BTRFS info (device loop2): enabling ssd optimizations
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 800000010aeb2067 P4D 800000010aeb2067 PUD 109dc0067 PMD 0 
Oops: 0000 [#1] SMP PTI
CPU: 1 PID: 3623 Comm: syz.2.15 Not tainted 5.10.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
RIP: 0010:btrfs_root_node+0x2a/0x90 fs/btrfs/ctree.c:129
Code: 41 54 55 48 c7 c5 3e d6 5b 81 53 48 89 fb 31 d2 55 45 31 c9 45 31 c0 31 f6 b9 02 00 00 00 48 c7 c7 40 c5 35 83 e8 96 7c bb ff <4c> 8b 23 5a 41 8b 44 24 60 85 c0 74 32 49 8d 54 24 60 8d 48 01 f0
RSP: 0018:ffffc9000092fb68 EFLAGS: 00010246
RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00000000beba92a3
RDX: 000000006b306df3 RSI: 00000000649e142d RDI: 000000005a1c7e76
RBP: ffffffff815bd63e R08: 0000000000020026 R09: 0000000000000000
R10: 0000000000000000 R11: 3fffffffffffffff R12: 0000000000000000
R13: ffff8881155e7000 R14: ffff888115121840 R15: ffff888104ba8e70
FS:  00007fc80e1906c0(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000109d9a000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __btrfs_read_lock_root_node+0x25/0x50 fs/btrfs/locking.c:573
 btrfs_read_lock_root_node fs/btrfs/locking.h:108 [inline]
 btrfs_build_ref_tree+0x6e/0x620 fs/btrfs/ref-verify.c:1003
 open_ctree+0x126a/0x18a0 fs/btrfs/disk-io.c:3278
 btrfs_fill_super fs/btrfs/super.c:1333 [inline]
 btrfs_mount_root.cold+0x12/0xde fs/btrfs/super.c:1700
 legacy_get_tree+0x2b/0x50 fs/fs_context.c:592
 vfs_get_tree+0x1e/0x80 fs/super.c:1549
 fc_mount fs/namespace.c:978 [inline]
 vfs_kern_mount.part.0+0x6c/0xb0 fs/namespace.c:1008
 btrfs_mount+0x118/0x390 fs/btrfs/super.c:1760
 legacy_get_tree+0x2b/0x50 fs/fs_context.c:592
 vfs_get_tree+0x1e/0x80 fs/super.c:1549
 do_new_mount fs/namespace.c:2875 [inline]
 path_mount+0x2b1/0xc00 fs/namespace.c:3205
 do_mount fs/namespace.c:3218 [inline]
 __do_sys_mount fs/namespace.c:3426 [inline]
 __se_sys_mount fs/namespace.c:3403 [inline]
 __x64_sys_mount+0xfe/0x140 fs/namespace.c:3403
 do_syscall_64+0x34/0x50 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7fc80ef11eba
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc80e18fe68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fc80e18fef0 RCX: 00007fc80ef11eba
RDX: 0000000020000080 RSI: 0000000020000000 RDI: 00007fc80e18feb0
RBP: 0000000020000080 R08: 00007fc80e18fef0 R09: 000000000001c005
R10: 000000000001c005 R11: 0000000000000246 R12: 0000000020000000
R13: 00007fc80e18feb0 R14: 00000000000055cb R15: 0000000020000180
Modules linked in:
CR2: 0000000000000000
---[ end trace ee781a6dc8c836e3 ]---
RIP: 0010:btrfs_root_node+0x2a/0x90 fs/btrfs/ctree.c:129
Code: 41 54 55 48 c7 c5 3e d6 5b 81 53 48 89 fb 31 d2 55 45 31 c9 45 31 c0 31 f6 b9 02 00 00 00 48 c7 c7 40 c5 35 83 e8 96 7c bb ff <4c> 8b 23 5a 41 8b 44 24 60 85 c0 74 32 49 8d 54 24 60 8d 48 01 f0
RSP: 0018:ffffc9000092fb68 EFLAGS: 00010246
RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00000000beba92a3
RDX: 000000006b306df3 RSI: 00000000649e142d RDI: 000000005a1c7e76
RBP: ffffffff815bd63e R08: 0000000000020026 R09: 0000000000000000
R10: 0000000000000000 R11: 3fffffffffffffff R12: 0000000000000000
R13: ffff8881155e7000 R14: ffff888115121840 R15: ffff888104ba8e70
FS:  00007fc80e1906c0(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000109d9a000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	41 54                	push   %r12
   2:	55                   	push   %rbp
   3:	48 c7 c5 3e d6 5b 81 	mov    $0xffffffff815bd63e,%rbp
   a:	53                   	push   %rbx
   b:	48 89 fb             	mov    %rdi,%rbx
   e:	31 d2                	xor    %edx,%edx
  10:	55                   	push   %rbp
  11:	45 31 c9             	xor    %r9d,%r9d
  14:	45 31 c0             	xor    %r8d,%r8d
  17:	31 f6                	xor    %esi,%esi
  19:	b9 02 00 00 00       	mov    $0x2,%ecx
  1e:	48 c7 c7 40 c5 35 83 	mov    $0xffffffff8335c540,%rdi
  25:	e8 96 7c bb ff       	call   0xffbb7cc0
* 2a:	4c 8b 23             	mov    (%rbx),%r12 <-- trapping instruction
  2d:	5a                   	pop    %rdx
  2e:	41 8b 44 24 60       	mov    0x60(%r12),%eax
  33:	85 c0                	test   %eax,%eax
  35:	74 32                	je     0x69
  37:	49 8d 54 24 60       	lea    0x60(%r12),%rdx
  3c:	8d 48 01             	lea    0x1(%rax),%ecx
  3f:	f0                   	lock