Warning: Permanently added '10.128.1.250' (ED25519) to the list of known hosts. 1970/01/01 00:01:23 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:23 ignoring optional flag "type"="gce" 1970/01/01 00:01:23 parsed 1 programs [ 86.191456][ T4485] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 92.298783][ T148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.302962][ T148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.307957][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 92.315484][ T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.317640][ T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.322967][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 93.586643][ T4541] chnl_net:caif_netlink_parms(): no params data found [ 93.624526][ T4541] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.626714][ T4541] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.631240][ T4541] device bridge_slave_0 entered promiscuous mode [ 93.635220][ T4541] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.637396][ T4541] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.640256][ T4541] device bridge_slave_1 entered promiscuous mode [ 93.662170][ T4541] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.667374][ T4541] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.687984][ T4541] team0: Port device team_slave_0 added [ 93.693338][ T4541] team0: Port device team_slave_1 added [ 93.707960][ T4541] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.711736][ T4541] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.719000][ T4541] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.723723][ T4541] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.725688][ T4541] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.734405][ T4541] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.793181][ T4541] device hsr_slave_0 entered promiscuous mode [ 93.832433][ T4541] device hsr_slave_1 entered promiscuous mode [ 94.648047][ T4541] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.692042][ T4541] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.723134][ T4541] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.762396][ T4541] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.890604][ T4541] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.898894][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 94.904265][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 94.910884][ T4541] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.915795][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 94.919136][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 94.926759][ T661] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.928859][ T661] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.934026][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 94.939348][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 94.943035][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 94.945759][ T148] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.947837][ T148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.954115][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 94.964890][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 94.968441][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 94.975699][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 94.986474][ T4541] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 94.989450][ T4541] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 94.995441][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 94.998014][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 95.005277][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 95.008597][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 95.011823][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 95.014678][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 95.017324][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 95.025329][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 95.105462][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 95.107760][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 95.118583][ T4541] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.133290][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 95.136328][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 95.152279][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 95.155185][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 95.158046][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 95.162506][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 95.166962][ T4541] device veth0_vlan entered promiscuous mode [ 95.175615][ T4541] device veth1_vlan entered promiscuous mode [ 95.192523][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 95.195481][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 95.198238][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 95.204564][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 95.210957][ T4541] device veth0_macvtap entered promiscuous mode [ 95.217091][ T4541] device veth1_macvtap entered promiscuous mode [ 95.232333][ T4541] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.234688][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 95.237273][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 95.240737][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 95.244226][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 95.287935][ T4541] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.292460][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 95.295356][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 95.302029][ T4541] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.304534][ T4541] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.307021][ T4541] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.309360][ T4541] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 1970/01/01 00:01:35 executed programs: 0 [ 95.657187][ T4648] chnl_net:caif_netlink_parms(): no params data found [ 95.697015][ T4648] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.699153][ T4648] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.705362][ T4648] device bridge_slave_0 entered promiscuous mode [ 95.710102][ T4648] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.712165][ T4648] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.714901][ T4648] device bridge_slave_1 entered promiscuous mode [ 95.773336][ T4648] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.782836][ T4648] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.805458][ T4648] team0: Port device team_slave_0 added [ 95.809371][ T4648] team0: Port device team_slave_1 added [ 95.876552][ T4648] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.878618][ T4648] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.886975][ T4648] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.892419][ T4648] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.894499][ T4648] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.902502][ T4648] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.972447][ T4648] device hsr_slave_0 entered promiscuous mode [ 96.009936][ T4648] device hsr_slave_1 entered promiscuous mode [ 96.051762][ T4648] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 96.054047][ T4648] Cannot create hsr debugfs directory [ 96.144769][ T4648] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.570134][ T7] Bluetooth: hci1: command 0x0409 tx timeout [ 98.029031][ T4648] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.650487][ T25] Bluetooth: hci1: command 0x041b tx timeout [ 100.306791][ T4648] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.396754][ T4648] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.875813][ T4648] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 100.902707][ T4648] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 100.966156][ T4648] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 101.014169][ T4648] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 101.113728][ T4648] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.123306][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 101.126159][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 101.131336][ T4648] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.136117][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 101.139176][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 101.144981][ T661] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.147109][ T661] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.149792][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 101.155259][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 101.158287][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 101.161713][ T661] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.163613][ T661] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.168652][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 101.174509][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 101.180397][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 101.183583][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 101.186525][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 101.195658][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 101.198803][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 101.202757][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 101.206434][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 101.222668][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 101.225515][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 101.230688][ T4648] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 101.322974][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 101.325220][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 101.342839][ T4648] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.356761][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 101.360090][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 101.382228][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 101.385168][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 101.387962][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 101.391514][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 101.396029][ T4648] device veth0_vlan entered promiscuous mode [ 101.405532][ T4648] device veth1_vlan entered promiscuous mode [ 101.425630][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 101.428492][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 101.432244][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 101.435302][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 101.440681][ T4648] device veth0_macvtap entered promiscuous mode [ 101.445694][ T4648] device veth1_macvtap entered promiscuous mode [ 101.456057][ T4648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 101.459071][ T4648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.463821][ T4648] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.465939][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 101.468732][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 101.471946][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 101.474953][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 101.481396][ T4648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 101.484499][ T4648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.488306][ T4648] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.491308][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 101.494313][ T661] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 101.509443][ T4648] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.512458][ T4648] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.514954][ T4648] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.517387][ T4648] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.560435][ T661] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.567215][ T661] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.576602][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.579191][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.580145][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 101.585896][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 1970/01/01 00:01:41 executed programs: 2 [ 101.739727][ T4117] Bluetooth: hci1: command 0x040f tx timeout [ 101.833315][ T4922] loop0: detected capacity change from 0 to 32768 [ 101.886510][ T4922] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.15 (4922) [ 101.897186][ T4922] BTRFS info (device loop0): using sha256 (sha256-ce) checksum algorithm [ 101.903943][ T4922] BTRFS info (device loop0): enabling auto defrag [ 101.906026][ T4922] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 101.909132][ T4922] BTRFS info (device loop0): trying to use backup root at mount time [ 101.911843][ T4922] BTRFS info (device loop0): metadata ratio 7 [ 101.913600][ T4922] BTRFS info (device loop0): force clearing of disk cache [ 101.915665][ T4922] BTRFS info (device loop0): turning on sync discard [ 101.917629][ T4922] BTRFS info (device loop0): disabling free space tree [ 101.919533][ T4922] BTRFS info (device loop0): has skinny extents [ 101.935210][ T136] BTRFS warning (device loop0): checksum verify failed on 5332992 wanted 0x1335c47d3f94e85552e31a8ecc9dd4db4dece1445f3fbef1d5b0b5e8324c15d5 found 0xb8b9d82e4a9942122dd30d6e1a5f8e2661e72a0b7a021b669507c1487c9951e3 level 0 [ 101.944163][ T4922] BTRFS warning (device loop0): couldn't read tree root [ 101.950096][ T136] BTRFS warning (device loop0): checksum verify failed on 5320704 wanted 0x3a96b260394a7399f18798ce453684459093f28a490b1793d7ea697f0b0df10a found 0x43d57e81b22147e305dff737e146f6d81c05c3a9a4fec171a05f978e77d965b6 level 0 [ 101.959905][ T4922] BTRFS warning (device loop0): failed to read root (objectid=10): -5 [ 101.963183][ T4922] BTRFS error (device loop0): parent transid verify failed on 5255168 wanted 5 found 7 [ 101.966267][ T4922] BTRFS warning (device loop0): couldn't read tree root [ 101.994127][ T688] device hsr_slave_0 left promiscuous mode [ 101.997022][ T4922] BTRFS info (device loop0): enabling ssd optimizations [ 102.000003][ T4922] BTRFS info (device loop0): clearing free space tree [ 102.002658][ T4922] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 102.006137][ T4922] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 102.034771][ T4922] ================================================================== [ 102.037245][ T4922] BUG: KASAN: null-ptr-deref in btrfs_root_node+0x14c/0x3d4 [ 102.039400][ T4922] Write of size 4 at addr 0000000000000060 by task syz.0.15/4922 [ 102.041631][ T4922] [ 102.042242][ T4922] CPU: 0 PID: 4922 Comm: syz.0.15 Not tainted 5.15.189-syzkaller #0 [ 102.044563][ T4922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 102.047533][ T4922] Call trace: [ 102.048475][ T4922] dump_backtrace+0x0/0x43c [ 102.049766][ T4922] show_stack+0x2c/0x3c [ 102.050946][ T4922] __dump_stack+0x30/0x40 [ 102.052184][ T4922] dump_stack_lvl+0xf8/0x160 [ 102.053439][ T4922] kasan_report+0xe0/0x15c [ 102.054702][ T4922] kasan_check_range+0x270/0x2b0 [ 102.056170][ T4922] __kasan_check_write+0x44/0x54 [ 102.057553][ T4922] btrfs_root_node+0x14c/0x3d4 [ 102.058918][ T4922] btrfs_read_lock_root_node+0x68/0x35c [ 102.060488][ T4922] btrfs_search_slot+0x2fc/0x1f4c [ 102.061931][ T4922] btrfs_orphan_cleanup+0x17c/0x7e0 [ 102.063338][ T4922] btrfs_cleanup_fs_roots+0x520/0x7a8 [ 102.064954][ T4922] btrfs_start_pre_rw_mount+0x14c/0x568 [ 102.066551][ T4922] open_ctree+0x1ef0/0x27b8 [ 102.067761][ T4922] btrfs_fill_super+0x1b4/0x2d4 [ 102.069051][ T4922] btrfs_mount_root+0x730/0x780 [ 102.070414][ T4922] legacy_get_tree+0xd4/0x16c [ 102.071811][ T4922] vfs_get_tree+0x90/0x274 [ 102.073098][ T4922] vfs_kern_mount+0xdc/0x178 [ 102.074436][ T4922] btrfs_mount+0x2a0/0x8d4 [ 102.075691][ T4922] legacy_get_tree+0xd4/0x16c [ 102.077032][ T4922] vfs_get_tree+0x90/0x274 [ 102.078294][ T4922] do_new_mount+0x228/0x810 [ 102.079547][ T4922] path_mount+0x5b4/0x1000 [ 102.080734][ T4922] __arm64_sys_mount+0x514/0x5e4 [ 102.082076][ T4922] invoke_syscall+0x98/0x2b8 [ 102.083361][ T4922] el0_svc_common+0x138/0x258 [ 102.084727][ T4922] do_el0_svc+0x58/0x14c [ 102.085915][ T4922] el0_svc+0x78/0x1e0 [ 102.087051][ T4922] el0t_64_sync_handler+0xcc/0xe4 [ 102.088419][ T4922] el0t_64_sync+0x1a0/0x1a4 [ 102.089781][ T4922] ================================================================== [ 102.092049][ T4922] Disabling lock debugging due to kernel taint [ 102.097421][ T4922] Unable to handle kernel paging request at virtual address dfff80000000000c [ 102.100117][ T4922] Mem abort info: [ 102.101172][ T4922] ESR = 0x0000000096000006 [ 102.102563][ T4922] EC = 0x25: DABT (current EL), IL = 32 bits [ 102.104330][ T4922] SET = 0, FnV = 0 [ 102.105400][ T4922] EA = 0, S1PTW = 0 [ 102.116536][ T4922] FSC = 0x06: level 2 translation fault [ 102.118316][ T4922] Data abort info: [ 102.119481][ T4922] ISV = 0, ISS = 0x00000006 [ 102.121266][ T4922] CM = 0, WnR = 0 [ 102.122359][ T4922] [dfff80000000000c] address between user and kernel address ranges [ 102.124692][ T4922] Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP [ 102.126582][ T4922] Modules linked in: [ 102.127647][ T4922] CPU: 0 PID: 4922 Comm: syz.0.15 Tainted: G B 5.15.189-syzkaller #0 [ 102.130225][ T4922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 102.133386][ T4922] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 102.135633][ T4922] pc : btrfs_root_node+0x150/0x3d4 [ 102.137118][ T4922] lr : btrfs_root_node+0x14c/0x3d4 [ 102.138583][ T4922] sp : ffff80001f676f90 [ 102.139733][ T4922] x29: ffff80001f676f90 x28: dfff800000000000 x27: ffff8000116e0a80 [ 102.141950][ T4922] x26: 0000000000000060 x25: 0000000000000000 x24: ffff8000116e0a80 [ 102.144165][ T4922] x23: ffff8000165b1000 x22: ffff8000116e1200 x21: 0000000000000001 [ 102.146387][ T4922] x20: 1fffe0001b2a2000 x19: ffff0000d9510000 x18: 1fffe0003421cd96 [ 102.148639][ T4922] x17: 1fffe0003421cd96 x16: ffff8000082d6448 x15: ffff80001420eda0 [ 102.150889][ T4922] x14: ffff0001a10e6cc0 x13: ffff0001a10e6cbc x12: 0000000000ff0100 [ 102.153057][ T4922] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 [ 102.155335][ T4922] x8 : 000000000000000c x7 : 0000000000000000 x6 : ffff80000824599c [ 102.157632][ T4922] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800008185e38 [ 102.159778][ T4922] x2 : 0000000000000001 x1 : 0000000000000001 x0 : 0000000000000000 [ 102.162000][ T4922] Call trace: [ 102.162924][ T4922] btrfs_root_node+0x150/0x3d4 [ 102.164254][ T4922] btrfs_read_lock_root_node+0x68/0x35c [ 102.165820][ T4922] btrfs_search_slot+0x2fc/0x1f4c [ 102.167176][ T4922] btrfs_orphan_cleanup+0x17c/0x7e0 [ 102.168601][ T4922] btrfs_cleanup_fs_roots+0x520/0x7a8 [ 102.170050][ T4922] btrfs_start_pre_rw_mount+0x14c/0x568 [ 102.171643][ T4922] open_ctree+0x1ef0/0x27b8 [ 102.172915][ T4922] btrfs_fill_super+0x1b4/0x2d4 [ 102.174372][ T4922] btrfs_mount_root+0x730/0x780 [ 102.175761][ T4922] legacy_get_tree+0xd4/0x16c [ 102.177108][ T4922] vfs_get_tree+0x90/0x274 [ 102.178422][ T4922] vfs_kern_mount+0xdc/0x178 [ 102.179693][ T4922] btrfs_mount+0x2a0/0x8d4 [ 102.180914][ T4922] legacy_get_tree+0xd4/0x16c [ 102.182231][ T4922] vfs_get_tree+0x90/0x274 [ 102.183452][ T4922] do_new_mount+0x228/0x810 [ 102.184736][ T4922] path_mount+0x5b4/0x1000 [ 102.185985][ T4922] __arm64_sys_mount+0x514/0x5e4 [ 102.187342][ T4922] invoke_syscall+0x98/0x2b8 [ 102.188690][ T4922] el0_svc_common+0x138/0x258 [ 102.189957][ T4922] do_el0_svc+0x58/0x14c [ 102.191205][ T4922] el0_svc+0x78/0x1e0 [ 102.192341][ T4922] el0t_64_sync_handler+0xcc/0xe4 [ 102.193846][ T4922] el0t_64_sync+0x1a0/0x1a4 [ 102.195203][ T4922] Code: aa1b03f8 aa1a03e0 97a90efc d343ff48 (38fc6908) [ 102.197123][ T4922] ---[ end trace 7766018f3f57a6f6 ]--- [ 102.604219][ T4922] Kernel panic - not syncing: Oops: Fatal exception [ 102.606224][ T4922] SMP: stopping secondary CPUs [ 102.607661][ T4922] Kernel Offset: disabled [ 102.608875][ T4922] CPU features: 0x8,000081c1,21302e40 [ 102.610504][ T4922] Memory Limit: none [ 103.008028][ T4922] Rebooting in 86400 seconds..