akpm quoth:

In ext3_dirty_inode(), we open a transaction which reserves just
a single disk block.  Because that is all we expect to write.

But when you get all the way down to ext3_do_upodate_inode(),
the corrupted inode data leads the filesytem to think that
the file has a size larger than 2G.

This triggers the logic in ext3_do_update_inode() which updates
the superblock to say "this filesystem now has files which are
larger than 2G".

But that requires a journalled superblock write.  We didn't
reserve a second block in the transaction for that, and blam.

A robust fix for this is to update all callers of ext3_do_update_inode()
to reserve an additional block for that eventuality.

--- linux-2.4.21-pre3-rmap-ext3merge/fs/ext3/inode.c.=K0005=.orig	2003-01-23 16:29:29.000000000 +0000
+++ linux-2.4.21-pre3-rmap-ext3merge/fs/ext3/inode.c	2003-01-23 16:29:34.000000000 +0000
@@ -2553,7 +2553,7 @@
 	handle_t *handle;
 
 	lock_kernel();
-	handle = ext3_journal_start(inode, 1);
+	handle = ext3_journal_start(inode, 2);
 	if (IS_ERR(handle))
 		goto out;
 	if (current_handle &&