* [syzbot] [btrfs?] WARNING in btrfs_commit_transaction (2)
@ 2023-04-06 2:24 syzbot
2023-05-23 22:50 ` syzbot
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: syzbot @ 2023-04-06 2:24 UTC (permalink / raw)
To: clm, dsterba, josef, linux-btrfs, linux-fsdevel, linux-kernel,
syzkaller-bugs
Hello,
syzbot found the following issue on:
HEAD commit: 00c7b5f4ddc5 Merge tag 'input-for-v6.3-rc4' of git://git.k..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=138b98c9c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=e626f76ad59b1c14
dashboard link: https://syzkaller.appspot.com/bug?extid=dafbca0e20fbc5946925
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/4738db235f4a/disk-00c7b5f4.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/db62da5dcb6b/vmlinux-00c7b5f4.xz
kernel image: https://storage.googleapis.com/syzbot-assets/1e596cad760c/bzImage-00c7b5f4.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+dafbca0e20fbc5946925@syzkaller.appspotmail.com
BTRFS info (device loop5): auto enabling async discard
BTRFS warning (device loop5: state M): Skipping commit of aborted transaction.
------------[ cut here ]------------
BTRFS: Transaction aborted (error -28)
WARNING: CPU: 0 PID: 28430 at fs/btrfs/transaction.c:1984 cleanup_transaction fs/btrfs/transaction.c:1984 [inline]
WARNING: CPU: 0 PID: 28430 at fs/btrfs/transaction.c:1984 btrfs_commit_transaction+0x34c6/0x4410 fs/btrfs/transaction.c:2558
Modules linked in:
CPU: 0 PID: 28430 Comm: syz-executor.5 Not tainted 6.3.0-rc4-syzkaller-00224-g00c7b5f4ddc5 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
RIP: 0010:cleanup_transaction fs/btrfs/transaction.c:1984 [inline]
RIP: 0010:btrfs_commit_transaction+0x34c6/0x4410 fs/btrfs/transaction.c:2558
Code: c8 fe ff ff be 02 00 00 00 e8 f6 c5 ab 00 e9 7e d0 ff ff e8 4c d1 1e fe 8b b5 20 ff ff ff 48 c7 c7 a0 89 94 8a e8 7a 57 e7 fd <0f> 0b c7 85 00 ff ff ff 01 00 00 00 e9 d0 dc ff ff e8 24 d1 1e fe
RSP: 0018:ffffc900043efa48 EFLAGS: 00010282
RAX: 0000000000000000 RBX: 0000000044ea0001 RCX: ffffc90003c0b000
RDX: 0000000000040000 RSI: ffffffff814a8037 RDI: 0000000000000001
RBP: ffffc900043efbc8 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: ffff888044ea0000
R13: ffff88803479ac60 R14: ffff88803479adc8 R15: ffff888044ea0000
FS: 00007f69217cb700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000002024a030 CR3: 0000000047942000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
btrfs_set_free_space_cache_v1_active+0x1ae/0x2a0 fs/btrfs/free-space-cache.c:4139
btrfs_remount_cleanup fs/btrfs/super.c:1677 [inline]
btrfs_remount+0x57b/0x1850 fs/btrfs/super.c:1867
legacy_reconfigure+0x119/0x180 fs/fs_context.c:633
reconfigure_super+0x40c/0xa30 fs/super.c:956
vfs_fsconfig_locked fs/fsopen.c:254 [inline]
__do_sys_fsconfig+0xa3a/0xc20 fs/fsopen.c:439
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f6920a8c0f9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f69217cb168 EFLAGS: 00000246 ORIG_RAX: 00000000000001af
RAX: ffffffffffffffda RBX: 00007f6920babf80 RCX: 00007f6920a8c0f9
RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000004
RBP: 00007f6920ae7b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe61745aff R14: 00007f69217cb300 R15: 0000000000022000
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [syzbot] [btrfs?] WARNING in btrfs_commit_transaction (2)
2023-04-06 2:24 [syzbot] [btrfs?] WARNING in btrfs_commit_transaction (2) syzbot
@ 2023-05-23 22:50 ` syzbot
2023-09-21 18:15 ` syzbot
2026-05-19 9:00 ` Forwarded: Re: [PATCH RFC v3] btrfs: fix delayed transaction aborts syzbot
2 siblings, 0 replies; 4+ messages in thread
From: syzbot @ 2023-05-23 22:50 UTC (permalink / raw)
To: clm, dsterba, josef, linux-btrfs, linux-fsdevel, linux-kernel,
syzkaller-bugs
syzbot has found a reproducer for the following issue on:
HEAD commit: ae8373a5add4 Merge tag 'x86_urgent_for_6.4-rc4' of git://g..
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=17b3b489280000
kernel config: https://syzkaller.appspot.com/x/.config?x=f389ffdf4e9ba3f0
dashboard link: https://syzkaller.appspot.com/bug?extid=dafbca0e20fbc5946925
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14243ef9280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16c06772280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2c5ee189dd12/disk-ae8373a5.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/63acf75623d7/vmlinux-ae8373a5.xz
kernel image: https://storage.googleapis.com/syzbot-assets/29de65c99e9d/bzImage-ae8373a5.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/2eac0114b435/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+dafbca0e20fbc5946925@syzkaller.appspotmail.com
BTRFS warning (device loop0): Skipping commit of aborted transaction.
------------[ cut here ]------------
BTRFS: Transaction aborted (error -28)
WARNING: CPU: 0 PID: 41 at fs/btrfs/transaction.c:1978 cleanup_transaction fs/btrfs/transaction.c:1978 [inline]
WARNING: CPU: 0 PID: 41 at fs/btrfs/transaction.c:1978 btrfs_commit_transaction+0x3223/0x3fa0 fs/btrfs/transaction.c:2565
Modules linked in:
CPU: 0 PID: 41 Comm: kworker/u4:2 Not tainted 6.4.0-rc3-syzkaller-00008-gae8373a5add4 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
Workqueue: events_unbound btrfs_async_reclaim_metadata_space
RIP: 0010:cleanup_transaction fs/btrfs/transaction.c:1978 [inline]
RIP: 0010:btrfs_commit_transaction+0x3223/0x3fa0 fs/btrfs/transaction.c:2565
Code: c8 fe ff ff be 02 00 00 00 e8 f9 41 aa 00 e9 21 d3 ff ff e8 af 68 1b fe 8b b5 20 ff ff ff 48 c7 c7 c0 25 95 8a e8 2d 28 e3 fd <0f> 0b c7 85 00 ff ff ff 01 00 00 00 e9 97 df ff ff e8 87 68 1b fe
RSP: 0018:ffffc90000b27990 EFLAGS: 00010282
RAX: 0000000000000000 RBX: 000000001f0d8001 RCX: 0000000000000000
RDX: ffff888014aa0000 RSI: ffffffff814c03e7 RDI: 0000000000000001
RBP: ffffc90000b27b00 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffff88801f0d8000
R13: ffff888074df3e98 R14: ffff888074df4000 R15: ffff88801f0d8000
FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055bc77452c28 CR3: 0000000072dfb000 CR4: 0000000000350ef0
Call Trace:
<TASK>
flush_space+0x1e0/0xde0 fs/btrfs/space-info.c:808
btrfs_async_reclaim_metadata_space+0x39e/0xa90 fs/btrfs/space-info.c:1078
process_one_work+0x99a/0x15e0 kernel/workqueue.c:2405
worker_thread+0x67d/0x10c0 kernel/workqueue.c:2552
kthread+0x344/0x440 kernel/kthread.c:379
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
</TASK>
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [syzbot] [btrfs?] WARNING in btrfs_commit_transaction (2)
2023-04-06 2:24 [syzbot] [btrfs?] WARNING in btrfs_commit_transaction (2) syzbot
2023-05-23 22:50 ` syzbot
@ 2023-09-21 18:15 ` syzbot
2026-05-19 9:00 ` Forwarded: Re: [PATCH RFC v3] btrfs: fix delayed transaction aborts syzbot
2 siblings, 0 replies; 4+ messages in thread
From: syzbot @ 2023-09-21 18:15 UTC (permalink / raw)
To: axboe, clm, dsterba, josef, kristian, linux-block, linux-btrfs,
linux-fsdevel, linux-kernel, syzkaller-bugs
syzbot has bisected this issue to:
commit 2b9ac22b12a266eb4fec246a07b504dd4983b16b
Author: Kristian Klausen <kristian@klausen.dk>
Date: Fri Jun 18 11:51:57 2021 +0000
loop: Fix missing discard support when using LOOP_CONFIGURE
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=15dfb0f4680000
start commit: 57012c57536f Merge tag 'net-6.5-rc4' of git://git.kernel.o..
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=17dfb0f4680000
console output: https://syzkaller.appspot.com/x/log.txt?x=13dfb0f4680000
kernel config: https://syzkaller.appspot.com/x/.config?x=5f28dfd7d77a7042
dashboard link: https://syzkaller.appspot.com/bug?extid=dafbca0e20fbc5946925
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=173a6716a80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=111c7c7ea80000
Reported-by: syzbot+dafbca0e20fbc5946925@syzkaller.appspotmail.com
Fixes: 2b9ac22b12a2 ("loop: Fix missing discard support when using LOOP_CONFIGURE")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
^ permalink raw reply [flat|nested] 4+ messages in thread
* Forwarded: Re: [PATCH RFC v3] btrfs: fix delayed transaction aborts
2023-04-06 2:24 [syzbot] [btrfs?] WARNING in btrfs_commit_transaction (2) syzbot
2023-05-23 22:50 ` syzbot
2023-09-21 18:15 ` syzbot
@ 2026-05-19 9:00 ` syzbot
2 siblings, 0 replies; 4+ messages in thread
From: syzbot @ 2026-05-19 9:00 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject: Re: [PATCH RFC v3] btrfs: fix delayed transaction aborts
Author: nogikh@google.com
#syz reject
On Sun, May 17, 2026 at 1:42 AM 'syzbot' via
syzkaller-upstream-moderation
<syzkaller-upstream-moderation@googlegroups.com> wrote:
>
> A transaction abort with error -28 (-ENOSPC) can trigger a WARN_ON in
> cleanup_transaction(). The stack trace is somewhat misleading because
> the transaction abort is delayed until the cleanup phase of
> btrfs_commit_transaction(), hiding the actual function that ran out of
> space.
>
> When a highly crafted, extremely small BTRFS image is mounted and a
> BTRFS_IOC_BALANCE_V2 ioctl is issued, the balance operation joins a
> transaction and immediately commits it. During
> btrfs_commit_transaction(), the filesystem needs to update various
> trees. To update these trees, BTRFS must COW their root nodes, which
> eventually calls btrfs_alloc_tree_block() to allocate a new physical
> extent. Because the crafted image is tiny and has no free physical space
> left, btrfs_reserve_extent() fails and returns -ENOSPC.
>
> The -ENOSPC error propagates up the call stack to commit_cowonly_roots()
> or commit_fs_roots(). Crucially, when these functions receive this
> error, they simply return it to btrfs_commit_transaction() without
> calling btrfs_abort_transaction() themselves. The error is caught in
> btrfs_commit_transaction() and execution jumps to the cleanup labels.
> Inside cleanup_transaction(), btrfs_abort_transaction() is finally
> called. Because the failing functions neglected to abort the transaction
> when the error actually occurred, this call inside cleanup_transaction()
> is the first abort, completely hiding the true source of the -ENOSPC.
>
> To fix this and ensure developers get accurate stack traces for
> transaction aborts, explicitly call btrfs_abort_transaction() before
> returning errors in functions that can fail with fatal errors during the
> commit critical section (commit_cowonly_roots(), commit_fs_roots(), and
> btrfs_qgroup_account_extents()).
>
> Also, replace the WARN() macro in btrfs_abort_transaction() with
> dump_stack() to prevent transaction aborts from triggering kernel
> warnings, while still printing the stack trace.
>
> Additionally, use lockdep maps for workqueue allocations to address
> lockdep key exhaustion.
>
> Fixes: 49b25e0540904be0bf558b84475c69d72e4de66e ("btrfs: enhance transaction abort infrastructure")
> Assisted-by: Gemini:gemini-3.1-pro-preview Gemini:gemini-3-flash-preview
> Reported-by: syzbot+dafbca0e20fbc5946925@syzkaller.appspotmail.com
> Link: https://syzkaller.appspot.com/bug?extid=dafbca0e20fbc5946925
> Link: https://syzkaller.appspot.com/ai_job?id=96c50581-2f5c-4140-ad4e-bf2cccae111e
> To: <clm@fb.com>
> To: <dsterba@suse.com>
> To: <linux-btrfs@vger.kernel.org>
> Cc: <linux-kernel@vger.kernel.org>
>
> ---
> v3:
> - Dropped btrfs_abort_transaction() calls in create_pending_snapshot() to reduce patch size.
> - Replaced WARN() with dump_stack() in btrfs_abort_transaction() instead of adding -ENOSPC to btrfs_abort_should_print_stack().
> - Restored workqueue changes addressing lockdep key exhaustion.
> - Moved btrfs_abort_transaction() call in btrfs_qgroup_account_extents() back to the error site.
>
> v2:
> - Consolidated btrfs_abort_transaction() calls at the end of functions under cleanup/fail/out labels instead of calling them at each error site.
> - Dropped unrelated workqueue and super.c changes addressing lockdep key exhaustion.
> https://lore.kernel.org/all/54bfa402-a284-4649-94d3-a25a88a6c475@mail.kernel.org/T/
>
> v1:
> https://lore.kernel.org/all/f77b5e84-af17-41f8-9357-e8f4cd4b8438@mail.kernel.org/T/
> ---
> diff --git a/fs/btrfs/async-thread.c b/fs/btrfs/async-thread.c
> index e6f33d094..634b7b578 100644
> --- a/fs/btrfs/async-thread.c
> +++ b/fs/btrfs/async-thread.c
> @@ -81,9 +81,10 @@ static void btrfs_init_workqueue(struct btrfs_workqueue *wq,
> spin_lock_init(&wq->thres_lock);
> }
>
> -struct btrfs_workqueue *btrfs_alloc_workqueue(struct btrfs_fs_info *fs_info,
> - const char *name, unsigned int flags,
> - int limit_active, int thresh)
> +struct btrfs_workqueue *
> +__btrfs_alloc_workqueue(struct btrfs_fs_info *fs_info, const char *name,
> + unsigned int flags, int limit_active, int thresh,
> + struct lock_class_key *key, struct lockdep_map *map)
> {
> struct btrfs_workqueue *ret = kzalloc_obj(*ret);
>
> @@ -109,8 +110,14 @@ struct btrfs_workqueue *btrfs_alloc_workqueue(struct btrfs_fs_info *fs_info,
> ret->thresh = thresh;
> }
>
> +#ifdef CONFIG_LOCKDEP
> + lockdep_init_map(map, name, key, 0);
> + ret->normal_wq = alloc_workqueue_lockdep_map(
> + "btrfs-%s", flags, ret->current_active, map, name);
> +#else
> ret->normal_wq = alloc_workqueue("btrfs-%s", flags, ret->current_active,
> name);
> +#endif
> if (!ret->normal_wq) {
> kfree(ret);
> return NULL;
> @@ -120,9 +127,10 @@ struct btrfs_workqueue *btrfs_alloc_workqueue(struct btrfs_fs_info *fs_info,
> return ret;
> }
>
> -struct btrfs_workqueue *btrfs_alloc_ordered_workqueue(
> - struct btrfs_fs_info *fs_info, const char *name,
> - unsigned int flags)
> +struct btrfs_workqueue *
> +__btrfs_alloc_ordered_workqueue(struct btrfs_fs_info *fs_info, const char *name,
> + unsigned int flags, struct lock_class_key *key,
> + struct lockdep_map *map)
> {
> struct btrfs_workqueue *ret;
>
> @@ -137,7 +145,13 @@ struct btrfs_workqueue *btrfs_alloc_ordered_workqueue(
> ret->current_active = 1;
> ret->thresh = NO_THRESHOLD;
>
> +#ifdef CONFIG_LOCKDEP
> + lockdep_init_map(map, name, key, 0);
> + ret->normal_wq = alloc_ordered_workqueue_lockdep_map("btrfs-%s", flags,
> + map, name);
> +#else
> ret->normal_wq = alloc_ordered_workqueue("btrfs-%s", flags, name);
> +#endif
> if (!ret->normal_wq) {
> kfree(ret);
> return NULL;
> diff --git a/fs/btrfs/async-thread.h b/fs/btrfs/async-thread.h
> index 04c2f3175..f43f5feb9 100644
> --- a/fs/btrfs/async-thread.h
> +++ b/fs/btrfs/async-thread.h
> @@ -29,14 +29,40 @@ struct btrfs_work {
> unsigned long flags;
> };
>
> -struct btrfs_workqueue *btrfs_alloc_workqueue(struct btrfs_fs_info *fs_info,
> - const char *name,
> - unsigned int flags,
> - int limit_active,
> - int thresh);
> -struct btrfs_workqueue *btrfs_alloc_ordered_workqueue(
> - struct btrfs_fs_info *fs_info, const char *name,
> - unsigned int flags);
> +struct btrfs_workqueue *
> +__btrfs_alloc_workqueue(struct btrfs_fs_info *fs_info, const char *name,
> + unsigned int flags, int limit_active, int thresh,
> + struct lock_class_key *key, struct lockdep_map *map);
> +#ifdef CONFIG_LOCKDEP
> +#define btrfs_alloc_workqueue(fs_info, name, flags, limit_active, thresh) \
> + ({ \
> + static struct lock_class_key __key; \
> + static struct lockdep_map __map; \
> + __btrfs_alloc_workqueue(fs_info, name, flags, limit_active, \
> + thresh, &__key, &__map); \
> + })
> +#else
> +#define btrfs_alloc_workqueue(fs_info, name, flags, limit_active, thresh) \
> + __btrfs_alloc_workqueue(fs_info, name, flags, limit_active, thresh, \
> + NULL, NULL)
> +#endif
> +
> +struct btrfs_workqueue *
> +__btrfs_alloc_ordered_workqueue(struct btrfs_fs_info *fs_info, const char *name,
> + unsigned int flags, struct lock_class_key *key,
> + struct lockdep_map *map);
> +#ifdef CONFIG_LOCKDEP
> +#define btrfs_alloc_ordered_workqueue(fs_info, name, flags) \
> + ({ \
> + static struct lock_class_key __key; \
> + static struct lockdep_map __map; \
> + __btrfs_alloc_ordered_workqueue(fs_info, name, flags, &__key, \
> + &__map); \
> + })
> +#else
> +#define btrfs_alloc_ordered_workqueue(fs_info, name, flags) \
> + __btrfs_alloc_ordered_workqueue(fs_info, name, flags, NULL, NULL)
> +#endif
> void btrfs_init_work(struct btrfs_work *work, btrfs_func_t func,
> btrfs_ordered_func_t ordered_func);
> void btrfs_queue_work(struct btrfs_workqueue *wq,
> diff --git a/fs/btrfs/qgroup.c b/fs/btrfs/qgroup.c
> index cdf736d3a..f9acfab14 100644
> --- a/fs/btrfs/qgroup.c
> +++ b/fs/btrfs/qgroup.c
> @@ -3076,6 +3076,10 @@ int btrfs_qgroup_account_extents(struct btrfs_trans_handle *trans)
> record->num_bytes,
> record->old_roots,
> new_roots);
> + if (ret < 0) {
> + btrfs_abort_transaction(trans, ret);
> + goto cleanup;
> + }
> record->old_roots = NULL;
> new_roots = NULL;
> }
> diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c
> index 248adb785..aa0ce0c59 100644
> --- a/fs/btrfs/transaction.c
> +++ b/fs/btrfs/transaction.c
> @@ -1372,21 +1372,23 @@ static noinline int commit_cowonly_roots(struct btrfs_trans_handle *trans)
> free_extent_buffer(eb);
>
> if (ret)
> - return ret;
> + goto out;
>
> ret = btrfs_run_dev_stats(trans);
> if (ret)
> - return ret;
> + goto out;
> +
> ret = btrfs_run_dev_replace(trans);
> if (ret)
> - return ret;
> + goto out;
> +
> ret = btrfs_run_qgroups(trans);
> if (ret)
> - return ret;
> + goto out;
>
> ret = btrfs_setup_space_cache(trans);
> if (ret)
> - return ret;
> + goto out;
>
> again:
> while (!list_empty(&fs_info->dirty_cowonly_roots)) {
> @@ -1400,18 +1402,18 @@ static noinline int commit_cowonly_roots(struct btrfs_trans_handle *trans)
>
> ret = update_cowonly_root(trans, root);
> if (ret)
> - return ret;
> + goto out;
> }
>
> /* Now flush any delayed refs generated by updating all of the roots */
> ret = btrfs_run_delayed_refs(trans, U64_MAX);
> if (ret)
> - return ret;
> + goto out;
>
> while (!list_empty(dirty_bgs) || !list_empty(io_bgs)) {
> ret = btrfs_write_dirty_block_groups(trans);
> if (ret)
> - return ret;
> + goto out;
>
> /*
> * We're writing the dirty block groups, which could generate
> @@ -1421,7 +1423,7 @@ static noinline int commit_cowonly_roots(struct btrfs_trans_handle *trans)
> */
> ret = btrfs_run_delayed_refs(trans, U64_MAX);
> if (ret)
> - return ret;
> + goto out;
> }
>
> if (!list_empty(&fs_info->dirty_cowonly_roots))
> @@ -1431,7 +1433,10 @@ static noinline int commit_cowonly_roots(struct btrfs_trans_handle *trans)
> fs_info->dev_replace.committed_cursor_left =
> fs_info->dev_replace.cursor_left_last_write_of_item;
>
> - return 0;
> +out:
> + if (ret)
> + btrfs_abort_transaction(trans, ret);
> + return ret;
> }
>
> /*
> @@ -1492,6 +1497,7 @@ static noinline int commit_fs_roots(struct btrfs_trans_handle *trans)
> struct btrfs_root *gang[8];
> int i;
> int ret;
> + int err = 0;
>
> /*
> * At this point no one can be using this transaction to modify any tree
> @@ -1510,7 +1516,6 @@ static noinline int commit_fs_roots(struct btrfs_trans_handle *trans)
> break;
> for (i = 0; i < ret; i++) {
> struct btrfs_root *root = gang[i];
> - int ret2;
>
> /*
> * At this point we can neither have tasks logging inodes
> @@ -1533,9 +1538,9 @@ static noinline int commit_fs_roots(struct btrfs_trans_handle *trans)
> spin_unlock(&fs_info->fs_roots_radix_lock);
>
> btrfs_free_log(trans, root);
> - ret2 = btrfs_update_reloc_root(trans, root);
> - if (unlikely(ret2))
> - return ret2;
> + err = btrfs_update_reloc_root(trans, root);
> + if (unlikely(err))
> + goto out;
>
> /* see comments in should_cow_block() */
> clear_bit(BTRFS_ROOT_FORCE_COW, &root->state);
> @@ -1548,16 +1553,19 @@ static noinline int commit_fs_roots(struct btrfs_trans_handle *trans)
> root->node);
> }
>
> - ret2 = btrfs_update_root(trans, fs_info->tree_root,
> + err = btrfs_update_root(trans, fs_info->tree_root,
> &root->root_key,
> &root->root_item);
> - if (unlikely(ret2))
> - return ret2;
> + if (unlikely(err))
> + goto out;
> spin_lock(&fs_info->fs_roots_radix_lock);
> }
> }
> spin_unlock(&fs_info->fs_roots_radix_lock);
> - return 0;
> +out:
> + if (err)
> + btrfs_abort_transaction(trans, err);
> + return err;
> }
>
> /*
> diff --git a/fs/btrfs/transaction.h b/fs/btrfs/transaction.h
> index 7d70fe486..f816e62f3 100644
> --- a/fs/btrfs/transaction.h
> +++ b/fs/btrfs/transaction.h
> @@ -246,27 +246,21 @@ static inline bool btrfs_abort_should_print_stack(int error)
> * Call btrfs_abort_transaction as early as possible when an error condition is
> * detected, that way the exact stack trace is reported for some errors.
> */
> -#define btrfs_abort_transaction(trans, error) \
> -do { \
> - bool __first = false; \
> - /* Report first abort since mount */ \
> - if (!test_and_set_bit(BTRFS_FS_STATE_TRANS_ABORTED, \
> - &((trans)->fs_info->fs_state))) { \
> - __first = true; \
> - if (WARN(btrfs_abort_should_print_stack(error), \
> - KERN_ERR \
> - "BTRFS: Transaction aborted (error %d)\n", \
> - (error))) { \
> - /* Stack trace printed. */ \
> - } else { \
> - btrfs_err((trans)->fs_info, \
> - "Transaction aborted (error %d)", \
> - (error)); \
> - } \
> - } \
> - __btrfs_abort_transaction((trans), __func__, \
> - __LINE__, (error), __first); \
> -} while (0)
> +#define btrfs_abort_transaction(trans, error) \
> + do { \
> + bool __first = false; \
> + /* Report first abort since mount */ \
> + if (!test_and_set_bit(BTRFS_FS_STATE_TRANS_ABORTED, \
> + &((trans)->fs_info->fs_state))) { \
> + __first = true; \
> + btrfs_err((trans)->fs_info, \
> + "Transaction aborted (error %d)", (error)); \
> + if (btrfs_abort_should_print_stack(error)) \
> + dump_stack(); \
> + } \
> + __btrfs_abort_transaction((trans), __func__, __LINE__, \
> + (error), __first); \
> + } while (0)
>
> int btrfs_end_transaction(struct btrfs_trans_handle *trans);
> struct btrfs_trans_handle *btrfs_start_transaction(struct btrfs_root *root,
>
>
> base-commit: 7fd2df204f342fc17d1a0bfcd474b24232fb0f32
> --
> This is an AI-generated patch subject to moderation.
> Reply with '#syz upstream' to send it to the mailing list.
> Reply with '#syz reject' to reject it.
>
> See for more information.
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-upstream-moderation" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-upstream-moderation+unsubscribe@googlegroups.com.
> To view this discussion visit https://groups.google.com/d/msgid/syzkaller-upstream-moderation/d56161b7-1f00-4e88-94fe-9e6d4db29ae0%40mail.kernel.org.
--
You received this message because you are subscribed to the Google Groups "syzkaller-upstream-moderation" group.
To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-upstream-moderation+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/syzkaller-upstream-moderation/CANp29Y4f6VyeHoGyWhmmp%2B_CgqVWj4Lbif07goqkYb23H_j8EA%40mail.gmail.com.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2026-05-19 9:00 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-04-06 2:24 [syzbot] [btrfs?] WARNING in btrfs_commit_transaction (2) syzbot
2023-05-23 22:50 ` syzbot
2023-09-21 18:15 ` syzbot
2026-05-19 9:00 ` Forwarded: Re: [PATCH RFC v3] btrfs: fix delayed transaction aborts syzbot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.