page: refcount:5 mapcount:0 mapping:ffff888043bd9710 index:0x5d pfn:0x5399b memcg:ffff88801c6ce000 aops:btrfs_aops ino:104 dentry name(?):"file1" flags: 0x4fff4000000402b(locked|uptodate|lru|private|writeback|node=1|zone=1|lastcpupid=0x7ff) raw: 04fff4000000402b ffffea00014e6688 ffffea00014e6708 ffff888043bd9710 raw: 000000000000005d 0000000000000001 00000005ffffffff ffff88801c6ce000 page dumped because: VM_BUG_ON_FOLIO(folio_test_writeback(folio)) page_owner tracks the page as allocated page last allocated via order 0, migratetype Movable, gfp_mask 0x141c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE|__GFP_WRITE), pid 5320, tgid 5319 (syz.0.0), ts 81849834167, free_ts 80911169372 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1556 prep_new_page mm/page_alloc.c:1564 [inline] get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3474 __alloc_pages_noprof+0x292/0x710 mm/page_alloc.c:4751 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265 alloc_pages_noprof mm/mempolicy.c:2344 [inline] folio_alloc_noprof+0x128/0x180 mm/mempolicy.c:2351 filemap_alloc_folio_noprof+0xdf/0x500 mm/filemap.c:1009 __filemap_get_folio+0x446/0xbd0 mm/filemap.c:1951 prepare_one_folio+0xb6/0xa20 fs/btrfs/file.c:906 btrfs_buffered_write+0x6bd/0x1150 fs/btrfs/file.c:1233 btrfs_direct_write+0x52d/0xa30 fs/btrfs/direct-io.c:951 btrfs_do_write_iter+0x2a0/0x760 fs/btrfs/file.c:1396 do_iter_readv_writev+0x600/0x880 vfs_writev+0x376/0xba0 fs/read_write.c:1050 do_pwritev fs/read_write.c:1146 [inline] __do_sys_pwritev2 fs/read_write.c:1204 [inline] __se_sys_pwritev2+0x196/0x2b0 fs/read_write.c:1195 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5320 tgid 5319 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1127 [inline] free_unref_folios+0xf62/0x1a90 mm/page_alloc.c:2704 folios_put_refs+0x76c/0x860 mm/swap.c:962 folio_batch_release include/linux/pagevec.h:101 [inline] shmem_undo_range+0x64c/0x1cf0 mm/shmem.c:1040 shmem_truncate_range mm/shmem.c:1152 [inline] shmem_evict_inode+0x29b/0xa80 mm/shmem.c:1280 evict+0x4e8/0x9a0 fs/inode.c:796 __dentry_kill+0x20d/0x630 fs/dcache.c:625 dput+0x19f/0x2b0 fs/dcache.c:867 __fput+0x5ba/0xa50 fs/file_table.c:458 task_work_run+0x24f/0x310 kernel/task_work.c:239 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f ------------[ cut here ]------------ kernel BUG at mm/page-writeback.c:3126! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 0 UID: 0 PID: 1030 Comm: kworker/u4:4 Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Workqueue: btrfs-delalloc btrfs_work_helper RIP: 0010:__folio_start_writeback+0xbf6/0x1040 mm/page-writeback.c:3126 Code: 25 ff 0f 00 00 0f 84 d3 00 00 00 e8 e4 bb c3 ff e9 ca f5 ff ff e8 da bb c3 ff 4c 89 f7 48 c7 c6 80 b9 13 8c e8 db 20 10 00 90 <0f> 0b e8 c3 bb c3 ff 4c 89 f7 48 c7 c6 e0 bd 13 8c e8 c4 20 10 00 RSP: 0018:ffffc90002497500 EFLAGS: 00010246 RAX: e295f10c63c91d00 RBX: 0000000000000002 RCX: 0000000000000001 RDX: dffffc0000000000 RSI: ffffffff8c0a9680 RDI: 0000000000000001 RBP: ffffc90002497670 R08: ffffffff942b898f R09: 1ffffffff2857131 R10: dffffc0000000000 R11: fffffbfff2857132 R12: 0000000000000000 R13: 1ffff92000492eac R14: ffffea00014e66c0 R15: ffff888043bd9710 FS: 0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055985b643c68 CR3: 0000000011dd2000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: process_one_folio fs/btrfs/extent_io.c:187 [inline] __process_folios_contig+0x31c/0x540 fs/btrfs/extent_io.c:216 submit_one_async_extent fs/btrfs/inode.c:1229 [inline] submit_compressed_extents+0xdb3/0x16e0 fs/btrfs/inode.c:1632 run_ordered_work fs/btrfs/async-thread.c:245 [inline] btrfs_work_helper+0x56b/0xc40 fs/btrfs/async-thread.c:324 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:__folio_start_writeback+0xbf6/0x1040 mm/page-writeback.c:3126 Code: 25 ff 0f 00 00 0f 84 d3 00 00 00 e8 e4 bb c3 ff e9 ca f5 ff ff e8 da bb c3 ff 4c 89 f7 48 c7 c6 80 b9 13 8c e8 db 20 10 00 90 <0f> 0b e8 c3 bb c3 ff 4c 89 f7 48 c7 c6 e0 bd 13 8c e8 c4 20 10 00 RSP: 0018:ffffc90002497500 EFLAGS: 00010246 RAX: e295f10c63c91d00 RBX: 0000000000000002 RCX: 0000000000000001 RDX: dffffc0000000000 RSI: ffffffff8c0a9680 RDI: 0000000000000001 RBP: ffffc90002497670 R08: ffffffff942b898f R09: 1ffffffff2857131 R10: dffffc0000000000 R11: fffffbfff2857132 R12: 0000000000000000 R13: 1ffff92000492eac R14: ffffea00014e66c0 R15: ffff888043bd9710 FS: 0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055985b643c68 CR3: 000000001ee4e000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400