re: btrfs: fix race in reada

Hello Arne Jansen,

The patch 8c9c2bf7a3c4: "btrfs: fix race in reada" from Feb 25, 2012, 
leads to the following warning:
fs/btrfs/reada.c:308 reada_find_zone()
	 warn: 'zone' was already freed.

@@ -307,13 +302,15 @@ again:
        ret = radix_tree_insert(&dev->reada_zones,
                                (unsigned long)(zone->end >> PAGE_CACHE_SHIFT),
-       spin_unlock(&fs_info->reada_lock);
-       if (ret) {
+       if (ret == -EEXIST) {
Freed here.

-               looped = 1;
-               goto again;
+               ret = radix_tree_gang_lookup(&dev->reada_zones, (void **)&zone,
Use after free inside radix_tree_gang_lookup() function.

+                                            logical >> PAGE_CACHE_SHIFT, 1);
+               if (ret == 1)
+                       kref_get(&zone->refcnt);
+       spin_unlock(&fs_info->reada_lock);
        return zone;

dan carpenter

