syzbot

 sign-in | mailing list | source | docs
🐞 Open [1405]
Subsystems
🐞 Fixed [7005]
🐞 Invalid [18254]
Missing Backports [223]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

BUG: corrupted list in btrfs_free_compr_folio

Status: upstream: reported on 2026/03/16 13:40
Subsystems: btrfs
[Documentation on labels]
Reported-by: syzbot+3c4d8371d65230f852a2@syzkaller.appspotmail.com
Fix commit: btrfs: zlib: handle page aligned compressed size correctly
Patched on: [], missing on: [ci-qemu-gce-upstream-auto ci-qemu-native-arm64-kvm ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci-upstream-rust-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb]
First crash: 7d05h, last: 5h00m
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [btrfs?] BUG: corrupted list in btrfs_free_compr_folio 2 (3) 2026/03/18 22:05

Sample crash report:
list_add double add: new=ffffea0000d2aec8, prev=ffffffff9a43a9c8, next=ffffea0000d2aec8.
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:37!
Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 108 Comm: kworker/u4:5 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
Workqueue: btrfs-delalloc btrfs_work_helper
RIP: 0010:__list_add_valid_or_report+0xa5/0x130 lib/list_debug.c:35
Code: 74 12 b0 01 5b 41 5c 41 5d 41 5e 41 5f 5d e9 52 b8 f8 06 cc 48 c7 c7 e0 db 27 8c 4c 89 fe 4c 89 f2 48 89 d9 e8 9c 3b 6d fc 90 <0f> 0b 48 c7 c7 c0 d9 27 8c e8 8d 3b 6d fc 90 0f 0b 48 c7 c7 80 da
RSP: 0018:ffffc900013bf800 EFLAGS: 00010246
RAX: 0000000000000058 RBX: ffffea0000d2aec8 RCX: 96feae64ec652500
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 1ffffd40001a55da R08: ffffc900013bf587 R09: 1ffff92000277eb0
R10: dffffc0000000000 R11: fffff52000277eb1 R12: 1ffffffff3487539
R13: dffffc0000000000 R14: ffffffff9a43a9c8 R15: ffffea0000d2aec8
FS:  0000000000000000(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff69224a08 CR3: 000000001265c000 CR4: 0000000000352ef0
Call Trace:
 <TASK>
 __list_add_valid include/linux/list.h:96 [inline]
 __list_add include/linux/list.h:158 [inline]
 list_add include/linux/list.h:177 [inline]
 btrfs_free_compr_folio+0x1e1/0x340 fs/btrfs/compression.c:218
 cleanup_compressed_bio fs/btrfs/compression.h:150 [inline]
 btrfs_compress_bio+0x35a/0x6b0 fs/btrfs/compression.c:1047
 compress_file_range+0x8df/0x19b0 fs/btrfs/inode.c:1023
 btrfs_work_helper+0x38c/0xc80 fs/btrfs/async-thread.c:312
 process_one_work kernel/workqueue.c:3276 [inline]
 process_scheduled_works+0xb6e/0x18c0 kernel/workqueue.c:3359
 worker_thread+0xa53/0xfc0 kernel/workqueue.c:3440
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__list_add_valid_or_report+0xa5/0x130 lib/list_debug.c:35
Code: 74 12 b0 01 5b 41 5c 41 5d 41 5e 41 5f 5d e9 52 b8 f8 06 cc 48 c7 c7 e0 db 27 8c 4c 89 fe 4c 89 f2 48 89 d9 e8 9c 3b 6d fc 90 <0f> 0b 48 c7 c7 c0 d9 27 8c e8 8d 3b 6d fc 90 0f 0b 48 c7 c7 80 da
RSP: 0018:ffffc900013bf800 EFLAGS: 00010246
RAX: 0000000000000058 RBX: ffffea0000d2aec8 RCX: 96feae64ec652500
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 1ffffd40001a55da R08: ffffc900013bf587 R09: 1ffff92000277eb0
R10: dffffc0000000000 R11: fffff52000277eb1 R12: 1ffffffff3487539
R13: dffffc0000000000 R14: ffffffff9a43a9c8 R15: ffffea0000d2aec8
FS:  0000000000000000(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff69224a08 CR3: 000000001265c000 CR4: 0000000000352ef0

Crashes (13):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/03/19 13:47 upstream 8a30aeb0d1b4 0291cd06 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root BUG: corrupted list in btrfs_free_compr_folio
2026/03/18 00:58 upstream f0caa1d49cc0 c8810548 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root BUG: corrupted list in btrfs_free_compr_folio
2026/03/17 12:24 upstream 2d1373e4246d c01bca74 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root BUG: corrupted list in btrfs_free_compr_folio
2026/03/17 10:53 upstream 2d1373e4246d c01bca74 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root BUG: corrupted list in btrfs_free_compr_folio
2026/03/17 10:13 upstream 2d1373e4246d c01bca74 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root BUG: corrupted list in btrfs_free_compr_folio
2026/03/17 10:10 upstream 2d1373e4246d c01bca74 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root BUG: corrupted list in btrfs_free_compr_folio
2026/03/16 11:22 upstream f338e7738378 64e21424 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root BUG: corrupted list in btrfs_free_compr_folio
2026/03/15 11:49 upstream 267594792a71 ee8d34d6 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root BUG: corrupted list in btrfs_free_compr_folio
2026/03/15 10:59 upstream 267594792a71 ee8d34d6 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root BUG: corrupted list in btrfs_free_compr_folio
2026/03/15 10:55 upstream 267594792a71 ee8d34d6 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root BUG: corrupted list in btrfs_free_compr_folio
2026/03/14 05:40 upstream 1c9982b49613 ee8d34d6 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root BUG: corrupted list in btrfs_free_compr_folio
2026/03/13 17:19 upstream 0257f64bdac7 351cb5cf .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root BUG: corrupted list in btrfs_free_compr_folio
2026/03/12 13:35 upstream 80234b5ab240 4efadf07 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root BUG: corrupted list in btrfs_free_compr_folio
* Struck through repros no longer work on HEAD.