loop0: detected capacity change from 0 to 256 UDF-fs: error (device loop0): udf_read_tagged: read failed, block=8277, location=8277 UDF-fs: error (device loop0): udf_read_tagged: read failed, block=8533, location=8533 UDF-fs: error (device loop0): udf_read_tagged: read failed, block=8277, location=8277 UDF-fs: error (device loop0): udf_read_inode: (ino 57) failed !bh UDF-fs: error (device loop0): udf_fill_super: Error in udf_iget, block=2, partition=0 loop0: detected capacity change from 0 to 32768 ... Log Wrap ... Log Wrap ... Log Wrap ... loop0: detected capacity change from 32768 to 32639 ERROR: (device loop0): dbAllocNext: Corrupt dmap page ... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... ------------[ cut here ]------------ UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2260:2 index 2048 is out of range for type 's64[128]' (aka 'long long[128]') CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted 6.14.0-rc7-syzkaller-00202-g183601b78a9b #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:231 [inline] __ubsan_handle_out_of_bounds+0x121/0x150 lib/ubsan.c:429 dbAllocBits+0x994/0x9c0 fs/jfs/jfs_dmap.c:2260 dbAllocDmap fs/jfs/jfs_dmap.c:2037 [inline] dbAllocDmapLev+0x250/0x4a0 fs/jfs/jfs_dmap.c:1991 dbAllocCtl+0x147/0x9b0 fs/jfs/jfs_dmap.c:1828 dbAllocAG+0x28f/0x10b0 fs/jfs/jfs_dmap.c:1364 dbAlloc+0x658/0xca0 fs/jfs/jfs_dmap.c:888 dtSplitUp fs/jfs/jfs_dtree.c:981 [inline] dtInsert+0xd89/0x6d10 fs/jfs/jfs_dtree.c:870 jfs_create+0x7ba/0xbb0 fs/jfs/namei.c:137 lookup_open fs/namei.c:3651 [inline] open_last_lookups fs/namei.c:3750 [inline] path_openat+0x193c/0x3590 fs/namei.c:3986 do_filp_open+0x27f/0x4e0 fs/namei.c:4016 do_sys_openat2+0x13e/0x1d0 fs/open.c:1428 do_sys_open fs/open.c:1443 [inline] __do_sys_creat fs/open.c:1521 [inline] __se_sys_creat fs/open.c:1515 [inline] __x64_sys_creat+0x123/0x170 fs/open.c:1515 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f819c98d169 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f819d850038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 RAX: ffffffffffffffda RBX: 00007f819cba5fa0 RCX: 00007f819c98d169 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000580 RBP: 00007f819ca0e2a0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f819cba5fa0 R15: 00007fff448d9e98 ---[ end trace ]---