Here is a proper, minmized reproducer which reproduces on upstream, for someone who wants to try to work this bug.
On Fri, Dec 16, 2022 at 12:47:16AM -0500, Theodore Ts'o wrote:
Fixing this the clean and proper way, which is by making ext4_xattr_move_to_block() more intelligent/efficient, is left as an exercise to the reader.
For someone who wants to work the bug, here is a cleaner, properly minimzed, easier-for-humans-to-understand reproducer:
#!/bin/bash -vx # # This reproduces an ext4 bug caused by an unfortunate interaction # between lazytime updates happening when a file system is being # unmounted and expand_extra_isize # # Initially discovered via syzkaller: # https://syzkaller.appspot.com/bug?id=3613786cb88c93aa1c6a279b1df6a7b201347d0... #
img=/tmp/foo.img dir=/mnt file=$dir/file0
rm -f $img mke2fs -Fq -t ext4 -I 256 -O ea_inode -b 1024 $img 200k mount $img $dir v=$(dd if=/dev/zero bs=2000 count=1 2>/dev/null | tr '\0' =) touch $file attr -q -s test -V $v $file umount $dir mount -o debug_want_extra_isize=128,lazytime /tmp/foo.img $dir cat $file umount $dir