Observed use-after-free messages in /var/log/messages of destination server when doing inter-server copy. These come from 2 different places in the code, one from the nfsd4_cleanup_inter_ssc when nfsd_file_put is called for the source file and the other from nfs4_put_copy when it's called from nfsd4_cb_offload_release. Fixed by removing the call to nfsd_file_put; the object is not allocated by nfsd_file_alloc, and by initializing refcount for nfsd4_copy in nfsd4_do_async_copy. fs/nfsd/nfs4proc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
