fix: Simplify generation validation to fix logical inconsistencies

This commit addresses critical flaws in the generation validation logic
identified in code review (confidence score 1/5):

**Problems Fixed:**
1. Race condition: Was capturing inode.dir.generation without holding
   inode.mu lock (line 358)
2. Flawed logic: Checking for inodeGen+1 after sealing couldn't
   distinguish between "we sealed it" vs "someone else sealed it"
3. Over-validation: Pre-sealing generation checks (line 363) combined
   with post-sealing checks (line 371) created logical inconsistencies
4. Same issues in inode==parent case (lines 378-381)

**Solution:**
Simplified approach that only validates what matters:
- For inode != parent: Seal inode unconditionally, only validate parent
  generation hasn't changed before marking gap (we care about parent
  consistency for gap marking, not inode state)
- For inode == parent: Seal and mark gap while holding lock (no checks
  needed as we hold lock throughout)

This eliminates race conditions and logical flaws while maintaining
correct concurrency semantics. The test failure (I/O errors and
timeout) was likely caused by these logical inconsistencies leading
to incorrect gap marking and filesystem state corruption.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

Author: ovaistariq

core/dir.go

@@ -353,34 +353,27 @@ func (parent *Inode) listObjectsSlurp(inode *Inode, startAfter string, sealEnd b
 		// the lock and we must NOT release it (they'll handle lock ordering).
 		if lock {
 			if inode != parent {
-				// Capture both generations before unlocking to validate later
+				// Capture parent generation before unlocking to validate later
 				parentGen := atomic.LoadUint64(&parent.dir.generation)
-				inodeGen := atomic.LoadUint64(&inode.dir.generation)
 				parent.mu.Unlock()
 
+				// Seal the inode with its own lock
 				inode.mu.Lock()
-				// Check if inode generation is still the same before sealing
-				if atomic.LoadUint64(&inode.dir.generation) == inodeGen {
-					inode.sealDir()
-				}
+				inode.sealDir()
 				inode.mu.Unlock()
 
-				// Reacquire parent lock and verify both generations
+				// Reacquire parent lock and verify parent hasn't changed
 				parent.mu.Lock()
-				if atomic.LoadUint64(&parent.dir.generation) == parentGen &&
-					atomic.LoadUint64(&inode.dir.generation) == inodeGen+1 {
-					// Parent hasn't changed and inode was sealed by us, mark gap as loaded
+				if atomic.LoadUint64(&parent.dir.generation) == parentGen {
+					// Parent hasn't changed, safe to mark gap as loaded
 					parent.dir.markGapLoaded(NilStr(startWith), calculatedNextStartAfter)
 				}
 				parent.mu.Unlock()
 			} else {
-				// inode == parent, capture generation before sealing
-				gen := atomic.LoadUint64(&parent.dir.generation)
+				// inode == parent, we already hold the lock so seal directly
 				parent.sealDir()
-				// Only mark gap if generation changed as expected (incremented by 1)
-				if atomic.LoadUint64(&parent.dir.generation) == gen+1 {
-					parent.dir.markGapLoaded(NilStr(startWith), calculatedNextStartAfter)
-				}
+				// Mark gap as loaded after sealing while still holding lock
+				parent.dir.markGapLoaded(NilStr(startWith), calculatedNextStartAfter)
 				parent.mu.Unlock()
 			}
 		} else {