From nobody Sat Feb 7 07:24:16 2026 Received: from mail-oo1-f70.google.com (mail-oo1-f70.google.com [209.85.161.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 64F5D5B1EB for ; Wed, 31 Dec 2025 05:05:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.161.70 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767157547; cv=none; b=igp/h1VnihmONwS3kkvg454eeakWjZm3r2fY9HAXFUa7tGvZw7NxJMdQhM26lYFqRjMZcEUQ4r7uwAO/JAv6KcPuGzucpVoGFhQRYyshrrtFhs1UXktdLLwRagCk9F9jYCBmMEEfTuKo6OXimNL5MZjk9ZUCRhLAIyaS3fC7MzA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767157547; c=relaxed/simple; bh=547J+F6Jf3QhLQb+ghYuo1KgHNincdNIj+Do4mrMN7M=; h=MIME-Version:Date:In-Reply-To:Message-ID:Subject:From:To: Content-Type; b=HS/AZ175b0N7/CuxbPfhGJQI5YO7JK8/FIngQVbKdjmC/RJ9EhkRtoKNPdSkdubyflzTqGsPBjyqNAhJFOrXueHpeO3LGKukwkomeNxh4yJXbmTIJ9J8nO4NcsCpFG9K2M5R7adWyp9cFlRLjYY/WBO8UzaZdDB9cZ7q4478x5k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; arc=none smtp.client-ip=209.85.161.70 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com Received: by mail-oo1-f70.google.com with SMTP id 006d021491bc7-656b3efc41aso15524998eaf.3 for ; Tue, 30 Dec 2025 21:05:45 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767157544; x=1767762344; h=to:from:subject:message-id:in-reply-to:date:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=maDMtWTO/VLY954GmJThejxom6wYQ9jO3xw4qY3Ofi0=; b=aSlubBxGuHhtC3IWun3VBtKj08KBvXToZLpMmWtKtQOoilgtCsmaPWOvc6eZZsJO7W GQrsoaKd8+zpyxohxFeqHNobGu6OGx5LffWk2bfbOOqRYd6LpuLX2DyBUHPi18TjIES+ IOoVMvDH1U7RvZ/K3fPu5X9tGlO4DW9PAi5AO13u6t/YYjfWRawGiYXnnt99kMtakj/Q 0kTGuMb9OOnedbqOkazskk68UNEveKXPqq/ECV3Hqr/WKxMr58pMZ0zDgSogPMdZ0bz6 7jDnJZGpztv8+gw//EhjDlerz05vjn7C/anM8OCtj2+Rf8ip2WwF+09ieoX8h42XsJVs J3XQ== X-Gm-Message-State: AOJu0Yz3u9U//kUwL8z/hi2yZOlxy3WkcisAF6azEClwsf0X9/Oh9jDv SWkUVqUGMaYxKemRZfavCo8dX9bzaUWI4XvU65gk4/x2g4+UEFjHe5bElD2UohRqcTwZAJZLI2y dP2GkDCNErEkjMp+t2/kHDUesT/RLe2iqFjUXGqevHZ1TGCpgvkzFDF3pXSk= X-Google-Smtp-Source: AGHT+IE5Bp3Jpb5B5iZUvBSU864AXTFSH84ns499DXRy0bS4pNCFiNsdCCndRRhugEFKfC961NiGUlCy5QV16XA3QQ9dJqJhNZHW Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Received: by 2002:a05:6820:f028:b0:65b:29af:b562 with SMTP id 006d021491bc7-65d0eb24994mr13569159eaf.77.1767157544327; Tue, 30 Dec 2025 21:05:44 -0800 (PST) Date: Tue, 30 Dec 2025 21:05:44 -0800 In-Reply-To: <69441a92.a70a0220.207337.00e4.GAE@google.com> X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <6954af28.050a0220.a1b6.030e.GAE@google.com> Subject: Forwarded: [PATCH] ocfs2: add debug printk to trace block group validation path From: syzbot To: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" For archival purposes, forwarding an incoming command email to linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com. *** Subject: [PATCH] ocfs2: add debug printk to trace block group validation pa= th Author: kartikey406@gmail.com #syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.gi= t master Add temporary debug printk statements to understand how a corrupted filesystem image bypasses validation and triggers the BUG_ON in ocfs2_block_group_set_bits(). The existing validation in ocfs2_validate_gd_self() checks: bg_free_bits_count > bg_bits (static consistency) The BUG_ON in ocfs2_block_group_set_bits() checks: bg_free_bits_count < num_bits (dynamic allocation request) These are different conditions. A filesystem with bg_free_bits_count=3D1 and bg_bits=3D100 passes validation, but triggers BUG_ON when num_bits=3D2 is requested. This debug patch helps confirm whether ocfs2_validate_gd_self() is called and what values are present when the BUG_ON triggers. NOT FOR MERGE - debug only. Reported-by: syzbot+7960178e777909060224@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=3D7960178e777909060224 Signed-off-by: Deepanshu Kartikey --- fs/ocfs2/suballoc.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/fs/ocfs2/suballoc.c b/fs/ocfs2/suballoc.c index 8e6e5235b30c..7cd7eb6a9d13 100644 --- a/fs/ocfs2/suballoc.c +++ b/fs/ocfs2/suballoc.c @@ -164,7 +163,10 @@ static int ocfs2_validate_gd_self(struct super_block *= sb, int resize) { struct ocfs2_group_desc *gd =3D (struct ocfs2_group_desc *)bh->b_data; - + printk(KERN_ERR "OCFS2 DEBUG: ocfs2_validate_gd_self called for block %ll= u, bg_bits=3D%u, bg_free_bits_count=3D%u\n", + (unsigned long long)bh->b_blocknr, + le16_to_cpu(gd->bg_bits), + le16_to_cpu(gd->bg_free_bits_count)); if (!OCFS2_IS_VALID_GROUP_DESC(gd)) { do_error("Group descriptor #%llu has bad signature %.*s\n", (unsigned long long)bh->b_blocknr, 7, @@ -1376,7 +1375,11 @@ int ocfs2_block_group_set_bits(handle_t *handle, unsigned int start =3D bit_off + num_bits; u16 contig_bits; struct ocfs2_super *osb =3D OCFS2_SB(alloc_inode->i_sb); - + + printk(KERN_ERR "OCFS2 DEBUG: ocfs2_block_group_set_bits called, bg_blkno= =3D%llu, bg_free_bits_count=3D%u, num_bits=3D%u\n", + (unsigned long long)le64_to_cpu(bg->bg_blkno), + le16_to_cpu(bg->bg_free_bits_count), + num_bits); /* All callers get the descriptor via * ocfs2_read_group_descriptor(). Any corruption is a code bug. */ BUG_ON(!OCFS2_IS_VALID_GROUP_DESC(bg)); --=20 2.43.0