syzbot

 sign-in | mailing list | source | docs
🐞 Open [1459]
Subsystems
🐞 Fixed [6838]
🐞 Invalid [17730]
Missing Backports [227]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

kernel BUG in submit_compressed_extents

Status: upstream: reported on 2025/12/27 19:03
Subsystems: btrfs
[Documentation on labels]
Reported-by: syzbot+6bcfce568a4af2a909bc@syzkaller.appspotmail.com
First crash: 15d, last: 15d
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [btrfs?] kernel BUG in submit_compressed_extents 0 (1) 2025/12/27 19:03

Sample crash report:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6a1
head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0x7ff00000000040(head|node=0|zone=0|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 007ff00000000001 ffffea000001a801 00000000ffffffff 00000000ffffffff
raw: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
head: 007ff00000000040 ffff888040d47dc0 dead000000000122 0000000000000000
head: 0000000000000000 00000000800a000a 00000000f5000000 0000000000000000
head: 007ff00000000001 ffffea000001a801 00000000ffffffff 00000000ffffffff
head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
page dumped because: VM_BUG_ON_PAGE(page->compound_head & 1)
page_owner tracks the page as allocated
page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd2800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2676, tgid 2676 (kworker/u4:12), ts 86875534140, free_ts 86855865505
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x234/0x290 mm/page_alloc.c:1846
 prep_new_page mm/page_alloc.c:1854 [inline]
 get_page_from_freelist+0x24e0/0x2580 mm/page_alloc.c:3915
 __alloc_frozen_pages_noprof+0x181/0x370 mm/page_alloc.c:5210
 alloc_pages_mpol+0x232/0x4a0 mm/mempolicy.c:2486
 alloc_slab_page mm/slub.c:3075 [inline]
 allocate_slab+0x86/0x3b0 mm/slub.c:3248
 new_slab mm/slub.c:3302 [inline]
 ___slab_alloc+0xe53/0x1820 mm/slub.c:4656
 __slab_alloc+0x65/0x100 mm/slub.c:4779
 __slab_alloc_node mm/slub.c:4855 [inline]
 slab_alloc_node mm/slub.c:5251 [inline]
 kmem_cache_alloc_noprof+0x40f/0x710 mm/slub.c:5270
 mempool_alloc_noprof+0x1c9/0x2f0 mm/mempool.c:567
 bio_alloc_bioset+0x337/0x14e0 block/bio.c:561
 alloc_compressed_bio fs/btrfs/compression.c:68 [inline]
 btrfs_submit_compressed_write+0x16f/0x430 fs/btrfs/compression.c:382
 submit_one_async_extent fs/btrfs/inode.c:1188 [inline]
 submit_compressed_extents+0xe7a/0x1670 fs/btrfs/inode.c:1599
 run_ordered_work fs/btrfs/async-thread.c:243 [inline]
 btrfs_work_helper+0x564/0xbf0 fs/btrfs/async-thread.c:322
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0xad1/0x1770 kernel/workqueue.c:3340
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3421
 kthread+0x711/0x8a0 kernel/kthread.c:463
page last free pid 78 tgid 78 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1395 [inline]
 free_unref_folios+0xdb3/0x14f0 mm/page_alloc.c:3000
 shrink_folio_list+0x4800/0x5010 mm/vmscan.c:1603
 evict_folios+0x473e/0x57f0 mm/vmscan.c:4711
 try_to_shrink_lruvec+0x8a3/0xb50 mm/vmscan.c:4874
 shrink_one+0x25c/0x720 mm/vmscan.c:4919
 shrink_many mm/vmscan.c:4982 [inline]
 lru_gen_shrink_node mm/vmscan.c:5060 [inline]
 shrink_node+0x2f7d/0x35b0 mm/vmscan.c:6047
 kswapd_shrink_node mm/vmscan.c:6901 [inline]
 balance_pgdat mm/vmscan.c:7084 [inline]
 kswapd+0x145a/0x2820 mm/vmscan.c:7354
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
------------[ cut here ]------------
kernel BUG at ./include/linux/page-flags.h:351!
Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 2676 Comm: kworker/u4:12 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: btrfs-delalloc btrfs_work_helper
RIP: 0010:const_folio_flags include/linux/page-flags.h:351 [inline]
RIP: 0010:folio_test_head include/linux/page-flags.h:844 [inline]
RIP: 0010:folio_test_large include/linux/page-flags.h:865 [inline]
RIP: 0010:folio_order include/linux/mm.h:1246 [inline]
RIP: 0010:folio_size include/linux/mm.h:2354 [inline]
RIP: 0010:submit_one_async_extent fs/btrfs/inode.c:1128 [inline]
RIP: 0010:submit_compressed_extents+0x161a/0x1670 fs/btrfs/inode.c:1599
Code: 8c 9d 53 fe 4d 8b 1e 4c 89 ff 2e 2e 2e 41 ff d3 e9 d6 fd ff ff e8 96 f2 eb fd 4c 89 ef 48 c7 c6 00 a6 af 8b e8 07 f4 52 fd 90 <0f> 0b e8 7f f2 eb fd 48 c7 c7 40 93 af 8b 48 c7 c6 e0 a8 af 8b 31
RSP: 0018:ffffc9000ff4f7e0 EFLAGS: 00010246
RAX: b7630c6330986b00 RBX: 0000000000000001 RCX: 0000000000000000
RDX: 0000000000000006 RSI: ffffffff8d798217 RDI: 00000000ffffffff
RBP: ffffc9000ff4f9d0 R08: ffffffff8f824277 R09: 1ffffffff1f0484e
R10: dffffc0000000000 R11: fffffbfff1f0484f R12: ffffffffffffffff
R13: ffffea000001a840 R14: 0000000000005000 R15: ffff888036c31410
FS:  0000000000000000(0000) GS:ffff88808d416000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc38501a000 CR3: 00000000110e3000 CR4: 0000000000352ef0
Call Trace:
 <TASK>
 run_ordered_work fs/btrfs/async-thread.c:243 [inline]
 btrfs_work_helper+0x564/0xbf0 fs/btrfs/async-thread.c:322
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0xad1/0x1770 kernel/workqueue.c:3340
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3421
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:const_folio_flags include/linux/page-flags.h:351 [inline]
RIP: 0010:folio_test_head include/linux/page-flags.h:844 [inline]
RIP: 0010:folio_test_large include/linux/page-flags.h:865 [inline]
RIP: 0010:folio_order include/linux/mm.h:1246 [inline]
RIP: 0010:folio_size include/linux/mm.h:2354 [inline]
RIP: 0010:submit_one_async_extent fs/btrfs/inode.c:1128 [inline]
RIP: 0010:submit_compressed_extents+0x161a/0x1670 fs/btrfs/inode.c:1599
Code: 8c 9d 53 fe 4d 8b 1e 4c 89 ff 2e 2e 2e 41 ff d3 e9 d6 fd ff ff e8 96 f2 eb fd 4c 89 ef 48 c7 c6 00 a6 af 8b e8 07 f4 52 fd 90 <0f> 0b e8 7f f2 eb fd 48 c7 c7 40 93 af 8b 48 c7 c6 e0 a8 af 8b 31
RSP: 0018:ffffc9000ff4f7e0 EFLAGS: 00010246
RAX: b7630c6330986b00 RBX: 0000000000000001 RCX: 0000000000000000
RDX: 0000000000000006 RSI: ffffffff8d798217 RDI: 00000000ffffffff
RBP: ffffc9000ff4f9d0 R08: ffffffff8f824277 R09: 1ffffffff1f0484e
R10: dffffc0000000000 R11: fffffbfff1f0484f R12: ffffffffffffffff
R13: ffffea000001a840 R14: 0000000000005000 R15: ffff888036c31410
FS:  0000000000000000(0000) GS:ffff88808d416000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc38501a000 CR3: 00000000373f0000 CR4: 0000000000352ef0

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/12/23 18:58 upstream b927546677c8 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root kernel BUG in submit_compressed_extents
* Struck through repros no longer work on HEAD.