--- a/fs/gfs2/quota.c
+++ b/fs/gfs2/quota.c
@@ -106,6 +106,7 @@ static inline void spin_unlock_bucket(unsigned int hash)
 static void gfs2_qd_dealloc(struct rcu_head *rcu)
 {
 	struct gfs2_quota_data *qd = container_of(rcu, struct gfs2_quota_data, qd_rcu);
+	lockref_mark_dead(&qd->qd_lockref);
 	kmem_cache_free(gfs2_quotad_cachep, qd);
 }
 
@@ -487,6 +488,7 @@ static int qd_fish(struct gfs2_sbd *sdp, struct gfs2_quota_data **qdp)
 
 static void qd_unlock(struct gfs2_quota_data *qd)
 {
+	BUG_ON(IS_ERR((char*)qd + sizeof(struct gfs2_quota_data) - 1));
 	gfs2_assert_warn(qd->qd_gl->gl_name.ln_sbd,
 			 test_bit(QDF_LOCKED, &qd->qd_flags));
 	clear_bit(QDF_LOCKED, &qd->qd_flags);