From: Omar Sandoval osandov@fb.com
[ Upstream commit 57d4f0b863272ba04ba85f86bfdc0f976f0af91c ]
Currently, scrub_missing_raid56_worker() puts and potentially frees sblock (which embeds the work item) and then submits a bio through scrub_wr_submit(). This is another potential instance of the bug in "btrfs: don't prematurely free work in run_ordered_work()". Fix it by dropping the reference after we submit the bio.
Reviewed-by: Johannes Thumshirn jthumshirn@suse.de Signed-off-by: Omar Sandoval osandov@fb.com Reviewed-by: David Sterba dsterba@suse.com Signed-off-by: David Sterba dsterba@suse.com Signed-off-by: Sasha Levin sashal@kernel.org --- fs/btrfs/scrub.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c index 916c39770467..6b6008db3e03 100644 --- a/fs/btrfs/scrub.c +++ b/fs/btrfs/scrub.c @@ -2145,14 +2145,13 @@ static void scrub_missing_raid56_worker(struct btrfs_work *work) scrub_write_block_to_dev_replace(sblock); }
- scrub_block_put(sblock); - if (sctx->is_dev_replace && sctx->flush_all_writes) { mutex_lock(&sctx->wr_lock); scrub_wr_submit(sctx); mutex_unlock(&sctx->wr_lock); }
+ scrub_block_put(sblock); scrub_pending_bio_dec(sctx); }