2. I am +1 on back-patching Craig's PANIC-on-failure logic. Doing nothing is not an option I like. I have some feedback and changes to propose though; see attached.
Thanks very much for the work on reviewing and revising this.
I don't see why sync_file_range(SYNC_FILE_RANGE_WRITE) should get a pass here. Inspection of some version of the kernel might tell us it can't advance the error counter and report failure, but what do we gain by relying on that? Changed.
I was sure it made sense at the time, but I can't explain that decision now, and it looks like we should treat it as a failure.