Re: [PATCH v2] hfs: return -EFSCORRUPTED instead of BUG() in hfs_write_inode()

[David Maximiliano Hermitte]

Hello Slava, Jori, all,

I wanted to share one additional diagnostic result from our side.

We are not HFS maintainers, and I do not want to present this as a final patch proposal. We used a small change only as a route-checking experiment, to verify whether the crash ending in hfs_write_inode() / BUG() can be prevented by rejecting corrupt metadata earlier.

The experimental change was in fs/hfs/btree.c, after reading the HFS B-tree header:

	if (tree->root >= tree->node_count)
		goto fail_folio;
	if (tree->leaf_head >= tree->node_count)
		goto fail_folio;
	if (tree->leaf_tail >= tree->node_count)
		goto fail_folio;
	if (tree->leaf_count && (!tree->leaf_head || !tree->leaf_tail))
		goto fail_folio;
	if (tree->depth > tree->node_count)
		goto fail_folio;

We specifically did not modify:

	fs/hfs/inode.c
	hfs_write_inode()
	BUG()

With the same syzbot-style reproducer and the same QEMU setup, we observed:

BEFORE / unpatched:
	boot_linux_seen=true
	root_mounted_seen=true
	repro_started=true
	VQBIT_HFS_INODE_BUG_SITE_3 line=474 hit
	kernel_bug_seen=true
	verdict=BEFORE_BUG_REPRODUCED

AFTER / diagnostic btree validation:
	boot_linux_seen=true
	root_mounted_seen=true
	repro_started=true
	kernel_bug_seen=false
	hfs_write_inode_seen=false
	kasan_seen=false
	oops_seen=false
	verdict=REPRO_RAN_NO_KERNEL_BUG_SEEN

So our current interpretation is:

	The BUG in hfs_write_inode() appears to be the crash sink.
	The corrupt state seems to be accepted earlier.
	Rejecting inconsistent HFS B-tree header fields before traversal prevents the reproducer from reaching hfs_write_inode::BUG().

Again, this is not intended as a polished HFS fix. It is only evidence from a diagnostic route check. I would appreciate your opinion on whether this direction makes sense, and whether the proper fix should live around HFS B-tree / catalog metadata validation rather than changing the final BUG() in hfs_write_inode().

Best regards,
David