[syzbot] [btrfs?] WARNING in btrfs_commit_transaction (2)

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit: 00c7b5f4ddc5 Merge tag 'input-for-v6.3-rc4' of git://git.k..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=138b98c9c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=e626f76ad59b1c14
dashboard link: https://syzkaller.appspot.com/bug?extid=dafbca0e20fbc5946925
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/4738db235f4a/disk-00c7b5f4.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/db62da5dcb6b/vmlinux-00c7b5f4.xz
kernel image: https://storage.googleapis.com/syzbot-assets/1e596cad760c/bzImage-00c7b5f4.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+dafbca...@syzkaller.appspotmail.com

BTRFS info (device loop5): auto enabling async discard
BTRFS warning (device loop5: state M): Skipping commit of aborted transaction.
------------[ cut here ]------------
BTRFS: Transaction aborted (error -28)
WARNING: CPU: 0 PID: 28430 at fs/btrfs/transaction.c:1984 cleanup_transaction fs/btrfs/transaction.c:1984 [inline]
WARNING: CPU: 0 PID: 28430 at fs/btrfs/transaction.c:1984 btrfs_commit_transaction+0x34c6/0x4410 fs/btrfs/transaction.c:2558
Modules linked in:
CPU: 0 PID: 28430 Comm: syz-executor.5 Not tainted 6.3.0-rc4-syzkaller-00224-g00c7b5f4ddc5 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
RIP: 0010:cleanup_transaction fs/btrfs/transaction.c:1984 [inline]
RIP: 0010:btrfs_commit_transaction+0x34c6/0x4410 fs/btrfs/transaction.c:2558
Code: c8 fe ff ff be 02 00 00 00 e8 f6 c5 ab 00 e9 7e d0 ff ff e8 4c d1 1e fe 8b b5 20 ff ff ff 48 c7 c7 a0 89 94 8a e8 7a 57 e7 fd <0f> 0b c7 85 00 ff ff ff 01 00 00 00 e9 d0 dc ff ff e8 24 d1 1e fe
RSP: 0018:ffffc900043efa48 EFLAGS: 00010282
RAX: 0000000000000000 RBX: 0000000044ea0001 RCX: ffffc90003c0b000
RDX: 0000000000040000 RSI: ffffffff814a8037 RDI: 0000000000000001
RBP: ffffc900043efbc8 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: ffff888044ea0000
R13: ffff88803479ac60 R14: ffff88803479adc8 R15: ffff888044ea0000
FS: 00007f69217cb700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000002024a030 CR3: 0000000047942000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
btrfs_set_free_space_cache_v1_active+0x1ae/0x2a0 fs/btrfs/free-space-cache.c:4139
btrfs_remount_cleanup fs/btrfs/super.c:1677 [inline]
btrfs_remount+0x57b/0x1850 fs/btrfs/super.c:1867
legacy_reconfigure+0x119/0x180 fs/fs_context.c:633
reconfigure_super+0x40c/0xa30 fs/super.c:956
vfs_fsconfig_locked fs/fsopen.c:254 [inline]
__do_sys_fsconfig+0xa3a/0xc20 fs/fsopen.c:439
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f6920a8c0f9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f69217cb168 EFLAGS: 00000246 ORIG_RAX: 00000000000001af
RAX: ffffffffffffffda RBX: 00007f6920babf80 RCX: 00007f6920a8c0f9
RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000004
RBP: 00007f6920ae7b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe61745aff R14: 00007f69217cb300 R15: 0000000000022000
</TASK>


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

[syzbot]

syzbot has found a reproducer for the following issue on:

HEAD commit: ae8373a5add4 Merge tag 'x86_urgent_for_6.4-rc4' of git://g..
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=17b3b489280000
kernel config: https://syzkaller.appspot.com/x/.config?x=f389ffdf4e9ba3f0

dashboard link: https://syzkaller.appspot.com/bug?extid=dafbca0e20fbc5946925
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2

syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14243ef9280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16c06772280000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2c5ee189dd12/disk-ae8373a5.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/63acf75623d7/vmlinux-ae8373a5.xz
kernel image: https://storage.googleapis.com/syzbot-assets/29de65c99e9d/bzImage-ae8373a5.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/2eac0114b435/mount_0.gz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+dafbca...@syzkaller.appspotmail.com

BTRFS warning (device loop0): Skipping commit of aborted transaction.

------------[ cut here ]------------
BTRFS: Transaction aborted (error -28)

WARNING: CPU: 0 PID: 41 at fs/btrfs/transaction.c:1978 cleanup_transaction fs/btrfs/transaction.c:1978 [inline]
WARNING: CPU: 0 PID: 41 at fs/btrfs/transaction.c:1978 btrfs_commit_transaction+0x3223/0x3fa0 fs/btrfs/transaction.c:2565
Modules linked in:
CPU: 0 PID: 41 Comm: kworker/u4:2 Not tainted 6.4.0-rc3-syzkaller-00008-gae8373a5add4 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
Workqueue: events_unbound btrfs_async_reclaim_metadata_space
RIP: 0010:cleanup_transaction fs/btrfs/transaction.c:1978 [inline]
RIP: 0010:btrfs_commit_transaction+0x3223/0x3fa0 fs/btrfs/transaction.c:2565
Code: c8 fe ff ff be 02 00 00 00 e8 f9 41 aa 00 e9 21 d3 ff ff e8 af 68 1b fe 8b b5 20 ff ff ff 48 c7 c7 c0 25 95 8a e8 2d 28 e3 fd <0f> 0b c7 85 00 ff ff ff 01 00 00 00 e9 97 df ff ff e8 87 68 1b fe
RSP: 0018:ffffc90000b27990 EFLAGS: 00010282
RAX: 0000000000000000 RBX: 000000001f0d8001 RCX: 0000000000000000
RDX: ffff888014aa0000 RSI: ffffffff814c03e7 RDI: 0000000000000001
RBP: ffffc90000b27b00 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffff88801f0d8000
R13: ffff888074df3e98 R14: ffff888074df4000 R15: ffff88801f0d8000
FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000

CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033

CR2: 000055bc77452c28 CR3: 0000000072dfb000 CR4: 0000000000350ef0
Call Trace:
<TASK>
flush_space+0x1e0/0xde0 fs/btrfs/space-info.c:808
btrfs_async_reclaim_metadata_space+0x39e/0xa90 fs/btrfs/space-info.c:1078
process_one_work+0x99a/0x15e0 kernel/workqueue.c:2405
worker_thread+0x67d/0x10c0 kernel/workqueue.c:2552
kthread+0x344/0x440 kernel/kthread.c:379
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
</TASK>


---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

[syzbot]

syzbot has bisected this issue to:

commit 2b9ac22b12a266eb4fec246a07b504dd4983b16b
Author: Kristian Klausen <kris...@klausen.dk>
Date: Fri Jun 18 11:51:57 2021 +0000

loop: Fix missing discard support when using LOOP_CONFIGURE

bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=15dfb0f4680000
start commit: 57012c57536f Merge tag 'net-6.5-rc4' of git://git.kernel.o..
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=17dfb0f4680000
console output: https://syzkaller.appspot.com/x/log.txt?x=13dfb0f4680000
kernel config: https://syzkaller.appspot.com/x/.config?x=5f28dfd7d77a7042
dashboard link: https://syzkaller.appspot.com/bug?extid=dafbca0e20fbc5946925
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=173a6716a80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=111c7c7ea80000

Reported-by: syzbot+dafbca...@syzkaller.appspotmail.com
Fixes: 2b9ac22b12a2 ("loop: Fix missing discard support when using LOOP_CONFIGURE")

For information about bisection process see: https://goo.gl/tpsmEJ#bisection

[syzbot]

For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.

***

Subject: Re: [PATCH RFC v3] btrfs: fix delayed transaction aborts
Author: nog...@google.com

#syz reject

On Sun, May 17, 2026 at 1:42 AM 'syzbot' via
syzkaller-upstream-moderation
<syzkaller-upst...@googlegroups.com> wrote:
>
> A transaction abort with error -28 (-ENOSPC) can trigger a WARN_ON in
> cleanup_transaction(). The stack trace is somewhat misleading because
> the transaction abort is delayed until the cleanup phase of
> btrfs_commit_transaction(), hiding the actual function that ran out of
> space.
>
> When a highly crafted, extremely small BTRFS image is mounted and a
> BTRFS_IOC_BALANCE_V2 ioctl is issued, the balance operation joins a
> transaction and immediately commits it. During
> btrfs_commit_transaction(), the filesystem needs to update various
> trees. To update these trees, BTRFS must COW their root nodes, which
> eventually calls btrfs_alloc_tree_block() to allocate a new physical
> extent. Because the crafted image is tiny and has no free physical space
> left, btrfs_reserve_extent() fails and returns -ENOSPC.
>
> The -ENOSPC error propagates up the call stack to commit_cowonly_roots()
> or commit_fs_roots(). Crucially, when these functions receive this
> error, they simply return it to btrfs_commit_transaction() without
> calling btrfs_abort_transaction() themselves. The error is caught in
> btrfs_commit_transaction() and execution jumps to the cleanup labels.
> Inside cleanup_transaction(), btrfs_abort_transaction() is finally
> called. Because the failing functions neglected to abort the transaction
> when the error actually occurred, this call inside cleanup_transaction()
> is the first abort, completely hiding the true source of the -ENOSPC.
>
> To fix this and ensure developers get accurate stack traces for
> transaction aborts, explicitly call btrfs_abort_transaction() before
> returning errors in functions that can fail with fatal errors during the
> commit critical section (commit_cowonly_roots(), commit_fs_roots(), and
> btrfs_qgroup_account_extents()).
>
> Also, replace the WARN() macro in btrfs_abort_transaction() with
> dump_stack() to prevent transaction aborts from triggering kernel
> warnings, while still printing the stack trace.
>
> Additionally, use lockdep maps for workqueue allocations to address
> lockdep key exhaustion.
>
> Fixes: 49b25e0540904be0bf558b84475c69d72e4de66e ("btrfs: enhance transaction abort infrastructure")
> Assisted-by: Gemini:gemini-3.1-pro-preview Gemini:gemini-3-flash-preview
> Reported-by: syzbot+dafbca...@syzkaller.appspotmail.com
> Link: https://syzkaller.appspot.com/bug?extid=dafbca0e20fbc5946925
> Link: https://syzkaller.appspot.com/ai_job?id=96c50581-2f5c-4140-ad4e-bf2cccae111e
> To: <c...@fb.com>
> To: <dst...@suse.com>
> To: <linux...@vger.kernel.org>
> Cc: <linux-...@vger.kernel.org>
>
> ---
> v3:
> - Dropped btrfs_abort_transaction() calls in create_pending_snapshot() to reduce patch size.
> - Replaced WARN() with dump_stack() in btrfs_abort_transaction() instead of adding -ENOSPC to btrfs_abort_should_print_stack().
> - Restored workqueue changes addressing lockdep key exhaustion.
> - Moved btrfs_abort_transaction() call in btrfs_qgroup_account_extents() back to the error site.
>
> v2:
> - Consolidated btrfs_abort_transaction() calls at the end of functions under cleanup/fail/out labels instead of calling them at each error site.
> - Dropped unrelated workqueue and super.c changes addressing lockdep key exhaustion.
> https://lore.kernel.org/all/54bfa402-a284-4649...@mail.kernel.org/T/
>
> v1:
> https://lore.kernel.org/all/f77b5e84-af17-41f8...@mail.kernel.org/T/
> ---
> diff --git a/fs/btrfs/async-thread.c b/fs/btrfs/async-thread.c
> index e6f33d094..634b7b578 100644
> --- a/fs/btrfs/async-thread.c
> +++ b/fs/btrfs/async-thread.c
> @@ -81,9 +81,10 @@ static void btrfs_init_workqueue(struct btrfs_workqueue *wq,
> spin_lock_init(&wq->thres_lock);
> }
>
> -struct btrfs_workqueue *btrfs_alloc_workqueue(struct btrfs_fs_info *fs_info,
> - const char *name, unsigned int flags,
> - int limit_active, int thresh)
> +struct btrfs_workqueue *
> +__btrfs_alloc_workqueue(struct btrfs_fs_info *fs_info, const char *name,
> + unsigned int flags, int limit_active, int thresh,
> + struct lock_class_key *key, struct lockdep_map *map)
> {
> struct btrfs_workqueue *ret = kzalloc_obj(*ret);
>
> @@ -109,8 +110,14 @@ struct btrfs_workqueue *btrfs_alloc_workqueue(struct btrfs_fs_info *fs_info,
> ret->thresh = thresh;
> }
>
> +#ifdef CONFIG_LOCKDEP
> + lockdep_init_map(map, name, key, 0);
> + ret->normal_wq = alloc_workqueue_lockdep_map(
> + "btrfs-%s", flags, ret->current_active, map, name);
> +#else
> ret->normal_wq = alloc_workqueue("btrfs-%s", flags, ret->current_active,
> name);
> +#endif
> if (!ret->normal_wq) {
> kfree(ret);
> return NULL;
> @@ -120,9 +127,10 @@ struct btrfs_workqueue *btrfs_alloc_workqueue(struct btrfs_fs_info *fs_info,
> return ret;
> }
>
> -struct btrfs_workqueue *btrfs_alloc_ordered_workqueue(
> - struct btrfs_fs_info *fs_info, const char *name,
> - unsigned int flags)
> +struct btrfs_workqueue *
> +__btrfs_alloc_ordered_workqueue(struct btrfs_fs_info *fs_info, const char *name,
> + unsigned int flags, struct lock_class_key *key,
> + struct lockdep_map *map)
> {
> struct btrfs_workqueue *ret;
>
> @@ -137,7 +145,13 @@ struct btrfs_workqueue *btrfs_alloc_ordered_workqueue(
> ret->current_active = 1;
> ret->thresh = NO_THRESHOLD;
>
> +#ifdef CONFIG_LOCKDEP
> + lockdep_init_map(map, name, key, 0);
> + ret->normal_wq = alloc_ordered_workqueue_lockdep_map("btrfs-%s", flags,
> + map, name);
> +#else
> ret->normal_wq = alloc_ordered_workqueue("btrfs-%s", flags, name);
> +#endif
> if (!ret->normal_wq) {
> kfree(ret);
> return NULL;
> diff --git a/fs/btrfs/async-thread.h b/fs/btrfs/async-thread.h
> index 04c2f3175..f43f5feb9 100644
> --- a/fs/btrfs/async-thread.h
> +++ b/fs/btrfs/async-thread.h
> @@ -29,14 +29,40 @@ struct btrfs_work {
> unsigned long flags;
> };
>
> -struct btrfs_workqueue *btrfs_alloc_workqueue(struct btrfs_fs_info *fs_info,
> - const char *name,
> - unsigned int flags,
> - int limit_active,
> - int thresh);
> -struct btrfs_workqueue *btrfs_alloc_ordered_workqueue(
> - struct btrfs_fs_info *fs_info, const char *name,
> - unsigned int flags);
> +struct btrfs_workqueue *
> +__btrfs_alloc_workqueue(struct btrfs_fs_info *fs_info, const char *name,
> + unsigned int flags, int limit_active, int thresh,
> + struct lock_class_key *key, struct lockdep_map *map);
> +#ifdef CONFIG_LOCKDEP
> +#define btrfs_alloc_workqueue(fs_info, name, flags, limit_active, thresh) \
> + ({ \
> + static struct lock_class_key __key; \
> + static struct lockdep_map __map; \
> + __btrfs_alloc_workqueue(fs_info, name, flags, limit_active, \
> + thresh, &__key, &__map); \
> + })
> +#else
> +#define btrfs_alloc_workqueue(fs_info, name, flags, limit_active, thresh) \
> + __btrfs_alloc_workqueue(fs_info, name, flags, limit_active, thresh, \
> + NULL, NULL)
> +#endif
> +
> +struct btrfs_workqueue *
> +__btrfs_alloc_ordered_workqueue(struct btrfs_fs_info *fs_info, const char *name,
> + unsigned int flags, struct lock_class_key *key,
> + struct lockdep_map *map);
> +#ifdef CONFIG_LOCKDEP
> +#define btrfs_alloc_ordered_workqueue(fs_info, name, flags) \
> + ({ \
> + static struct lock_class_key __key; \
> + static struct lockdep_map __map; \
> + __btrfs_alloc_ordered_workqueue(fs_info, name, flags, &__key, \
> + &__map); \
> + })
> +#else
> +#define btrfs_alloc_ordered_workqueue(fs_info, name, flags) \
> + __btrfs_alloc_ordered_workqueue(fs_info, name, flags, NULL, NULL)
> +#endif
> void btrfs_init_work(struct btrfs_work *work, btrfs_func_t func,
> btrfs_ordered_func_t ordered_func);
> void btrfs_queue_work(struct btrfs_workqueue *wq,
> diff --git a/fs/btrfs/qgroup.c b/fs/btrfs/qgroup.c
> index cdf736d3a..f9acfab14 100644
> --- a/fs/btrfs/qgroup.c
> +++ b/fs/btrfs/qgroup.c
> @@ -3076,6 +3076,10 @@ int btrfs_qgroup_account_extents(struct btrfs_trans_handle *trans)
> record->num_bytes,
> record->old_roots,
> new_roots);
> + if (ret < 0) {
> + btrfs_abort_transaction(trans, ret);
> + goto cleanup;
> + }
> record->old_roots = NULL;
> new_roots = NULL;
> }
> diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c
> index 248adb785..aa0ce0c59 100644
> --- a/fs/btrfs/transaction.c
> +++ b/fs/btrfs/transaction.c
> @@ -1372,21 +1372,23 @@ static noinline int commit_cowonly_roots(struct btrfs_trans_handle *trans)
> free_extent_buffer(eb);
>
> if (ret)
> - return ret;
> + goto out;
>
> ret = btrfs_run_dev_stats(trans);
> if (ret)
> - return ret;
> + goto out;
> +
> ret = btrfs_run_dev_replace(trans);
> if (ret)
> - return ret;
> + goto out;
> +
> ret = btrfs_run_qgroups(trans);
> if (ret)
> - return ret;
> + goto out;
>
> ret = btrfs_setup_space_cache(trans);
> if (ret)
> - return ret;
> + goto out;
>
> again:
> while (!list_empty(&fs_info->dirty_cowonly_roots)) {
> @@ -1400,18 +1402,18 @@ static noinline int commit_cowonly_roots(struct btrfs_trans_handle *trans)
>
> ret = update_cowonly_root(trans, root);
> if (ret)
> - return ret;
> + goto out;
> }
>
> /* Now flush any delayed refs generated by updating all of the roots */
> ret = btrfs_run_delayed_refs(trans, U64_MAX);
> if (ret)
> - return ret;
> + goto out;
>
> while (!list_empty(dirty_bgs) || !list_empty(io_bgs)) {
> ret = btrfs_write_dirty_block_groups(trans);
> if (ret)
> - return ret;
> + goto out;
>
> /*
> * We're writing the dirty block groups, which could generate
> @@ -1421,7 +1423,7 @@ static noinline int commit_cowonly_roots(struct btrfs_trans_handle *trans)
> */
> ret = btrfs_run_delayed_refs(trans, U64_MAX);
> if (ret)
> - return ret;
> + goto out;
> }
>
> if (!list_empty(&fs_info->dirty_cowonly_roots))
> @@ -1431,7 +1433,10 @@ static noinline int commit_cowonly_roots(struct btrfs_trans_handle *trans)
> fs_info->dev_replace.committed_cursor_left =
> fs_info->dev_replace.cursor_left_last_write_of_item;
>
> - return 0;
> +out:
> + if (ret)
> + btrfs_abort_transaction(trans, ret);
> + return ret;
> }
>
> /*
> @@ -1492,6 +1497,7 @@ static noinline int commit_fs_roots(struct btrfs_trans_handle *trans)
> struct btrfs_root *gang[8];
> int i;
> int ret;
> + int err = 0;
>
> /*
> * At this point no one can be using this transaction to modify any tree
> @@ -1510,7 +1516,6 @@ static noinline int commit_fs_roots(struct btrfs_trans_handle *trans)
> break;
> for (i = 0; i < ret; i++) {
> struct btrfs_root *root = gang[i];
> - int ret2;
>
> /*
> * At this point we can neither have tasks logging inodes
> @@ -1533,9 +1538,9 @@ static noinline int commit_fs_roots(struct btrfs_trans_handle *trans)
> spin_unlock(&fs_info->fs_roots_radix_lock);
>
> btrfs_free_log(trans, root);
> - ret2 = btrfs_update_reloc_root(trans, root);
> - if (unlikely(ret2))
> - return ret2;
> + err = btrfs_update_reloc_root(trans, root);
> + if (unlikely(err))
> + goto out;
>
> /* see comments in should_cow_block() */
> clear_bit(BTRFS_ROOT_FORCE_COW, &root->state);
> @@ -1548,16 +1553,19 @@ static noinline int commit_fs_roots(struct btrfs_trans_handle *trans)
> root->node);
> }
>
> - ret2 = btrfs_update_root(trans, fs_info->tree_root,
> + err = btrfs_update_root(trans, fs_info->tree_root,
> &root->root_key,
> &root->root_item);
> - if (unlikely(ret2))
> - return ret2;
> + if (unlikely(err))
> + goto out;
> spin_lock(&fs_info->fs_roots_radix_lock);
> }
> }
> spin_unlock(&fs_info->fs_roots_radix_lock);
> - return 0;
> +out:
> + if (err)
> + btrfs_abort_transaction(trans, err);
> + return err;
> }
>
> /*
> diff --git a/fs/btrfs/transaction.h b/fs/btrfs/transaction.h
> index 7d70fe486..f816e62f3 100644
> --- a/fs/btrfs/transaction.h
> +++ b/fs/btrfs/transaction.h
> @@ -246,27 +246,21 @@ static inline bool btrfs_abort_should_print_stack(int error)
> * Call btrfs_abort_transaction as early as possible when an error condition is
> * detected, that way the exact stack trace is reported for some errors.
> */
> -#define btrfs_abort_transaction(trans, error) \
> -do { \
> - bool __first = false; \
> - /* Report first abort since mount */ \
> - if (!test_and_set_bit(BTRFS_FS_STATE_TRANS_ABORTED, \
> - &((trans)->fs_info->fs_state))) { \
> - __first = true; \
> - if (WARN(btrfs_abort_should_print_stack(error), \
> - KERN_ERR \
> - "BTRFS: Transaction aborted (error %d)\n", \
> - (error))) { \
> - /* Stack trace printed. */ \
> - } else { \
> - btrfs_err((trans)->fs_info, \
> - "Transaction aborted (error %d)", \
> - (error)); \
> - } \
> - } \
> - __btrfs_abort_transaction((trans), __func__, \
> - __LINE__, (error), __first); \
> -} while (0)
> +#define btrfs_abort_transaction(trans, error) \
> + do { \
> + bool __first = false; \
> + /* Report first abort since mount */ \
> + if (!test_and_set_bit(BTRFS_FS_STATE_TRANS_ABORTED, \
> + &((trans)->fs_info->fs_state))) { \
> + __first = true; \
> + btrfs_err((trans)->fs_info, \
> + "Transaction aborted (error %d)", (error)); \
> + if (btrfs_abort_should_print_stack(error)) \
> + dump_stack(); \
> + } \
> + __btrfs_abort_transaction((trans), __func__, __LINE__, \
> + (error), __first); \
> + } while (0)
>
> int btrfs_end_transaction(struct btrfs_trans_handle *trans);
> struct btrfs_trans_handle *btrfs_start_transaction(struct btrfs_root *root,
>
>
> base-commit: 7fd2df204f342fc17d1a0bfcd474b24232fb0f32
> --
> This is an AI-generated patch subject to moderation.
> Reply with '#syz upstream' to send it to the mailing list.
> Reply with '#syz reject' to reject it.
>
> See for more information.
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-upstream-moderation" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-upstream-m...@googlegroups.com.
> To view this discussion visit https://groups.google.com/d/msgid/syzkaller-upstream-moderation/d56161b7-1f00-4e88-94fe-9e6d4db29ae0%40mail.kernel.org.

--
You received this message because you are subscribed to the Google Groups "syzkaller-upstream-moderation" group.
To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-upstream-m...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/syzkaller-upstream-moderation/CANp29Y4f6VyeHoGyWhmmp%2B_CgqVWj4Lbif07goqkYb23H_j8EA%40mail.gmail.com.