Here is a proper, minmized reproducer which reproduces on upstream, for someone who wants to try to work this bug. On Fri, Dec 16, 2022 at 12:47:16AM -0500, Theodore Ts'o wrote: > Fixing this the clean and proper way, which is by making > ext4_xattr_move_to_block() more intelligent/efficient, is left as an > exercise to the reader. For someone who wants to work the bug, here is a cleaner, properly minimzed, easier-for-humans-to-understand reproducer: #!/bin/bash -vx # # This reproduces an ext4 bug caused by an unfortunate interaction # between lazytime updates happening when a file system is being # unmounted and expand_extra_isize # # Initially discovered via syzkaller: # https://syzkaller.appspot.com/bug?id=3613786cb88c93aa1c6a279b1df6a7b201347d08 # img=/tmp/foo.img dir=/mnt file=$dir/file0 rm -f $img mke2fs -Fq -t ext4 -I 256 -O ea_inode -b 1024 $img 200k mount $img $dir v=$(dd if=/dev/zero bs=2000 count=1 2>/dev/null | tr '\0' =) touch $file attr -q -s test -V $v $file umount $dir mount -o debug_want_extra_isize=128,lazytime /tmp/foo.img $dir cat $file umount $dir
