On Tue, Oct 15, 2019 at 10:54:39AM +0100, fdmanana@xxxxxxxxxx wrote:
> From: Filipe Manana <fdmanana@xxxxxxxx>
>
> If we fail to reserve metadata for delalloc operations we end up releasing
> the previously reserved qgroup amount twice, once explicitly under the
> 'out_qgroup' label by calling btrfs_qgroup_free_meta_prealloc() and once
> again, under label 'out_fail', by calling btrfs_inode_rsv_release() with a
> value of 'true' for its 'qgroup_free' argument, which results in
> btrfs_qgroup_free_meta_prealloc() being called again, so we end up having
> a double free.
>
> Also if we fail to reserve the necessary qgroup amount, we jump to the
> label 'out_fail', which calls btrfs_inode_rsv_release() and that in turns
> calls btrfs_qgroup_free_meta_prealloc(), even though we weren't able to
> reserve any qgroup amount. So we freed some amount we never reserved.
>
> So fix this by removing the call to btrfs_inode_rsv_release() in the
> failure path, since it's not necessary at all as we haven't changed the
> inode's block reserve in any way at this point.
>
> Fixes: c8eaeac7b73434 ("btrfs: reserve delalloc metadata differently")
> Signed-off-by: Filipe Manana <fdmanana@xxxxxxxx>
Thanks, added to 5.4-rc queue.
