btrfs: fix qgroup_free_reserved_data int overflow

	start = round_down(start, fs_info->sectorsize);

	btrfs_free_reserved_data_space_noquota(fs_info, len);

	btrfs_qgroup_free_data(inode, reserved, start, len);

	btrfs_qgroup_free_data(inode, reserved, start, len, NULL);

}

/*

			qgroup_reserved -= range->len;

		} else if (qgroup_reserved > 0) {

			btrfs_qgroup_free_data(BTRFS_I(inode), data_reserved,

					       range->start, range->len);

					       range->start, range->len, NULL);

			qgroup_reserved -= range->len;

		}

		list_del(&range->list);

	 * And at reserve time, it's always aligned to page size, so

	 * just free one page here.

	 */

	btrfs_qgroup_free_data(inode, NULL, 0, PAGE_SIZE);

	btrfs_qgroup_free_data(inode, NULL, 0, PAGE_SIZE, NULL);

	btrfs_free_path(path);

	btrfs_end_transaction(trans);

	return ret;

		 */

		if (state_flags & EXTENT_DELALLOC)

			btrfs_qgroup_free_data(BTRFS_I(inode), NULL, start,

					       end - start + 1);

					       end - start + 1, NULL);

		clear_extent_bit(io_tree, start, end,

				 EXTENT_CLEAR_ALL_BITS | EXTENT_DO_ACCOUNTING,

		 *    reserved data space.

		 *    Since the IO will never happen for this page.

		 */

		btrfs_qgroup_free_data(inode, NULL, cur, range_end + 1 - cur);

		btrfs_qgroup_free_data(inode, NULL, cur, range_end + 1 - cur, NULL);

		if (!inode_evicting) {

			clear_extent_bit(tree, cur, range_end, EXTENT_LOCKED |

				 EXTENT_DELALLOC | EXTENT_UPTODATE |

	struct btrfs_path *path;

	u64 start = ins->objectid;

	u64 len = ins->offset;

	int qgroup_released;

	u64 qgroup_released = 0;

	int ret;

	memset(&stack_fi, 0, sizeof(stack_fi));

	btrfs_set_stack_file_extent_compression(&stack_fi, BTRFS_COMPRESS_NONE);

	/* Encryption and other encoding is reserved and all 0 */

	qgroup_released = btrfs_qgroup_release_data(inode, file_offset, len);

	if (qgroup_released < 0)

		return ERR_PTR(qgroup_released);

	ret = btrfs_qgroup_release_data(inode, file_offset, len, &qgroup_released);

	if (ret < 0)

		return ERR_PTR(ret);

	if (trans) {

		ret = insert_reserved_file_extent(trans, inode,

	btrfs_delalloc_release_metadata(inode, disk_num_bytes, ret < 0);

out_qgroup_free_data:

	if (ret < 0)

		btrfs_qgroup_free_data(inode, data_reserved, start, num_bytes);

		btrfs_qgroup_free_data(inode, data_reserved, start, num_bytes, NULL);

out_free_data_space:

	/*

	 * If btrfs_reserve_extent() succeeded, then we already decremented

{

	struct btrfs_ordered_extent *entry;

	int ret;

	u64 qgroup_rsv = 0;

	if (flags &

	    ((1 << BTRFS_ORDERED_NOCOW) | (1 << BTRFS_ORDERED_PREALLOC))) {

		/* For nocow write, we can release the qgroup rsv right now */

		ret = btrfs_qgroup_free_data(inode, NULL, file_offset, num_bytes);

		ret = btrfs_qgroup_free_data(inode, NULL, file_offset, num_bytes, &qgroup_rsv);

		if (ret < 0)

			return ERR_PTR(ret);

	} else {

		 * The ordered extent has reserved qgroup space, release now

		 * and pass the reserved number for qgroup_record to free.

		 */

		ret = btrfs_qgroup_release_data(inode, file_offset, num_bytes);

		ret = btrfs_qgroup_release_data(inode, file_offset, num_bytes, &qgroup_rsv);

		if (ret < 0)

			return ERR_PTR(ret);

	}

	entry->inode = igrab(&inode->vfs_inode);

	entry->compress_type = compress_type;

	entry->truncated_len = (u64)-1;

	entry->qgroup_rsv = ret;

	entry->qgroup_rsv = qgroup_rsv;

	entry->flags = flags;

	refcount_set(&entry->refs, 1);

	init_waitqueue_head(&entry->wait);

/* Free ranges specified by @reserved, normally in error path */

static int qgroup_free_reserved_data(struct btrfs_inode *inode,

			struct extent_changeset *reserved, u64 start, u64 len)

				     struct extent_changeset *reserved,

				     u64 start, u64 len, u64 *freed_ret)

{

	struct btrfs_root *root = inode->root;

	struct ulist_node *unode;

	struct ulist_iterator uiter;

	struct extent_changeset changeset;

	int freed = 0;

	u64 freed = 0;

	int ret;

	extent_changeset_init(&changeset);

	}

	btrfs_qgroup_free_refroot(root->fs_info, root->root_key.objectid, freed,

				  BTRFS_QGROUP_RSV_DATA);

	ret = freed;

	if (freed_ret)

		*freed_ret = freed;

	ret = 0;

out:

	extent_changeset_release(&changeset);

	return ret;

static int __btrfs_qgroup_release_data(struct btrfs_inode *inode,

			struct extent_changeset *reserved, u64 start, u64 len,

			int free)

			u64 *released, int free)

{

	struct extent_changeset changeset;

	int trace_op = QGROUP_RELEASE;

	/* In release case, we shouldn't have @reserved */

	WARN_ON(!free && reserved);

	if (free && reserved)

		return qgroup_free_reserved_data(inode, reserved, start, len);

		return qgroup_free_reserved_data(inode, reserved, start, len, released);

	extent_changeset_init(&changeset);

	ret = clear_record_extent_bits(&inode->io_tree, start, start + len -1,

				       EXTENT_QGROUP_RESERVED, &changeset);

		btrfs_qgroup_free_refroot(inode->root->fs_info,

				inode->root->root_key.objectid,

				changeset.bytes_changed, BTRFS_QGROUP_RSV_DATA);

	ret = changeset.bytes_changed;

	if (released)

		*released = changeset.bytes_changed;

out:

	extent_changeset_release(&changeset);

	return ret;

 * NOTE: This function may sleep for memory allocation.

 */

int btrfs_qgroup_free_data(struct btrfs_inode *inode,

			struct extent_changeset *reserved, u64 start, u64 len)

			   struct extent_changeset *reserved,

			   u64 start, u64 len, u64 *freed)

{

	return __btrfs_qgroup_release_data(inode, reserved, start, len, 1);

	return __btrfs_qgroup_release_data(inode, reserved, start, len, freed, 1);

}

/*

 *

 * NOTE: This function may sleep for memory allocation.

 */

int btrfs_qgroup_release_data(struct btrfs_inode *inode, u64 start, u64 len)

int btrfs_qgroup_release_data(struct btrfs_inode *inode, u64 start, u64 len, u64 *released)

{

	return __btrfs_qgroup_release_data(inode, NULL, start, len, 0);

	return __btrfs_qgroup_release_data(inode, NULL, start, len, released, 0);

}

static void add_root_meta_rsv(struct btrfs_root *root, int num_bytes,