On Wed, 2009-10-14 at 17:53 -0400, Trond Myklebust wrote: > On Wed, 2009-10-14 at 14:50 -0700, Alexandros Batsakis wrote: > > a) nfs41_sequence_done() called after destroy_session() that leads to > > a NULL pointer dereference > > b) a BADSESSION reply to a sequence operation triggers a > > reset_session() at the same time with destroy_session() (called by > > umount) that leads to another NULL pointer dereference. > > This would mean that nfs41_sequence_done is being called _after_ the > nfs_client (and hence the session) has been destroyed. That sounds like > the real bug that needs to be fixed. Correction: it means that nfs41_sequence_done is being called after the superblock that "owns" those rpc calls has been destroyed. (Which is a bug... :-)) Cheers Trond -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
