--- a/fs/gfs2/quota.c
+++ b/fs/gfs2/quota.c
@@ -117,6 +117,7 @@ static void gfs2_qd_dispose(struct list_head *list)
 	while (!list_empty(list)) {
 		qd = list_first_entry(list, struct gfs2_quota_data, qd_lru);
 		sdp = qd->qd_gl->gl_name.ln_sbd;
+		mutex_lock(&sdp->sd_quota_mutex);
 
 		list_del(&qd->qd_lru);
 
@@ -138,6 +139,7 @@ static void gfs2_qd_dispose(struct list_head *list)
 
 		/* Delete it from the common reclaim list */
 		call_rcu(&qd->qd_rcu, gfs2_qd_dealloc);
+		mutex_unlock(&sdp->sd_quota_mutex);
 	}
 }
 
@@ -487,6 +489,8 @@ static int qd_fish(struct gfs2_sbd *sdp, struct gfs2_quota_data **qdp)
 
 static void qd_unlock(struct gfs2_quota_data *qd)
 {
+	BUG_ON(IS_ERR(qd));
+
 	gfs2_assert_warn(qd->qd_gl->gl_name.ln_sbd,
 			 test_bit(QDF_LOCKED, &qd->qd_flags));
 	clear_bit(QDF_LOCKED, &qd->qd_flags);
@@ -1299,6 +1303,7 @@ int gfs2_quota_sync(struct super_block *sb, int type)
 	if (!qda)
 		return -ENOMEM;
 
+	mutex_lock(&sdp->sd_quota_mutex);
 	mutex_lock(&sdp->sd_quota_sync_mutex);
 	sdp->sd_quota_sync_gen++;
 
@@ -1327,6 +1332,7 @@ int gfs2_quota_sync(struct super_block *sb, int type)
 	} while (!error && num_qd == max_qd);
 
 	mutex_unlock(&sdp->sd_quota_sync_mutex);
+	mutex_unlock(&sdp->sd_quota_mutex);
 	kfree(qda);
 
 	return error;