BTRFS info (device loop3): relocating block group 5242880 flags data|metadata BTRFS warning (device loop3): Skipping commit of aborted transaction. ------------[ cut here ]------------ BTRFS: Transaction aborted (error -28) WARNING: fs/btrfs/transaction.c:2045 at cleanup_transaction fs/btrfs/transaction.c:2045 [inline], CPU#1: syz-executor.3/6248 WARNING: fs/btrfs/transaction.c:2045 at btrfs_commit_transaction.cold+0x3f6/0xb64 fs/btrfs/transaction.c:2630, CPU#1: syz-executor.3/6248 Modules linked in: CPU: 1 UID: 0 PID: 6248 Comm: syz-executor.3 Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:cleanup_transaction fs/btrfs/transaction.c:2045 [inline] RIP: 0010:btrfs_commit_transaction.cold+0x3f9/0xb64 fs/btrfs/transaction.c:2630 Code: 01 e9 5b fd ff ff e8 aa 3a d9 00 90 0f 0b 90 e9 66 fd ff ff 31 db e9 c4 fe ff ff e8 95 3a d9 00 48 8d 3d 0e d3 b2 0f 44 89 e6 <67> 48 0f b9 3a e9 a6 fe ff ff e8 7c 3a d9 00 48 8b 04 24 48 05 28 RSP: 0018:ffffc9000351f340 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff888036395c00 RCX: ffffffff812f6292 RDX: ffff88802cd74900 RSI: 00000000ffffffe4 RDI: ffffffff90e237e0 RBP: ffff888036394000 R08: 0000000000000005 R09: fffffffffffffffb R10: ffffffffffffffe4 R11: 0000000000000002 R12: 00000000ffffffe4 R13: ffff888027c11000 R14: ffff88804accee48 R15: ffff88804accede0 FS: 00007fbf4a1026c0(0000) GS:ffff8880d644a000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f93385f2b60 CR3: 000000002a598000 CR4: 0000000000352ef0 Call Trace: prepare_to_relocate+0x413/0x6b0 fs/btrfs/relocation.c:3479 relocate_block_group+0x146/0x10e0 fs/btrfs/relocation.c:3504 do_nonremap_reloc fs/btrfs/relocation.c:5248 [inline] btrfs_relocate_block_group+0x159c/0x57c0 fs/btrfs/relocation.c:5407 btrfs_relocate_chunk+0x129/0x700 fs/btrfs/volumes.c:3590 __btrfs_balance fs/btrfs/volumes.c:4492 [inline] btrfs_balance+0x247e/0x50b0 fs/btrfs/volumes.c:4879 btrfs_ioctl_balance fs/btrfs/ioctl.c:3445 [inline] btrfs_ioctl+0x3ebb/0x64e0 fs/btrfs/ioctl.c:5196 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:597 [inline] __se_sys_ioctl fs/ioctl.c:583 [inline] __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:583 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x106/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fbf4946e3b9 Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 d0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fbf4a1020b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fbf495abf80 RCX: 00007fbf4946e3b9 RDX: 0000000020000980 RSI: 00000000c4009420 RDI: 0000000000000004 RBP: 00007fbf494cf498 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007fbf495abf80 R15: 00007ffd1f5415a8 ---------------- Code disassembly (best guess), 1 bytes skipped: 0: e9 5b fd ff ff jmp 0xfffffd60 5: e8 aa 3a d9 00 call 0xd93ab4 a: 90 nop b: 0f 0b ud2 d: 90 nop e: e9 66 fd ff ff jmp 0xfffffd79 13: 31 db xor %ebx,%ebx 15: e9 c4 fe ff ff jmp 0xfffffede 1a: e8 95 3a d9 00 call 0xd93ab4 1f: 48 8d 3d 0e d3 b2 0f lea 0xfb2d30e(%rip),%rdi # 0xfb2d334 26: 44 89 e6 mov %r12d,%esi * 29: 67 48 0f b9 3a ud1 (%edx),%rdi <-- trapping instruction 2e: e9 a6 fe ff ff jmp 0xfffffed9 33: e8 7c 3a d9 00 call 0xd93ab4 38: 48 8b 04 24 mov (%rsp),%rax 3c: 48 rex.W 3d: 05 .byte 0x5 3e: 28 .byte 0x28