From owner-svn-src-all@FreeBSD.ORG  Sat Feb 13 10:34:51 2010
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2CC4C1065676;
	Sat, 13 Feb 2010 10:34:51 +0000 (UTC) (envelope-from kib@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 19ABD8FC08;
	Sat, 13 Feb 2010 10:34:51 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o1DAYoOh053659;
	Sat, 13 Feb 2010 10:34:50 GMT (envelope-from kib@svn.freebsd.org)
Received: (from kib@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id o1DAYoCc053656;
	Sat, 13 Feb 2010 10:34:50 GMT (envelope-from kib@svn.freebsd.org)
Message-Id: <201002131034.o1DAYoCc053656@svn.freebsd.org>
From: Konstantin Belousov <kib@FreeBSD.org>
Date: Sat, 13 Feb 2010 10:34:50 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-head@freebsd.org
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r203818 - head/sys/ufs/ffs
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
	user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Feb 2010 10:34:51 -0000

Author: kib
Date: Sat Feb 13 10:34:50 2010
New Revision: 203818
URL: http://svn.freebsd.org/changeset/base/203818

Log:
  When ffs_realloccg() failed to allocate bigger fragment and, because
  pending blocks are scheduled for removal, goes to retry the (re)allocation,
  clear the bp pointer. It might happen that meantime free space is really
  exhausted and we are entering nospace: label without bread()ing buffer,
  causing stale bp value to be brelse()d again.
  
  Tested by:	pho
      (Producing a scenario to reliably reproduce the
       race appeared to be much harder then fixing the bug)
  MFC after:	1 week

Modified:
  head/sys/ufs/ffs/ffs_alloc.c

Modified: head/sys/ufs/ffs/ffs_alloc.c
==============================================================================
--- head/sys/ufs/ffs/ffs_alloc.c	Sat Feb 13 10:26:00 2010	(r203817)
+++ head/sys/ufs/ffs/ffs_alloc.c	Sat Feb 13 10:34:50 2010	(r203818)
@@ -432,8 +432,10 @@ nospace:
 		reclaimed = 1;
 		softdep_request_cleanup(fs, vp);
 		UFS_UNLOCK(ump);
-		if (bp)
+		if (bp) {
 			brelse(bp);
+			bp = NULL;
+		}
 		UFS_LOCK(ump);
 		goto retry;
 	}