Forwarded: [PATCH] ocfs2: add debug printk to trace block group validation path

[syzbot <syzbot+7960178e777909060224@syzkaller.appspotmail.com>]

For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.

***

Subject: [PATCH] ocfs2: add debug printk to trace block group validation path
Author: kartikey406@gmail.com

#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master


Add temporary debug printk statements to understand how a corrupted
filesystem image bypasses validation and triggers the BUG_ON in
ocfs2_block_group_set_bits().

The existing validation in ocfs2_validate_gd_self() checks:
    bg_free_bits_count > bg_bits (static consistency)

The BUG_ON in ocfs2_block_group_set_bits() checks:
    bg_free_bits_count < num_bits (dynamic allocation request)

These are different conditions. A filesystem with bg_free_bits_count=1
and bg_bits=100 passes validation, but triggers BUG_ON when num_bits=2
is requested.

This debug patch helps confirm whether ocfs2_validate_gd_self() is
called and what values are present when the BUG_ON triggers.

NOT FOR MERGE - debug only.

Reported-by: syzbot+7960178e777909060224@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=7960178e777909060224
Signed-off-by: Deepanshu Kartikey <kartikey406@gmail.com>
---
 fs/ocfs2/suballoc.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/fs/ocfs2/suballoc.c b/fs/ocfs2/suballoc.c
index 8e6e5235b30c..7cd7eb6a9d13 100644
--- a/fs/ocfs2/suballoc.c
+++ b/fs/ocfs2/suballoc.c
@@ -164,7 +163,10 @@ static int ocfs2_validate_gd_self(struct super_block *sb,
 				  int resize)
 {
 	struct ocfs2_group_desc *gd = (struct ocfs2_group_desc *)bh->b_data;
-
+	printk(KERN_ERR "OCFS2 DEBUG: ocfs2_validate_gd_self called for block %llu, bg_bits=%u, bg_free_bits_count=%u\n",
+	       (unsigned long long)bh->b_blocknr,
+	       le16_to_cpu(gd->bg_bits),
+	       le16_to_cpu(gd->bg_free_bits_count));
 	if (!OCFS2_IS_VALID_GROUP_DESC(gd)) {
 		do_error("Group descriptor #%llu has bad signature %.*s\n",
 			 (unsigned long long)bh->b_blocknr, 7,
@@ -1376,7 +1375,11 @@ int ocfs2_block_group_set_bits(handle_t *handle,
 	unsigned int start = bit_off + num_bits;
 	u16 contig_bits;
 	struct ocfs2_super *osb = OCFS2_SB(alloc_inode->i_sb);
-
+
+	printk(KERN_ERR "OCFS2 DEBUG: ocfs2_block_group_set_bits called, bg_blkno=%llu, bg_free_bits_count=%u, num_bits=%u\n",
+	       (unsigned long long)le64_to_cpu(bg->bg_blkno),
+	       le16_to_cpu(bg->bg_free_bits_count),
+	       num_bits);
 	/* All callers get the descriptor via
 	 * ocfs2_read_group_descriptor().  Any corruption is a code bug. */
 	BUG_ON(!OCFS2_IS_VALID_GROUP_DESC(bg));
-- 
2.43.0