get_page_from_freelist+0x352b/0x36c0 mm/page_alloc.c:3652
 __alloc_frozen_pages_noprof+0x211/0x5b0 mm/page_alloc.c:4934
 alloc_pages_mpol+0x339/0x690 mm/mempolicy.c:2301
 alloc_frozen_pages_noprof mm/mempolicy.c:2372 [inline]
 alloc_pages_noprof+0x121/0x190 mm/mempolicy.c:2392
 folio_alloc_noprof+0x1e/0x30 mm/mempolicy.c:2402
 filemap_alloc_folio_noprof+0xe4/0x550 mm/filemap.c:1007
 ractl_alloc_folio mm/readahead.c:186 [inline]
 page_cache_ra_unbounded+0x36b/0x820 mm/readahead.c:270
 page_cache_sync_readahead include/linux/pagemap.h:1373 [inline]
 relocate_one_folio fs/btrfs/relocation.c:2842 [inline]
 relocate_file_extent_cluster+0x71f/0x1750 fs/btrfs/relocation.c:2998
 relocate_data_extent+0x1b0/0x6b0 fs/btrfs/relocation.c:3015
 relocate_block_group+0x892/0xd50 fs/btrfs/relocation.c:3628
 btrfs_relocate_block_group+0x777/0xd80 fs/btrfs/relocation.c:4011
 btrfs_relocate_chunk+0x12c/0x3b0 fs/btrfs/volumes.c:3511
 __btrfs_balance+0x1a93/0x25e0 fs/btrfs/volumes.c:4292
 btrfs_balance+0xbde/0x10c0 fs/btrfs/volumes.c:4669
 btrfs_ioctl_balance+0x3f5/0x660 fs/btrfs/ioctl.c:3586
page last free pid 5325 tgid 5323 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1262 [inline]
 free_unref_folios+0xe0e/0x17f0 mm/page_alloc.c:2737
 folios_put_refs+0x70a/0x800 mm/swap.c:992
 folio_batch_release include/linux/pagevec.h:101 [inline]
 shmem_undo_range+0x595/0x1820 mm/shmem.c:1125
 shmem_truncate_range mm/shmem.c:1237 [inline]
 shmem_evict_inode+0x29d/0xa80 mm/shmem.c:1365
 evict+0x4f9/0x9b0 fs/inode.c:810
 __dentry_kill+0x20d/0x630 fs/dcache.c:660
 dput+0x19f/0x2b0 fs/dcache.c:902
 __fput+0x60b/0x9f0 fs/file_table.c:473
 fput_close_sync+0x1ef/0x270 fs/file_table.c:570
 __do_sys_close fs/open.c:1581 [inline]
 __se_sys_close fs/open.c:1566 [inline]
 __x64_sys_close+0x7f/0x110 fs/open.c:1566
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
------------[ cut here ]------------
kernel BUG at mm/page-writeback.c:2955!
Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 47 Comm: kworker/u4:3 Not tainted 6.15.0-rc1-syzkaller-00173-g0c7cae12f67c #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: events_unbound btrfs_async_reclaim_metadata_space
RIP: 0010:folio_clear_dirty_for_io+0x94d/0x9b0 mm/page-writeback.c:2955
Code: 84 c2 ff 4c 89 ff 48 c7 c6 80 44 54 8c e8 5b cc 0e 00 90 0f 0b e8 c3 84 c2 ff 4c 89 ff 48 c7 c6 60 40 54 8c e8 44 cc 0e 00 90 <0f> 0b e8 7c d0 2f 0a e8 a7 84 c2 ff 4c 89 ff 48 c7 c6 80 44 54 8c
RSP: 0018:ffffc9000062e780 EFLAGS: 00010246
RAX: 46e87d967b26cc00 RBX: 04fff20000004038 RCX: ffffffff9368a020
RDX: dffffc0000000000 RSI: ffffffff8e69c715 RDI: 0000000000000001
RBP: ffffc9000062e870 R08: ffffffff905fe077 R09: 1ffffffff20bfc0e
R10: dffffc0000000000 R11: fffffbfff20bfc0f R12: ffff888044713108
R13: ffffea0001562148 R14: ffffffff9368a020 R15: ffffea0001562140
FS:  0000000000000000(0000) GS:ffff88808c596000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055966ec11078 CR3: 0000000011f22000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 process_one_folio fs/btrfs/extent_io.c:186 [inline]
 __process_folios_contig+0x2ff/0x540 fs/btrfs/extent_io.c:215
 run_delalloc_nocow+0x1583/0x1a60 fs/btrfs/inode.c:2299
 writepage_delalloc+0xc7e/0x1430 fs/btrfs/extent_io.c:1426
 extent_writepage fs/btrfs/extent_io.c:1757 [inline]
 extent_write_cache_pages fs/btrfs/extent_io.c:2422 [inline]
 btrfs_writepages+0x1555/0x25f0 fs/btrfs/extent_io.c:2555
 do_writepages+0x364/0x890 mm/page-writeback.c:2656
 filemap_fdatawrite_wbc+0xde/0x140 mm/filemap.c:386
 start_delalloc_inodes+0x7d5/0xc80 fs/btrfs/inode.c:8576
 btrfs_start_delalloc_roots+0x72c/0xab0 fs/btrfs/inode.c:8653
 shrink_delalloc fs/btrfs/space-info.c:680 [inline]
 flush_space+0x69e/0xd30 fs/btrfs/space-info.c:790
 btrfs_async_reclaim_metadata_space+0x178/0x3b0 fs/btrfs/space-info.c:1120
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xac3/0x18e0 kernel/workqueue.c:3319
 worker_thread+0x870/0xd50 kernel/workqueue.c:3400
 kthread+0x7b7/0x940 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:folio_clear_dirty_for_io+0x94d/0x9b0 mm/page-writeback.c:2955
Code: 84 c2 ff 4c 89 ff 48 c7 c6 80 44 54 8c e8 5b cc 0e 00 90 0f 0b e8 c3 84 c2 ff 4c 89 ff 48 c7 c6 60 40 54 8c e8 44 cc 0e 00 90 <0f> 0b e8 7c d0 2f 0a e8 a7 84 c2 ff 4c 89 ff 48 c7 c6 80 44 54 8c
RSP: 0018:ffffc9000062e780 EFLAGS: 00010246
RAX: 46e87d967b26cc00 RBX: 04fff20000004038 RCX: ffffffff9368a020
RDX: dffffc0000000000 RSI: ffffffff8e69c715 RDI: 0000000000000001
RBP: ffffc9000062e870 R08: ffffffff905fe077 R09: 1ffffffff20bfc0e
R10: dffffc0000000000 R11: fffffbfff20bfc0f R12: ffff888044713108
R13: ffffea0001562148 R14: ffffffff9368a020 R15: ffffea0001562140
FS:  0000000000000000(0000) GS:ffff88808c596000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055966ec11078 CR3: 0000000012592000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2025/04/11 07:40	upstream	0c7cae12f67c	94486846	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	kernel BUG in folio_clear_dirty_for_io
2025/04/11 07:39	upstream	0c7cae12f67c	94486846	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	kernel BUG in folio_clear_dirty_for_io