Re: [PATCH v2] hfs: return -EFSCORRUPTED instead of BUG() in hfs_write_inode()

[Jori Koolstra]

On Sun, Jun 07, 2026 at 03:53:39AM +0000, David Maximiliano Hermitte wrote:
> hfs: return -EFSCORRUPTED instead of BUG() in hfs_write_inode()
> 
> A corrupted or otherwise malformed HFS filesystem image can reach the
> default case in hfs_write_inode(). The current code calls BUG() there,
> which turns an on-disk filesystem condition into a kernel crash.
> 
> Return -EFSCORRUPTED instead. This reports filesystem metadata
> corruption consistently with other major filesystems while avoiding a
> reachable kernel BUG.

How is -EFSCORRUPTED handled now? The BUG() marks a situation that is
pretty bad, so maybe you don't want to continue to do everything as
usual (although a BUG() is very harsh). At the very least, there should
be a warning.

> 
> The issue is reproducible with the public syzbot C reproducer linked
> below. Before this change, the reproducer triggers a kernel BUG at
> fs/hfs/inode.c with RIP in hfs_write_inode(). After this change, the
> same reproducer no longer triggers kernel BUG, hfs_write_inode, KASAN,
> Oops, Call Trace, or RIP evidence in the validation window.
> 
> Reported-by: syzbot+97e301b4b82ae803d21b@xxxxxxxxxxxxxxxxxxxxxxxxx
> Closes: https://syzkaller.appspot.com/bug?extid=97e301b4b82ae803d21b
> Tested-by: David Maximiliano Hermitte <davemadmaxxx@xxxxxxxxx>
> Signed-off-by: David Maximiliano Hermitte <davemadmaxxx@xxxxxxxxx>
> ---
> Changes in v2:
> - Return -EFSCORRUPTED for metadata corruption, as suggested by Darrick.
> 
>  fs/hfs/inode.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/fs/hfs/inode.c b/fs/hfs/inode.c
> index 89b33a9d46d5..4192f660b64f 100644
> --- a/fs/hfs/inode.c
> +++ b/fs/hfs/inode.c
> @@ -471,7 +471,6 @@ int hfs_write_inode(struct inode *inode, struct writeback_control *wbc)
>  			hfs_btree_write(HFS_SB(inode->i_sb)->cat_tree);
>  			return 0;
>  		default:
> -			BUG();
> -			return -EIO;
> +			return -EFSCORRUPTED;
>  		}
>  	}