ERROR: (device loop9): txCommit: 
find_entry called with index = 0
read_mapping_page failed!
ERROR: (device loop9): txCommit: 
==================================================================
BUG: KFENCE: out-of-bounds read in dtSplitPage+0x117e/0x3b20 fs/jfs/jfs_dtree.c:-1

Out-of-bounds read at 0xffff88823bfd1045 (2437B right of kfence-#231):
 dtSplitPage+0x117e/0x3b20 fs/jfs/jfs_dtree.c:-1
 dtSplitUp fs/jfs/jfs_dtree.c:1092 [inline]
 dtInsert+0x109b/0x5f40 fs/jfs/jfs_dtree.c:871
 jfs_create+0x6c8/0xa80 fs/jfs/namei.c:137
 lookup_open fs/namei.c:3796 [inline]
 open_last_lookups fs/namei.c:3895 [inline]
 path_openat+0x1500/0x3840 fs/namei.c:4131
 do_filp_open+0x1fa/0x410 fs/namei.c:4161
 do_sys_openat2+0x121/0x1c0 fs/open.c:1437
 do_sys_open fs/open.c:1452 [inline]
 __do_sys_open fs/open.c:1460 [inline]
 __se_sys_open fs/open.c:1456 [inline]
 __x64_sys_open+0x11e/0x150 fs/open.c:1456
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

kfence-#231: 0xffff88823bfd06c0-0xffff88823bfd0fff, size=2368, cache=jfs_ip

allocated by task 7106 on cpu 1 at 258.897493s (0.306645s ago):
 jfs_alloc_inode+0x28/0x70 fs/jfs/super.c:105
 alloc_inode+0x6a/0x1b0 fs/inode.c:346
 iget_locked+0x106/0x580 fs/inode.c:1445
 jfs_iget+0x24/0x470 fs/jfs/inode.c:29
 jfs_lookup+0x1c5/0x380 fs/jfs/namei.c:1469
 __lookup_slow+0x29d/0x3d0 fs/namei.c:1816
 lookup_slow+0x53/0x70 fs/namei.c:1833
 walk_component+0x2d2/0x400 fs/namei.c:2151
 lookup_last fs/namei.c:2652 [inline]
 path_lookupat+0x163/0x430 fs/namei.c:2676
 filename_lookup+0x212/0x570 fs/namei.c:2705
 user_path_at+0x3a/0x60 fs/namei.c:3215
 __do_sys_chdir fs/open.c:561 [inline]
 __se_sys_chdir+0x91/0x280 fs/open.c:555
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

CPU: 1 UID: 0 PID: 7106 Comm: syz.9.132 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
RIP: 0010:dtSplitPage+0x117e/0x3b20 fs/jfs/jfs_dtree.c:-1
Code: e8 67 2a 83 fe c1 e3 05 48 03 5c 24 10 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 0f 85 33 01 00 00 <0f> b6 1b 4d 85 ff 75 1f e8 d5 24 83 fe 0f b7 c3 44 69 e0 12 11 00
RSP: 0018:ffffc90004f1f138 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff88823bfd1045 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 0000000000200000 RDI: 0000000000000000
RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000100 R11: 0000000000000004 R12: 0000000000000001
R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000200000
FS:  00007fb2a07b66c0(0000) GS:ffff888126ef9000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88823bfd1045 CR3: 0000000063bc2000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 dtSplitUp fs/jfs/jfs_dtree.c:1092 [inline]
 dtInsert+0x109b/0x5f40 fs/jfs/jfs_dtree.c:871
 jfs_create+0x6c8/0xa80 fs/jfs/namei.c:137
 lookup_open fs/namei.c:3796 [inline]
 open_last_lookups fs/namei.c:3895 [inline]
 path_openat+0x1500/0x3840 fs/namei.c:4131
 do_filp_open+0x1fa/0x410 fs/namei.c:4161
 do_sys_openat2+0x121/0x1c0 fs/open.c:1437
 do_sys_open fs/open.c:1452 [inline]
 __do_sys_open fs/open.c:1460 [inline]
 __se_sys_open fs/open.c:1456 [inline]
 __x64_sys_open+0x11e/0x150 fs/open.c:1456
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fb2a254f6c9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb2a07b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00007fb2a27a5fa0 RCX: 00007fb2a254f6c9
RDX: 389b0d52417bb201 RSI: 0000000000064842 RDI: 00002000000005c0
RBP: 00007fb2a25d1f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fb2a27a6038 R14: 00007fb2a27a5fa0 R15: 00007ffda5e818a8
 </TASK>
==================================================================
----------------
Code disassembly (best guess):
   0:	e8 67 2a 83 fe       	call   0xfe832a6c
   5:	c1 e3 05             	shl    $0x5,%ebx
   8:	48 03 5c 24 10       	add    0x10(%rsp),%rbx
   d:	48 89 d8             	mov    %rbx,%rax
  10:	48 c1 e8 03          	shr    $0x3,%rax
  14:	48 b9 00 00 00 00 00 	movabs $0xdffffc0000000000,%rcx
  1b:	fc ff df
  1e:	0f b6 04 08          	movzbl (%rax,%rcx,1),%eax
  22:	84 c0                	test   %al,%al
  24:	0f 85 33 01 00 00    	jne    0x15d
* 2a:	0f b6 1b             	movzbl (%rbx),%ebx <-- trapping instruction
  2d:	4d 85 ff             	test   %r15,%r15
  30:	75 1f                	jne    0x51
  32:	e8 d5 24 83 fe       	call   0xfe83250c
  37:	0f b7 c3             	movzwl %bx,%eax
  3a:	44                   	rex.R
  3b:	69                   	.byte 0x69
  3c:	e0 12                	loopne 0x50
  3e:	11 00                	adc    %eax,(%rax)