btrfs: don't prematurely free work in scrub_missing_raid56_worker()

Currently, scrub_missing_raid56_worker() puts and potentially frees
sblock (which embeds the work item) and then submits a bio through
scrub_wr_submit(). This is another potential instance of the bug in
"btrfs: don't prematurely free work in run_ordered_work()". Fix it by
dropping the reference after we submit the bio.

Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Omar Sandoval <osandov@fb.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>

diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c
index f7d4e03f4c5d5ba78b5fd8e01b8ed3be3ea274a1..a0770a6aee00a8eb8382efada44cf67aac98afae 100644 (file)
--- a/fs/btrfs/scrub.c
+++ b/fs/btrfs/scrub.c
@@ -2149,14 +2149,13 @@ static void scrub_missing_raid56_worker(struct btrfs_work *work)
                scrub_write_block_to_dev_replace(sblock);
        }
 
-       scrub_block_put(sblock);
-
        if (sctx->is_dev_replace && sctx->flush_all_writes) {
                mutex_lock(&sctx->wr_lock);
                scrub_wr_submit(sctx);
                mutex_unlock(&sctx->wr_lock);
        }
 
+       scrub_block_put(sblock);
        scrub_pending_bio_dec(sctx);
 }