I Found a Bug in Apple's Fsck_hfs
18 hours ago
- #debugging
- #filesystem
- #macOS
- Identified a bug in Apple's fsck_hfs tool in macOS Sequoia causing false corruption errors on large HFS+ volumes.
- The bug triggers 'Couldn't read node' errors during extended attributes checks on volumes 24 TB or larger on machines with 8 GB RAM.
- Investigation ruled out hardware issues and confirmed filesystem metadata was valid; the bug is in the fsck_hfs tool itself.
- The root cause is cache exhaustion in BTCheckUnusedNodes function due to excessive tag allocations during free node verification.
- Debug builds and cross-machine testing confirmed cache saturation leads to ENOMEM errors, with 16 GB+ RAM machines unaffected.
- Proposed a fix bypassing the cache for unused node checks using a reusable buffer, avoiding cache pollution and exhaustion.
- Published the patch on GitHub since Apple's open-source mirror doesn't accept contributions, enabling users to build a fixed binary.